The articles on this page are either produced by the operator of the website, from national publishers or Government departments. Where the information is from an external source all information on the origins of the article will appear under the title.

Links annotated [Option 1] will direct you to a website that will possibly download a 3rd party cookie to your computer. Your Browser or security software may be set up to prevent this download from taking place.

NEWS 2016 will soon be found within the ARCHIVE menu.



- Always be aware of where you are, be familiar with your surroundings (exits etc).
- Be aware of alternative ways to get home from work if using either public transport or your own means (car).
- Be aware of how you can walk home from your place of work, the shops or an excursion
- Always use a licenced taxi or mini-cab. DO NOT except offers from "drivers" hawking outside nightclubs, etc.

- Test your smoke alarm and replace old batteries - replace unit if necessary, they are only £5 !
- Always ensure that uPVC doors are locked correctly
- Always ensure that you home looks occupied, even when you are out. Use a timeswitch on a tablelamp so it lights up when dark.
- Don't allow anyone into your home unless there is a pre-arranged appointment and the caller has a valid passcard. Also take the passcard and call the helpdesk telephone number, bonafide employee's will not mind.

- Keep computer security software up to date on your computer.
- Activate the Parental controls within security software on your childs PC, laptop and tablet.
- Discuss and regularly remind your children about being safe online.

- Reduce liklihood of skidding - check that the tread on your car tyres meet the legal depth.

- Regularly check bank and credit card statements for fraudulent transactions.
- Shred unwanted bank, credit card and utility statements. Don't just place them in the bin.
- Before withdrawing cash from an ATM check the machine and surround for suspicious items. Ideally withdraw cash from ATM's sited at banks or ask for "cashback" when instore (supermarket etc).
- Don't give any personal details to anyone requesting them, even if they say they are the Police
- Don't give any time to unsolicited phone calls, regardless of who they say they are. Hang-up
- Don't give your bank details to anyone requesting them, even if they say they are the Police.

(1st January 2018)

(Yahoo News UK, dated 29th December 2017)

Full article [Option 1]:

If you've ever found yourself on public transport confronted by a threatening situation but were too scared to be seen phoning the police, there is a special number you can text for help.

The Christmas and New Year period means you have probably been out and about late at night on public transport - often on your own and on the way home.

Whether it's in the form of offensive comments or someone inappropriately touching you when you're on a night tube, bus or train, it can be difficult to know how to seek out help when you think you're in a potentially dangerous situation.

According to the British Transport Police, crime rose 7.2% at stations and on railways in 2016-2017 compared to the previous year.

70% of all offences reported are for sexual assaults on women, with 20% for 'outraging public decency' (masturbation), six percent exposure and two percent sexual assault on men.

But reporting incidents like verbal abuse or groping on trains and the Underground has always been difficult - it can feel dangerous to call the police when the offender may still be around.

In 2013, the BTP launched the 61061 texting service - a way to anonymously report non-emergency incidents on trains and railways.

Since its creation, the BTP has received more than 62,000 texts and dealt with over 10,000 incidents.

13,000 of these were in the first two years of the service, which means the BTP have received 49,000 in the last two years.

And the number of offences could be even higher with the BTP estimating in 2015 that 90% of sexual assaults on the Tube were not reported.

Incidents like sexual touching and 'upskirting' make up 60% of the British Transport Police's (BTP) reported offences via the 61016 texting service.

'Upskirting' is the act of filming a victim with an angle towards under their dress or skirt without their knowledge.

Violence against the person' offences were up 12.6% to 9,263, while Public order offences, such as threatening behaviour, rose more than 10%.

Most notably, 'Line of route' offences, which includes track interference and throwing missiles at trains, went up 16.2%.

One particular area of concern has been hate crime, with anti-Muslim crimes on the rise from 2016.

Fiyaz Mughal OBE, founder of Tell MAMA, expressed his support for the texting service as a way to combat hate crime.

If you see something that doesn't look right speak to a member of staff or text BRITISH TRANSPORT POLICE on 61016

(1st January 2018)

(Sky News, dated 31st December 2017)

Full article [Option 1]:

Artificial intelligence will be used to clamp down on fraudsters claiming millions of pounds of bogus benefit payments.

The Department of Work and Pensions (DWP) said its new state-of-the-art algorithms can detect a number of identity cloning techniques which have been commonly used by organised criminal gangs committing mass-scale benefit fraud.

Under the system, investigators will be alerted to fraudsters who use the same phone number or a similar writing style while filling out different false claims.

The connections are buried in billions of files, and it is thought the intelligent computer software will be able to increase prosecutions for whole groups of gangs.

Currently, investigators target individual criminals after Jobcentre Plus workers raise concerns.

New technology can detect benefit fraud by identifying similar styles of handwriting.

The DWP says it has extensively trialled the technology, which will scan across the benefit system, including Universal Credit, Jobseeker's Allowance and Personal Independent Payments.

Last year, about 5,000 people were prosecuted for benefit fraud and a record £1.1bn in overpaid benefits was recovered.

Secretary of State for Work and Pensions, David Gauke, said: "We are committed to tackling benefit fraud, especially from organised crime gangs, because it diverts money from the people who really need it.

"Our fraud investigators work tirelessly to bring criminals to justice and this is just one of the latest and innovative ways we are using cutting-edge technology to protect taxpayer's money."

In November, Chancellor Philip Hammond announced £75m in funding for artificial intelligence.

Much of the investment will support start-up firms and raise the number of new PhD students in the field to 200 a year.

Funding will also reportedly go towards an advisory body to lift barriers to AI development.

(1st January 2018)

(Birmingham Mail, dated December 2017) [Option 1]

nb: These "need to knows" can be accessed by another article :

Full article [Option 1]:

1. Keeping your child at school

- By LAW, parents are responsibl for the child's education up to the age of 16.

2. Car seats

- it is required by LAW that parents make sure their child is seated in an appropriate car seat and wearing a seatbelt.

- Failing to do so could see you fined up to £500 if you are taken to court.

3. Smacking children

- If smacking a child results in marks, such as bruising or minor swelling, it would be deemed as UNREASONABLE and therefore ILLEGAL.

- It is strictly illegal for any adult to smack another person's child.

4. Leaving your child lone.

- The law does not stipulate a set age at which you can leave a child on their own, but it is an offence to leave a child alone if it puts them at risk.

5. Cycling on pavements

- It is illegal for anyone, including children, to cycle on a pavement alongside a road unless it has been marked as a cycle track.

6. Giving children alcohol

- It is illegal to give a child younger than 5 years of age alcohol.

- However, it is legal (but not recommended) for a parent to give alcohol to a child over 5 on private premises.

7. Taking a child abroad without the other parents consent.

- The law stats that parents must get the permission of everyone with parental responsibility for the child or from a court.

8. Let their child leave home too soon.

- Parents of under 16 year olds are legally responsible for making sure their child has somewhere safe to stay.

(1st January 2018)

(Daily Mail, dated 30th December 2017 author Abul Taher)

Full article [Option 1]:

A 'Dad's Army' of unpaid border guards is set to be Britain's first line of defence against terrorists, people smugglers and organised crime gangs at hundreds of vulnerable air and sea ports.

The 'Special Volunteer Force' will police isolated marinas, harbours and airfields but astonishingly, according to union officials opposed to the scheme, they will have no powers to interrogate or arrest suspects.

Described by critics last night as 'risky' and 'farcical', the move follows a series of damning official reports warning that marinas and small airports, where there are no rigorous border checks, could allow illegal immigrants, terrorists and criminals to sneak into Britain undetected.

The Mail on Sunday has discovered that, in a trial run, around 50 volunteers - who will report to the full-time Border Force - will patrol England's East Coast with plans for the scheme to be expanded later to cover Britain's 7,000 miles of coastline.

It is understood volunteers will also be used to man border checks at airfields used by light aircraft flying to and from Europe.

Last year David Anderson, the Government's former adviser on terrorism law, warned that Britain's small ports and harbours could be used by Islamic fanatics trying to sneak back to the UK from Syria and Iraq.

A separate report published in July by David Bolt, the Independent Chief Inspector of Borders and Immigration, raised fears that sleepy ports and harbours, where checks are virtually non-existent, could be exploited by illegal immigrants and crime gangs smuggling weapons and drugs. Last night, Yvette Cooper, Chairman of the influential Home Affairs Select Committee, said it was wrong to use volunteers in the place of fully-trained staff.

She said: 'Filling the gaps with volunteers because of budget and staffing cuts raises very serious questions about border security and the Home Office commitment to this important public service. We will be calling for evidence on this proposal as part of our inquiry [into post-Brexit border security].'

Last night the Home Office confirmed that it is consulting with police about how best to deploy the volunteers. A spokesman said: 'Border Force is currently considering the potential benefits of a Border Force Special Volunteer Force and is in discussion with other law enforcement agencies such as local police to understand how they use volunteers in addition to their existing workforce.'

The Home Office refused to give any details on how the volunteers would be vetted and what training they would get.

But the PCS union - which represents many among Border Force's 8,000 staff - said the pilot scheme is likely to be rolled out in 2018.

The volunteers will be part of mobile units that would cover several ports and harbours.

A senior union official said if the volunteers see or hear anything suspicious, then they will have to call in properly trained Border Force officers who have arrest and investigative powers. He said: 'These volunteers will be like eyes and ears, but nothing else. This is trying to police the borders on the cheap.'

Terrorism experts fear there are around 300 British fanatics who fled Syria and Iraq as Islamic State was defeated by Coalition-led forces. Many of them are trying to return to the UK undetected, so they can launch terrorist attacks, police chiefs have warned.

In his report, Mr Anderson highlighted how jihadis could use the sleepy ports and harbours of England. He said: 'It is conceivable that they [small ports] might be an option for returning foreign fighters or other terrorists, as they appear to be for the migrants who are sometimes reported to be using them, or seeking to use them, in order to get into the country.'

Last night, Charlie Elphicke, the Tory MP for Dover, said: 'Small ports and airfields are a known security weakness in our border security. So it's important to ensure that security is stepped up, particularly to stop illegal immigrants and returning ISIS fighters.

'Border security is a skilled job, which takes many years of training. I would urge great caution before seeking to adopt a model like that used by the police, with special constables. We can't have a Dad's Army-type of set-up.'

The PCS said the Home Office wants volunteers to police the small ports as it does not have full-time officers to do the job.

Latest Home Office figures show that over 400 Border Force officers were laid off between 2015 to 2016 as part of budget cuts.

Small ports and harbours have been used to smuggle drugs and weapons by crime gangs.

In 2015, the National Crime Agency (NCA) arrested a gang who smuggled £100,000 of weapons into Cuxton marina in Rochester, Kent, in a cruiser. The automatic guns were made by the same firm that made the weapons used in the Charlie Hebdo attacks in Paris.

They included 22 assault rifles, nine sub-machine guns, and 1,500 rounds of ammunition.

Concern has been growing that people traffickers avoiding heightened security checks around the Channel Tunnel and major ports are also turning to small marinas where there is an absence of rigorous checks.

Two men, including a former judo champion, were jailed for two years after smuggling 18 Albanians migrants, including two children, into Eastbourne marina in 2014. In May last year, 17 Albanian illegal immigrants were caught at Chichester harbour in West Sussex, having arrived on a catamaran from France. Bolt's damning report said that 27 small ports, harbours and marinas had not been policed by Border Force officers at all for over 15 months.

The report said: 'Coverage of smaller ports, harbours and marinas was poor. The numbers of clandestine arrivals identified by Border Force at East Coast ports had indeed increased.

'There is no visible deterrent to anyone prepared to use these spots to land migrants and contraband.'

Last year, the NCA wrote an assessment, which also said there was no border control at small marinas around the UK coast.

Mary Glindon, the Labour MP for North Tyneside, said: 'This is farcical. What message does it send to the world about our border security if volunteers are doing it?'

Mark Serwotka, General Secretary of the PCS, said: 'We are concerned with Home Office plans to bring in untrained volunteers to undertake Border Force roles.

'They [Government] are making our borders weaker with the use of casual labour and they are risking this country's security on the cheap.'

Last night, the Home Office defended its proposal to use volunteers. A spokesman said: 'Were we to introduce Border Force volunteers, they would be used to bolster Border Force staffing levels. Volunteers have already proved successful in policing.'

Small ports are vital in the war against terrorism

By RAFFAELLO PANTUCCI, director, International Security Studies, Royal United Services Institute

The threat to Britain from terrorists has never been so high.

Criminal groups have long used smaller harbours as points of entry for illicit products, while radicalised individuals regularly seek to sneak in and out of the country via less-obvious points of entry.

We have ample evidence that shows terrorists and suspects have used ferry terminals such as Dover to sneak out of the UK, sometimes while they were under investigation.

In September, the man accused of the Parsons Green attack, Ahmed Hassan, was arrested in the departures area of the Port of Dover.

Criminals have also sought to use smaller entry points around the country's ports.

As an island nation close to the world's most densely populated continent, securing our shores creates a huge challenge for UK border forces.

The use of special volunteers, who may not have powers of arrest, is not the answer to policing the more sleepy ports, harbours and marinas of the country.

We need a well-funded and well-trained Border Force, which can protect Britain's ports and its thousands of miles of coastline from this unprecedented threat from both terrorists and criminals.

(1st January 2018)

(International Business Times, dated 30th December 2017 author Hyacinth Mascarenhas)

Full article [Option 1]:

Fashion retailer Forever 21 has confirmed that customers' payment card information may have been stolen over seven months this year after its point-of-sale terminals in numerous stores across the US were breached by hackers.

In an updated notification to customers, the company recently said hackers managed to install malicious software on some PoS devices at some of its stores at varying times between 3 April and 18 November.

Although Forever 21 noted that its payment processing system has been using encryption technology since 2015, an investigation found that the encryption on some PoS devices "was not always on", thereby leaving them vulnerable to hackers.

Forever 21 did not specify how many stores were affected in the attack and only said that not all terminals in every affected store were infected with malware. The company has over 815 stores in 57 countries including the US, UK, Australia, China, India, Germany, Japan and Latin America.

"Each Forever 21 store has multiple POS devices, and in most instances only one or a few of the POS devices were involved," the company said. "Additionally, Forever 21 stores have a device that keeps a log of completed payment card transaction authorisations. When encryption was off, payment card data was being stored in this log."

The company said malware was also installed on these log devices in some affected stores to steal customers' payment card data. "If encryption was off on a POS device prior to April 3, 2017 and that data was still present in the log file at one of these stores, the malware could have found that data.

"The malware searched only for track data read from a payment card as it was being routed through the POS device," the firm added. "In most instances, the malware only found track data that did not have cardholder name - only card number, expiration date, and internal verification code - but occasionally the cardholder name was found."

Forever 21 is currently working with its payment processors, PoS device provider and third-party security experts to address encryption issues in all of its stores. The company said it is working with law enforcement in its investigation of the attack.

The news caps off the litany of cyberattacks targeting retail giants and restaurants this year including Chipotle, GameStop, Whole Foods and Kmart among others.

"Forever 21 stores outside of the US have different payment processing systems, and our investigation is ongoing to determine if any of these stores are involved," the company said, noting that payment cards used on Forever 21's website were not affected in the breach.

"We regret this incident occurred and any concern this may have caused you," the firm said.

Customers have been advised to review their payment card statements for any suspicious unauthorised activity. IBTimes UK has reached out to Forever 21 for comment.

(1st January 2018)

(The Guardian, dated 29th December 2017 author Vikram Dodd)

Full article [Option 1]:

The police chief in charge of child protection says tens of thousands of British men have shown an interest in sexually abusing children.

CC Simon Bailey said investigators monitoring a single online chatroom in 2017 identified 4,000 men using it from the UK alone.

Bailey, the National Police Chiefs' Council lead on child protection, estimated the number of men interested in sexually abusing children at more than 20,000. He said the figure was comparable to the number of current and former terrorism suspects.

He added that limited resources meant not all perpetrators could be tackled, with police forced to focus on the most dangerous offenders. "We are having to prioritise the threat," he said. "Some lower-level offenders cannot be arrested and taken to court. There is just not the capacity."

Bailey warned that a growing threat to children came from live streaming and said police wanted a fresh crackdown from tech companies on the use of platforms including Periscope, which is owned by Twitter, and Facebook Live.

His warning follows recent reports that abusive behaviour is on the rise. Earlier this month, the NSPCC child protection charity said there had been a 31% increase in the number of reported cases of child sexual abuse in the UK in the previous year.

Bailey said reports to child protection experts were up 700% since October 2013, although some put that increase down to a greater willingness to report offences.

In the first 11 months of 2017, the National Crime Agency received 72,000 referrals about online child sexual abuse imagery, up from 6,000 in 2010.

Bailey, who is the chief constable of Norfolk, said he was in no doubt that the dangers had grown, even if awareness had too. "I think there is more sexual abuse of children being perpetrated both physically and virtually," he said. "There are more men than five to 10 years ago who are trying to abuse children."

And he emphasised that online abuse was not without consequences. "If a child flashes their breasts to someone online it can still cause great damage [to that child].

"I believe there are tens of thousands of men that are now going into chatrooms and forums with a view to grooming children," he added. "Technology has afforded an access to children that people who have a sexual interest in children never had before."

Bailey said police did not have enough officers to successfully pursue all child sex abusers and even thousands more detectives would not bring every offender to justice, even though the law was sufficiently robust to allow for prosecutions in most cases. "There are hundreds of officers tackling this now," he said. "Thousands and thousands still would not be enough.

"This is one of those wicked problems we simply cannot arrest our way out of."

The police chief said the children being targeted were not just those from homes where the parents or the adults in charge were neglectful. "The victims have included children of very capable and very caring parents. It does not recognise social status. The victims include children of middle-class, educated parents who think they are internet-savvy," he said.

About half of parents warned their children about the dangers of the internet, Bailey said, but it needed to be a frequent and repeated warning. "That is usually a one-off conversation - it needs to be constantly reinforced," he said. "At Christmas parents buy children internet-enabled technology. They need to understand the risks."

Schools have recently started telling children about what to do if they are caught up in a terrorist attack. Bailey said education on the dangers of child sexual abuse also needed to be taken into the classroom. "We need the same warnings about sexual abuse in schools, in the same way as we do for terrorism.

"Young people need to be educated about the risks, and spot the signs of exploitation and have the confidence to report it."

Some 20% of new imagery is self-generated and is often taken by other children. But Bailey said he did not regard those who viewed sexual images of children under the age of 16 as harmless under any circumstances.

"There are more men viewing imagery and asking kids to flash," he said. "Viewing an image is abusing a child."

He added that most offenders across all categories of child sexual abuse were white, despite the considerable attention that has been paid in some parts of the media to so-called Asian street-grooming gangs.

On the emerging issue of live streaming, Bailey urged tech companies to do more. "Software providers have a critical role in policing the environment they create," he said. "They have a social and moral responsibility to make their platforms safe for children to use."

(The Guardian, dated 5th December 2017 author Jamie Grierson)

Full article [Option 1]:

Nearly 200 suspected paedophiles were arrested in one week, investigators have said, as they warned of a rise in the use of live streaming to sexually abuse children.

The National Crime Agency (NCA) said a UK-wide operation in October had saved 245 children from harm and 192 people were detained.

Nearly a third (30%) of the cases involved the most serious offences including live streaming, blackmail and grooming and 18 of those arrested were said to be in a position of trust, working in areas such as teaching, healthcare and criminal justice.

Police believe dangerous suspects are using live streaming to bombard their targets with comments, using dares, threats or the offer of rewards such as "game points", to try to manipulate them into nudity on a webcam.

Chief Constable Simon Bailey, lead for child protection at the National Police Chiefs' Council (NPCC), said: "We need internet companies to help us stop access to sexual abuse images and videos and prevent abuse happening on their platforms. We need parents and carers to talk to their children about healthy relationships and staying safe online."

The NCA and NPCC launched a campaign on Tuesday to encourage parents to be alert to the dangers of live streaming and warn their children of the risks.

An online survey, answered by 927 people, found 84% said they were alert to the online threats children faced but 58% were unsure if their internet security was strong enough and 30% said they had not spoken to their child about web safety in the last month.

"We know that as children's online habits change, offenders are adapting with them," the NCA's head of safeguarding, Zoe Hilton, said. "These individuals are learning how young people communicate online and are using this knowledge to contact, befriend and abuse them.

"It's great to see that so many parents are aware of the potential dangers children face online, but with this campaign we're asking them to make sure they familiarise themselves with their children's online behaviour and keep that knowledge up to date."


(1st January 2018)

(Metro, dated 29th December 2017 author Richard Hartley-Parkinson)

Full article [Option 1]:

Drivers who ignore smart motorway lane closures could be fined from March, the Press Association has learnt.

Highways England believes ignoring red X signs on overhead gantries is 'dangerous' and expects penalties to be introduced next spring.

It has issued around 80,000 warning letters to drivers who have broken smart motorway rules since December 2016, with around a third relating to driving in closed lanes.

Road-side cameras which automatically detect lane violations are 'currently being tested by the Home Office', the government-owned company wrote in a document seen by the Press Association.

'We would expect enforcement of red X offences to commence from spring 2018,' it added.

Incidents could be treated like passing through a red traffic light, which carries a fixed penalty of £100 and three penalty points.

Smart motorways involve using the hard shoulder for traffic unless a red X indicates it is closed, normally because of an accident or broken down vehicle.

Sections of the M1, M4, M5, M6 and M42 have already been modified, with 480 lane miles being added to England's motorway network.

Steve Gooding, director of motoring research charity the RAC Foundation, warned the extra capacity is 'a welcome move, only so long as it can be delivered safely'.

He said: 'The best laws are those that no-one breaks, not just because the penalties for doing so are severe but also because they are well understood and accepted.

'We need to see a redoubling of communications by Highways England to leave no doubt in motorists' minds as to what a red X sign means.

'It's important that drivers understand that where the carriageway has been blocked by a collision or a breakdown, the price for ignoring the red X could be a lot higher than a fixed penalty notice.'

A Highways England spokesman said: 'Safety is at the heart of everything we do and our roads are among the safest in the world.

We close lanes for a reason and drivers ignoring red Xs puts them and others at risk.

'Since we started issuing warning letters we have seen a decrease in the number of drivers ignoring lane closures.'

Motoring groups have raised concerns about the spacing of emergency refuge areas on smart motorways.

Highways England guidance is for the lay-bys to be no more than around 1.5 miles apart, but campaigners believe this distance should be at least halved to reduce the chances of a broken down vehicle stopping in a live running lane.

(1st January 2018)

(The Guardian, dated 28th December 2017 author Sarah Marsh)

Full article [Option 1]:

The number of alleged sexual assaults committed by taxi or private hire drivers has risen by 20% in three years.

According to figures released under freedom of information laws, at least 337 assaults were reported between April 2016 and March 2017 in England and Wales - up from 282 in 2014-15. A number of incidents were recorded where the victim was a child under 16.

The figures, obtained from 23 of 43 police forces, relate to a wide range of vehicles, including illegal minicabs, Uber cars and black cabs. Most of the police forces could not break it down by firm or type of vehicle.

The disclosure follows a decision by Transport for London to strip Uber of its operating licence in London, in part due to concerns about the company's failure to report sexual assaults to police. Media reports show at least 32 allegations in London in 2016 involving Uber drivers. The company is appealing against TfL's decision and its drivers can continue to operate while the appeal runs its course.

Campaigners noted that a rise in the number of reports of sexual assault could be positive if it meant more women were reporting crimes. But they were concerned it could also be due to a lack of vigilance when employing drivers.

Katie Russell, a spokesperson for Rape Crisis England and Wales, said: "It's an alarming figure but it is always hard to know whether the increase is due to a rise in crime taking place or an increase in sexual assaults being reported. Sexual offences have been massively underreported so an increase in willingness to report will play some part in the statistical increases.

Russell added: "The obvious next step is for companies themselves to do urgent reviews of their security systems because obviously there are some weaknesses … We know rapists and sexual offenders are often quite devious in how they plan their attacks. They often get themselves in positions of authority and responsibility, where they have access to potential victims - those industries may be attractive to sexual offenders."

Sarah Green from the End Violence Against Women Coalition said the figures should remind those in government "that licensing is of the upmost important for women's safety". She added: "We need an examination of how we ensure women undertaking a straightforward taxi service can know they will be safe."

At the end of March 2017 there were 356,300 taxi or private hire vehicle driver licences in England, 39% of which were in London. The number of drivers has risen over the last few years.

Most of the reports of assaults were in the capital, with the numbers rising from 142 to 156 in three years. Det Supt Adnan Qureshi, of the Met's roads and transport policing command, said: "The Metropolitan Police Service (MPS) will not tolerate any offences committed upon passengers of private hire vehicles and will robustly pursue offenders. Any offence is one offence too many."

Sarah Castro, director of development at the charity Safer London, said: "If people think they can get away with this they will try ... what we need to do is close down those loopholes so attackers know if they do attempt this it will be investigated by the taxi companies and they will be prosecuted.

A spokesperson for Essex police said: "What this figure does indicate is that people are more confident about coming forward to report this type of crime to us and have more confidence in us to investigate ... We work closely with local authorities around the issue of licensing and will continue to do so and are robust around DBS [Disclosure & Barring Service] checks."

(1st January 2018)

(The Telegraph, dated 28th December 2017 author Telegraph Reporters)

Full article [Option 1]:

Nearly half the public in England and Wales have not seen a 'bobby on the beat' in the past 12 months and sightings have fallen by a quarter in two years.

Four-fifths of those surveyed for the Inspector of Constabulary said a regular uniformed police presence was important, but fewer than one-in-five thought they had one in their neighbourhood.

The proportion who had not seen a uniformed officer in their area rose to 44 per cent this year, up from 41 per cent in 2016 and 36 per cent in 2015.

The percentage saying they had not seen uniformed personnel in a vehicle in the past year was lower, at 12 per cent.

The findings come after police chiefs have said they are struggling with steep funding cuts from central Government.

A report detailing the findings of the survey of 12,662 people carried out for HM Inspectorate of Constabulary and Fire & Rescue Services noted that public feelings around police visibility "can be strong and have a significant bearing on broader attitudes to policing and local safety".

It said: "Regular local uniformed police presence remains important for participants.

"However, as in previous years, the proportion who are satisfied with the level of local uniformed police presence is far lower than the proportion who are dissatisfied (24 per cent vs 41 per cent)."

The inspectorate has previously raised concerns over the impacts of an "erosion" of neighbourhood policing.

The research also found a marked increase in confidence in the police to provide protection during a terrorist attack.

Over half (55 per cent) said that they would be "very" or "fairly" confident in police dealing with such an incident, compared with 46 per cent in 2016.

The increase probably reflected a shift in public perception after the police response to 2017 terrorist attacks in London and Manchester, the report said.

Overall, just over half were satisfied with the police - similar to last year when the percentage was 52 per cent.

(1st January 2018)

(Wired, dated 28th December 2017 author Mike Lynch)

Full article [Option 1]:

As early as 2018, we can expect to see truly autonomous weaponised artificial intelligence that delivers its blows slowly, stealthily and virtually without trace. And 2018 will be the year of the machine-on-machine attack.

There is much debate about the possible future of autonomous AI on the battlefield. Once released, these systems are not controlled. They do not wait for orders from base. They learn and make their own decisions often while deep inside enemy territory. And they learn quickly from their environments.

However, autonomous AIs are already starting to be deployed on another type of battlefield: digital networks. Today cyber-attackers are using AI technologies that help them not only infiltrate an IT infrastructure, but to stay on that network for months, perhaps years, without getting noticed.

In 2018, we can expect these algorithmic presences to use their intelligence to learn about their environments and blend in with the daily commotion of network activity. The drivers of these automated attacks may have a defined target - the blueprint designs of a new type of jet engine, say - or persist opportunistically, where the chance for money- or mischief-making avails itself. As they sustain their presence, they grow stronger in their inside knowledge of the network and its users and they build up control over data and entire systems.

Like the HIV virus, which is so pernicious because it uses the body's own defences to replicate itself, these new machine intelligences will target the very defences deployed against it. They will learn how the firewall works, the analytics models used to detect attacks and times of day that the security team is in the office. They will then adapt to avoid and weaken them. All the while, it will use its strength to spread, creating inroads for compromise and contaminating devices with brutal efficiency.

AI will also attack us by impersonating people. We already have AI assistants that do our scheduling, email on our behalf and ask us what we'd like to order for lunch. But what happens if your AI assistant gets taken over by a malicious attacker? Or, indeed, what happens when weaponised AI is refined enough to convincingly impersonate a real person who you trust?

A stealthy, long-term AI presence on your network will have ample time to learn what your writing style is and how this differs depending on who you email, your contact base and the distinctions in professional and personal relationships based on the language you use and key themes in your conversations.

For example, you email your partner five times a day, particularly in the morning and afternoon. They sign their emails "X". Your football team emails weekly with details for Saturday's five-a-side games. They sign emails "Be there!". This is fodder for AI.

As to what we should do about these malicious AIs: they will be too clever and stealthy to combat other than with other AIs. This is one arena we'll have to give up control, not take it back.

(1st January 2018)

(Mirror, dated 27th December 2017 author Rob Grant)

Full article [Option 1]:

East London is the worst place in Britain for motorists driving without insurance.

There are 5,290 drivers in the E postcode who have had their licences stamped for driving without proper insurance.

This works out at approximately one person in every 89 in the area, which covers Tower Hamlets, Newham and parts of other east London boroughs.

This is the highest in Britain, closely followed by the SE postcode which covers south-east London.

Third party insurance is the minimum you need to drive a vehicle legally on British roads.

It means the other party is covered for any medical and repair bills in an accident.

If you are involved in an accident with an uninsured driver this can mean you end up losing money or your no-claims bonus even if the accident wasn't your fault.

It may be possible to claim some compensation from the Motor Insurers' Bureau (MIB) which handles claims against uninsured and untraceable drivers.

Offenders will get six to eight points on their licences, which stays on the record for four years.

You could possibly get a driving ban and an unlimited fine if the case goes to court.

The Mirror obtained the data from the Driver and Vehicle Licensing Agency (DVLA) under freedom of information laws.

These 5,290 people in the E postcode are all licensed drivers - there are more people who can't currently drive and those holding foreign licences who have also been caught driving without insurance.

London dominates the list of worst-offending areas, with seven of the top ten areas with the highest rates of uninsured drivers covering parts of the capital.

The worst places outside London are Bradford, Sunderland and Luton.

Men aged 25 to 28 are the most likely people to be caught driving while uninsured, the DVLA data shows.

There are 207,319 drivers in Britain who have points on their licence for driving without proper insurance.

Worst 10 areas:

1. East London
2. South East London
3. Southall
4. Ilford
5. Croydon
6. Romford
7. Bradford
8. Sunderland
9. North London
10. Luton

FROM THE PAST (uaware)

(This is money, dated 12th September 2011)

Full article [Option 1]:

The worst offending areas in the country for drivers on the road without car insurance has been revealed in a new study.

Bordesley in Birmingham tops the list, where nearly one in three drivers is without a policy. This is 7.66 times the national average.

Hot-spots of the Uninsured

1. Birmingham B9
2. Birmingham B10
3. Birmingham B8
4. Bradford BD9
5. Bradford BD3
6. Bradford BD8
7. Birmingham B6
8. Manchester M12
9. Birmingham B11
10. Birmingham B21
11. Halifax HX1
12. Bradford BD7
13. Birmingham B12
14. Manchester M8
15. Wolverhampton WV2
16. Bradford BD5
17. Birmingham B18
18. Birmingham B66
19. Birmingham B19
20. Romford RM20

Source : MIB Top 20 uninsured diving hotspots (2008 - 2010)

(Birmingham Post, dated 24th September 2009)

Full article [Option 1]:

Birmingham contains six of the worst 10 regions in the UK for uninsured drivers, research has shown, while the West Midlands is the joint-fourth worst area in the country for drivers without cover.

The Motor Insurers' Bureau (MIB) said 7% of vehicles in the West Midlands were flagged as being driven illegally because they were uninsured, while in Birmingham's Handsworth area drivers were nearly six times more likely to come across an uninsured driver than the UK average.

Small Health, Saltley, Newtown, Aston and Bordesley were also in the top 10, while Smethwick, Balsall Health, Tyseley and Nechells Park were in the top 20.

The MIB estimates that overall 1.7 million motorists broke the law during 2008 by driving despite not having any cover, which costs UK motorists £30 a year through higher insurance premiums

The figures were released as the group, which compensates people involved in accidents with uninsured drivers, launched a campaign aimed at drivers who may be tempted to let their insurance lapse in a bid to reduce their motoring costs.

It warned that people who drove without insurance could have their vehicle seized, while they would also receive a minimum of six penalty points on their licence and incur a fixed penalty of £200. Uninsured driving is estimated to cost the UK £500 million.

Ashton West, chief executive of the Motor Insurers' Bureau, said: "The fact that 1.7 million motorists still take to the roads without insurance is staggering; but there is no doubt that the number of drivers caught each year is increasing significantly, so drivers simply cannot afford to be complacent.

"Indeed, the number of drivers across the UK who were caught without insurance last year would fill Wembley Stadium more than twice. The message to motorists is clear: driving uninsured is simply not worth the risk."

AA Insurance welcomed the campaign to encourage drivers not to cancel their insurance. It said it had seen a 17% increase in the number of people paying by direct debit who had defaulted, underlining the importance of the campaign.


(1st January 2018)

(Daily Mail, dated 27th December 2017 author Bridie Pearson-Jones)

Full article [Option 1]:

Retailers have accused ministers of failing to stop sharp increase in shoplifting after it emerged that criminals that steal less than £200 worth of goods won't be pursued by the police.

Most police forces no longer attend reports of shop theft and will only send out an officer if there's been violence or a threat of violence against retail staff.

Ministers have been accused of leading the effective decriminalisation of shoplifting, as those that steal goods under the £200 threshold are now dealt with by post, in the same manner of someone who receives a speeding fine.

In a recent meeting between the Home Office and leading retailers the government was warned of a crisis in which 'prolific and persistent' criminals that were exploiting rules by moving around high streets often stealing goods worth just under £200, the Daily Telegraph reported.

An act passed in 2014 allowed anyone accused of shoplifting anything under £200 to plead guilty by post, in the hope that it would save money on court time.

One senior retail industry source told the Telegraph: 'Many thieves, who have substance abuse problems, simply use shops and supermarkets like piggy banks. They will target things like meat, cheese and coffee that they can sell quickly and easily.'

Paddy Tipping, Police and Crime Commissioner of Nottinghamshire Police said: 'If you have lost 25 per cent of your resources you have to be clear what your priorities are and I think we need to have that debate.

'In the last two years in my area of Nottingham the number of reports of rape have gone up by 25 per cent.

'We have to work with the retail sector to find out what we can do jointly to tackle the problem.'

(1st January 2018)

(Wired, dated 27th December 2017 author Andy Greenberg)

Full article [Option 1]:

Perhaps you've been hearing strange sounds in your home-ghostly creaks and moans, random Rick Astley tunes, Alexa commands issued in someone else's voice. If so, you haven't necessarily lost your mind. Instead, if you own one of a few models of internet-connected speaker and you've been careless with your network settings, you might be one of thousands of people whose Sonos or Bose devices have been left wide open to audio hijacking by hackers around the world.

Researchers at Trend Micro have found that some models of Sonos and Bose speakers-including the Sonos Play:1, the newer Sonos One, and Bose SoundTouch systems-can be pinpointed online with simple internet scans, accessed remotely, and then commandeered with straightforward tricks to play any audio file that a hacker chooses. Only a small fraction of the total number of Bose and Sonos speakers were found to be accessible in their scans. But the researchers warn that anyone with a compromised device on their home network, or who has opened up their network to provide direct access to a server they're running to the external internet-say, to host a game server or share files-has potentially left their fancy speakers vulnerable to an epic aural prank.

"The unfortunate reality is that these devices assume the network they're sitting on is trusted, and we all should know better than that at this point," says Mark Nunnikhoven, a Trend Micro research director. "Anyone can go in and start controlling your speaker sounds," if you have a compromised devices, or even just a carelessly configured network.

Trend's researchers found that scanning tools like NMap and Shodan can easily spot those exposed speakers. They identified between 2,000 and 5,000 Sonos devices online, depending on the timing of their scans, and between 400 and 500 Bose devices. The impacted models allow any device on the same network to access the APIs they use to interface with apps like Spotify or Pandora without any sort of authentication. Tapping into that API, the researchers could simply ask the speakers to play an audio file hosted at any URL they chose, and the speakers would obey.

The researchers note that audio attack could even be used to speak commands from someone's Sonos or Bose speaker to their nearby Amazon Echo or Google Home. They went so far as to test out the attack on the Sonos One, which has Amazon's Alexa voice assistant integrated into its software. By triggering the speaker to speak commands, they could actually manipulate it into talking to itself, and then executing the commands it had spoken.

Given that those voice assistant devices often control smart home features from lighting to door locks, Trend Micro's Nunnikhoven argues that they could be exploited for attacks that go beyond mere pranks. "Now I can start to run through more devious scenarios and really start to access the smart devices in your home," he says.

Given the complexity of those voice assistant attacks, however, pranks are far more likely. And the audio-hacker haunting Trend Micro warns about may have already actually happened in the wild. The company's researchers point to one posting from a customer on a Sonos forum who reported earlier this year that her speaker had begun randomly playing sounds like door creaks, baby cries, and glass breaking. "It was really loud!" she wrote. "It's starting to freak me out and I don't know how to stop it." She eventually resorted to unplugging the speaker.

Beyond merely playing sounds through a victim's device, a hacker could also determine information like what file a vulnerable speaker is currently playing, the name of someone's accounts on services like Spotify and Pandora, and the name of their Wi-Fi network. In testing devices running an older version of Sonos software, they even found that they could identify more detailed information, like the IP addresses and device IDs of gadgets that had connected to the speaker.

After Trend Micro warned Sonos about its findings, the company pushed out an update to reduce that information leakage. But Bose has yet to respond to Trend Micro's warnings about its security vulnerabilities, and both companies' speakers remain vulnerable to the audio API attack when their speakers are left accessible on the internet. A Sonos spokesperson wrote in response to an inquiry from WIRED that the company is "looking into this more, but what you are referencing is a misconfiguration of a user's network that impacts a very small number of customers that may have exposed their device to a public network. We do not recommend this type of set-up for our customers." Bose has yet responded to WIRED's request for comment on Trend Micro's research.

None of this adds up to much of a critical security threat for the average audiophile. But it does mean owners of internet-connected speakers should think twice about opening holes in their network designed to let external visitors into other servers. And if they do, they should at least keep an ear out for any evil commands their Sonos might be whispering to their Echo after dark.

(1st January 2018)

(The New York Times, dated 27th December 2017 author Ashley Southall)

Full article [Option 1]:

It would have seemed unbelievable in 1990, when there were 2,245 killings in New York City, but as of Wednesday there have been just 286 in the city this year - the lowest since reliable records have been kept.

In fact, crime has fallen in New York City in each of the major felony categories - murder and manslaughter, rape, assault, robbery, burglary, grand larceny, and car thefts - to a total of 94,806 as of Sunday, well below the previous record low of 101,716 set last year.

If the trend holds just a few more days, this year's homicide total will be under the city's previous low of 333 in 2014, and crime will have declined for 27 straight years, to levels that police officials have said are the lowest since the 1950s. The numbers, when taken together, portray a city of 8.5 million people growing safer even as the police, under Mayor Bill de Blasio, use less deadly force, make fewer arrests and scale back controversial practices like stopping and frisking thousands of people on the streets.

"There is no denying that the arc is truly exceptional in the unbroken streak of declining crime," said William J. Bratton, who retired from his second stint as police commissioner last year.

But officials see one area of concern: an uptick in reports of rapes toward the end of the year. The increase, which officials said included a higher-than-normal number of attacks that occurred more than one year ago, coincided with the publication of accusations against powerful men like Harvey Weinstein, which gave rise to the #MeToo movement encouraging victims to come forward. City police officials have said they believed news coverage played a role in the spike in reports, though they also credited their own efforts combating domestic violence with encouraging victims to speak up.

And while rapes were down from last year by one, to 1,417, misdemeanor sex crimes - a catchall for various types of misconduct that includes groping - ticked up 9.3 percent to 3,585 so far.

The lower homicide numbers are still preliminary - and include one announced on Wednesday night - but they jibe with large drops in killings in major cities like Chicago and Detroit, while contrasting with sizable increases in killings in smaller cities like Charlotte and Baltimore.

The city today is a far cry from what it was when Mr. Bratton arrived in 1990 to become the head of the then-separate Transit Police. Not only were there 2,245 killings that year, but there were more than 527,000 major felony crimes and more than 5,000 people shot. Shootings have plunged to 774 so far this year, well below last year's record low of 998. And for the first time, fewer than 1,000 people have been hurt by gunfire: 917 as of Sunday.

The continued declines are a boon to Mr. de Blasio, a Democrat elected on promises of police reform - promises that prompted warnings of mayhem to come by his opponents in 2013. But the opposite has happened, putting him on stronger footing as he pivots to a second term with a Police Department transformed to exercise greater restraint as it focuses on building trust in the city's neighborhoods.

Franklin E. Zimring, a professor at University of California, Berkeley, School of Law, said the downturn was an "astounding achievement," but it raised another question: How long and low will crime fall?

"We don't know when we've exhausted the possibilities of urban crime decline, and we won't know unless and until New York scrapes bottom," said Mr. Zimring, who analyzed the first 20 years of New York's historic crime reduction and expounded on it in a book.

Mr. de Blasio and the police commissioner, James P. O'Neill, credit recent drops in crime to the Police Department's emphasis on going after the relatively small groups of people - mostly gangs and repeat offenders - believed to be responsible for most crime, while also building relationships in communities where trust has been strained.

Mr. Bratton applauded political support for the police from the mayor, who provided funding for investments in officer hiring, training, equipment and overdose-reversal drugs.

One of the results is that police officers are using deadly force less often. As of Dec. 20, police officers intentionally fired their service guns in 23 encounters, a record low, down from 37 in 2016. The Police Department said officers were relying more on stun guns, which were used 491 times through November, compared with 474 times during the same period in 2016. More than 15,000 officers have been trained how to use them.

But criminologists differ about the cause of the continued declines. Mr. Zimring said that while better policing accounted for much of the decline in crime since 1990, it was no longer a primary driver. New York is "tiptoeing" toward a 90 percent crime decline for reasons that remain "utterly mysterious," he said.

More broadly, research suggests that crime trends are closely tied to economic conditions. Interest rates, inflation and unemployment are among the macro-level factors influencing crime, according to James Austin, the president of the JFA Institute, a criminal justice policy nonprofit.

"What the Fed does will have more of an impact than any sentencing or police reforms," Mr. Austin said.

The reductions in New York are a part of what the Brennan Center for Justice expects will be a 2.7-percent decline in crime rates and 5.6-percent drop in murder rates across the country's largest cities. After record-high bloodshed last year, killings in Chicago have declined 15 percent.

Through August, rape was down in New York City 7 percent compared with last year, but a small increase in September was followed by spikes in October and November. The New York Times first published accusations against Mr. Weinstein on Oct. 5.

Reports of rapes that had occurred in a previous year, meanwhile, were up almost 12 percent through November. In response, the Police Department is adding investigators to its Special Victims Unit and has modernized the techniques detectives use to investigate claims.

"We can't answer definitively" what is driving the rise, Commissioner O'Neill told reporters at a crime briefing this month. "At least I can't. But we're seeing people coming forward and having faith in the N.Y.P.D. And that's what we want to happen."

Whatever the reason for New York's crime reductions, the statistics do not capture the complete picture of public safety. Some crimes are not represented fully or at all: acts of domestic violence, sexual assaults, identity thefts, hate crimes, and shootings that don't result in injuries or damage.

In some cases, the data annotates horrible crimes: an ISIS-inspired truck rampage on a Manhattan bike lane on Halloween that left eight people dead; the ambush killing of a police officer, Miosotis Familia, 48, who was shot in the head on July 4 while sitting in her R.V.-style command post in the Bronx; the death of Timothy Caughman, 66, a black man, at the hands of a sword-wielding white supremacist on March 20.

Increasingly, officers are receiving calls to help people in emotional crises. The police responded to 157,000 such calls in 2016. But only 7,000 officers have received crisis intervention training for handling those situations.

While most police encounters are resolved without officers resorting to deadly force, fatal police shootings of people in emotional distress - including Dwayne Jeune on July 31 in Brooklyn and Miguel Richards on Sept. 6 in the Bronx - have drawn scrutiny. A police sergeant, Hugh Barry, was indicted on murder charges in May for the fatal on-duty shooting of a mentally ill woman, Deborah Danner, in October 2016. His trial is scheduled to begin in January.

(1st January 2018)

(Metro, dated 26th December 2017 author Harley Tamplin)

Full article [Option 1]:

Most Londoners and many visitors to the capital have witnessed an apparently impromptu musical performance on the Tube.

Tourists are often charmed by the show, while locals desperately try to avoid eye contact with the musicians because it's the third time they've heard them in a week.

But under no circumstances should you give money to anyone playing music on the Underground, Transport for London and the British Transport Police have said.

While busking inside Tube stations is an important part of the capital's culture, doing so on trains themselves is illegal.

And not only is busking on the Underground against the law, but there have been reports of thefts suspected to be connected with the performances.

Ten people were arrested in November following a crackdown on the practice by police officers and TfL, dubbed Operation Singer.

Even drivers have taken action against the amateur musicians, with some forced to make announcements warning passengers of their presence and urging them to keep an eye on their belongings.

Siwan Hayward, TfL's head of transport policing, told 'We actively support music on the transport network through our licensed busking scheme, where musicians can apply and gain a platform to entertain customers at our stations.

'But busking on a Tube train can make customers feel uncomfortable, is sometimes linked to other crime and is a breach of the railway bylaws.

'We are working closely with the British Transport Police to crack down on this inconsiderate behaviour and encourage any passengers who witness this type of busking to report it by texting the BTP on 61016.'

A spokesman for TfL said reports suggest the practice has links to organised crime and pick-pocketing gangs.

In a statement, British Transport Police said: 'We work closely with Transport for London to ensure passengers and staff feel comfortable when they travel.

'Operation Singer was a joint operation with TfL to target illegal busking. The operation resulted in 10 arrests on the network over a week (in November).

'Busking on the Tube is illegal and we would encourage any passengers who witness illegal busking to report it by texting the BTP on 61016.'

TfL runs a busking scheme encouraging musicians to audition for a busking licence, which grants them permission to perform at Underground stations.

Stars such as Ed Sheeran, Jessie J, Bob Geldof and Katherine Jenkins have all previously performed on the Tube's stage.

Why you shouldn't give money to beggars

Charities have regularly encouraged members of the public not to give money to beggars on the street.

Instead, people can help by giving food or water rather than cash, by donating to a homeless charity, or simply having a conversation with homeless people.

A spokesman for homeless charity Thames Reach said: 'The evidence is indisputable that the overwhelming majority of people begging on the streets of England spend their begging money on crack cocaine and heroin.

'Giving to people who beg is not a benign act. It can have fatal consequences.

'The link is between begging and drug and alcohol misuse, not homelessness and begging, nor even homelessness and drugs.

'There are plenty of ways of ensuring that your money is spent on funding real solutions to homelessness and drug and alcohol addiction. Help Thames Reach to end street homelessness in London.'

(1st January 2018)


RootsWeb Security Update
(Ancestry Blog, dated 23rd December 2017 author Tony Blackman)

Full article [Option 1]:

We want to share an important security update with you.

Last Wednesday, December 20, Ancestry's Information Security Team received a message from a security researcher indicating that he had found a file containing email addresses/username and password combinations as well as user names from a server. Our Information Security Team reviewed the details of this file, and confirmed that it contains information related to users of Rootsweb's surname list information, a service we retired earlier this year. For those of you who are unfamiliar, RootsWeb is a free community-driven collection of tools that are used by some people to host and share genealogical information. Ancestry has been hosting dedicated RootsWeb servers as a favor to the community since 2000. Importantly, RootsWeb does not host sensitive information like credit card numbers or social security numbers, and is not supported by the same infrastructure as Ancestry's other brands. We are in the process of informing all impacted customers and will also be working with regulators and law enforcement as appropriate.

We also reviewed the RootsWeb file to see if any of the account information overlapped with existing accounts on Ancestry sites. We did confirm that a very small number of accounts - less than one percent of our total customer group - used the same account credentials on both Rootsweb and an Ancestry commercial site. We are currently contacting these customers.

In all cases, any user whose account had its associated email/username and password included on the file has had their accounts locked and will need to create a new password the next time they visit.

What Happened

Immediately after receiving the file containing the RootsWeb surname list user data, the Ancestry Information Security Team commenced its analysis of the file and its contents, and started a forensic investigation of RootsWeb's systems to determine the source of the data and identify any potential active exploitation of the RootsWeb system.

As a result of that analysis, we determined that the file was legitimate, although the majority of the information was old. Though the file contained 300,000 email/usernames and passwords, through our analysis we were able to determine that only approximately 55,000 of these were used both on RootsWeb and one of the Ancestry sites, and the vast majority of those were from free trial or currently unused accounts. Additionally, we found that about 7,000 of those password and email address combinations matched credentials for active Ancestry customers. As part of our investigation, our team also uncovered other usernames that were present on the RootsWeb server that, though not on the file shared with us, we reasonably believe could have been exposed externally. We are taking the additional step of informing those users as well.

We believe the intrusion was limited to the RootsWeb surname list, where someone was able to create the file of older RootsWeb usernames and passwords as a direct result of how part of this open community was set up, an issue we are working to rectify. We have no reason to believe that any Ancestry systems were compromised. Further, we have not seen any activity indicating the compromise of any individual Ancestry accounts.

What We've Done

As a result of this discovery, we have taken two immediate corrective actions.

First, for the approximately 55,000 customers who used the same credentials at RootsWeb's surname list and Ancestry - whether currently active or not - we have locked their Ancestry accounts and will require that they create a new password the next time they visit. We have also sent them emails to alert them to the situation. Though we have seen no activity that indicates these accounts have been compromised, we believe taking this additional measure is the right step to ensure the security of these customers. If you have not received an email or a notice requiring you to change your password, you have not been affected. Again, this issue involves less than one percent of our users, so there is a very good chance your account wasn't involved.

Second, we have temporarily taken RootsWeb offline, and are working to ensure that all data is saved and preserved to the best of our ability. As RootsWeb is a free and open community that has been largely built by its users, we may not be able to salvage everything as we work to resolve this issue and enhance the RootsWeb infrastructure.

What You Should Do

If you are a customer whose account was impacted, you will receive an email telling you that you need to change your password. In that case, you will be required to create a new password the next time you visit Ancestry.

For the vast majority of customers who are not impacted by this, there is nothing you need to do as a result of this incident. However, we always recommend that you take the time to evaluate your own security settings. Please, never use the same username and password for multiple services or sites. And it's generally good practice to use longer passwords and to change them regularly.

What We're Doing from Here

As always, your privacy and the security of the data you share with us are our highest priority. We are continually assessing our policy and procedures and always seeking ways to improve our approach to security. We understand the importance of our role as stewards of your information and work every day to earn your trust.

We are doing a deep analysis of RootsWeb, its design and how we might be able to help the community enhance the site and its services. It is our desire to continue to host these tools for the community with appropriate safeguards in place.

Please let us know if you have any questions at Support Center, and thank you for your understanding.

(1st January 2018)

(Birmingham Mail, dated 22nd December 2018 author James Rodger)

Full article [Option 1]:

2018 is a year of major change in terms of legislation.

This year has seen plenty of changes - some of which, we're sure, you've probably already heard of.

Typically, it takes a while for laws to come into effect after the Government first announces them.

So don't be alarmed if you already know these laws below.

But you should definitely be aware - and, if you didn't know about them, you do now.

These are the laws it's imperative you know about over the course of 2018 - and, more importantly, how they are set to impact your day-to-day life.

May 2018 - UK Data Protection Bill

The UK government's new data protection legislation, which will implement the vast majority of GDPR was published on September 14, 2017.

The bill must pass through the House of Commons and the House of Lords before it becomes law.

Matt Hancock, Minister of State for Digital, said the measures are designed to "give consumers the confidence that their data is protected and those who misuse it will be held to account".

If passed, the Data Protection Bill will bring British law into line with the EU's General Data Protection Regulation (GDPR), which will become enforceable from May 2018.

- It will be easier to withdraw your consent for the use of your personal data
- You will be able to ask for your personal data held by companies to be erased
- Parents and guardians will be able to give consent for their child's data to be used
- Companies will have to gain your 'explicit' consent before processing your sensitive personal data
- Your IP address, internet cookies and DNA will also be classified as 'personal data'
- It will be easier and free to see what personal data an organisation holds on you
- It will be easier to move data between service providers
- Companies will face increased penalties for breaking the rules

April 2018 - Gender pay gap

England, Wales and Scotland employers with at least 250 employees will be required to publish information about the differences in pay between men and women in their workforce, based on a pay bill 'snapshot' date of 5 April 2017, under the Equality Act 2010 (Gender Pay Gap Information) Regulations 2017.

The first reports must be published by 4 April 2018.

April 2018 - Termination payments

The government plans to make changes to the taxation of termination payments from April 2018. T

The proposals include:

- removing the distinction between contractual and non-contractual PILONs (payments in lieu of notice) so that all PILONs are taxable and subject to Class 1 NICs

- ensuring that the first £30,000 of a termination payment remains exempt from income tax and that any payment paid to any employee that relates solely to the termination of the employment continues to have an unlimited employee NICs exemption

- aligning the rules for income tax and employer NICs so that employer NICs will be payable on payments above £30,000 (which are currently only subject to income tax).

April 2018 - Employment Allowance changes

The government plans to introduce a further deterrent to the employment of illegal workers.

From April 2018, employers will not be able to claim the Employment Allowance for one year if they have:

- hired an illegal worker
- been penalised by the Home Office
- exhausted all appeal rights against that penalty.

April - Minimum Energy Performance Ratings

From 1st April 2018, there will be a requirement for any privately rented properties to have a minimum energy performance rating of E.

The government has announced it will be unlawful to rent out a property which breaches this minimum rating.

A civil penalty of up to £4,000 will be imposed for landlords who do - meaning properties which fall in the F or G category will no longer be acceptable.

May - MOT scrapped on classic cars

From May 2018, 293,000 cars in Britain will be exempt from having an MOT test.

Under new plans, cars that are over 40 years old won't have to take the annual road safety test.

This means around 1.5 per cent of cars in Britain will not have an MOT certificate, but will be road legal.

The Department for Transport defended the decision from suggestions it was an unsafe move, by saying owners of older cars usually keep them in the good condition and don't use them regularly enough for an MOT test to be necessary.

TBC - Grandparental leave/parental bereavement

Two years ago, David Cameron's government stated its intention to extend shared parental leave and pay to working grandparents by 2018.

But Theresa May's government has yet to indicate whether it intends to pursue the policy.

Likewise, a year ago, the government backed a private members' bill, the Parental Bereavement (Leave and Pay) Bill.

The Bill, currently progressing through Parliament, will entitle employees who lose a child under the age of 18 to two weeks' leave, paid at the statutory rate if they have 26 weeks' service.

The government is aiming for the new law to be in force in 2020.

TBC - Drones

Drones - unmanned aircraft - are becoming increasingly regulated amid health and safety fears.

In 2018, the UK government is introducing new laws which mean users will need to take a basic online safety test and register their drone in order to lawfully use it.

Police will also be able to search and seize drones if they have grounds for suspicion. The test has been described as 'similar to a driving theory test.'

(1st January 2018)

(London Evening Standard, dated 22nd December 2017 author Martin Bentham)

Full article [Option 1[:

Police and other emergency services should consider carrying bottles of specialist rinse in their vehicles to treat victims of acid attacks, a London MP has told Parliament.

Lyn Brown said that quickly applying water to skin sprayed with corrosive substances can make a "big difference" to a victim's recovery.

But the MP for West Ham added that specialist rinses such as Diphoterine were even more effective, and suggested that the Met police should begin equipping rapid-response cars with bottles of such solutions.

She warned the change would "cost money" because Diphoterine - which can remove acid from skin while neutralising its effect - was "not cheap", but said: "I want that option to be fully considered. Victims of such attacks deserve the best possible chance of a full recovery from their ordeal."

Her call came in a Westminster Hall debate on acid attacks.

Earlier this week, drug dealer Arthur Collins was sentenced to 20 years in jail for injuring 14 people by spraying acid at the Mangle E8 nightclub in Dalston in April.

The judge at Wood Green crown court told Collins, 25, that he had committed a "despicable" crime.

During the Westminster Hall debate MPs urged the Government to further restrict sales of corrosive substances and allow tougher sentences for those who used them to harm.

Ms Brown said her borough of Newham had been "labelled the acid attack capital of Britain" after 82 such crimes in the past year - almost one in five of the London total of 449 attacks.

Police had "flagged 14 per cent of the attacks as gang-related, 22 per cent as robberies and four per cent as related to domestic abuse", she said.

Ms Brown called for corrosive substances to be added to the "regulated poisons list", which imposes tight restrictions on sales.

A ban on cash purchases should also be considered so that those who bought acid could be traced more easily, she said.

East Ham MP Stephen Timms backed her proposals and also suggested banning sales to those aged under 21.

Home Office minister Victoria Atkins said acid attacks were "terrible crimes" and the Government was consulting on new measures.

uaware information - What is a Diphoterine Solution?

- Diphoterine is a product name
- Primarily used by the chemical industry to deal with splashes of hazardous liquids onto skin etc.
- According to product instructions, for maximum affect it should be used within a minute of the incident occuring.
- It may not work to neutralise all corrosive substances.
- Once the exposed skin/eye tissue cells have been destroyed by the splashed chemical, the DIPHOTERINE® solution can no longer be efficacious.

Manufacturers website :

uaware - in conclusion

- Diphoterine may be useful to treat corrosive attacks on Police Officers attending an attack, but a victim needs to be treated within seconds. So victim needs to be doused with copius amounts of water to dilute and wash away any corrosive liquid.

(1st January 2018)

(The Register, dated 21st December 2017 author Rebecca Hill)

Full article [Option 1]:

Authorities need to have rules in place to ensure that lawful social media snooping doesn't slip into covert ops, the UK's chief surveillance commissioner has said.

In his 2016-17 annual report (PDF), published today, the commissioner Lord Igor Judge set out the state of surveillance in the country.

It showed that, during the year April 1, 2016, to March 31, 2017, there were, overall, fewer surveillance authorisations than in the previous year.

There were 1,842 authorisations for property interference, down by 228 on 2015-16, and 237 intrusive surveillance authorisations, down by 58.

Law enforcement agencies' directed surveillance authorisations fell from 7,118 to 6,237, while other public bodies' directed surveillance fell from 2,029 to 1,887.

However, Judge emphasised that - even if there had been no authorisations granted to a specific body recently - constant oversight was necessary because public bodies are always able to use covert surveillance.

The inspection process "may reveal inadvertent use and misuse of the legislative powers", or uncover new issues, he said.

For instance, "the steady expansion in the use of the social media and internet for the purposes of investigative work provides a striking example of a potential new problem which came to light through the inspection system."

Judge said that it had become apparent that local authorities are using social media as part of their investigations, for instance tracking the sale of counterfeit goods or checking that people's living situation matches their claims.

Although authorities are permitted to look at information that's in the public domain, "repeated visits to individual sites may develop into activity which, if it is to continue lawfully, would require appropriate authorisation", he said.

In a bid to alert officials to the problem, the commish said that he had written to local authorities earlier this year to set out his concerns.

In it he urged councils to carry out internal audits on the activities of their "no doubt well-intentioned" staff and set up training and awareness programmes for them.

In the letter - an extract of which is published in the report - Judge said that staff who are unaware of the "complex legislative provisions" could end up acting unlawfully.

"Ignorance [of the law] would provide no defence to them personally, nor to the Council for which they were working," he warned.

Judge added that many authorities have "first-class arrangements" in place for the use of covert tactics, even if they aren't used, but "others do not".

And, even if they aren't planning to use social media, while bodies are authorised to carry out covert surveillance, "they should remain 'match fit'".

This year's annual report is the last, as the commissioner's work is being subsumed by the Investigatory Powers Commissioner's Office, which launched in September.

(1st January 2017)

(The Telegraph, dated 21st December 2017 author Isabelle Fraser)

Full article [Option 1]:

The Government will ban leaseholds for almost all new build houses in a crackdown on "feudal" practices.

It is also set to ensure that ground rents on new long leases in England are set to zero, for both houses and flats, as well as making it easier and cheaper for leaseholders to buy out their freehold.

It made the announcement after receiving an "overwhelming response" to its consultation into the leasehold system. This came about after the scandal of "doubling" ground rents emerged, in which the sum payable to the freeholder doubles every 10 or 25 years, rendering them unsellable, with lenders such as Nationwide refusing mortgages for them.

Communities secretary Sajid Javid said: "It's unacceptable for home buyers to be exploited through unnecessary leaseholds, unjustifiable charges and onerous ground rent terms.

"It's clear from the overwhelming response from the public that real action is needed to end these feudal practices. That's why the measures this Government is now putting in place will help create a system that actually works for consumers."

The consultation received more than 6,000 submissions, with the vast majority expressing concern over the leasehold system.

The move to ban leaseholds will not retrospectively affect the current 1.4m houses which currently have such contracts. The average ground rent paid is £371, according to Direct Line.

The ban on new build leasehold houses will also not apply in some situations, the Government said, such as when they have shared services or are built on land with certain restrictions. A spokesman at the Housebuilders Federation said: "While proposals should have little impact on mainstream house builders, we need to ensure that for specialist providers - such as the retirement housing sector - they are sensible and don't threaten viability and as a result, supply."

Sebastian O'Kelly, a campaigner at the Leasehold Knowledge Partnership, said: "This is a huge vindication of our efforts - and those of The Telegraph - against a largely uninterested government and somnolent civil service.

"Ending leasehold houses and setting new ground rents to zero are excellent first steps to stopping developers from turning ordinary people's homes into highly complex investment vehicles for anonymous investors, often based offshore.

"Sadly, there are five million existing leasehold properties out there, all with widely differing lease terms and with ample opportunity for remunerative game-playing at home owners' expense."

(1st January 2018)

(International Business Times, dated 21st Decemeber 2017 author Hyacinth Mascarenhas)

Full article [Option 1]:

As hacks, data breaches and leaks become increasingly frequent and widespread in recent years, security researchers have continued to bemoan users' terrible password management habits. Despite that, people still continue to rely on weak, easy-to-remember strings of characters to secure their online accounts and digital identity.

While the worst passwords of 2017 expectedly featured some terrible options, including "123456" and "password", a new survey by tech consultancy EPC Group offers a rather different glance at people's notoriously awful and lazy password habits.

Despite "password" constantly topping surveys as the riskiest password one could use, the survey of 600 Americans in November found men seem to have a strong preference for this particular unsecure option.

According to the survey, men were 2.8 times more likely than women to use the word "password" as their password. Meanwhile, women were 1.3 times more likely than men to include their significant other's name in a password.

Women also tend to have wordier passwords and are 1.5 times more likely than males to use four or more words when creating a password.

The most common personal tie used by Americans when creating a password is the name of a pet, while the least common is their social security number. While people in western US states were more likely to use a sports team's name in the password, those in the northeast shared their passwords with five or more people more often when compared to citizens in other parts of the country.

"The most common personal tie that Americans use when creating a password is the name of a pet. The least common is their social security number. 33% don't use any of the typical personal information when creating a new password," EPC noted.

A little over 37% of those surveyed admitted that they only change their passwords when a website requires them to do so. About 16% said they change it once a quarter, while 10% said they never do so.

Around 11% of respondents admitted using the same passwords or variations of it for seven or more years.

Users' password storage habits were also found to be pretty dicey.

Despite fervent advice from experts and researchers to remember and store passwords safely, a shocking 43% of respondents said they write down their passwords and have that list somewhere near their computer. While 36% have their list of passwords locked in a safe, 13% have it on a password-protected document. About 8% have it saved in an open document on their computers.

"Password security is essential in order to protect your identity and safeguard yourself from risk," EPC Group said. "Make sure to not use personal information when creating a password, don't share it unless necessary, don't store it on your computer, and remember to change it often."

uaware comment : It was only a survey of US citizens !

(1st January 2018)

(International Business Times, dated 21st December 2017 author Lara Rebello)

Full article [Option 1]:

Concerns over a rise in acid attack incidents in London made its way onto the floor of the parliament on Wednesday (20 November), with one MP calling on the government to take stronger action.

Labour's Stephen Timms, a long-time campaigner for the clampdown on acid attacks, pressed the need for more effective measures to restrict the sale of acid and impose stronger punishments against perpetrators of such crimes.

"I've had a number of discussions with representatives of moped delivery drivers and they say there are now parts of London where their drivers are not willing to go because of the danger of attack," the East Ham MP said, pointing out that UK has the highest rate of acid attacks per capita in the world.

"I think all of us would regard it as unacceptable that there are no go areas in parts of London and parts of the UK. I think it requires some significant action to deal with the problem."

Timms informed that his constituency has already volunteered to stop selling acid to people under the age of 21.

"I think the Home Secretary suggested that people could not be sold acid under 18. I think there is quite a strong case for making that 21, rather than 18," he added.

DUP MP Jim Shannon stated that guilty parties should be subject to the full extent of the law, and the crimes be considered as attempted murder. "We need to change the legislation and need to represent those people who are recipients of attack," he said.

"I sincerely urge that the Government takes all of this into consideration and brings attacks on par with knife violence crimes and ensures that the sentence fits the crime, which leaves a life destroyed."

The topic reached the floor following the recent sentencing of Arthur Collins who planned and carried out a brutal acid attack at a London nightclub in April.

The ex-boyfriend of UK reality TV star Ferne McCann received a 20-year sentence for injuring 22 people, including two Australian model sisters. According to police, 16 people suffered serious burns after Collins sprayed acid onto the crowd following a dance floor argument at the Mangle nightclub in the London borough of Hackney.

Earlier this month, new statistics indicated that the UK has one of the worst levels of recorded acid attacks in the world, with more than 800 attacks being reported each year.

"The UK now has one of the highest rates of recorded acid and corrosive substance attacks per capita in the world and this number appears to be rising," Rachel Kearton, the Assistant Chief Constable of Suffolk Police and National Police Chiefs Council (NOCC) lead on corrosive attacks, said, according to The Independent.

"It appears that in 2017 we will again exceed previous records for the number of attacks [but] I strongly feel that this is an under-reported crime at this time."

Unlike India and Bangladesh which have the highest numbers of acid attacks - mostly against women, the UK victims are most often men. According to Acid Survivors Trust International (Asti), UK attacks involving acid or other corrosive substances have increased by more than two and a half times the figure from five years ago.

Data from Asti showed:

- Between 2011 and 2016, the number of male victims was twice that of female ones.

- Most acid attack incidents happened in London, with more than 1,200 cases recorded over the past five years. Between 2011 and 2016, there were 1,464 crimes involving acid or corrosive substance.

- Northumbria recorded the second highest number of cases with 109 recorded attacks, Cambridgeshire had 69, Hertfordshire 67, Greater Manchester 57 and Humberside 52.

- Of the 2078 acid attack crimes recorded between 2011 and 2016, only 414 of those crimes resulted in charges being brought.

(1st January 2018)

(Digital Trends, dated 21st December 2017 author Trevor Mogg)

Full article [Option 1]:

As individuals, we all know we have to keep our wits about us when we're online. If you're really unlucky, a couple of ill-considered clicks or downloads could quickly ensnare you in a scam that ends up costing you hundreds of dollars, possibly more.

But if you're working for a company and your job is to make big payments to other businesses, the stakes are much higher. And yes, even global players can get caught out.

Take Japan Airlines (JAL). This week the international carrier admitted it had fallen victim to an email scam that cost it a not-insignificant 384 million yen (about $3.39 million).

Known as "invoice redirect" or "business email compromise," it seems that at least one JAL employee was tricked into making several payments to bogus bank accounts. One account purported to belong to a U.S. financial services company which had been leasing a plane to the airline, but it had in fact been set up by fraudsters, the Japan Times reported.

In such cases, cybercriminals first hack the service-providing company's email system to gain information about its business procedures before using the gathered data to approach its customers for due payments. Posing as the company, the scammers contact the customer by email, even going so far as to imitate the writing style of the person that usually sends such emails. The correspondence will include invoice and bank details, and if the two companies have a history of doing business, there might even be a bogus explanation as to why the bank information has changed.

Recipients sometimes fail to spot the red flag presented by the change in bank details as they're already expecting to make the payment to the company, so in their eyes nothing seems out of the ordinary.

In JAL's case, an employee first transferred around 360 million yen ($3.17 million) to the criminal's Hong Kong account for the lease of a plane when they believed they were paying into the account of the financial services company. This was soon followed by another payment of around 24 million yen ($212,000) into a different Hong Kong account that JAL thought belonged to an American logistics firm it had had dealings with. In the case of the first transaction, JAL only realized it had been scammed a month later when the company got in touch to inquire about its payment.

The incidents took place in September but came to light this week when the airline revealed it was working with law enforcement in a bid to find the perpetrators and track down the money.

In a similar incident reported on Thursday, December 21, scammers tricked officials at Dublin Zoo in Ireland into paying 500,000 euros ($590,000) into a fake account. Fortunately for the company, 370,000 euros ($440,000) of the total amount has been frozen and will be returned to the zoo, though the remainder may be lost.

The sting, which has become more prevalent in the last couple of years, targets companies big and small around the world. Experts suggest that an employee making a payment to an outside company first call it to confirm the validity of the emailed invoice and also the bank details contained within it, and to call again once the funds have been sent to ensure they've been received.

Cases like this surged in the U.S. last year, with fraudsters attempting to steal a total of more than $5.3 billion, the FBI said.

(1st January 2018)

(INC , dated 21st December 2017 author Adam Levin)

Full article [Option 1]:

If you think 2017 was bad, hold on for dear life because 2018 is going to be the worst yet when it comes to cyberattacks. The astounding amount of personal information "out there" coupled with criminal innovation will allow cyber incursions of unprecedented scale and sophistication.

There is a confluence of intractable forces informing this prediction.

First, the headline-grabbing data breaches of 2017 cap a five-year run of hackers relentlessly gutting databases containing personally identifiable information (PII). Who's been breached? High-profile financial institutions, media companies, tech giants, merchants, government agencies and academic institutions, you name it, it's probably been breached. Think an email address and a name doesn't pose a danger? Think again.

A vast storehouse of stolen consumer data is available on the dark web, sometimes for sale and sometimes just there for the taking.

While you should be concerned about everything--including breaches where the only data leaked is name, email address and home address--there are larger concerns. The information available is not limited to birth dates, Social Security numbers, answers to security questions, and the like, but much more granular metadata involving the things you buy, post about on social media, etc.

These rich data sets will never perish and will forever be available to crooks who can then triangulate a targeted victim's digital footprints with stunning precision. That same information can be used to trick you into turning over the keys to the castle via social engineering, since scammers can know more than you might think possible, using that knowledge to trick you into aiding and abetting in self-larceny.

To understand the targeting that is now possible, consider advertising. Netflix recently singled out 53 of its viewers for mockery as part of a questionable joke-marketing campaign. Criminals can use that same information (it's been hacked too). They have the motivation and programming skills to do so. You're going to get got.

Hacker's recipe

A second ingredient is machine learning. Data analytics applied to large data sets has become a refined science, thanks in large part to work done by the financial services sector as well as online advertisers. And more recently, advanced machine learning techniques are being brought to bear on network security systems. The trouble is that cybercriminals, as always, are ahead of the curve. They've been applying machine learning to help them infiltrate and steal from business networks for a number of years now. They will continue to make advances in 2018.

That's where the third ingredient - botnets - comes into play. A botnet is a network of tens of thousands, or even millions, of obedient computing devices awaiting commands from a single controller. Bots typically are comprised of personal computers and/or connected devices infected by the controller via malware or controlled via zero-day exploit, but there have also been instances of virtual computers assembled by the controller. These collected devices possess tremendous computing power--literally the combined strength of all the machines in the controller's network. Botnets comprise the hub of cybercrime - and they continue to proliferate.

Take one part stolen data, mix in machine learning, pour into a powerful botnet and we can be certain to encounter more effective ways to pillage and plunder.

Here are four types of cyberattack campaigns we should expect to see in 2018:

Cryptocurrency hacks.

The combined market cap of Bitcoin, Ethereum, Litecoin and Monero has eclipsed the $500 billion mark and continues to climb. This makes cryptocurrencies a viable target for criminally-minded hackers. We are very likely to see cryptocurrencies get hit so hard values will plummet.

Biometrics vector

Biometrics readers are now available for not just fingerprints and facial recognition, but also voice and even the shape of one's heart. The wide deployment of biometric authentication, leveraging our smartphones, is on the horizon. This means various parties will be responsible for storing biometric profiles, which means all of the attack vectors that must be defended to fully protect stored data will be in play. Persons with malicious intent are surely studying this. A breach resulting in the loss of biometric data is inevitable.

Election fraud.

We now know botnets were used by Russian-sponsored operatives to spread propaganda on Google and Facebook, thus influencing the election of Donald Trump. And we also know how spoofed identities and access to voter rolls can be used to smear and obfuscate, as Roy Moore supporters attempted to do in the Alabama senate race. With so much at stake in each local, state and federal election across the land in 2018, we will see advancements in these types of dirty tricks -- iterations that employ machine learning to leverage stolen metadata, and deploy botnets to scale up attacks.

Critical infrastructure disruptions.

There were a number of disclosures this year showing how Russia, Iran, China and North Korea have been proactively probing and, in a few cases, successfully breaching so-called "operational technology" (OT) - the dedicated networks that run our utilities and manufacturing plants. It's equally clear that OT networks of companies operating in certain vertical industries have emerged as strategic targets in event of an all-out global cyber war. We will see a rise in successful OT breaches in 2018.

What I fervently hope is that we do not experience is a major disruption carried out as part of a global cyber war, though I fear this possibility as well. As jolting as WannaCry/Petya, the Equifax breach and the Uber hack were in 2017, those incursions may have been mere warm-ups of what's coming in 2018.

And by the way, Happy New Year!

(1st January 2018)

(The Telegraph, dated 20th December 2017 author Jack Maidment)

Full article [Option 1]:

Unlimited fines could be imposed on people convicted of shining a laser at aircraft, cars or ships under new laws unveiled by the Government.

Ministers are also proposing to hit people who target modes of transport with laser devices with jail sentences of up to five years.

Currently it is only an offence to target a plane with a laser but under draft laws published by the Department for Transport the list of protected vehicles will be expanded.

If agreed, trains, buses, boats and even hovercraft pilots will be among those protected.

Reckless use of lasers has been an area of increasing concern for transport bosses with the Civil Aviation Authority having registered 1,258 laser incidents in the last year alone, with Heathrow the most frequent location for reports.

At the moment people who shine a laser at an aircraft can face a fine of £2,500 but only those offenders who can be proven to have shown an intention to endanger a plane can face jail.

The Laser Misuse (Vehicles) Bill will make it easier to prosecute offenders by removing the need to prove such an intention.

Under the new measures fines could be issued on their own or alongside a prison sentence.

Baroness Sugg, the Aviation Minister, said: "Lasers can dazzle, distract or blind those in control of a vehicle, with serious and potentially even fatal consequences.

"The Government is determined to protect pilots, captains, drivers and their passengers and take action against those who threaten their safety."

The Government is also planning to hand extra powers to the police to help them catch those responsible for the misuse of lasers.

Under the Bill it will be an offence to shine or direct a laser towards a vehicle if it dazzles or distracts the operator, if done deliberately or if reasonable precautions to avoid doing so are not taken.

(1st January 2018)

(Raconteur, dated 17th December 2017 author Davey Winder)

Full article [Option 1]:

Think of social engineering, in the context of information security, and you probably conjure up an image of Nigerian scammers promising millions in return for bank account details plus a small transaction fee. You probably don't think that it might involve the "virtual kidnap" of a loved one.

Michael Levin, formerly deputy director of the National Cybersecurity Division of the US Department of Homeland Security and now chief executive at the Center for Information Security Awareness, recounts how the threat works.

Making full use of intelligence from social networks, as well as the malware compromise of mobile devices, attackers stage a fake kidnapping. A call, possibly spoofed to look like it's coming from the victim's phone, informs you of the hostage-taking and ransom demand. You may hear what could be your partner sobbing or screaming in the background.

This is social engineering at its most evil; the devil literally being in the detail. By hacking into your computer, your phone and your social networks, they know enough to make the threat very convincing indeed. By compromising a smartphone and having access to the GPS location information, the cybercrooks can even convince the victim that they are watching them.

Panic is induced and ransoms are paid. Earlier this year, the FBI arrested one woman allegedly involved in such scams, involving $28,000 in ransoms.

More commonly criminal social engineers will look to employ such intelligence gathering exercises to gain access to corporate networks and the valuable data stored within. The 2017 Verizon Data Breach Investigations Report shows one in every 14 phishing emails results in a malicious attachment or link being opened, and phishing is now present in one in five security incidents.

What's more, the latest Enterprise Phishing Resiliency and Defence report, from social engineering educators PhishMe, reveals such attacks are up 65 per cent from last year. That's worrying as phishing is the de facto tool of social engineering used by cybercriminals to hack humans and gain access to enterprise networks and the valuable data they contain. Some 15 per cent of these emails, according to the PhishMe report, will contain a malicious link and rely on entertainment, social media connections or reward as the emotional encouragement to click through.

So, how can the organisation best ensure that relevant employees are both aware of these threats and enabled to deal with them accordingly? To answer this, we first need to consider who those relevant employees are?

Graeme Park, senior consultant at Mason Advisory, says the simple answer is everyone. "It's usually easy enough to elevate a user account to an administrative account or take control of another computer once they have access to the company infrastructure," he says.

But some employees make more attractive targets, according to Mark Crosbie, head of trust and security at Dropbox, who warns that "those with strict business targets can be particularly at risk". Sales staff might be susceptible to being lured with the promise of a business lead, especially as, Mr Crosbie points out, "they often work with external organisations, so giving the attackers added scope to mimic trusted sources".

The C-suite should also look to itself as a potential target. The iPass Mobile Security Report suggests C-level executives, including the chief executive, are at the greatest risk of being hacked. This comes as no surprise to Alan Levine, cybersecurity adviser to Wombat Security, who points out that business leaders' digital identities "can be golden keys to valuable personal and professional data".

Stephen Burke, chief executive at Cyber Risk Aware, recalls one chief financial officer (CFO) receiving a fake email supposedly from the chief executive and instructing him to wire money into an account with an explanation promised on his return from a meeting.

"The result was the CFO wired the money and the success of this fraud was down to the fact that the criminals knew the CEO was out of office," says Mr Burke. How did they know? By simply calling the company, using publicly available information from social and corporate media, and establishing the chief executive's agenda for the day on some believable pretence.

That's not to say that people should be considered the weakest link in security; quite the opposite. Aaron Higbee, co-founder at PhishMe, argues that with effective conditioning techniques in place "employees can become the first line of cyberdefence, able to spot a socially engineered phishing attempt a mile off".

So is awareness training the be all and end all of social engineering defence? "Advising people not to open suspicious emails, click on unexpected attachments or visit unvalidated websites only works if the attachment or email looks suspicious or the website is evidently a spoof," says Amanda Finch, general manager of the Institute of Information Security Professionals. The problem is that the threat actors are getting better at what they do and pulling the right triggers to offset suspicion.

Steven Furnell, professor of IT security at Plymouth University, recommends using the LIST acronym to emphasise core cyber-principles is the best method of achieving this. Legitimacy: should you be asked for this information and would you normally provide it this way? Importance: what is the value of this information and how might it be misused? Source: are you confident that the source of the request is genuine and can you check? Timing: do you have to respond immediately? If in doubt, take time to ask for help.

Most successful phishing campaigns (Average response rate category of phishing campaign)

Entertainment : 19%
Social : 16%
Reward / recognition : 14%
Curiosity : 12%
Job function : 12%
Urgency : 11%
Fear : 10.5%
Opportunity : 8%

(1st January 2018)


(Telegraph, dated 18th December 2017 author Margi Murphy)

Full article [Option 1]:

Artificial intelligence will take on the gruelling task of scanning for images of child abuse on suspects' phones and computers so that police officers are no longer subjected to psychological trauma within "two to three years".

The Metropolitan Police's digital forensics department, which last year trawled through 53,000 different devices for incriminating evidence, already uses image recognition software but it is not sophisticated enough to spot indecent images and video, Mark Stokes, the Met's head of digital and electronics forensics, told the Telegraph.

"We have to grade indecent images for different sentencing, and that has to be done by human beings right now, but machine learning takes that away from humans," he said.

"You can imagine that doing that for year-on-year is very disturbing."

The force is currently drawing up an ambitious plan to move its sensitive data to cloud providers such as Amazon Web Services, Google or Microsoft, Mr Stokes said.

This would allow specialists to harness the tech giants' massive computing power for analytics. The Met currently use a London based data centre but the sheer volume of images along with the popularity of high resolution video is putting pressure on resources.

With the help of Silicon Valley providers, AI could be trained to detect abusive images "within two-three years", Mr Stokes said.

The Met's digital forensics team uses bespoke software that can identify drugs, guns and money while scanning someone's computer or phone. But it has proven problematic when searching for nudity. "Sometimes it comes up with a desert and it thinks its an indecent image or pornography," Mr Stokes said.

"For some reason, lots of people have screen-savers of deserts and it picks it up thinking it is skin colour."

Handing this work over to computers could save forensics specialists who spend their career trawling through pictures from psychological strain.

But the mammoth task of moving the Met's data into the cloud is a legal minefield due to the sensitive nature of the files the force stores.

Police staff are granted consent from the courts to store criminal images, but it is an offence for anyone else - including Amazon, Microsoft or any cloud provider to store them. Providers would be taking on an incredible risk associated with storing this material.

Storing data in the cloud is a controversial move thanks to a series of high profile hacks, including a widespread Apple cloud breach where several celebrities' personal photos were stolen and distributed on the web.

But Mr Stokes said that despite concerns, the likes of Google and Amazon might be best placed to keep police information watertight thanks to their huge profits, which unlike government departments, can be invested in talent, expertise and ensuring they are using the most advanced technology.

With those concerns in mind, Mr Stokes said providers have offered some solutions, which are currently being written into a potential IT plan.

"We have been working on the terms and conditions with cloud providers, and we think we have it covered," he added.

It's just the latest in science fiction-esque additions to the police force. It emerged in October that robocops may replace British bobbies on the streets.

(23rd December 2017)

(The Telegraph, dated 16th December 2017 author Camilla Turner)

Full article [Option 1]:

A metal theft crackdown is failing to protect heritage buildings from thefts by organised gangs, the Church's official insurer has warned.

The Government's attempt to bring scrap metal thefts under control is not working, as criminals have become more brazen and there has been a rise in gangs making off with entire church roofs, according to the specialist church insurers, Ecclesiastical.

This week the Home Office said the Scrap Metal Dealers Act 2013 "continues to be a powerful weapon" against metal theft, as it completed its review into the legislation.

The Home Office quoted figures from the Office for National Statistics, which showed that the number of thefts fell by more than three quarters in the four years since the legislation came into effect.

But critics warn that these figures paint a misleading picture, as they show the number of thefts but not the severity.

They say that while there has been a decline in low-value "opportunistic" scrap metal thefts, large scale pilfering is on the rise.

There has been a spate of thefts of church roofs, including St Blaise Church in Milton in Oxfordshire which earlier this year which in September replaced its roof with stainless steel after having lead plundered on five separate occasions.

All Saints, a 13th century Leicestershire church has been targetted by metal thieves three times over the past two years.

Michael Angell, church operations director for specialist church insurer, Ecclesiastical, said: "During 2015 we saw an increase in large thefts perpetrated by organised gangs, which involved the removal of entire church roofs. This trend continued during 2016 and 2017."

He said that as the value of lead continues to rise, "it is fair to assume that the volume and severity of incidents of metal theft will also increase".

"Ecclesiastical believes that weaknesses in the control environment created by this Act continue to be exploited by those involved in the theft of metal from our community, places of worship and heritage buildings," he added.

Mr Angell said he hopes to continue working with the Home Office "to ensure that the current legislation is implemented effectively, particularly when it comes to enforcement".

The Scrap Metal Dealers Act 2013 was bought in to curb the rising ride of metal thefts by making it harder for the thieves to sell their stolen metal undetected.

It introduced a formal licensing regime for scrap metal dealers, made it a criminal offence to buy scrap metal with cash, and required dealers to keep full receipts and record on disposal of scrap metal.

Robert Fell, chief executive of the British Metals Recycling Association (BMRA) said that a lack of effective enforcement of the Act means that criminal gangs remain at large and operate with impunity.

"The Home Office are hiding behind flawed data," he said.

"The number of crimes has reduced but they have got much bigger. If you looked at value or impact [of thefts] it would show a very, very different story."

As well as church roofs, telecoms cabling and cabling for railway signalling are being stolen, he added.

"A lot of infrastructure is at risk it is high value copper. We are so dismayed by the Home Office report," he said. "The value of metal is continuing to rise, so it will get worse.

"The Government has just published a document saying we won't do anything different, so the thieves will be thinking 'great, bring it on'."

A Home Office spokesperson said: "During our review of the Act, some organisations told us that they were aware of a shift from smaller, more opportunistic thefts, to larger-scale and more organised crimes.

"We recognise that the nature and scale of these crimes can vary and we will continue to work with the police and other partners, including through the police-led National Metal Theft Working Group, to understand better the current nature of metal thefts and what more can be done to prevent them."

(23rd December 2017)

(Gizmodo, dated 14th December 2017 author Melanie Ehrenkranz)

Full article [Option 1]:

It feels only natural that 2017 would be the year we experienced one of the worst security breaches of all time. The Equifax hack affected 145.5 million U.S. consumers, but what's really shady is that the credit report company suffered another breach months before the one they disclosed in September. And trying to keep users in the dark for the sake of optics isn't an uncommon move. It took Yahoo almost a year to inform the public that it wasn't just a billion user accounts that were compromised. It was all of them.

My point is, when you sign up for an account online, your information is at the mercy of the service you joined, and you shouldn't assume that every company will let you know they've suffered a security violation. But a prototype tool created by researchers from the University of California San Diego (UCSD) aims to bring greater transparency to such breaches. The system, called Tripwire, detects websites that were hacked, as is detailed in this study.

Here's here how it works: To detect breaches, the researchers created a bot that automatically registered accounts on thousands of websites. Each of those accounts shared a password with a unique associated email address. Working with a "major email provider," the researchers were then notified if there was a successful login on any of the email accounts. Since the email accounts were created for the study, any login was assumed to be the result of a security breach on the website associated with that account.

"While Tripwire can't catch every data breach, it essentially has no false positives-everything it detects definitely corresponds to a data breach," Joe DeBlasio, a Ph.D student of Jacobs School of Engineering at UCSD and an author on the research paper, told Gizmodo. "Tripwire triggering means that an attacker had access to data that wasn't shared publicly."

As part of the study, the researchers monitored over 2,300 sites from January 2015 through February of this year, and found that 19 of the sites (or one percent) had been compromised. The study notes that the system found "both plaintext and hashed-password breaches"-if your password is hashed, it is indecipherable to a hacker. Arguably the most damning finding of the study was that, at the time it was published, all but one of the compromised websites failed to notify their users that they had suffered a breach. Only one site told researchers they would force a password reset.

"The very clever and novel approach by UCSD researchers shows that such attacks may be occurring on a wider scale than previously known, and even worse, that the enterprises being breached may not even be aware of the intrusions," computer security firm UpGuard CEO and Co-Founder Mike Baukes told Gizmodo.

While the researchers are unwilling to disclose the names of the websites (with the exception of, which publicly disclosed its breach in 2015), they did include some information about the nature of them in the study. They note "the most popular site compromised is a well-known American startup with more than 45 million active customers as of the quarter they were compromised." According to the study, several people have griped about the breach on social media. The researchers note that they could find only one publication that covered the breach, which the company denied.

Other sites included a "large gaming-services company known within online gaming communities," "a top-500 site in India" that reportedly has millions of app downloads as well over 60 million site visits a month, a porn site in Germany, and "a company with a large portfolio of travel recommendation websites" that reportedly has 40 million monthly views across its sites.

The researchers also reached out to all of the websites they found had been compromised, excluding the one that had already been publicized. "We disclosed our identities, methodology, and findings, and engaged with each site to the extent that they were willing," the researchers wrote. Only six of the sites responded, one confirmed there was a breach that they had already known about, and some "acknowledged that security was not their highest priority."

Baukes told Gizmodo that "password reuse attacks are a majorly overlooked vector for serious cybercrime, and can be as damaging as more vaunted methods of assault." He pointed to the 2012 Dropbox hack where the details of more than 60 million user accounts were leaked on the dark web. The hacker was able to reuse an employee's password from a LinkedIn breach to obtain information from the Dropbox network. Baukes said that the UCSD researchers' system "is a welcome addition to the security community's toolbelt and if adopted by independent organizations, could greatly enhance the accuracy and validity of data breaches detected in this manner."

(23rd December 2017)

(The Guardian, dated 14th December 2017 author Holly Watt)

Full article [Option 1]:

The number of 10- to 17-year-olds cautioned or sentenced for knife possession offences has risen by 16% since this time last year, with 2017 set to be one of the worst years in the last four decades for child knife deaths.

Ministry of Justice figures showed there were 4,439 knife crimes where the perpetrator was aged from 10 to 17 in the year to September 2017, up from 3,811 the year before.

The figures will increase concern about rising violence against children. The Guardian has been tracking the number of children and teens killed by knives in 2017, after discovering no national data was available.

Last month, the Home Office and 45 police forces published figures showing 35 children and teenagers had been killed in knife crimes in England and Wales so far this year, meaning 2017 is likely to be the worst year for such deaths in nearly a decade and the third worst year since 1977.

Sarah Jones, the Labour MP for Croydon Central and chair of the all-party parliamentary group on knife crime, said: "Today's figures show knife possession offences continue to grow at a worrying rate. Offences have now reached a six-year high and this is reflected by the fact that 2017 is set to be one of the worst years for the last four decades for child knife deaths.

"I continue to press the government to treat knife crime as a public health crisis and invest across government in prevention programmes."

Jones has previously said Britain needs a 10-year, coordinated strategy to tackle knife crime among young people, similar to the successful long-term effort to reduce teenage pregnancy. She believes professionals from health, education and social media sectors should work together against knife crime, with a focus on social media platforms taking more responsibility for posts that glamorise knives and violence.

Javed Khan, the chief executive of the children's charity Barnardo's, said the statistics made "sombre reading" and called on MPs to investigate the root causes of knife crime, with particular focus on prevention and early intervention.

Khan said: "From Barnardo's work with the most vulnerable children and young people, we know that the reason they get involved in knife crime or gangs can be complex, but action to help stem the increase is vital."

The justice minister, Dominic Raab, said: "We are catching and prosecuting more of those who carry a knife or a blade. Those convicted are more likely to go to prison, and for longer than at any point in the last 10 years. "Our message is clear, if you carry a knife, expect to end up in jail."

The MoJ figures showed that among adults, there were 16,059 cautions or sentences for knife possession offences in the year ending September 2017, up from 15,239 the previous year. Among the offenders aged from 10 to 17, 582 were immediately taken into custody, up from 485 last year.

Other recently released figures have also showed rising crime levels. There has been a 13% increase in police recorded crime in England and Wales and a 20% rise in "violence against the person" in the year to June 2017.

(23rd December 2017)

(Telegraph, dated 13th December 2017 author Olivia Rudgard)

Full article [Option 1]:

Police have been called to bank branches in a pilot scheme to prevent customers from being duped by online fraudsters.

New figures show that £9m of fraud was stopped in the first year of the scheme, which involves bank staff calling in police when they suspect that someone is being duped or pressured into withdrawing large sums.

In one case, a Barclays customer who was attempting to withdraw £10,000 to buy a Rolls Royce on eBay was identified as a potential victim by staff who called the police.

They arrived within half an hour and established that the seller was a fake.

Police said that the customer and his money could have been in danger if he had attempted to go ahead with the purchase.

In the 12 months since the pilot launch, the banking protocol has prevented £9.1 million of fraud - with individual customers protected from losing sums ranging from £99 up to £212,000, according to trade association UK Finance.

The "rapid response" scheme enables bank staff to contact police if they suspect a customer is in the process of being scammed, with an immediate priority response to the branch.

As well as preventing fraud, the initiative ensures a consistent response to potential victims.

UK Finance, the trade association for banks and financial firms, said the scheme had led to 101 arrests being made nationally, with police having responded to 1,262 banking protocol calls.

The banking protocol was first launched in October last year with a pilot in London, before a national roll-out started in May.

It was developed as a partnership between the finance industry, police and Trading Standards. The Post Office is also part of the protocol.

The scheme is now in place in 43 police forces across the country, with all remaining forces across the UK committed to introducing it, UK Finance said.

Banks have previously come under fire for failing to protect customers who make large or suspicious transactions in branch.

Last year consumer watchdog Which? filed a supercomplaint about banks which failed to reimburse customers who had been duped into handing over cash by fraudsters.

Many customers are targeted in schemes in which con artists intercept email exchanges with legitimate businesses, such as builders or estate agents, and supply different bank details so customers transfer their cash to the fraudster instead.

Some of these transfers are made in branch and could be picked up and stopped under the new system.

In a piece for the Telegraph last year, Alex Neill, managing director of home and legal services at Which? called for bank staff to check the supplied name against the account details to prevent frauds like this from occurring.

Katy Worobec, managing director of economic crime at UK Finance, said: "Fraud can have a devastating effect on some of the most susceptible people in society and it's by working together with law enforcement, and others, that we can make a real difference when it matters most.

"The finance industry is determined to crack down on fraud and is taking action on all fronts - the protocol is an important weapon in our armoury."

What the banks should do to fight fraud

Telegraph Money has consistently highlighted banks' failure to help fraud victims. These are five measures that we have called on banks to adopt:

1. The victim's bank should contact the recipient bank within 30 minutes of the fraudulent bank transfer being reported

2. Banks should question and halt unusual transactions

3. They should check account holders' names in addition to account numbers when processing payments

4. Banks that provide accounts to fraudsters should be required to demonstrate that proper checks were carried out

5. All banks should offer easy-to-find ways for non-customers to report fraud 24 hours a day

(23rd December 2017)

(International Business Times, dated 12th December 2017 author Ewan Palmer)

Full article [Option 1]:

White people who are stopped and searched by police are more likely to have drugs on them compared to black people despite being disproportionately checked more, figures have shown.

A report by the Inspectorate of Constabulary on how police forces in England and Wales can improve the legitimacy of stop and searches found that 33% of white suspects searched for drugs were found to have illegal substances on them compared to 26% of black suspects.

The results were consistent on the grounds the officers searched the suspects solely on the basis they smelled of cannabis (37% white and 29% black).

The report highlights the "troubling" disparity in results as data shows that black people are eight times more likely to be stopped and searched by police.

The report also suggests that the use of stop and search on black people "might be based on weaker grounds for suspicion" than its use on white people, particularly in respect of drugs.

Among some of the recommendations in the report is that police forces should implement further training to "tackle unconscious bias" and to address any reasons for disproportionate use of stop and search.

The report shows that the use of stop and search powers has declined from 1.1 million in 2011/12 to 301,000 in 2016/17. However, during this period stop and searches on white people decreased by 78%, but only by 66% for black people.

HMI Mike Cunningham, who led the inspection, said: "The extent to which police forces act in a fair and respectful way towards the communities they serve is a vital influence on public trust and confidence.

"So I'm pleased to report that the police service overall continues to demonstrate its commitment to maintaining legitimacy in the eyes of the public, including acting ethically and lawfully and treating all the people they serve with fairness and respect.

"We assessed well over three quarters of forces as either 'good' or 'outstanding' in this regard. But that is not to say that there aren't elements forces could and should improve upon. Of particular concern is the continuing over-representation of black people in stop and search figures.

"Forces must be able to explain the reasons for any disparity in their stop and search figures if they are to enhance the trust and confidence of all communities."

When she was home secretary, Theresa May previously warned "excessive and inappropriate" use of stop and search damages public confidence in the police. She also championed the move to decrease the practice, believing the tactic was a "waste of time".

National Police Chiefs' Council Lead for Stop and Search, deputy chief Constable Adrian Hanstock said stop and search should be regarded as a safeguarding power in the wake of rising knife crime as well as increasing incidents involving acid as "the fear of being stopped and found in possession of weapons is one of the most powerful deterrents".

He added: "We are working closely with the Home Office, College of Policing and a range of independent experts to critically analyse the data we collect, as well as commission further research to help us better understand why some groups, such as young black men, are disproportionately reflected not only in stop and search figures but also as victims of violent crime and across the criminal justice system as a whole."

(23rd December 2017)

(International Business Times, dated 12th December 2017 author AJ Dellinger)

Full article [Option 1]:

Security researchers have discovered a new form of ransomware being distributed through malicious Microsoft Office documents and Word files-and attackers have published videos to walk victims through the process of buying Bitcoin to get pay the ransom.

The Spider Virus ransomware campaign was first identified on Dec. 10 by researchers at cybersecurity firm Netskope and has continued to spread as attackers have targeted victims primarily in the Balkans.

While the Spider Virus attack may be new, its methods are tried and true for a ransomware campaign. The attack began its spread through emails laced with a malicious Microsoft Office attachment. The email subject and content is designed to catch the victim's eye and open the document.

When they do, the attack begins to take hold. While the downloaded attachment has the look of a legitimate document, it obscures the true nature of the download. The Word document contains a "macro" or macroinstruction code that, when the user attempts to open the document, begins to download the ransomware attack from a host website.

The download takes place in the background and, once completed, begins to execute the ransomware payload on the machine. As the Spider Virus starts to run, it encrypts the victim's data and adds a ".spider" extension to the end of the files being held hostage.

Once the ransomware has run its course, the victim is presented with a ransom note from the attacker. The note informs the victim that "all your important files are encrypted and you no longer have access to them."
In order to regain access to the files, the ransomware requires users to visit a website where a decryption key is located. In order to visit the site, the victim has to download the Tor browser-which the attackers have helpfully provided a tutorial for within its ransom note.

Once the user visits the site, they are required to make a payment in Bitcoin to be provided the correct key. A video found in the ransomware's "help" section shows the victim how to buy and pay with the cryptocurrency.

The user has 96 hours to undergo the process of paying for the decryption key. If they fail to do so, the ransomware will allegedly delete the files from the machine permanently. The attackers advise victims to pay the ransom and not to "try anything stupid."

Avoiding an attack like the Spider Virus requires users to keep a close eye on their email in order to avoid phishing scams and other malicious attacks that may sneak into their inbox. Users should not download files received from senders that they do not recognize.

Additionally, users should disable macros to prevent such an attack from executing. To do so, open the Access menu in Microsoft Office. From there, users should click Trust Center, then Trust Center Settings and open Macro Settings. From here, they can ensure macros are not enabled.

Finally, the best defense against a ransomware attack is to keep a regular backup of all files-or at least important ones. While the attack can wipe files on the device, a victim can quickly restore operation from a backup without losing anything of value.

(23rd December 2017)


(CSO, dated 12th December 2017 author Liam Tung)

Full article [Option 1]:

HP has released updates for over 470 computer models that were found with an accidental pre-installed keylogger in the Synaptics touchpad driver.

The update is available for over 170 commercial notebooks, mobile thin client and mobile workstation models, and nearly 300 consumer notebooks.

HP notes in an advisory the "potential security vulnerability" stems from certain versions of Synaptics touchpad drivers. This affects all hardware that use the drivers, so there could be further updates to come from other PC makers.

According to the Michael Myng, the security researcher who found the keylogger, the logging capability was disabled by default, however an attacker could enable it by changing a value in a relevant section in Windows Registry.

"A party would need administrative privileges in order to take advantage of the vulnerability. Neither Synaptics nor HP has access to customer data as a result of this issue," said HP.

HP described the issue as a "local loss of confidentiality", meaning that any keylogging that would be taking place would be happening on the device.

Myng, who also uses the Twitter handle ZwClose, said he discovered the keylogger while investigating how to control the backlight on an HP laptop's keyboard. The keylogger is actually a debug trace

Some of the affected models don't have fixes available, including several HP Envy models, HP TouchSmart notebooks, and HP Stream x360 11 Convertible Notebook (models 11-p0XX and 11t-p000).

The new bug is reminiscent of a keylogger found this May in a Connexant audio driver used on several dozen HP computers. Again, there was a debugging feature in the driver that was inadvertently logging all keystrokes. HP said this caused a local loss of confidentiality too.

Mondzero, the Swiss firm that found it, criticized HP for releasing a new driver package that still had the keylogger function. HP later delivered another update that successfully remove it.

(23rd December 2017)

(London Evening Standard, dated 11th December 2017 author Justin Davenport)

Full article [Option 1]:

Scotland Yard today announced body-worn video cameras have been given to 21,000 front-line officers in London - the largest deployment of its kind in the world.

The Met said it had almost completed a £10 million year-long project to roll out cameras across the force in a bid to increase public trust in the police.

Today, mounted police officers - one of the last specialist groups to get the devices - were being equipped.

A senior officer today claimed the move had led to greater transparency in stop-and-search encounters, more guilty pleas by suspects and fewer complaints against officers.

The Met revealed figures showing there were 3,515 complaint allegations against officers in the year to October 2017, compared with 4,501 in the previous 12 months - a fall of 22 per cent.

Commander Neil Jerome, who was in charge of the roll-out of cameras, said: "Clearly it is difficult to attribute this reduction entirely to body-worn video but we know it is leading to a reduction in complaints, which is good news.

"These cameras give us quality evidence immediately and allow us to capture a victim's account with all its emotion and context."

A final 1,000 officers from the Met's royalty, specialist and diplomatic protection commands will get the cameras early next year. Police say the delay has been caused by difficulties in installing the technology at sites such as Buckingham Palace.

Mr Jerome said that during the terror attacks at Westminster and London Bridge, body-worn video had been crucial in identifying the perpetrators and establishing there was no continuing threat.

The Met said that since it began rolling out the cameras, officers had recorded more than 1.6 million videos and now submit 4,500 clips to the Crown Prosecution Service each month.

A total of 535,000 videos have also been retained for "evidential or policing purposes".

Sophie Linden, deputy mayor for policing and crime, said: "Body-worn video is a huge step forward in bringing our capital's police force into the 21st century.

"From training new recruits to scrutinising stop and search, body-worn video is being used in a range of different ways by our police officers."

However, Renate Samson, of Big Brother Watch, said: "We keep hearing from police forces that body-worn video is brilliant but we have asked police forces for information to support this and not one could give data to show, for instance, that it is increasing the number of convictions."

(23rd December 2017)


(The Telegraph, dated 11th December 2017 author Iain Withers)

Full article [Option 1]:

The Government has unveiled plans to create a new national economic crime centre to clamp down on money laundering, with a key focus on financial crime.

The new unit, which will sit within the National Crime Agency, will also target drug dealers and people traffickers.

The latest official figures suggest £90bn is laundered in crime proceeds through the UK each year.

Home Secretary Amber Rudd said the crime centre would help ensure the City of London's integrity was not compromised after Brexit.

"To secure our future prosperity, we must do all that we can to make sure that Britain remains one of the safest and cleanest places in the world to do business," said Rudd.

The move also seemingly gives a reprieve to the Serious Fraud Office, which Prime Minister Theresa May repeatedly tried to scrap when she was home secretary.

The crime unit will have the power to direct the SFO to carry out investigations, the Government said.

It is part of a revised anti-corruption strategy that targets "corrupt insiders" in organisations including the police, prisons and the border force.

The Government estimates financial fraud costs the UK economy £6.8bn a year, or over £100 per person.

(23rd December 2017)

(Forbes, dated 11th December 2017 author Lee Mathews)

Full article [Option 1]:

There have been numerous high-profile breaches involving popular websites and online services in recent years, and it's very likely that some of your accounts have been impacted. It's also likely that your credentials are listed in a massive file that's floating around the Dark Web.

Security researchers at 4iQ spend their days monitoring various Dark Web sites, hacker forums, and online black markets for leaked and stolen data. Their most recent find: a 41-gigabyte file that contains a staggering 1.4 billion username and password combinations. The sheer volume of records is frightening enough, but there's more.

All of the records are in plain text. 4iQ notes that around 14% of the passwords -- nearly 200 million -- included had not been circulated in the clear. All the resource-intensive decryption has already been done with this particular file, however. Anyone who wants to can simply open it up, do a quick search, and start trying to log into other people's accounts.

Everything is neatly organized and alphabetized, too, so it's ready for would-be hackers to pump into so-called "credential stuffing" apps

Where did the 1.4 billion records come from? The data is not from a single incident. The usernames and passwords have been collected from a number of different sources. 4iQ's screenshot shows dumps from Netflix, Last.FM, LinkedIn, MySpace, dating site Zoosk, adult website YouPorn, as well as popular games like Minecraft and Runescape.

Some of these breaches happened quite a while ago and the stolen or leaked passwords have been circulating for some time. That doesn't make the data any less useful to cybercriminals. Because people tend to re-use their passwords -- and because many don't react quickly to breach notifications -- a good number of these credentials are likely to still be valid. If not on the site that was originally compromised, then at another one where the same person created an account.

Part of the problem is that we often treat online accounts "throwaways." We create them without giving much thought to how an attacker could use information in that account -- which we don't care about -- to comprise one that we do care about. In this day and age, we can't afford to do that. We need to prepare for the worst every time we sign up for another service or site.

(23rd December 2017)

(The Guardian, dated 11th December 2017 author Alan Travis)

Full article [Option 1]:

Billions of pounds have been laundered through the City of London, despite Britain remaining one of the safest and cleanest places in the world to do business, the home secretary has said.

Amber Rudd issued the warning as she announced plans for a new national economic crime centre, with the power to task the Serious Fraud Office to investigate the worst cases of fraud, money laundering and corruption.

The national economic crime centre will be based within the National Crime Agency and will oversee the national police response to financial crime, backed by greater intelligence and analytical capabilities.

The move, which will include naming a Home Office minister responsible for tackling economic crime, is part of a revised anti-corruption strategy published on Monday that targets "corrupt insiders" in sectors including policing, prisons and border force, and pledges greater transparency over who owns and controls businesses to improve trust in Britain as a place to do business.
The Guardian's disclosure of the Panama Papers has already led to the creation of a government taskforce using the data to improve official understanding of the complex and opaque structures used to mask offshore tax evasion. The revised strategy document says that by October, a joint financial analysis centre had opened civil and criminal investigations into more than 66 individuals for suspected tax evasion.

The latest official figures suggest that £90bn a year in crime proceeds are laundered each year in Britain, including money from large-scale drug dealing and people trafficking. It is also estimated that fraud costs a further £6.8bn a year - the equivalent of £225 a household.

The home secretary said: "Today we are taking action against economic crime, and by that I mean the high-level crime, the billions that have been laundered through the City of London, making sure we reduce that and we are very clear we expect higher standards of integrity in this country.

"But [it is] also about everyday economic crime that affects everybody. I don't know a single person who doesn't know somebody who knows somebody who has been the victim of some sort of online fraud. On those two elements, high-level economic crime and everyday economic crime, we're taking action to make sure we reduce it in this country," said Rudd.

She will personally chair a new economic crime strategy board to drive action and Conservative MP John Penrose has been appointed the "anti-corruption champion" by the prime minister.

Rudd stressed that economic crime was not victimless.

The 56-year-old was told to hang up and ring the number on the back of her card, but the scammers had kept the line open and, in the belief she was through to the anti-fraud team at Natwest, did as she was instructed, transferring thousands of pounds into the criminals' accounts.

"I became quite ill afterwards as a result of it," she said. "I lost my practice because my insurance wouldn't pay out, as it turned out they were in financial difficulty. In other circumstances, the insurance company of the solicitors have paid out. We subsequently lost our home this year. The long-term effects just continue."

The government's new, more robust approach to money laundering, bribery and corruption includes new powers for the national economic crime centre to coordinate the private sector response as well as directly task the SFO. The revised strategy sets out six priorities, including: reducing the insider threat in high-risk domestic sectors; strengthening Britain as a financial centre; reducing corruption in public procurement and grants; and improving the business environment globally.

"To secure our future prosperity, we must do all that we can to make sure that Britain remains one of the safest and cleanest places in the world to do business," said Rudd. "Our security and prosperity are inextricably linked. As the UK prepares to leave the EU, we have an opportunity to leverage our reputation for integrity and fair play as we establish new trading relationships."

(23rd December 2017)

(London Evening Standard, dated 9th December 2017 author Patrick Grafton-Green)

Full article [Option 1]:

An east London borough has been named as the worst for home break-ins over the Christmas period.

Redbridge has the highest increase in residential burglaries over Christmas of all London boroughs, official figures reveal.

The borough sees a rise in break-ins of 52 per cent during the months of November to January, compared to the rest of the year.

Redbridge also has the highest rate of burglary in the capital over the festive period, with an average of 8.39 homes per 1,000 targeted.

Comparison service ValuePenguin analysed data from the Met Police's crime data dashboard for every borough in the capital between April 2010 and October 2017.

According to the data, every borough sees an increase in burglaries at Christmas. Harrow - with a hike of 43 per cent, and Bexley - with a 38 per cent increase - also fare badly.

The lowest increases - of just two per cent - are seen in Islington and Kensington and Chelsea.

Despite seeing a substantial rise in burglaries over the winter months, Bexley has the lowest burglary rate of any London borough during the rest of the year, with thieves targeting 2.89 homes per 1,000.

This jumps up to four over the festive season, still the second lowest rate of any London borough.

After Redbridge, the boroughs with the highest burglary rates over Christmas include Barnet, with an average of 7.71 homes targeted per 1,000, and Haringey, with 7.62.

Sutton, where 3.7 homes per 1,000 are targeted, has the lowest rate of any London borough.

Superintendent Shaun Wilson, Met operational lead for burglary, told the Standard: "I think it is fair to say around Christmas time and in the approach to Christmas, we do see a traditional increase in burglaries.

"This is often at a time people are buying gifts, often expensive gifts, and leave them safe places and sometimes not so places.

"It's a period when people go on holiday, spend long periods away from home, visit family and friends and spend time socialising and partying.

"This leads to an increase in vulnerability, which gives burglars a chance to exploit that."

Supt Wilson said advice fell into three main categories, online profiles, people going out and people going away.

He said: "Often people will advertise they have been given an expensive item. Check your security settings, other people will be peering into that, and think about what you are putting online.

"If you are going away, tell neighbours, people that you trust, that you are going away.

"The mail will start stacking up and it soon becomes obvious that you are away. Have someone you trust come in, turn lights on and off, put on the television and radio, open and close curtains.

"Don't leave expensive items or wrapped up gifts near windows for people to see.

"Keys should not be left in doorways, near the letter box - people will reach through and nick the keys."

He added that Christmas was also a time to keep an eye on the vulnerable and elderly, who are in particular danger of being targeted.

A Redbridge Council spokesman said: "Burglary rates traditionally increase at this time of year and we are working in partnership to support the police to bring burglary back to more acceptable levels.

"We have introduced a number of measures such as; alley gating schemes, free home security improvements for the most vulnerable, home security advice for residents and a wide range of activities to tackle bogus callers and rogue traders.

"We remind homeowners to keep doors and windows locked and to use timers on light switches when they go out."

Un-Merry Christmas

Percentage burglaries that go up during the Christmas and New Year period.

n = average Christmas burglary rate (Nov-Jan) per 1000 households
(n) = average burglary rate rest of year per 1000 households

Barking and Dagenham : 6.74 (5.24)
Barnet : 7.71 (5.79)
Bexley : 4 (2.89)
Brent : 7.24 (5.51)
Bromley : 5.66 (4.33)
Camden : 6.06 (5.08)
Croydon : 5.91 (4.89)
Ealing : 6.34 (5.02)
Enfield : 7 (5.31)
Greenwich : 4.74 (4.06)
Hackney : 4.6 (4.42)
Hammersmith and Fulham : 5.96 (5.55)
Haringey : 7.62 (6.14)
Harrow : 7.09 (4.96)
Havering : 6.81 (5.1)
Hillingdon : 6.74 (4.92)
Hounslow : 5.7 (4.45)
Islington : 5.1 (5)
Kensington and Chelsea : 5.24 (5.13)
Kingston upon Thames : 4.03 (2.99)
Lambeth : 6.07 (5.59)
Lewisham : 6.23 (4.99)
Merton : 5.51 (4.22)
Newham : 5.06 (4.11)
Redbridge : 8.39 (5.52)
Richmond upon Thames : 4.56 (3.88)
Southwark : 5.04 (4.69)
Sutton : 3.7 (2.94)
Tower Hamlets : 4.1 (3.76)
Waltham Forest : 6.49 (5.3)
Wandsworth : 4.68 (4.18)
Westminster : 5.34 (4.69)

(23rd December 2017)

(Huffington Post, dated 8th December 2017 author Yossi Atias)

Full article [Option 1]:

This year was noteworthy for cyber attacks ? from ransomware, botnets, data breaches and more ? name a type of hack and it happened. Even the most trusted brands and companies were left vulnerable on many occasions in 2017. If the whirlwind of Thanksgiving, Black Friday and Cyber Monday has left you with a hangover and blurred memories of of cybercrimes past, then let's pause and reflect on some of the top cyberattacks from this year.

In May, WannaCry ransomware took over more than 230,000 computers in 150 countries in just a few days of its launch. A worldwide cyberattack, this nasty threat encrypted personal data, demanded payment in Bitcoins, and hit 34 percent of NHS health trusts in England, forcing cancelled operations and UK patients to travel further to accident and emergency rooms. Thankfully, nobody died as a result and the attack was quickly nipped in the bud with a kill switch that slowed WannaCry's progress significantly.

Shortly thereafter, the world received an unwelcome visit from a ghostly relative of cybercrime past, Petya. NotPetya made its debut in June 2017 and targeted PCs globally. As it wormed its way into machines, its main purpose - despite demanding a ransom - was to leave behind destroyed file systems.

In July 2017, credit reporting agency Equifax experienced a massive data breach in which hackers stole the personal data of more than 143 million people. Digital flaws were partially to blame for this breach, but so was Equifax itself. Equifax admitted to knowing about a vulnerability two months prior to the breach.

Lastly, the Reaper botnet appropriately made its appearance in the latter half of October. Targeting routers, cameras and other unsecured Internet of Things (IoT) devices, Reaper quickly surpassed other botnets in size, including 2016's, Mirai. It was reported that Mirai overtook anywhere from 145,000 to 230,000 devices, while researchers showed Reaper infected a network of over one million organizations. While the Reaper botnet has yet to be activated, there is still a fear that Reaper once activated could completely disarm and take down the internet.

These were just some of the attacks that made 2017 a dangerous year in cybersecurity. As we look forward to the new year, let's resolve to do everything we can to be ready and protect ourselves from cyber crime in 2018. Here's a few easy actions you can take now:

New Year's Resolution #1: Toughen Up your Passwords

It's 2018 and high time to get vigilant about creating strong passwords for your smart devices. Default passwords need to be a thing of the past. Hackers are not sitting in a dark lair, staring at a screen trying to break into your account by guessing your birthday or the name of your first pet. Instead, they're using programs that cull through databases of common passwords in a manner of seconds. Gone are the days of using one word as a password and simply changing a few letters to numbers and symbols. The resulting passwords may be complicated to us, but are quite simple to a computer. Try using a phrase or a few words together to create a password - don't pick a famous or common phrase, but use something unique to you. These passwords are much easier for users to remember, but more difficult for hackers to steal.

New Year's Resolution #2: Don't Fall for Phishing Bait

A lot of personal information ends up in malicious hands because users fall for phony deals, offers and other enticing things disguised as official content. Phishing scams are usually spread through email, so know what to look for. If an email seems suspicious, then don't engage with it and delete it. One trick is to hover your mouse over any URL links (but don't click on them) to reveal a text bubble by your mouse or the bottom of your browser window, indicating the true location of the link. Additionally, if the information or offer in an email looks too good to be true, it probably is. Incorrect grammar or spelling or slightly different email addresses are immediate giveaways. Remember, it's not worth divulging your personal information and risking identity theft and fraud to see if you won some contest you've never heard of.

New Year's Resolution #3: Update, Update, Update

We've all been in the midst of something important when our smart device prompts us for an update. It's tempting to push it aside and ask for a reminder later. Remember, software and application updates are in place to fix bugs, slow processing and, most importantly, repair vulnerabilities. As operating systems are updated, the old ones quickly become a hacker's target. Don't invite hackers into your personal data and then make it even easier on them by using outdated operating systems and applications. Update, update, update!

Commit to making 2018 a cyber secure year for you and your family. If 2017 was any indication, cyberattacks will appear in even greater numbers in 2018. Taking the aforementioned steps will help you be more aware, safe and security.

(23rd December 2017)

(Harvard, Business Review, dated 8th December 2017 author Eric Cole)

Full article [Option 1]:

While major breaches where millions of records are compromised tend to dominate the news, a much more dangerous and insidious threat goes largely unnoticed - that of the insider. An "accidental insider" is a well-meaning employee who is tricked by adversaries or competitors into revealing passwords or unintentionally installing malicious code onto organizational networks. Alternately, a malicious insider steals data for personal or financial gain with intent to harm the employer.

How prevalent is the insider threat problem? According to a study performed by Accenture and HFS Research, "2 out of 3 respondents reported experiencing data theft or corruption from within their organizations." A study by the Ponemon Institute reveals that 62% percent of end users say they have access to company data they probably shouldn't see.

This means that most employees have access to data they could unwittingly reveal if they're duped by a clever adversary. Yet, there are some relatively easy ways to protect the organization from the tricks commonly used by the outsider to compromise the insider:

Trick #1 - Phishing via Convincing Emails

As an email travels from a client through a server to a recipient, there are potential network vulnerabilities all along its path. In fact, when you receive an email, the source address listed has little to do with who the message actually came from. That information can easily be spoofed, and your mail server does nothing to authenticate the origin of the email. Even though an email might look like it came from a trusted source, today's adversaries are sophisticated social engineers and can easily fool anyone.

While many organizations employ spam filtering software, and we all know not to open emails from mysterious Nigerian generals, what if an email appears to come from a colleague or supervisor? This scenario was recently illustrated when a UK hacker fooled White House officials into revealing personal information.

How can you tell whether an email you receive is legit? If an email is particularly well-crafted, you may not be able to immediately tell whether it came from a trusted source. A good rule of thumb is that if the sender asks you for a user name or password, personal information about yourself or a coworker, or other proprietary data, don't respond and report it to IT or your security team immediately. A simple phone call to the supposed sender would also be a good precaution. It's easy to ask "hey, did you really just email me asking for a password?"

Trick #2 - Injecting Malicious Code via Email Attachments and Links

Similar to the phishing email is the Trojan - a hidden bit of malicious code in an email attachment or link. While the message itself isn't dangerous, the links and attachments are. It sounds crazy not to open a document or attachment from a colleague, but those clicks could be opening the back door to an adversary.

At the organizational level, a business can invest in security products that offer real-time malware assessment of links and attachments. If the system detects something suspicious, it will quarantine an attachment or prevent connection to a dangerous link.

Be particularly careful about emails that you receive at work that are not work-related, such as from the email addresses of friends or family members who don't normally email you at that address. It's always a good idea to have separate email addresses for work and home, and even multiple email addresses for different types of correspondence. For example, you might want to maintain an email address that you only use for your children's school, or for a club or group you belong to. If you receive an email at work that looks like it might be from your skiing club, you'll know it's suspicious because your club doesn't know your work email.

Trick #3 - Gaining Network Access Through Personal Devices

Not all software is safe, and apps are becoming an easy way to gain illicit access to devices and computers. Many organizations have bring your own device (BYOD) policies, where users are permitted to use their own phones, tablets and laptops to conduct company business. These devices are ripe for compromise that could spread to organizational systems.

For organizations that provide and control laptop computers for employees, it is relatively easy to prevent the installation of unauthorized applications. This can be done by making the individual a "user" of their machine and not an administrator. Only the administrator - the IT department - can install applications.

Devices need to be controlled through policies and education, since an IT team can't possibly lock down the personal devices of thousands of users. But, they can require the use of a virtual private network (VPN) application to ensure a secure connection to company networks.

Organizations can also provide antivirus and malware protection services for employees' devices, such as those offered by vendors like Symantec and McAfee. These tools perform continuous scanning to ensure that a device is clean.

While these aren't the only ways that adversaries can trick insiders into doing their bidding, they are the most common. You need to remember that adversaries are persistent and patient. They are willing to work hard, do their research, and target vulnerable employees and high-level executives alike. Understanding their methods and instilling vigilance in all employees is the best way to prevent the accidental insider from hurting your company.

(23rd December 2017)

(Naked Security by Sophos, dated 8th December 2017 author John E Dunn)

Full article [Option 1]:

After a slow-burning romance, HTTPS has recently bloomed into one of security's great love affairs.

Google is a long-time admirer, and in October started plastering "not secure" labels on many sites failing to use HTTPS by default in the Chrome address bar, a tactic meant to persuade more website owners to share its enthusiasm.

Facebook, Twitter and WordPress, meanwhile, have been keen for years, which helps explain EFF figures from early in 2017 estimating that an impressive half of all web traffic was being secured using HTTPS.

So alluring has HTTPS become that it has now acquired suitors it could do without - phishing websites.

According to PhishLabs, a quarter of all phishing sites now use HTTPS, up from a few percent a year ago.

The increase has been so dramatic in 2017 that in a single quarter its popularity among phishing sites doubled. What's causing this sudden interest?

One explanation:

As more websites obtain SSL certificates, the number of potential HTTPS websites available for compromise increases.

This is logical. As the number of sites using HTTPS increases the chances that a legitimate site compromised to host phishing attacks will have it enabled increases too.

Which means that acquiring an HTTPS certificate is an empty upgrade if other vulnerabilities are not addressed at the same time.

But there's a second, less savoury possibility:

An analysis of Q3 HTTPS phishing attacks against PayPal and Apple, the two primary targets of these attacks, indicates that nearly three-quarters of HTTPS phishing sites targeting them were hosted on maliciously-registered domains.

We'll call this the 'window-dressing theory': cybercriminals believe that web users are lulled into a false sense of security by the presence of HTTPS even though their scams might work without it.

That these certificates are obtained free of charge from services such as Let's Encrypt, set up to spread the use of HTTPS among legitimate web makers, only adds to the painful sense of unintended consequences.

The culprit here is not really HTTPS, or Let's Encrypt, but the green padlock symbol itself, browsing's most misunderstood and over-rated signifier.
Too many people see its glow and think it guarantees a site's legitimacy when, of course, no symbol can ever provide absolute certainty.

This is partly the industry's fault, starting with Google. Visit an HTTPS site in Chrome and the browser will describe padlocked sites as "secure", which refers to the connection, not the site itself.

Except that not everyone knows this.

Browsers also use a colour-coding system to designate the trustworthiness of a site (green padlocks being awarded to sites with an Extended Validation certificate), but these can still appear on phishing sites that have not been detected by integrated filtering.

Naked Security discussed this issue (and the problem of how sites are verified) in 2015 so it's not a new worry.

The logical result of the trend PhishLabs has detected is that eventually all websites will use HTTPS whether they are phishing sites or not, at which point the misunderstanding of the whole padlock system will become apparent.

The dream of an entirely encrypted internet is a noble one but its ubiquity will be a pyrrhic victory if cybercriminals can find easy ways to manipulate it from the inside.

(23rd December 2017)

(International Business Times, dated 8th December 2017 author Staff Reporter)

Full article [Option 1]:

Fake Calvin Klein underwear worth £1.5m has been seized by the UK intellectual property regulator and border officials in the run up to Christmas.

The Intellectual Property Office (IPO) said its recently impounded counterfeit brands also included Dyson fans (worth over £180,000), Nike shoes (worth nearly £5,760) and Superdry hoodies (worth around £100,000).

Other recently seized fake items include 16,000 Gillette razor blades, Apple chargers, Pandora charms, Barcelona and Borussia Dortmund football shirts, and Spiderman, Pokemon and Hello Kitty hand-held fans.

The IPO office said it revealed the information to alert the public about the dangers of buying fake items, as counterfeiters respond to trends for popular gifts over the festive period.

Ros Lynch, director of copyright and enforcement at the Intellectual Property Office, said: "Those involved in counterfeiting are in the business to take advantage of consumers and make huge profits in the process.

"The goods are often of inferior quality, dangerous and the proceeds can be used to fund other serious organised crime. Counterfeiters have a total disregard for safety or quality, and even if items look genuine at first, they may end up being a dangerous or inferior copy.

Once items are seized, Border Force's specialist international trade teams work with the owners of big brands to establish whether or not goods are genuine. If they are fake, the goods are destroyed and the rights holders can then decide whether to privately prosecute the importers.

Border Force (South) director Sue Young said counterfeiters will look to capitalise and cash in where there is a demand for a product and this year officials have seized all sorts of fake goods - from beauty products to food and electrical goods.

"We urge consumers to be careful with their purchases. If the price appears too good to be true - either at a car boot sale, a market stall or online - it probably is."

(23rd December 2017)

(The Telegraph, dated 8th December 2017 author Olivia Rudgard)
Full article [Option 1]:

Breath tests for alcohol have fallen by a quarter over five years, figures show, as campaigners warn that drunk drivers are getting away with it.

Campaigners said that falling numbers of drink-drivers are being stopped by police while the overall number of deaths as a result of drunk driving has remained static for half a decade.

Experts said a hard core of drink drivers had not responded to efforts to make it socially unacceptable leading to a stalling in the number of people killed on the roads.

John Scruby, former police traffic officer and campaigner against drinking and driving, said that a certain type of offender would continue to drink and drive unless the law was better enforced.

"With the education that we do, they're aware that drink driving is something they shouldn't be doing," he said.

"It's the same with mobile phones or anything - certain people think they've become immune to it, but they haven't."

After years of falling deaths as a result of drink driving, the figure stalled at around 240 between 2010 and 2014, leading to fears that educating motorists was no longer enough to stop them from driving while drunk.

In 2015, the most recent figures available, there was a drop to 200, but a spokesman for charity the Parliamentary Advisory Council for Transport Safety said the overall numbers were too low for this to be seen as a definitive reduction.

Official figures from the Department for Transport also show that the total number of casualties increased between 2014 and 2015, from 8,210 to 8,470.

He added that it was also concerned people were starting to take drink-driving less seriously.

"We are worried people are becoming more relaxed and blase about it because they think there are fewer police out there," he said.

Mr Scruby added that there was also little understanding of the drink-drive limits which was leading people to overestimate how much they could drink before they were over the limit.

"A lot of that is also due to mis-education and non education - or the education still hasn't got through," he said.

Christmas is a peak time for drink-drive offences. Last week police revealed that during last year's crackdown they stopped more than 100,000 vehicles, with 5,698 breath tests that were positive, failed or refused.

The report, by the Institute of Alcohol Studies, argues that the alcohol limit should be lowered to prevent more people being killed on the roads.

In the UK the limit is currently 80 milligrams of alcohol per 100 millilitres of blood, which should be lowered to 50 milligrams, the authors say.

Introducing the report, Labour peer Lord Brooke of Alverthorpe said: "Support has been demonstrated from charities, road safety organisations, publicans, and the public alike. It would seem we are primed for a change."

The data, obtained from an FOI request sent to police forces in England, shows that the number of breath tests made by police has fallen from 606,411 in 2011 to 456,736 in 2015.

The report added that traffic police had been particularly badly affected by police cuts, with 82.4 per cent of forces reporting that the proportion of total frontline officers who were working on policing the roads had fallen.

"While evidence suggests a successful drink drive strategy comprises enforcement, a lower limit, and public awareness, the Government's current support of the 80mg/100ml drink drive limit rests substantially on a level of enforcement which this report has demonstrated as lacking.

"This position appears increasingly untenable, and the need to reduce the drink drive limit all the more pressing," it said.

Earlier this year the AA warned that older people were increasingly likely to be caught drink-driving because they think they have the skill to drive safely.

Data released by the Ministry of Justice following a Freedom of Information request showed that the number of over-65s convicted of the offence had risen from 1,295 in 2005 to 1,435 in 2015.

A spokesman for the AA said: "Hard core older drink drivers will have developed bad habits over years, probably got away with it in the past and believe they can still drive safely when half-cut."

A Government spokesman said: "Police have the powers they need to keep our roads safe and latest figures show that deaths as a result of drink driving on British roads are at a record low.

"It is for Chief Constables and locally elected Police and Crime Commissioners to decide how to deploy their resources in response to local priorities.

"This Government has protected overall police spending in real terms since the 2015 Spending Review. In 2017/18, the taxpayer is investing £11.9billion in our police system, an increase of more than £475million from 2015."

At a Glance - alcohol units (Source : UK Chief Medical Officers' Guidelines)

Wine (ABV= 14%), 125ml glass : 1.8 units
Wine (ABV= 14%), 175ml glass : 2.5 units
Wine (ABV= 14%), 250ml glass : 3.5 units
Wine (ABV= 14%), 750ml glass : 10.5 units
Beer (ABV= 2.8%, Pint) : 1.6 units
Strong beer (ABV= 4.8%, Pint) : 2.7 units
Vodka (ABV= 40%, 25ml shot) : 1 unit
Vodka (ABV= 40%, 50ml shot) : 2 units
Flavoured cider (ABV= 4%, 330ml bottle) : 1.3 units

(23rd December 2017)

(Computer Weekly, dated 7th December 2017 author Warwick Ashford)

Full article [Option 1]:

The new generation of cyber criminals increasingly resembles traditional mafia organisations, requiring a new approach to dealing with it, according to a report by security firm Malwarebytes.

Cyber criminals have the same professional organisation as mafia gangs of the 1930s, but they also share a willingness to intimidate and paralyse victims, the report shows.

Malwarebytes' analysis also shows that, in spite of acknowledging the severe reputational and financial risks of cyber crime, many business leaders greatly underestimate their vulnerability to such attacks.

The report calls for businesses and consumers to fight back by acting as "vigilantes" through greater collective awareness, knowledge sharing and proactive defenses. This includes a shift from shaming businesses that have been hacked to engaging with them and working together to fix the problem.

Businesses must also heighten their awareness of cyber crime, and take a realistic view towards the likelihood of attack. The vast impacts of these attacks, the report said, mean that cyber crime must be elevated from a tech issue to a business-critical consideration.

Malwarebytes' data demonstrates the urgent need for such a shift in approach by highlighting the capacity of these fast-maturing gangs to inflict greater damage on businesses.

The new cyber mafia, the report said, is accelerating the volume of attacks, with the average monthly volume of attacks in 2017, up 23% compared with 2016. In the UK, the report said 28% of businesses had experienced a "serious" cyber attack in the past 12 months.

Ransomware attacks detected by Malwarebytes show that the number of attacks in 2017 from January to October was 62% greater than the total for 2016.

In addition, detections are up 1,989% since 2015, reaching hundreds of thousands of detections in September 2017, compared with fewer than 16,000 in September 2015. In 2017, ransomware detections rose from 90,351 in January to 333,871 in October.

"The new mafia, identified by our report, is characterised by the emergence of four distinct groups of cyber criminals: traditional gangs, state-sponsored attackers, ideological hackers and hackers-for-hire," said Marcin Kleczynski, CEO of Malwarebytes.

"Through greater vigilance and a comprehensive understanding of the cyber crime landscape, businesses can support the efforts of legislators and law enforcement, while also taking matters into their own hands."

Crime comes 'full circle'

Malwarebytes argues that the growth of cyber crime and a lack of clarity over how best to police it is damaging victim confidence, with those affected by cyber crime often too embarrassed to speak out.

This is true for consumers and businesses alike, the report said, and can have dangerous ramifications as firms bury their heads in the sand instead of working to reduce future incidents.

The report suggests that the answer lies in engaging and educating the C-suite so that CEOs are as likely as IT departments to recognise the signs of an attack and be able to respond appropriately.

"The most damaging cyber attacks to businesses are the ones that go undetected for long stretches of time. In spite of high-profile occurrences over the past year, this report shows that many business executives may still have some knowledge gaps to fill," said Kleczynski.

"CEOs will soon have little choice but to elevate cyber crime from a technology issue to a business-critical consideration," he said.

The report concludes by looking at the future of cyber crime, arguing that the internet of things (IoT) will enable crime to come full circle, so that rather than a downtown shooting, executions can be enacted digitally - for instance, by hacking an internet-enabled pacemaker.

However, Malwarebytes believes that if such attacks can be foreseen, governments should be able to legislate against them.

The report concludes that knowledge, awareness and intelligence are the best weapons against the new gangs of cyber crime, and that individuals and businesses have to play an important role alongside law enforcement agencies governments and other bodies.

"Rather than sit back and minimise the blow from cyber crime, individuals and businesses must take the same actions that previous generations of vigilantes once did against the fearsome syndicates of their day: fight back," the report said.

(23rd December 2017)

(ZDNET, dated 7th December 2017 author Danny Palmer)

Full article [Option 1]:

A vulnerability in the mobile apps of major banks could have allowed attackers to steal customers' credentials including usernames, passwords, and pin codes, according to researchers.

The flaw was found in apps by HSBC, NatWest, Co-op, Santander, and Allied Irish bank. The banks in question have now all updated their apps to protect against the flaw.

Uncovered by researchers in the Security and Privacy Group at the University of Birmingham, the vulnerability allows an attacker who is on the same network as the victim to perform a man-in-the-middle attack and steal information.

The vulnerability lay in the certificate pinning technology, a security mechanism used to prevent impersonation attacks and use of fraudulent certificates by only accepting certificates signed by a single pinned CA root certificate.

While certificate pinning usually improves security, a tool developed by the researchers to perform semi-automated security-testing of mobile apps found that a flaw in the technology meant standard tests failed to detect attackers trying to take control of a victim's online banking. As a result, certificate pinning can hide the lack of proper hostname verification, enabling man-in-the-middle attacks.

The findings have been outlined in a research paper and presented at the Annual Computer Security Applications Conference in Orlando, Florida. The tool was run on 400 security critical apps in total, leading to the discovery of the flaw.

See also: What is phishing? Everything you need to know to protect yourself from scam emails and more

"In general, the security of the apps we examined was very good, the vulnerabilities we found were hard to detect, and we could only find so many weaknesses due to the new tool we developed," said Dr Tom Chothia, lecturer at the university and one of the authors of the report.

"It's impossible to tell if these vulnerabilities were exploited, but if they were, attackers could have got access to the banking app of anyone connected to a compromised network," he added.

Tests found apps from some of the largest banks contained the flaw which, if exploited, could have enabled attackers to decrypt, view, and even modify network traffic from users of the app. That could allow them to view information entered and perform any operation that app can usually perform -- such as making payments or transferring of funds.

Other attacks allowed hackers to perform in-app phishing attacks against Santander and Allied Irish bank users, allowing attackers to take over part of the screen while the app was running and steal the entered credentials.

While certificate pinning is often enough to ensure security, in this instance, its application actually hid flaws because penetration testing couldn't work around the system.

"As this flaw is generally difficult to detect from normal analysis techniques, we have developed a detection tool that is semi-automated and easy to operate. This will help developers and penetration testers ensure their apps are secure against this attack," said Chris McMahon-Stone, research student in the Security and Privacy Group at the University of Birmingham and co-author of the paper.

The researchers have worked with the National Cyber Security Centre and all the banks involved to fix the vulnerabilities, noting that the current version of all the apps affected by the pinning vulnerability are now secure.

A University of Birmingham spokesperson told ZDNet all the banks were highly cooperative: "once this was flagged to them they did work with the team to amend it swiftly."

(23rd December 2017)

(ZDNET, dated 7th December 2017 author Danny Palmer)

Full article [Option 1]:

We seem to be in the grip of a data breach epidemic. Whether it's big businesses falling victim to cyber-espionage campaigns, workers foolishly handing over their credentials in reply to phishing emails from fraudsters, or just consumers getting their PCs infected with malware, there are security threats everywhere.

But the reality is that it doesn't have to be this way: with a few simple precautions, businesses and consumers can do a lot to secure their accounts and data.

Strong passwords, two factor authentication, antivirus, and backups are just some of the simple things users can employ to protect themselves from cyberattacks -- yet breaches and malware infections show that some of the most basic advice is often not followed.

"We pretend this is the most complicated thing in the world, and yet strong passwords, backing up your data, updating your security software -- security isn't that difficult," said Raj Samani, chief scientist at McAfee.

The UK's National Health Service was one of the most high-profile victims of May's global WannaCry ransomware virus outbreak, with a proportion of hospitals taken offline -- some of which didn't have systems restored for weeks.

An investigation following the incident found that NHS trusts had been warned to apply critical patches to prevent systems being exposed to the EternalBlue Windows vulnerability which WannaCry used, but that many failed to do so. Of course, nobody knew that just a month following the warnings that WannaCry would hit, but failing to patch systems left many organisations open to attack.

"If I'd come to you in April and said there's going to be a massive worm, it's going to be infecting with ransomware, how do you protect yourself against it? Everyone knows how to protect against that," said Samani, referring to how patches would have been prioritised.

"I understand there are business pressures which are that patching and updating systems isn't necessarily simple to do, but yet we all know how to have prevented these attacks, so let's not over-complicate the issue," said Samani.

Making security your problem

What can potentially help is to personalise the issue: it's all very well telling users that they should follow a particular company policy in order to ensure security, but in many cases, if the user doesn't understand why they have to follow a particular rule, they probably won't do it.

Explaining what threats could be waiting online and how to protect against them can go a long way towards boosting enterprise security.

"Someone going into a work event and learning about why it's important to have a strong password on their email or why not to transfer money when booking a holiday, all these best practices they learn for themselves become second nature in the business," said Sarah Martinez, communications director for Get Safe Online, an organisation which provides information and advice on online safety.

And while some might expect digital-native technically-savvy younger people will bring better security awareness with them as they become a bigger part of the workforce, research by Get Safe Online suggests it's people aged 18-24 who are most likely to fall victim to phishing attacks.

The organisation recently ran a 'training academy' in which it taught grandparents the skills they needed to carry out phishing tests on their grandchildren -- and by just using simple techniques, many of the targets fell for it.

While it wasn't a real cybercriminal on the other end of the email exchange, it demonstrates how easy it can be to fall for a cyberattack, especially if basic security principles aren't adhered to.

"It was cheeky, but the idea was to demonstrate we can't be complacent and think we're not at risk. This was easy: it was first-page Google search tech which we showed 65-year-olds," said Martinez.

This 'Scammer Nanas' experiment demonstrated two things: firstly, how easy it is for fall victim to online attacks, and secondly how people with only the most basic training -- even if it is cribbed from an online search -- are capable of ensnaring victims.

And while the premise of using grandparents as attackers might seem far-fetched, thanks to the rise of cybercrime-as-a-service, almost anyone who wants to dip their toes into hacking and online crime has the option to do so, even if they lack the skills.

"The challenge we have now is that my 12-year old daughter could launch a ransomware campaign," said Samani. "The technical barriers required to become a criminal working in the digital world has actually lowered."

"That's the challenge; we want to make it difficult from an ROI perspective, but the economy has made it so much simpler to do this," he added.

Ensuring that even the most basic cybersecurity procedures are adhered to the theory is that not only would it help to protect individuals and organisations against attacks, but even simple barriers could prove enough to stop some cybercriminals from conducting malicious activities because the time and effort required to conduct the attacks is no longer worth it.

(23rd December 2017)

(The Guardian, dated 7th December 2017 author Kevin Rawlinson)

Full article [Option 1]:

An estimated 385,000 people were killed in homicides in 2016, with marked increase in non-conflict areas such as Venezuela

The global homicide rate rose last year for the first time in more than a decade, with marked increases in Venezuela and Jamaica, a study has shown.

The Small Arms Survey report, published on Thursday, estimated that 385,000 people were killed in homicides across the world in 2016, an increase of 8,000 on the previous year.

Despite that, the report estimated that the overall number of violent deaths had decreased, primarily as a result of fewer people being killed in wars in 2016 than in 2015.

Of the five countries with the highest violent death rates in 2016 - Syria, El Salvador, Venezuela, Honduras, and Afghanistan - only two had armed conflicts last year.

The researchers noted that while the increase in the homicide rate "does not necessarily indicate a new trend … it signals growing insecurity in non-conflict areas". Taking into account population rises, 2016 had a global homicide rate per 100,000 of 5.15 - 0.04 points higher than in 2015.

"As the uptick in homicides affects far more people's perceptions of local security than does the drop in conflict deaths, however, the overall decrease in violent deaths is unlikely to lead to an increased sense of safety at the global scale," the researchers said.

Of the 23 countries with a violent death rate of more than 20 people per 100,000, 14 were not not involved in wars: they include Brazil, Jamaica, the Dominican Republic and South Africa.

The report said in such countries "crime claimed, in proportion to their populations, as many victims as some high-intensity conflicts".

The number of people killed as a direct result of armed conflict fell from a peak in 2014 of 143,000, to 119,000 the following year and 99,000 in 2016. That resulted in a fall in the rate per 100,000 people from 1.96 in 2014 to 1.32, according to the report.

This helped the overall rate of violent deaths fall from 7.73 per 100,000 population to 7.50 between 2015 and 2016. The report's authors, Claire McEvoy and Gergely Hideg, said more than a million lives could be saved by 2030 if the trend continued.

"The annual number of violent deaths is likely to increase to approximately 610,000 by 2030, primarily due to population growth," they wrote.

"Yet if states were able to replicate the results of the countries that have been most successful at preventing and controlling violence in their respective world regions, that number could drop to about 408,000, meaning that about 1.35 million lives could be saved between 2017 and 2030."

The Small Arms Survey's report, Global Violent Deaths 2017, was produced with the support of the Swiss Agency for Development and Cooperation. The group is funded by several governments and its past work has been supported by international organisations, such as UN agencies.

(23rd December 2017)

(London Evening Standard, dated 6th December 2017 author Mark Blunden)

Full article [Option 1]:

Millions of British victims of data breaches are unaware their personal data has been stolen, according to research published today.

About 30 high-profile hacks over the past two years were analysed, including on TalkTalk, Yahoo, PlayStation, the AA and Three, with researchers calculating up to 77 per cent of Britons had fallen victim to cybercriminals.

However, of 2,000 customers of these firms quizzed for a survey by credit firm Noddle, 58 per cent said they did not know that their details had been compromised.

Personal information taken by hackers, which often ends up for sale on the dark web, has included names, addresses, phone numbers, bank account details and passwords.

But almost half of survey respondents who knew about the attacks admitted not changing their passwords or being vigilant for phishing emails, despite knowing the fraud risks.

Sixty per cent of customers surveyed said they had not been told by the companies involved and found out only when they read the news.

Noddle said this meant more than 21 million customers of the companies analysed did not know they were affected.

The survey was carried out before the data thefts at ridesharing firm Uber and credit agency Equifax, which suggests the figures could be higher. Noddle said people concerned that they were affected should check credit scores for unusual activity.

An overhaul of data protection laws proposed for next year will force companies to tell customers if there has been a significant breach of data. Firms in the UK that suffer a serious breach could be fined up to £17 million. The current maximum fine that companies can suffer for breaking data protection laws is £500,000.

The Information Commissioner's Office will have its powers strengthened to help it police the regime.

Jacqueline Dewey, managing director of Noddle, said: "If your personal details are stolen they could be sold on and used to take out fraudulent credit cards, loans, a mobile phone contract or even a mortgage."

Mike Haley, deputy chief executive of anti-fraud body Cifas, said: "Companies should ensure they are aware of the insider risk as well as doing more to protect and advise customers."

(23rd December 2017)

(The Telegraph, dated 6th December 2017 author Nicola Harley)

Full article [Option 1]:

Undercover police "snatch and grab" squads are dragging suspected moped thieves off bikes to combat the growing crime trend. Officers are using the new tactic to tackle the rise in attacks by moped thieves and to avoid the risks posed of pursuing them at speed through the streets.

Dressed in plain clothes, the undercover teams are targeting the gangs as they try and escape in slow traffic.

Once the criminals are forced to stop their vehicles in stationary traffic, the officers pounce.

It comes amid a huge rise in moped crimes which saw more than 20 people attacked on Monday.

The attacks included four men riding two mopeds who stole mobile phones from pedestrians in Islington and Camden and seven men armed with swords who were involved in a smash and grab robbery on a jewellery store in Fleet Street.

Detective Superintendent Jess Ruddell, of Westminster Police, who has brought in the snatch squads, told the Evening Standard: "This new tactic works and sends out a message that police are willing to do this and tackle these suspects.

"This is hugely manpower intensive but we are absolutely committed to getting on top of this offending. We are deploying covert and overt tactics to tackle these robberies."

Scotland Yard are using stinger devices to deflate the tyres of suspects and a forensic spray to mark them so they can be identified later.

Sergeant Matt Carey, of the Operation Venice team which targets moped-enabled crime, told the paper: "The pinch points are where traffic slows down to a halt, where they have to walk their bikes through.

"They know they are at risk there but there is pretty much nothing they can do about it once they are boxed in by other vehicles.

"Once they are in that position this is where we jump out and remove them from their bikes. If the risk is too high and they are travelling at speed we will not do it."

Officers on the ground identify targets by looking for moped riders with passenger who commit traffic offences such as jumping red lights.

(23rd December 2017)

(The Telegraph, dated 6th December 2017 author Nicola Harley)

Full article [Option 1]:

Police are warning homeowners that burglars are using upmarket fish vans to check out wealthy villages.

Criminals are posing as fishmongers selling door to door in affluent areas to target unsuspecting residents.

The latest areas to be hit are properties in the Cotswolds and Hertfordshire homes.

Incidents have been reported across the UK, with other cases reported in Cumbria and Wales.

In Hertford, criminals have been selling seafood door-to-door before returning to later to steal property.

Chief Inspector Gerry McDonald of Hertfordshire Police said: "We know that in other areas of the county people have been conned into buying fish well above the market rates, by door to door fish sellers.

"We are concerned that this maybe starting to happen in East Herts and are asking residents to be on their guard.

"Most mobile fish sellers have regular weekly rounds or pitches. These new vans are turning up at random locations and at random times. We are also concerned that these 'fish sellers' may also be checking out properties."

Claire Wood, 32, from Hertford, said her area was targeted and a buglary occurred later the same day.

"I had some bloke knock on my door trying to sell me meat and fish before saying he would go back to his van and show me some products," she said.

"I said 'I'm not interested, I'm vegan' as I didn't trust him.

"An old lady was targeted too later and had her home burgled."

Detectives believe there is a link between the burglaries and fish tradesmen.

A spokesman for Herts police said: "We have had information passed on to us from local residents that there are new fish vans operating in the rural areas.

"These seem to be turning up at random locations and at random times and are selling door to door.

"We are warning residents to be on their guard and want to hear from anyone who has been pressurised into buying fish.

"We are also concerned that these 'fish sellers' may also be checking out properties."

In Gloucestershire, residents reported salesmen selling fish and wearing white coats who were looking in cars.

She told the police after they had left that she noticed white chalk on her wall.

White chalk on walls is regarded as a 'sign' used by some to identify a property as a potential target for burglars or thieves.

In Deesside, Wales, a similar scam has been reported where vulnerable people were scammed by coldcallers at their doors using high pressure sales techniques to encourage people to buy large quantities of poor quality fish where the source, catch method, preparation, storage and weights were unknown.

The salesmen were showing customers a small selection of fish, and when they agreed to buy some, they would go to their unrefrigerated van, returning with a large number of packed fish. Some offered go into the house and put the fish into the freezer.

The fish was then discovered to be mislabelled as more expensive varieties, underweight and close to the use-by date.

The same areas targeted reported a rise in burglaries.

CI McDonald added: "If you come across people selling fish out of their van and believe that this is unusual please can you pass details onto us.

"We believe that burglars might be using this method to get around the villages."

"If you are worried about anyone selling door to door, don't open your door to them and contact the police for advice."

(23rd December 2017)

(Independent, dated 4th December 2017 author Aatif Sulleyman)

Full article [Option 1]:

The Information Commissioner's Office (ICO) has issued a warning against sharing passwords with other people.

The data protection regulator was responding to the news that MPs have been giving out their computer login details to their staff, including interns.

The practice has been heavily criticised, and the ICO says it's looking into the matter.

"We're aware of reports that MPs share logins and passwords and are making enquiries of the relevant parliamentary authorities," it tweeted this morning.

"We would remind MPs and others of their obligations under the Data Protection Act to keep personal data secure."

The ICO's tweet included a link to a guide to data protection.

In an attempt to defend Damian Green, who has been accused of having pornography on his Commons computer, Conservative MP Nadine Dorries revealed that she routinely shares her login passwords with all her staff.

"My staff log onto my computer on my desk with my login everyday," she tweeted over the weekend. "Including interns on exchange programmes. For the officer on @BBCNews just now to claim that the computer on Greens desk was accessed and therefore it was Green is utterly preposterous!!"

She then added, "All my staff have my login details. A frequent shout when I manage to sit at my desk myself is, 'what is the password?'"

Nick Bowles followed this up by saying, "I certainly do [share login details with staff]. In fact I often forget my password and have to ask my staff what it is."

Jim Killock, the Executive Director of the Open Rights Group, said, "On the face of it, Nadine Dorries is admitting to breaching basic data protection laws, making sure her constituents' emails and correspondence is kept confidential and secure. She should not be sharing her log in with interns.

"More worryingly, it appears this practices of MPs sharing their log ins may be rather widespread. If so, we need to know.

"We are urging MPs staff and former staff to get in touch with us if they have knowledge about insecure data practices in MPs' offices. Once we know more, we will consider complaining to the Information Commissioner and Parliamentary authorities."

(23rd December 2017)

(London Evening Standard, dated 9th December 2017 author Patrick Grafton-Green)

Full article [Option 1]:

An east London borough has been named as the worst for home break-ins over the Christmas period.

Redbridge has the highest increase in residential burglaries over Christmas of all London boroughs, official figures reveal.

The borough sees a rise in break-ins of 52 per cent during the months of November to January, compared to the rest of the year.

Redbridge also has the highest rate of burglary in the capital over the festive period, with an average of 8.39 homes per 1,000 targeted.

Comparison service ValuePenguin analysed data from the Met Police's crime data dashboard for every borough in the capital between April 2010 and October 2017.

According to the data, every borough sees an increase in burglaries at Christmas. Harrow - with a hike of 43 per cent, and Bexley - with a 38 per cent increase - also fare badly.

The lowest increases - of just two per cent - are seen in Islington and Kensington and Chelsea.

Despite seeing a substantial rise in burglaries over the winter months, Bexley has the lowest burglary rate of any London borough during the rest of the year, with thieves targeting 2.89 homes per 1,000.

This jumps up to four over the festive season, still the second lowest rate of any London borough.

After Redbridge, the boroughs with the highest burglary rates over Christmas include Barnet, with an average of 7.71 homes targeted per 1,000, and Haringey, with 7.62.

Sutton, where 3.7 homes per 1,000 are targeted, has the lowest rate of any London borough.

Superintendent Shaun Wilson, Met operational lead for burglary, told the Standard: "I think it is fair to say around Christmas time and in the approach to Christmas, we do see a traditional increase in burglaries.

"This is often at a time people are buying gifts, often expensive gifts, and leave them safe places and sometimes not so places.

"It's a period when people go on holiday, spend long periods away from home, visit family and friends and spend time socialising and partying.

"This leads to an increase in vulnerability, which gives burglars a chance to exploit that."

Supt Wilson said advice fell into three main categories, online profiles, people going out and people going away.

He said: "Often people will advertise they have been given an expensive item. Check your security settings, other people will be peering into that, and think about what you are putting online.

"If you are going away, tell neighbours, people that you trust, that you are going away.

"The mail will start stacking up and it soon becomes obvious that you are away. Have someone you trust come in, turn lights on and off, put on the television and radio, open and close curtains.

"Don't leave expensive items or wrapped up gifts near windows for people to see.

"Keys should not be left in doorways, near the letter box - people will reach through and nick the keys."

He added that Christmas was also a time to keep an eye on the vulnerable and elderly, who are in particular danger of being targeted.

A Redbridge Council spokesman said: "Burglary rates traditionally increase at this time of year and we are working in partnership to support the police to bring burglary back to more acceptable levels.

"We have introduced a number of measures such as; alley gating schemes, free home security improvements for the most vulnerable, home security advice for residents and a wide range of activities to tackle bogus callers and rogue traders.

"We remind homeowners to keep doors and windows locked and to use timers on light switches when they go out."

Un-Merry Christmas

Percentage burglaries that go up during the Christmas and New Year period.

n = average Christmas burglary rate (Nov-Jan) per 1000 households
(n) = average burglary rate rest of year per 1000 households

Barking and Dagenham : 6.74 (5.24)
Barnet : 7.71 (5.79)
Bexley : 4 (2.89)
Brent : 7.24 (5.51)
Bromley : 5.66 (4.33)
Camden : 6.06 (5.08)
Croydon : 5.91 (4.89)
Ealing : 6.34 (5.02)
Enfield : 7 (5.31)
Greenwich : 4.74 (4.06)
Hackney : 4.6 (4.42)
Hammersmith and Fulham : 5.96 (5.55)
Haringey : 7.62 (6.14)
Harrow : 7.09 (4.96)
Havering : 6.81 (5.1)
Hillingdon : 6.74 (4.92)
Hounslow : 5.7 (4.45)
Islington : 5.1 (5)
Kensington and Chelsea : 5.24 (5.13)
Kingston upon Thames : 4.03 (2.99)
Lambeth : 6.07 (5.59)
Lewisham : 6.23 (4.99)
Merton : 5.51 (4.22)
Newham : 5.06 (4.11)
Redbridge : 8.39 (5.52)
Richmond upon Thames : 4.56 (3.88)
Southwark : 5.04 (4.69)
Sutton : 3.7 (2.94)
Tower Hamlets : 4.1 (3.76)
Waltham Forest : 6.49 (5.3)
Wandsworth : 4.68 (4.18)
Westminster : 5.34 (4.69)

(10th December 2017)

(Birmingham Mail, dated 7th December 2017 author James Rodger)

Full article [Option 1]:

Mobile banking customers are being advised to update their apps after experts discovered a security flaw that left millions vulnerable to hackers.

Researchers found that several apps, including those from HSBC, The Co-operative and NatWest banks, had a specific weakness that could be exploited by criminals to gain access to users' details such as username, password and Pin code.

The vulnerability, believed to have put 10 million users around the world at risk, has been fixed but the experts say it is not clear whether the flaw was exploited by attackers.

They recommend using the most recent version of the banking apps and installing updates as soon as they are offered.

The team from the University of Birmingham detected the weakness using a tool they developed to test 400 apps considered to be high security.

Dr Tom Chothia, a senior lecturer in Cyber Security at the University of Birmingham, said: "In general the security of the apps we examined was very good, the vulnerabilities we found were hard to detect, and we could only find so many weaknesses due to the new tool we developed.

"It's impossible to tell if these vulnerabilities were exploited but if they were attackers could have got access to the banking app of anyone connected to a compromised network."

They found that a hacker connected to the same network as the app user, such as WiFi or a corporate network, could perform what they call a "man-in-the-middle attack" to trick the software into revealing personal details.

The apps with the security flaw had one particular technology - known as certificate pinning - in common. Certificate pinning is normally used to improve security in apps but contains vulnerabilities that remain undetected in standard checks.

he team also uncovered the risk of other potential threats including "in-app phishing attacks" against Santander UK and Allied Irish (GB).

A phishing attack would have let a hacker take over a part of the screen while the app was running and use this to fraudulently ask the victim for their confidential information by sending emails or messages that look like they are from a legitimate organisation.

The team worked with the banks involved as well as the UK government's National Cyber Security Centre to fix the vulnerabilities.

(10th December 2017)

(Daily Mail, dated 1st December 2017 author Scott Campbell)

Full article [Option 1]:

Thousands of Morrisons staff have won their claim for a payout after their addresses, bank details and salaries were posted online.

The case has potential implications for every individual and business in the country.

It follows a security breach in 2014 when Andrew Skelton, a senior internal auditor at the retailer's Bradford headquarters, leaked the payroll data of nearly 100,000 employees.

The file - which was put online and sent to newspapers - included their names, addresses, bank account details and salaries.

A group of 5,518 former and current Morrisons employees said the leak exposed them to the risk of identity theft and potential financial loss and that Morrisons was responsible for breaches of privacy, confidence and data protection laws.

They are seeking compensation for the upset and distress caused.

Morrisons said it could not be held directly or vicariously liable for Skelton's criminal misuse of the data and that any other conclusion would be grossly unjust.

Following Mr Justice Langstaff's decision on liability on Friday, Nick McAleenan of JMW Solicitors said: 'The High Court has ruled that Morrisons was legally responsible for the data leak.

'We welcome the judgment and believe that it is a landmark decision, being the first data leak class action in the UK.'

The judge ruled that vicarious liability, but not primary liability, had been established.

He said: 'I hold that the Data Protection Act (DPA) does not impose primary liability upon Morrisons; that Morrisons have not been proved to be at fault by breaking any of the data protection principles, save in one respect which was not causative of any loss; and that neither primary liability for misuse of private information nor breach of confidentiality can be established.

'I reject, however, the arguments that the DPA upon a proper interpretation is such that no vicarious liability can be established, and that its terms are such as to exclude vicarious liability even in respect of actions for misuse of private information or breach of confidentiality.'

He added: 'The point which most troubled me in reaching these conclusions was the submission that the wrongful acts of Skelton were deliberately aimed at the party whom the claimants seek to hold responsible, such that to reach the conclusion I have may seem to render the court an accessory in furthering his criminal aims.

'I grant leave to Morrisons to appeal my conclusion as to vicarious liability, should they wish to do so, so that a higher court may consider it, but would not, without further persuasion, grant permission to cross-appeal my conclusions as to primary liability.'

Mr McAleenan said: 'Every day, we entrust information about ourselves to businesses and organisations. We expect them to take responsibility when our information is not kept safe and secure.

'In the Morrisons case, almost 100,000 bank account details, National Insurance numbers and other data was entrusted to a fellow employee to look after. Instead, however, he uploaded the information to the internet.

'This private information belonged to my clients. They are Morrisons checkout staff, shelf stackers, factory workers - ordinary people doing their jobs.

'The consequences of this data leak were serious. It created significant worry, stress and inconvenience for my clients.'

In July 2015 Skelton was found guilty at Bradford Crown Court of fraud, securing unauthorised access to computer material and disclosing personal data and jailed for eight years.

The trial heard that his motive appeared to have been a grudge over a previous incident where he was accused of dealing in legal highs at work.

(Financial Times, dated 8th October 2017 author Jane Croft)

Full article [Option 1]:

A landmark High Court trial of a case by Wm Morrison workers over a huge leak of personal data by a former employee will begin this week.

The lawsuit was brought by 5,500 current and former Morrisons workers. They are seeking compensation over the 2014 data security breach in which payroll information of almost 100,000 staff was posted on the internet.

The legal case, which is believed to be the first data leak class action in the UK, will be keenly watched by companies who worry it could spark a new wave of court cases from workers and customers in the event of a data breach.

The two-week High Court case is due to determine whether Morrisons is liable for the data leak. If the claimants are successful, a second trial will go ahead to determine the level of compensation for victims.

The details posted on the internet included bank and salary details as well as addresses and National Insurance numbers.

The workers claim that Morrisons failed to prevent the leak, which exposed staff to the risk of identity theft and potential financial loss. They argue that the supermarket was ultimately legally responsible for breaches of privacy, confidence and data protection laws.

Morrisons denies all legal liability and is vigorously defending itself. The company declined to comment ahead of trial.

The lawsuit stems from the conviction of Andrew Skelton, a former senior internal auditor at Morrisons who posted the personal information on the internet. He was jailed for eight years in 2015 for fraud, securing unauthorised access to computer material and disclosing personal data.

His 2015 trial at Bradford Crown Court heard that Skelton bore a grudge against his employer after he was subjected to disciplinary action for using the company's post room to conduct eBay deals.

A package suspected to contain illegal drugs was found in the mail room at Morrisons' Bradford headquarters and Skelton was only allowed to return to work after the substance was tested and found to be a legal dietary aid. He was, however, given a warning for running an eBay business using the supermarket's mail room.

The jury heard he wrote a draft resignation letter at the time of the warning in 2013 speaking of his "anger and frustration". He then leaked the data and alerted newspapers and websites. He attempted to cover his tracks by implicating a fellow employee, using the colleague's details to set up a fake email account, the trial heard.

When the supermarket was alerted to the data breach, Morrisons acted quickly to take down the material. It also offered identity theft protection and to compensate anyone who suffered fraud as a result of the leak. Morrisons incurred costs of almost £2m, including professional and legal fees, for dealing with the fall out.

Paul Glass, partner at law firm Taylor Wessing, said the outcome of the High Court lawsuit will be scrutinised by other companies because there have been few cases to test the law in this area.

"The facts are quite specific in this case. However I think companies will be watching this case closely to see what the court decides on some of the data protection claims being run such as the argument that Morrisons failed to take appropriate steps to protect data," he said.

"I would expect to see more of a shift to the US model where after a data breach companies could in future expect to receive class action type lawsuits," he said, adding that it may force companies to check their liability insurance to be sure it covers such incidents.

Suzanne Horne, partner at law firm Paul Hastings, called it a "watershed case" for companies. "There is only so much companies can do to protect data - you can train staff and put policies and technology in place but how do you prevent a rogue employee with their own agenda?" she said.

The lawsuit is being brought by law firm JMW Solicitors. Nick McAleenan, a partner and data privacy law specialist at JMW, said: "At the trial in October, the court will decide whether Morrisons bears any legal responsibility for the misuse and disclosure of the payroll information of the many thousands of people bringing claims in this case."

Data breaches are becoming more common. Equifax, the US credit-reporting company, recently admitted that as many as 400,000 UK consumers might have had their personal information stolen.

Payday lender Wonga in April warned 250,000 current and former customers that there might have been "illegal and unauthorised access" to personal data, and last October UK telecoms group TalkTalk was hit with a record £400,000 fine after the personal data of more than 150,000 customers were stolen in a cyber attack in 2015.

(10th December 2017)

(London Evening Standard, dated 3rd December 2017 author Francesca Gillett)

Full article [Option 1]:

Westminster has topped the list as the worst London borough for bus crime, figures have revealed.

New analysis of stats found the number of sexual offences reported on the capital's buses rocketed this year, despite overall crime on London buses dropping by nearly seven per cent.

After Westminster, the boroughs of Hackney and Camden recorded the most crime on buses followed by Haringey, Lambeth and Islington.

The safest borough for bus crime was leafy Richmond, followed by Kingston, Sutton and Harrow.

The data, which covered all 32 London boroughs except the City of London, comes from the Office for National Statistics and Transport for London and was analysed by website Locksmith Service.

It revealed the total number of crimes committed on buses between January and June this year was 7,957, down by 6.9 per cent from 8,545 crimes in the same period last year.

The most common crime was theft, which accounted for nearly half of all offences committed on the capital's buses.

A close second was violent offences, with 3,034 such offences committed.

Despite most crimes dropping, the number of sexual offences committed on the buses rocketed by nearly 10 per cent, the data showed.

Ealing, which was rated eighth for highest number of bus crimes in 2016, appears to have been safer in 2017, dropping out of the top 10 list.

Lambeth, which was second worst for bus crime last year, also recorded fewer crimes in 2017, dropping to fifth place.

Steve Burton, TfL's director of enforcement and on-street operation, highlighted the fact crime on the bus network is falling.

He said: "Our top priority is the safety and security of passengers who make around 15 million journeys on our services each day. The transport network is a safe, low crime environment with very few people ever experiencing or witnessing crime."

"In contrast to national trends, crime on the bus network is falling, but we will continue to work closely with the police to ensure that offenders are dealt with robustly and that our staff and Metropolitan Police Officers are on hand to help customers who need assistance.

"This includes continuing work on our important 'Report It to Stop It' campaign, which is encouraging victims of sexual offences to come forward and report crimes."

London red bus crime rates (per London borough, January - June 2017)

1. Westminster :557
2. Hackney : 513
3. Camden : 461
4. Haringey : 459
5. Lambeth : 455
6. Islington : 453
7. Southwark : 412
8. Newham : 330
9. Lewisham : 272
10. Croydon : 266
11. Barnet : 253
12. Brent : 253
13. Ealing : 248
14. Hillingdon : 224
15. Enfield : 221
16. Hammersmith and Fulham : 217
17. Waltham Forest : 213
18. Greenwich : 211
19. Tower Hamlets : 203
20. Wandsworth : 194
21. Redbridge : 190
22. Hounslow : 180
23. Bromley : 156
24. Havering : 147
25. Kensington and Chelsea : 135
26. Barking and Dagenham : 128
27. Merton : 114
28. Bexley : 111
29. Harrow : 110
30. Sutton : 98
31. Kingston upon Thames : 87
32. Richmond upon Thames : 86

(10th December 2017)

(The Telegraph, dated 1st December 2017 author Gordon Rayner)

Full article [Option 1]:

Benefit fraud has reached record levels after it rose by £200?million in the space of a year, the Department of Work and Pensions has admitted.

Fraud swallowed up almost £2.1?billion of the department's total budget of £174?billion - the equivalent of £40?million per week.

It means that the DWP now loses almost twice as much money to fraud as the entire budget of the Foreign Office, which is £1.1?billion per year. MPs said David Gauke, the Work and Pensions Secretary, now had "questions to answer" over why the figures have gone up despite repeated assurances that they would be brought under control.

Figures released by the DWP show that in 2016/17 the total amount of money lost to "overpayments" - which counts both fraud and errors by staff - stood at £3.6?billion, up £300?million from the previous year.

Around £1.1?billion of that money was recovered, meaning net losses stood at £2.5?billion. Fraud accounted for 1.2 per cent of the entire DWP budget, compared with 1.1 per cent the previous year, largely because housing benefit fraud was at its highest ever level of 4.5 per cent.

The new Universal Credit system was also targeted by fraudsters, with £50?million lost. Another £40?million was lost to errors by staff and claimants. The DWP claimed part of the reason fraud had gone up was because of better methods of gathering information on it, but a spokesman admitted that did not explain the overall increase in overpayments.

Frank Field, the ?Labour MP and chairman of the work and pensions select committee, said: "David Gauke has got some questions to answer about this. After the Chancellor, the Secretary of State for Work and Pensions has arguably the most important job in Government because of the size of the department's budget.

"The Government is losing huge amounts of money at the same time as it is making a mess of the roll-out of Universal Credit."

A DWP spokesman said: "We have brought in reforms to improve detection, prevention and recovery and our fraud investigators work tirelessly to bring criminals to justice. Last year we prosecuted around 5,000 fraudsters and issued around 6,000 administrative penalties and recovered a record £1.1? billion in overpaid benefits.

"Meanwhile, Universal Credit will reduce fraud and error by £1.5?billion when it is fully rolled out."

In September, Judge Nicholas Dean QC criticised the DWP for failing to tackle benefits cheats and said that people should be forced to pay back money sooner.

(10th December 2017)

(The Times, dated 2nd December 2017 author Nadeem Badshah) [Option 1]

All government departments have been ordered to stop using Russian anti-virus software after GCHQ said that it was being used to steal national state secrets.

Theresa May said last month that Russia was attempting to "weaponise information" and threaten the international order.

The National Cyber Security Centre (NCSC), part of GCHQ, has written to all government departments alerting them to the risks of using the anti-virus products for systems related to national security. Ciaran Martin, the centre's chief executive, said: "The NCSC advises that Russia is a highly capable cyberthreat actor which uses cyber as a tool of statecraft. This includes espionage, disruption and influence operations. Russia has the intent to target UK central government and the critical national infrastructure."

He said that Russia had targeted British infrastructure, including power and telecoms, and that analysis showed that "Russian state intent is that it targets national security interests".

In the new government guidance, Ian Levy, the centre' technical director, says: "The Prime Minister set out very clearly in her Mansion House speech that the Russian state is acting against the UK's interest in cyber space. It follows that we need to do everything we can to reduce the risk of successful Russian attack, and this is much, much more complicated than just trying to take companies with Russian flags out of your supply chain.

"There's a comprehensive strategy to counter cyberattacks from all adversaries, and the National Cyber Security Strategy sets out the totality of the capabilities we use to protect the UK."

The security company Kaspersky Lab has denied allegations in the United States that it is used by the Russian state for espionage. The company which is used by some British government departments and an estimated 400 million people worldwide, was accused of downloading classified material from a home computer in the US.

Eugene Kapersky, the chief executive and co-founder, told the BBC: "We would never do that. It's simply not possible. It's not true that the Russian state has access to the data. There are no facts about that."

(International Business Times, dated 2nd December 2017 author Gaurav Sharma)

Full article [Option 1]:

Barclays bank has stopped offering free Kaspersky anti-virus products to new online banking customers following an official UK government warning about Russian software.

In an email to 290,000 online banking customers on Saturday (2 December), Barclays said: "The UK government has been advised to remove any Russian products from all highly sensitive systems classified as secret or above.

"We've made the precautionary decision to no longer offer Kaspersky software to new users. However, there's nothing to suggest that customers need to stop using Kaspersky."

Barclays said it treated the security of its customers "very seriously". The offer was available at the point of use to internet banking customers to boost their security via a free 12-month free trial.

A spokesman for Kaspersky told IBTimes UK the company was very "disappointed" that Barclays had discontinued its offer to its customers.

Earlier in the day, it was revealed that the UK National Cyber Security Centre - the country's authority on cyber security and part of GCHQ - is writing to all government departments telling them Russian security software could be exploited by Moscow.

Ciaran Martin, head of the National Cyber Security Centre, said: "Russia is acting against the UK's national interest in cyberspace."

"It seeks to target UK central government and the UK's critical national infrastructure." He advised that "a Russia-based provider should never be used" for systems that deal with issues related to national security.

However, the agency did note it is not advising the public at large against using Kaspersky's popular antivirus products.

(10th December 2017)



(INC, dated 29th November 2017 author Joseph Steinberg)

Full article [Option 1]:

Criminals are exploiting the news that Uber suffered a serious data breach to inflict more harm on Uber customers. As if it the pilfering by hackers of the names, email addresses, and mobile-phone numbers of 57 million customers of the ride service as well as the driver's license numbers of 600,000 Uber drivers was not bad enough, criminals are now crafting sophisticated phishing emails that prey on the same group of people.

There are multiple variants of the scam -- and surely more to come.

Various realistic-looking phishing emails appear to come from Uber and apologize for the breach. Some request that the user reset his/her password so as to ensure that any passwords compromised in the breach cannot be used by criminals. This may appear to be sound advice - and it actually might be if it were not for the fact that the password reset link provided in the email directs clickers to a bogus Uber site run by criminals in order to collect passwords. Of course, the site asks you to enter your "old password" along with your desired new password.

Another variant of the phishing email contains a profound apology for the breach, and offers the customer a $50 credit towards rides on Lyft, Uber's main competitor in many markets. While anyone who spends a moment thinking about the offer should realize that it is likely bogus - why in the world would Uber be both providing its primary competitor with revenue and directing its already upset customers to that primary competitor - people have a tendency to act without thinking when offered "free money" which they think may no longer be available if they do not act quickly.

Other variants of the phishing scam already exist, and more will continue to appear in the upcoming weeks.

So, if you are an Uber customer -- or ever were an Uber customer -- stay vigilant and suspect that any emails that you receive either asking you to take action to protect your Uber account, or promising you compensation for the breach, are likely scams. Of course, it is a good idea to change your Uber password - but do so by using the app on your phone, not by clicking links in an email that was sent to you by someone of whose identity you simply cannot be certain.

(BBC News, dated 29th November 2017)

Full article :

Uber has revealed that 2.7 million British riders and drivers were affected by a 2016 data breach that it covered up for more than a year.

A total of 57 million worldwide had data exposed in the breach, but the firm had not specified how many were UK-based before.

The stolen information includes names, email addresses and phone numbers and - for US drivers - licence numbers.

Uber should notify UK users who have been affected, the data regulator said.

According to Uber, the 2.7 million figure is "approximate rather than an accurate and definitive account" - this is because the information gathered by the firm's app does not always specify where users live.

A spokesman for Uber told the BBC the firm is not able to clarify how many UK drivers are included in the 2.7 million.

The firm has said it has a total of five million active users and 50,000 drivers in the UK.

The Information Commissioner's Office (ICO) had previously said it had "huge concerns" about the breach.

Responding to the latest news, a spokesman for the ICO said: "As part of our investigation we are still waiting for technical reports which should give full confirmation of the figures and the type of personal data that has been compromised."

"We would expect Uber to alert all those affected in the UK as soon as possible."

Similarly, the UK's Minister of State for Digital, Matt Hancock, said, "The Government expects Uber to respond fully to the incident with the urgency it demands and to provide the appropriate support to its customers and drivers in the UK."
'Shocking' development

The ICO believes the data could be used by scammers trying to target victims of the breach.

Both Uber and the ICO have directed users to advice from the UK's National Cyber Security Centre that was published following news of the breach.

The latest development was described as "shocking" by London Mayor Sadiq Khan.

"Uber needs to urgently confirm which of their customers are affected, what is being done to ensure these customers don't suffer adversely, and what action is being taken to prevent this happening again in the future," he said.

When news of the breach was revealed last week, chief executive Dara Khosrowshahi said, "None of this should have happened, and I will not make excuses for it."

The story was first broken by Bloomberg, which reported that Uber not only sought to cover up the incident but also paid hackers $100,000 (£75,000) to delete the data they had stolen

(The Register, dated 24th November 2017 author Rebecca Hill)

Full article [Option 1]:

The massive Uber data breach will be discussed by the European Union's data protection authorities next week.

The group, known as the Article 29 Working Party, is meeting on November 28-29 and has put the hack, which affected 57 million users, high on its agenda.

A spokeswoman for the group, which is chaired by Isabelle Falque-Pierrotin from France's data protection authority, said that the aim was to better coordinate national investigations.

This might include writing to Uber's CEO to push for full information to be released - as it did for the Yahoo data breach - or to launch a full taskforce.

The spokeswoman noted that the group had already formed taskforces for Google, Facebook and Microsoft in the past.

And one was recently set up to investigate WhatsApp's privacy policies, which it said are at odds with the EU's data protection laws.

Elsewhere in its meeting, the group will consider the first annual review of the Privacy Shield agreement that governs transatlantic data flows.

Uber has, as yet, failed to offer authorities any further information about those affected by the breach, which happened in October 2016 but was only revealed this week.

A spokeswoman for the biz said that this information would not be released until it completes the process of notifying regulators and government authorities, and "expect to have ongoing discussions with them".

Meanwhile, the breach was discussed in UK Parliament yesterday, where digital minister Matt Hancock confirmed that the first he heard of it was in media reports.

"As far as we are aware, the first notification to UK authorities - whether the Government, the [Information Commissioner's Office] or the [National Cyber Security Centre] - was through the media," Hancock told MPs.

Wes Streeting, Labour MP for Ilford North, said it was "outrageous" that Uber had hushed up the breach, and urged the government to sever ties with the ride-hailing firm.


I am pro-tech, pro-competition and pro-innovation, but given that Uber stands accused by the Metropolitan Police of failing to handle serious allegations of rape and sexual assault appropriately, given that Uber has to be dragged through the courts to provide its drivers with basic employment rights and to pay its fair share of VAT and given that we now know that Uber plays fast and loose with the personal data of its 57 million customers and drivers, is it not time that the Government stopped cosying up to this grubby, unethical company and started standing up for the public interest?


Hancock didn't respond directly to that comment, instead noting that taxi licensing was an issue for local authorities, as well as taking the opportunity to plug the higher fines that would be available to the ICO under the government's proposed Data Protection Bill.


(The Telegraph, dated 22nd November 2017 authors Robert Mendick and Margi Murphy)

Full article [Option 1]:

Britain's spy agencies have begun an investigation into the cover-up of a data hack of 57 million Uber customers that undermines the firm's attempts to win back its London licence.

The National Cyber Security Centre (NCSC) announced the inquiry on Wednesday as further details emerged of the data hack that took place a year ago but which Uber kept secret.

The NCSC, which is part of the GCHQ intelligence agency, is investigating the extent of the breach and the failure of Uber to report it to authorities at the time.

The National Crime Agency (NCA), Britain's equivalent to the FBI, is also involved suggesting the hackers may even have been British-based while the Information Commissioner's Office (ICO) warned that Uber faced "higher fines" for its concealment.

Sadiq Khan, London's mayor, said the cover-up was "of real concern" ahead of a legal appeal by Uber against the loss of its London licence.

The taxi-hailing app firm continues to operate in the capital, pending the appeal which starts with a preliminary hearing in early December.

Uber was stripped of its private hire licence by Transport for London (TfL) in September after it concluded the US-based tech company was "not fit and proper" to have it renewed. The timing of the disclosure of the hack could not be worse.

Uber, which is valued at almost $70 billion, revealed on Tuesday that it had paid a $100,000 ransom (about £80,000) to two hackerswho stole data about the company's customers and drivers in October 2016.

Uber tracked down the hackers and requested they sign non-disclosure agreements to keep the breach secret, according to the New York Times. The firm is then accused of hiding the reason for the payment by claiming the hackers had been employed by Uber to look for weaknesses in its computer security.

The hackers stole the names, email addresses, and phone numbers of 57 million customers. Uber continued to refuse last night to disclose how many UK customers are affected.

The NCSC confirmed its was investigating and warned Uber over its conduct.

A spokesman said: "Companies should always report any cyber attacks to the NCSC immediately. The more information a company shares in a timely manner, the better able we are to support them and prevent others falling victim.

"We are working closely with other agencies including the NCA and ICO to investigate how this breach has affected people in the UK."

The ICO, the UK's information watchdog, said it had also begun an inquiry.

James Dipple-Johnstone, ICO's deputy commissioner, said: "Uber's announcement about a concealed data breach last October raises huge concerns around its data protection policies and ethics.

"If UK citizens were affected then we should have been notified so that we could assess and verify the impact on people whose data was exposed."

Mr Dipple-Johnstone added: "Deliberately concealing breaches from regulators and citizens could attract higher fines for companies."

Mr Khan said: "Today's news is of real concern... TfL are pressing Uber for the full details of what has happened."

Dara Khosrowshahi, Uber's new chief executive who only took charge in August, said the cover-up should never "have happened and I will not make excuses for it". The company's security officer Joe Sullivan was sacked as a result.

Uber, which has 65 million 'active riders' globally, has been beset by scandal in recent months including claims of sexual harassment. TfL had refused to renew its London licence after concluding Uber's conduct lacked 'corporate responsibility' in relation to reporting serious criminal offences committed by drivers.


(1st December 2017)

(The Guardian, dated 29th November 2017 author Rob Davies)

Full article [Option 1]:

Shipping company Clarksons is bracing for a tranche of private data to be released, after refusing to pay a ransom to a hacker who staged a "criminal attack" on its computer systems.

In a statement to the stock market, the world's largest shipbroker said it was working with specialist police and contacting customers who may have been affected after a "cybersecurity incident".

"As soon as it was discovered, Clarksons took immediate steps to respond to and manage the incident," the company said.

"Our initial investigations have shown the unauthorised access was gained via a single and isolated user account which has now been disabled."

"Today, the person or persons behind the incident may release some data."

Shares in Clarksons fell by more than 2% after the announcement, despite the company's insistence that the hack would not affect its ability to do business.

The shipbroker arranges charter ships to transport goods, as well as helping shipping companies raise finance and providing services such as logistics and equipment.

Andi Case, the Clarksons chief executive, said: "Issues of cybersecurity are at the forefront of many business agendas in today's digital and commercial landscape, and despite our extensive efforts we have suffered this criminal attack.

"As you would rightly expect, we're working closely with specialist police teams and data security experts to do all we can to best understand the incident and what we can do to protect our clients now and in the future.

"We hope that, in time, we can share the lessons learned with our clients to help stop them from becoming victims themselves.

"In the meantime, I hope our clients understand that we would not be held to ransom by criminals, and I would like to sincerely apologise for any concern this incident may have understandably raised."

Clarksons is just the latest company to be hit a major cyber-attack, joining a list that includes Uber, Deloitte, Yahoo, Equifax and extramarital affairs website Ashley Madison.

"Clarksons would like to apologise to shareholders, clients and staff for any concerns this incident may raise," the company said.

Since being hacked, Clarksons said it has consulted data security experts and is investing "heavily" to shore up its defences, amid a broader cybersecurity review.

the cyber-attack comes a year after the company issued a profit warning, blaming a drop-off in global trade.

(1st December 2017)

(London Evening Standard, dated 28th November 2017 author Martin Bentham)

Full article [Option 1]:

Human traffickers are getting "smarter" at avoiding detection, Europe's leading law enforcement official said today.

Rob Wainwright, director of Europol, said organised criminals were using surveillance technology to monitor victims and running "pop-up brothels" to move women rapidly from place to place to make it harder to find them.

He told the Standard: "Some of the trends we are seeing indicate that the traffickers are getting smarter to avoid detection. The phenomenon of the pop-up brothel, where the victims are moved very frequently not just from premise to premise but from town to town around the UK. They are getting smarter, rotating the victims around.

"We are also seeing physical surveillance systems online, like the webcam to check up on them, using technology to make their business more efficient. There are trends which indicate the criminals are getting better."

Mr Wainwright, whose comments, which follow the conclusion of a special investigation by this newspaper, said the scale of trafficking was "huge".

Europol co-ordinates law enforcement activities in the European Union and has identified "just under 10,000 criminal suspects" during investigations into human trafficking since the start of last year. These included about 130 suspects arrested during a week-long "concentrated attack on labour exploitation" in May across 26 countries. There were also 71 arrests during a purge on child traffickers last month. Seventy-five child victims were rescued.

Mr Wainwright said trafficking was a widespread problem around Europe, adding: "Most are not willing victims, they are duped by false promises and then exploited on arrival. They have their passport removed, are subjected in the first 48 hours to violent assault and are kept in a very intimidating, violent environment and forced to work in the sex trade or labour trade."

On child victims, Mr Wainwright said: "Tens of thousands of children under the age of 16 have arrived unaccompanied, put up in reception centres in Italy for example, and in many cases they have gone missing. Clearly they are vulnerable to being exploited."

Mr Wainwright said a failure by Britain to retain participation in European systems for exchanging data and intelligence would harm it and EU states.

He said: "The nature of the threat that we face is much more transnational, much more a common threat in Europe, and requires a cohesive, integrated response. Now is not the time for that effort to be broken up. There's a real understanding of that in Brussels and London and because of that I'm positive."

(1st December 2017)

(Business World, dated 28th November 2017 author BW Online Bureau)

Full article [Option 1]:

India is amongst the top cybercrime hotspots in the Asia Pacific and is also suspects to the highest number of malware infections, says a study by US-based Global Security firm ThreatMetrix.

The study "Asia Pacific Cybercrime Report" says that "China, India, Japan, and Vietnam are some of the top cybercrime hotspots in the world". It further said that the Asia-Pacific region continues to demonstrate its susceptibility to malware, with Indonesia, India, and the Philippines among the top countries with the highest number of malware infections. Online banking is a key target as fraudsters attempt to monetize stolen and spoofed identity credentials resulting from numerous data breaches around the world said the study.

It said that online banking is a key target as fraudsters attempt to monetize stolen and spoofed identity credentials resulting from numerous data breaches around the world.

With the risk of cyber threats to Indian digital payment systems, ThreatMetrix recently announced its partnership with BSE-listed RS Software (India) to accelerate the adoption of secure digital payments in India. The joint solution provides a scalable, adaptive and cost-effective solution, with insights built from the Unified Payments Interface (UPI) and the Bharat Bill Payment System (BBPS), as well as from the ThreatMetrix Digital Identity Network, which analyses transactions from 1.4 billion anonymized users worldwide.

"With digital transactions soaring in India, the opportunity is huge. Banks are rolling up their sleeves to streamline their fragmented merchant acquiring business for Digital India and are adopting state-of-the-art technologies to facilitate this change," said Pascal Podvin, SVP of Field Operations for ThreatMetrix.

Raj Jain, Chairman and Managing Director, RS Software said with its mobile-first and API-driven approach, the combined solution can be plugged in seamlessly to enable secure payments, less chargebacks and more confidence among consumers and merchants.

ThreatMetrix report said that the emerging digital landscape has fueled strong pockets of fraud, as India emerges as both a fraud originator and a destination for attacks. "One in ten transactions in India is rejected. Cash on delivery fraud sometimes happens in collusion with a shipping company, which has prompted retailers to block transactions or shipping in certain regions. This contributes to the high IP spoofing rates, as fraudsters attempt to bypass location blocks".

India is a fast-growing digital economy with a strong growth in eCommerce, FinTech and online banking. While a large proportion of the population remains unbanked and underbanked, internet and mobile penetration is growing rapidly. As such, mobile is quickly becoming the bridge to drive financial inclusion where traditional forms of banking methods aren't accessible. This is evidenced by the fact that mobile transactions now makeup around half of all India's transactions and have doubled since 2015.

(1st December 2017)

(International Business Times, dated 28th November 2017 author Jason Murdock)

Full article [Option 1]:

In a massive operation against online piracy, European police forces have seized more than 20,500 web domains used to peddle counterfeit goods.

The websites were selling luxury products, sportswear, electronics and pharmaceuticals across online marketplaces and social networks, according to law enforcement investigators.

The results were published as part of an operation dubbed "In Our Sites" (IOS), a global effort launched in 2014 which draws on expertise from 27 EU member states and is spearheaded by Europol's Intellectual Property Crime Coordinated Coalition (IPC³).

On Monday (27 November) Europol said that a total of 7,776 websites had been seized in previous swoops while this year's operation, codenamed IOS VIII, resulted in 20,520 seized domain names being scrubbed from the web after they were caught illegally selling counterfeit merchandise.

Rob Wainwright, director of Europol, said: "This excellent result shows how important and effective cooperation between law enforcement authorities and private-sector partners is, and how vital it is if we are to ultimately make the internet a safer place for consumers."

The European police agency said that counterfeiters running rogue websites were becoming more sophisticated and warned that the web continued to offer criminals increased anonymity.

On its website, Europol elaborated: "When shopping online, you are more likely to fall victim to counterfeiters. In a digital environment, without the physical product to look at and feel, it can be more difficult for you to spot the differences.

"Some illicit websites selling counterfeits are so sophisticated that it is hard to detect that they are scams. Infringers are also exploiting mobile app stores as an ideal shop front. Users are less likely to question the legitimacy of an app, especially if it appears in an official app store."

Nick Annan, acting director of the National Intellectual Property Rights Centre, said: "Targeting copyright-infringing websites that market dangerous counterfeit goods to consumers and engage in other forms of intellectual property theft will continue to be a priority.

"Strengthening our collaboration with police authorities around the world and leaders of industry will reinforce the crackdown on IP crimes, and demonstrate that there is no safe haven for criminals committing these illicit activities."

According to Europol, some of the most popular counterfeit goods sold online includes fake designer watches, dodgy electronics, cosmetics, clothing, drugs, children's toys and car parts. "You will receive product other than the one you ordered or even an empty box," it warned.

(1st December 2017)

(International Business Times, dated 27th November 2017 author Brendan Cole)

Full article [Option 1]:

Modern slavery laws will to be used to tackle British criminal gangs who exploit and groom children to be drug runners.

The National Crime Agency (NCA) says that gangs are grooming children as young as 12 to carry drugs between cities and rural areas in the UK with some 700 such operations, known as the "county lines" drug trade, being identified, the Times reported.

Two upcoming trials will see alleged drug dealers charged under human trafficking and modern slavery legislation, which would meant bigger sentences given if there is a conviction.

Also, having the stigma of grooming to the drug trade attached is hoped to curb the practice.

Joe Caluori who leads the work of 21 London councils tackling the practice of "county lines" said there are thousands of young people caught up in the networks.

County lines have spread London-style gang warfare to the provinces in a tactic used by gangs in Manchester, Birmingham and Liverpool.

Caluori told the Times: "The tactics used by gangs to enforce their power over young people and their families include kidnap, torture, severe physical attacks, threats to rape and kill - and the violence is increasing all the time as the amounts of money coming back down the lines increases".

Detective Superintendent Tim Champion, who is behind the test cases said: "We are looking to ensure that all the pressure is put on the organisers of drug trafficking, and not the young people running the drugs."

After the court cases are concluded, other forces may introduce similar measures and police officers are being trained to spot potential victims of exploitation and trafficking.

Kevin Hyland, the independent anti-slavery commissioner, said the Modern Slavery Act legislation would mean a different approach to tackling the drug trade because it "exists to bring people to justice who trade in and exploit others as a commodity and that is what is happening with county lines.

"Young people are being trafficked and enslaved by organised crime groups," he said.

(1st December 2017)

(The Guardian, dated 27th November 2017 author Vikram Dodd)

Full article [Option 1]:

Record numbers of young people are letting their bank accounts be used by criminals engaged in terrorism and other serious offences, it has been claimed.

The past year saw a 105% increase in cases of "money muling" for those aged 21 years or under, to 6,484 cases, where seemingly innocent bank accounts are used to launder criminal proceeds.

Simon Dukes, chief executive of Cifas, the UK's fraud prevention service, said: "The criminals behind money mules often use the cash to fund major crime, like terrorism and people-trafficking. We want to educate young people about how serious this fraud is in the hope that they will think twice before getting involved."

Cifas says there were 8,652 cases of bank accounts belonging to 18- to 24-year-olds being misused in the first nine months of this year, a 75% increase in the last 12 months. That is double the number in 2013 when there were 4,315 cases.

Experts say one fraud asks people to reply to job adverts or social media posts that promise big sums of money way in excess of the work that will be needed.

Katy Worobec, head of fraud and financial crime prevention, at UK finance, which represents banking and financial companies, said: "Money muling is money laundering and criminals are using young people as mules in increasing numbers. We know that students are particularly vulnerable as they are often short of cash.

"When you're caught, your bank account will be closed, making it difficult to access cash and credit. You could even face up to 14 years in jail. We're urging people not to give their bank account details to anyone unless they know and trust them. If an offer of easy money sounds too good to be true, it probably is."

(1st December 2017)

(Sky News, dated 26th November 2017)

Full article [Option 1]:

Footage of one of the first "relay crimes" to be caught on camera has been released by police, in which thieves steal vehicles without needing the keys.

In the CCTV, two men in white suits and masks were seen pulling up outside a victim's house in the Elmdon area of Solihull carrying relay boxes.

They used one box to receive a signal from a car key inside the property and then transferred the signal to a second box next to the targeted Mercedes on a driveway.

The car's system was tricked into thinking the key was present and the thieves were able to unlock the vehicle.

The crime took less than a minute and the Mercedes which was stolen around 9pm on 24 September has not yet been recovered.

The devices can receive signals through walls, doors and windows, but not metal.

"To protect against this type of theft, owners can use an additional tested and Thatcham-approved steering lock to cover the entire steering wheel," said Mark Silvester from the West Midlands Police crime reduction team.

"We also recommend Thatcham-approved tracking solutions fitted to the vehicle," he added.

"It is always worth speaking to your main dealer, to ensure that your car has had all the latest software updates and talk through security concerns with them."

Sergeant Tim Evans of Solihull Police said: "It's important the public are reassured that we are taking proactive steps to tackle this type of crime in Solihull.

"We hope that knowledge of this type of crime will enable members of the public to take simple steps to secure their vehicle and assist us."

(1st December 2017)


(The Times, dated 25th November 2017 author Graeme Paton) [Option 1]

Cyclists are being subjected to automatic speed checks for the first time as part of plans to encourage them to slow down.

A council in east London is believed to be the first in the country to introduce radar technology, similar to that used in roadside cameras, to cut speeds among cyclists.

Two speed indicator devices have been installed on a cycle lane through a popular park in Hackney after complaints from other users that some bikes are going too fast.

The system, which cost £13,328, uses radar to identify oncoming bikes and presents cyclists with a green "happy" face if they are travelling at less than 12mph, which is the limit set by park bylaws. Those travelling at more than 12mph are shown a red frown with the words "slow down".

Hackney, which has the highest number of residents cycling to work in the country, said that the measures were designed to raise awareness of excessive speed. The council said there were no plans to use the technology to penalise cyclists.

In some other parks hand-held radar guns have been used to stop speeding cyclists. Jeremy Vine, the BBC Radio 2 presenter, told how he was clocked by police using a mobile device in Hyde Park three years ago. A year later a cyclist was fined £400 for riding at 38mph through Richmond Park in sout-west London.

The Hackney signs have been installed in the past month at either end of the main north-south lane through London Fields, which is used by about 4,000 cyclists a day. The radar picks up objects moving above a certain speed, believed to be 6mph. The signs are accompanied by lines of granite stones set into the cycle path to act as rumble strips, alerting cyclists to pedestrian crossing points.

Westcotec, the Norfolk based traffic safety company that installed the system, said it was the first time that it had used the technology for cyclists.

It follows the conviction of Charlie Alliston, 20, who knocked over and killed a pedestrian, Kim Briggs, 44, as he sped through central London on a bike with no front brakes. He was jailed for 18 months in September.

Feryal Demirci, Hackney councils cabinet member for neighbourhoods, transport and parks, told The Times that London Fields was an "established route for communters".

"London Fields is not a road", she said. "Local residents walk, use wheelchairs, push buggies and exercise their dogs in the park every day.

"Green spaces are places to relax, breathe and take it easy, so we want people on bikes to drop their speed a little bit, look out for others and make sure everyone can enjoy the park."

A brain injury charity backed calls for compulsory cycle helmets yesterday after the government said it could consider the measure as part of a safety review. Headway said it strongly believed that all cyclists, particularly vulnerable road users such as children, should wear protection.

The comments we echoed by James Crackne, the Olympic rower, who suffered bruising to the brain after being hit by a lorry's wing mirror in the United States. He said he could have been killed if he had not been wearing a helmet.

Compulsory helmets are opposed by cycling groups who say that they actually deter many people from getting on a bike, with serious knock on health effects.

(1st December 2017)

(London Evening Standard, dated 24th November 2017 author Justin Davenport)

Full article [Option 1]:

Major fraudsters are escaping justice because of a shortage of detectives in Scotland Yard's specialist unit, it was claimed today.

Two former officers said the cyber and fraud investigation unit was so short of trained investigators they are recruiting constables straight from basic training to help in complex cases.

They claim that many detectives had either been transferred into counter-terrorism after the recent attacks in London or diverted to help the Grenfell Tower investigation, and others were being lost to the private sector.

One of the two former officers, Suzanne Raftery, described her role in the elite Falcon cyber crime and fraud unit as analysing crime reports to see which were suitable to close before they were even investigated.

Ms Raftery said: "Our primary goal was to try to reduce the amount of crime that was getting passed to the Met from Action Fraud (the national fraud and cyber crime reporting centre).

"We would speak to victims and say 'I am sorry, we do not have the resources' because a lot of our staff have been seconded to Grenfell Tower or terrorist investigations."

She added: "You have people investigating fraud without fraud training. It's like saying to someone walking down the street, 'Hey, do you want to come and investigate a million-pound fraud'."

Her fellow former fraud squad officer James Mills said: "Detectives are being held on boroughs such as Camden and Hackney and not being released to go to specialist units.

"So the specialist units, such as Falcon, are having to recruit from the larger pool, the majority of whom are police constables. There are constables just out of basic training."

Ms Raftery, 38, and Mr Mills, 47, have set up a business called Requite Solutions to help companies or individuals investigate frauds and recover funds.

"They also criticised banks for failing to properly monitor suspicious activity on accounts and transactions.

Detective Chief Superintendent Mick Gallagher, who oversees the Falcon unit, said: "We have got some incredibly experienced officers in our cyber command and their results have been excellent with a 20 per cent detection rate.

"They also provide expert guidance to the public and private sector. We have lost staff but we have enough officers in cyber to make sure that we are functioning better than we ever have done."

Police say there are now 250 investigators in the unit compared with 100 when it was launched in 2014.

(1st Decemeber 2017)

(The Telegraph, dated 24th November 2017 authors Robert Mendick, Martin Evans and Nicola Harley)

Full article [Option 1]:

Police are reluctant to make arrests because the closure of custody suites has led to hour-long trips to the nearest cells. Officers are now letting suspects go "and hoping for the best", the chairman of the Police Federation told The Daily Telegraph.

Since 2010, the number of custody suites in England - where offenders are taken after arrest - has dropped by as much as 50 per cent to 200, it is estimated. Further cuts are in the pipeline.

The number of arrests also fell sharply from 1.5?million to just under 780,000 in the decade from March 2008 to March 2017 - although there are a number of factors behind the drop, including a change in policy.

One force - Gloucestershire - has just one suite of cells to cover the entire county while Nottinghamshire, Bedfordshire, Cambridgeshire, Northamptonshire and Wiltshire have just two each.

The Police Federation, which represents rank and file officers, said the distances now being travelled to bring in suspects, was deterring front-line officers from making arrests. It could take four hours - the equivalent of half a shift - to drive an offender to a custody suite, process the suspect and then drive back to the town where the arrest was made.

Steve White, chairman of the Police Federation, said: "There has been a change in the mindset of many officers not to arrest unless they absolutely have to. What is going through their mind is that 'this person needs arresting, but there is no one left on the ground, is there going to be something else more pressing that I might have to deal with?' So what they are doing is letting someone off with a warning and hoping for the best. Hoping for the best that person does not go on to do something terrible."

Lord Blunkett, the former Labour home secretary, questioned why Philip Hammond, the Chancellor, had not made an additional £200?million available in his Budget to keep custody suites open or upgrade existing ones.

A number have been closed on health and safety grounds. "Scrapping custody suites costs more in the long-term because you have to transport people around, while taking police off front line duties," he said. "Arrests are bound to tumble because police know that in making an arrest they are taking themselves out of action."

Yvette Cooper, chairman of the Home Affairs Committee and a Labour MP, said: "For some officers to end up spending half their shift driving those they do arrest to custody suites miles out of their area is crazy."

In Wiltshire, officers complained of having to make a two-hour round trip from Salisbury to the nearest custody suite in Melksham, 30 miles away. In Somerset, the police cells in Yeovil were shut earlier this year and offenders are now driven 25 miles to Bridgwater, a journey that takes at least an hour. According to the local Police Federation, Sussex Police is considering closing two custody suites at either end of the county, which would lead to journey times of more than an hour.

Essex Police closed a custody suite in Basildon but is now expected to reopen it after the three-month trial proved unpopular with officers and residents.

The two kinds of crime statistics

Crime levels in the United Kingdom are measured according to two rather different methods.

1. Police records data

Using the crimes actually recorded by the police each year allows us to see fast-moving changes in criminal trends. However, the data are strongly affected by changes in how crime is classified, how seriously the police pursue it and how willing the public is to report it. Better policing can make this crime rate appear to go up.
2. Crime Survey

In England and Wales (and, separately, in Scotland) a significant sample of the population is questioned about being the victim of crime in the past year. This survey cannot measure crimes where no named victim can be interviewed, such as corporate crimes or murder. However, it can flag crimes that frequently go unreported to the police, such as domestic abuse.

(1st December 2017)

(International Business Times, dated 23rd November 2017 author Jason Murdock)

Full article [Option 1]:

Firefox, the internet browser developed and maintained by Mozilla, will soon have the ability to warn internet users if the website they are viewing has been hacked in the past.

Currently in the prototype phase - as detailed on the code repository GitHub - an engineer said it will tell users when "their credentials have possibly been involved in a data breach".

n its current build the add-on is "limited to showing a notification bar when you visit a site known by to have been breached," Mozilla's Nihanth Subramanya said.

HaveIBeenPwned is a data breach notification platform built and maintained by Australian cybersecurity researcher and speaker Troy Hunt.

The website lets internet users quickly check if their credentials appear in some of the biggest data breaches and has grown in recent years to hold 4.8 million credentials from 252 separate websites.

On Wednesday (22 November), Mozilla acknowledged development in an update, writing: "We've started working on integrating warnings into Firefox."

"I've been working with Mozilla on this," Hunt told Bleeping Computer, the technology and cybersecurity website that first reported news of the upcoming add-on.

"We're looking at a few different models for how this might work, the main takeaway at present is that there's an intent to surface data about one's exposure directly within the browser."

An image published by Bleeping Computer showed a FireFox banner pop-up warning a user that the website they were on - in this case LinkedIn - had previously been subject to a major data breach.

Reacting to the positive reaction to the news online, Hunt tweeted: "As many people have now worked out, yes, we're doing some awesome things with @mozilla and @haveibeenpwned."

He added: "Surprised at how much positive feedback this is garnering so quickly."

It remains unknown if the experts behind rival browsers, be it Chrome or Safari, plan to introduce similar features to their products. But with the amount of breaches occurring in recent years, the move will likely be viewed as a step in the right direction for web users.

Whether the hacked companies agree, that is another matter altogether.

(1st December 2017)

(The Telegraph, dated 23rd November 2017 author Hayley Dixon)

Full article [Option 1]:

Parents should turn off the cameras and automatic tracking devices in their children's Christmas presents because of the risk of hacking, the Information Commissioners' Office has warned.

With a rise in the number of 'smart' toys and devices gracing the wish list this year, parents should consider the safety of them being connected directly to the internet before giving them as gifts, according to the data regulator.

When adults are not going to personally use cameras in toys to view what is happening remotely then they should consider turning the function off all together, Deputy Commissioner Steve Wood said.

The warning comes amid growing concerns about the ability of criminals to hack into toys containing sensors, microphones, cameras, data storage and other multi-media capabilities.

In a blog on the regulators website Mr Wood wrote: "You wouldn't knowingly give a child a dangerous toy, so why risk buying them something that could be easily hacked into by strangers?

"In the same way that safety standards are a primary consideration for shoppers buying toys, we want those buying connected items in the coming weeks to take a pause and think about both the child's online safety, and also the potential threat to their own personal data such as bank details, if a toy, device or a supporting app is hacked into.

"Unlike Santa, those looking to hack into your devices don't care whether you've been naughty or nice."

Parents are advised that they should ensure that they are buying products from a reputable source, that all passwords and usernames are changed from the default option and to use two-step identification where available.

Mr Wood continued: "Some toys and devices are fitted with web cameras. The ability to view footage remotely is both their biggest selling point and, if not set up correctly, potentially their biggest weakness, as the baby monitor hacking issue of a few years ago demonstrated.

"If you have no intention of viewing footage over the internet, then turn the remote viewing option off in the device's settings, or else use strong, non-default passwords."

He added: "One of the main selling points of children's smart watches is the ability for parents to know where their children are at all times. However, if this isn't done securely, then others might have access to this data as well. Immediately get rid of default location tracking and GPS settings and set strong, unique passwords."

Parents are also advised to turn off Bluetooth or set strong passwords to protect their child's data from hackers.

The Deputy Commissioner concluded: "If you aren't convinced a smart toy or connected/wearable device will keep your children or your personal information safe, then don't buy it. If consumers reject products that won't protect them, then developers and retailers should soon get the message."

(1st December 2017)

(The Guardian, dated 23rd November 2017 author Alan Travis)

Full article [Option 1]:

The highest number of violent sexual crimes, including rapes, in Europe are recorded by the police in England and Wales, according to new European Union official statistics.

The disclosure comes as official British figures show that 1.2 million women and 700,000 men in the year to March 2017 reported being the victims of some form of domestic abuse in England and Wales.

The Office for National Statistics (ONS) says the majority of victims did not report their abuse to the police. The police logged reports of 1.1m incidents of abuse - including repeat incidents for some victims - and recorded 488,000 of them as crimes but only half of these led to arrests. Domestic-abuse-related offences now account for one-third of the violent crime recorded by the police.

New Eurostat figures, published by the European commission, say that 64,500 of the 215,000 violent sexual crimes recorded by the police across the European Union in 2015 were in England and Wales. Some 35,800 or 55% of the 64,500 sex crimes in England and Wales were rapes.

The European figures show that in absolute terms the numbers in England and Wales were some distance ahead of the 34,300, including 7,000 rapes, recorded in Germany and the 32,900, including 13,000 rapes, in France.

Sweden recorded the highest number of violent sexual crimes relative to its population with 178 per 100,000 inhabitants, followed by Scotland at 163 per 100,000, Northern Ireland at 156 per 100,000 and England and Wales at 113 per 100,000. Eurostat stressed that the figures reflected the extent to which sex crimes were reported and recorded by the police and did not necessarily reflect the actual number of victims.

The British ONS figures published on Thursday based on the crime survey of England and Wales show little change in recent years in the extent of domestic abuse involving adults aged 16 to 59. The statisticians say that the prevalence rate for victims has fallen from 7 in 100 in 2012 to 5.9 in 100 in 2017, indicating a "gradual, longer-term downward trend".

The official figures show that there were 454 domestic homicides between 2013 and 2016, which account for a third of all homicides over that period. The majority of victims were women - 319 or 70% - but there were also 135 or 30% male domestic homicide victims. Two-thirds of male domestic homicide victims were killed by another man.

(1st December 2017)

(The Times, dated 23rd November 2017 author Jerome Starkey) [Option 1]

A fly-tipper who dumped rubbish on a farm in Devon has escaped punishment after the Driver and Vehicle Licensing Agency refused to reveal his details on data protection grounds.

The incident took place on the Ashcombe estate, in south Devon, which has suffered a spate of litter problems.

Staff from the local council have led prosecutions against a range of culprits but said that they had to close this case when the DVLA refused to help.

Ralph Rayner, who owns the Ashcombe estate, found a receipt from a fast food outlet that was less than an hour old when he was clearing up the rubbish strewn across a lay-by, near the peak of Luscombe Hill, which has views across Dartmoor and the sea.

He gave the receipt to staff from Teignbridge District Council who looked at security video from McDonald's in Newton Abbott. The footage identified a Vauxhall Corsa.

"We then contacted the DVLA but they would not provide any further details as "there was not a strong enough link between the vehicle and litter found", a council spokesman told The Times "Due to there being no chain of evidence, we have therefore been unable to pursue this case any further."

Details of the case emerged when Anne Marie Morris, the independent MP for Newton Abbott, warned that fly-tipping was blighting "all the beautiful parts of the countryside".

"It would certainly help if the DVLA were prepared to work with local authorities to identify the cars, drivers and owners," she told parliament.

"We cannot rely solely on catching the villians in the act, which is extraordinarily difficult, particularly in rural areas. Installing cameras everywhere would be prohibitively expensive."

There was a million incidents of fly-tipping in England in the last financial year and this cost councils £57.7 million to clear up.

Mr Rayner said that he had dug trenches on his estate to stop fly-tipping but still had to clear up at least one case a month.

A spokeswoman for the DVLA said: " We have to ensure the release of information is lawful. When there is sufficient evidence to tie fly-tipping to a vehicle, we can supply that information and in the vast majority of cases when a local authority requests information we are able to release it."

(1st December 2017)

(The Register, dated 22nd November 2017 author Andrew Silver)

Full article [Option 1]:

Miscreants, hackers - call 'em what you will - have pilfered email addresses from an unknown number of Loake Shoes customers.

In a letter sent to punters on its database - seen by The Register - the premium footwear maker said it has been "the victim of a cyber attack".

"Despite having stringent security measures in place, this has resulted in our email server being compromised," the missive stated.

This is more than a little embarrassing for a business that supplies handmade leather goods to the British royal family. Founded in 1880 by brothers Thomas, John and William Loake, the firm has since sold more than 50 million pairs of Goodyear welted shoes in more than 50 countries.

Loake said in the correspondence: "We do not store credit or debit card details on our system" but warned that customers "may receive spam or phishing emails which, at first glance, may appear to be from Loake."

A spokeswoman for Loake has not responded to questions about when the breach took place, what the precise circumstances were, how many customer emails were accessed, whether all customers had been notified or about what the firm was doing to prevent a similar breach from occurring again.

Loake strangely described described the attack as "similar in nature to that which was suffered by the NHS a few months ago" - presumably the WannaCrypt ransomware worm that held systems across the world hostage through encryption.

"We are not aware of any other breach of security and we apologise for any inconvenience caused," Loake added in its letter.

A Loake customer told us he had expected an "established brand... could be trusted with my details".

"The fact that they have likened their data breach to the recent NHS ransomware attack - two completely different events - reduces my confidence in their ability to deal with the situation and it also makes me question their reassurance that my credit card details are safe," the customer added.

Etienne Greef, managing director of integrator Secure Data, told The Register it was "unlikely" that the breach was similar to the NHS attack as WannaCry does not access email servers, but rather encrypts information.

He said drawing comparisons with the NHS attack implied that Loake was running old, vulnerable versions of an operating system.

Greef suspected it was most likely to be a case where an administrator password to an email server was compromised, letting hackers access customer email lists.

Firms should "understand what happened before communication," he added. "Confused communication does more damage than good."

(1st December 2017)

(International Business Times, dated 21st November 2017 author India Ashok)

Full article [Option 1]:

Researchers at Princeton University have found that over 480 globally popular websites are keylogging data and sending it to third-party servers. Some of the most popular and heavy-trafficked websites in the world were found running third-party scripts called "session replay" scripts, that can track users' every letter typed and every click and more which in turn were sent to third-party servers across the globe.

The researchers' revelations indicate the invasive extent to which users' online activities are tracked. In the first instalment of a series titled "No Boundaries", researchers from Princeton's Center for Information Technology Policy (CITP), said even in instances where users have visited a site to fill an online form, but left it incomplete and abandoned it, every single letter typed is recorded.

The researchers studied seven of the most popular session replay firms - FullStory, SessionCam, Clicktale, Smartlook, UserReplay, Hotjar, and the highly popular Russian search engine Yandex. The study's findings revealed that at least one of the firms' scripts is being used by 482 of the world's top 50,000 sites, according to Alexa's ranking.

Click here to check out the list of websites using session replay scripts :

What is session replay?

According to the researchers, "session replay" scripts are commonly used by companies to help them understand how their customers are using the firms' sites. However, instead of recording general statistics about users' behaviour, the scripts record and can also replay entire individual browsing sessions. The researchers say the scripts are often found on pages where users input their sensitive information, including passwords, credit card data and medical condition.

"These scripts record your keystrokes, mouse movements, and scrolling behavior, along with the entire contents of the pages you visit, and send them to third-party servers," the researchers said in a blog.

Motherboard reported that firms like Fullstory that provide such user-tracking software, also design tracking scripts that allow companies to connect a user's real identity with the data collected. This means, by using such software, companies can see a user linked to a specific name and/or email.

"Collection of page content by third-party replay scripts may cause sensitive information such as medical conditions, credit card details and other personal information displayed on a page to leak to the third-party as part of the recording," the researchers added. "This may expose users to identity theft, online scams, and other unwanted behavior. The same is true for the collection of user inputs during checkout and registration processes."

Companies using session scripts could be at risk of hacking attacks

Motherboard reported that the researchers are concerned about companies using session scripts being vulnerable to targeted hacks, especially given how hackers would likely consider them high- value targets. In case of Yandex, Smartlook and Hotjar, which run HTTP instead of the more secure and encrypted HTTPS pages, researchers believe hackers could launch a man-in-the-middle attack to "extract all of the recording data".

Fortunately, users can block session replay scripts using the popular ad-blocking tool AdBlock Plus. As a result of the revelations brought to light by the Princeton University researchers, AdBlock Plus issued an update to block all session replay scripts.

(1st December 2017)

(The Guardian, dated 21st November 2017 authors Hannah Devlin and Vikram Dodd)

Full article [Option 1]:

Ten thousand criminal cases in England and Wales are being reviewed after it emerged that data at a forensic laboratory in Manchester may have been manipulated, causing the biggest recall of samples in British criminal justice history.

A minister said the alleged data manipulation was discovered in 2017 at a lab run by Randox Testing, but the Guardian can reveal that warnings about the lab run by a predecessor company date back to 2012.

Nick Hurd was forced to issue a statement acknowleding "the potential impact on public confidence" in forensic science of the revelations, while police said two cases involving road deaths had been referred to the court of appeal and about 50 prosecutions of drug-driving had been discontinued.

Those alleged to be involved in the scientific work under scrutiny had previously worked at a different firm, Trimega, which was criticised for the quality of its work in court judgments dating back to 2012. It was bought by Randox, and two senior Trimega employees were taken on in influential positions.

In 2012, an open judgment criticised Trimega for wrongly informing a court that the mother of a three- and four-year-old had been using increasing amounts of cocaine and opiates as as she fought to keep her children.

The court was told that following its error, Trimega had withheld an apology to the mother because it feared rivals would exploit it for commercial advantage.

"In this respect, Trimega's attitude does no credit to an organisation entrusted with the responsibility of providing independent expert advice to the court on matters that will affect the lives of children and families," the judgement states.

Mr Justice Jonathan Baker told the high court the children would have gone into care had the sample not been checked by another lab. He warned at the time: "Erroneous expert evidence may lead to the gravest miscarriage of justice imaginable - the wrongful removal of ­children from their families."

In 2013, Trimega was criticised for incorrectly reporting that a mother's blood -alcohol test was consistent with "heavy drinking"; in fact, it had been consistent with abstinence. The company only identified the mistake once it learned that the result had caused the local authority to withdraw its support for a plan to return the mother's one-year-old child to her care.

Concerns emerged about Randox in January this year and a criminal investigation was launched that led to Tuesday's announcements. The investigation then spread to encompass the former Trimega lab, which focused on child protection and family court cases.

Police said two people had been arrested and five more had been interviewed under caution. All worked at Randox and some had previously worked at Trimega, according to James Vaughan, of the National Police Chiefs' Council, who is overseeing the police response.

Julia Mulligan, who leads on transparency and integrity for the Association of Police and Crime Commissioners, which oversees police forces in England and Wales, said: "Understandably, confidence in the criminal justice system will be rocked, but I am confident that chief constables and the CPS [Crown Prosecution Service] in particular are doing everything they can to deal with this unforeseeable challenge, affecting both live and historic cases."

Three-quarters of the cases being reviewed were traffic offences, such as drug-driving, in an exercise that may take three years to complete. The rest include violent crime, sexual offences and unexplained deaths, with no impact found so far in the most serious cases.

Gillian Tully, the forensic services regulator, said: "In terms of the number of cases, it is certainly the biggest thing I am aware of in this country."

She said extra checks on other forensic providers had not highlighted concerns elsewhere.

The current government abolished the main forensic provider, the Forensic Science Service, in late 2010, with the intention of creating a market where independent companies competed for business. It ceased to operate in 2012.

Louise Haigh, Labour's shadow policing minister: "It is clear the chaotic reorganisation of the forensics system, including the closure of the Forensic Science Service, has left providers who were simply not fit for purpose to fill the gap. This has had devastating consequences."

She said she was concerned that Hurd did not appear to know there had been issues about one of Randox's predecessor companies from previous years.

"It is deeply concerning that the Minister would issue a statement that didn't appear to include the full facts. Those affected and the public at large have a right to know the truth about this scandal."

(1st December 2017)

(The Register, dated 21st November 2017 author Kat Hall)

Full article [Option 1]:

The chief exec of the National Cyber Security Centre - a branch of the UK's spy nerve-centre GCHQ - has called on everyone to enable two-factor authentication for their emails. This follows revelations that almost the entire population's details are available for sale on the dark web.

Speaking at the Parliament and Internet Conference, Ciaran Martin said nearly everyone's email addresses are available on the dark web, but added that more personal data sets, including national insurance numbers, were much less commonly available.

"We recommend that everyone puts 2FA on their emails," he said. "That will hopefully continue to be significant improvement [in combating] that sort of stolen data."

Martin last week revealed that hackers acting on behalf of Russia had targeted the UK's telecommunications, media and energy sectors.

Speaking at The Times Tech Summit in London, he said: "I can't get into too much of the details of intelligence matters, but I can confirm that Russian interference, seen by the NCSC, has included attacks on the UK media, telecommunications and energy sectors. That is clearly a cause for concern - Russia is seeking to undermine the international system."

But he told delegates today that while GCHQ will need to continue to build up its cybersecurity capability against Russia, Iran, China and North Korea - "that really sophisticated stuff hard to do at scale."

He said most cyber criminals relied on targeting organisations via phishing campaigns and have created management information traffic light dashboards to assess how easy they would be to target.

"Some cybercriminals would pass a Harvard MBA test, if it wasn't for the rampant criminality," he said. Unsurprisingly, he called on organisations to do more to prevent such attacks by improving their infosec.

"My goal is that our best people can spend more time on these threats [of state adversaries] and the UK as whole can become better equipped for the digital age."

On the subject of smart meters, he said: "That is a controversial system, but it was an opportunity for us to get past legacy systems to build security in from start." Smart meters have been criticised for not being adequately secure prior to GCHQ stepping in.

"It would need to be three simultaneous state-level attacks to do national harm [to smart meters]," he said.

(1st December 2017)


(London Evening Standard, dated 21st November 2017 author Justin Davenport)

Full article [Option 1]:

Temporary bans on moped riders carrying pillion passengers have been suggested as a strategy to curb crime.

London Assembly Green member Sian Berry said police should consider the idea in parts of the capital badly hit by moped robberies.

She added: "A very small number of people are causing large amounts of fear on our streets. I live in a huge hotspot in Camden and resident concern and debate on how to deal with this is running very high.

"A local safer neighbourhood panel chair pointed out a tactic used in some other countries: to temporarily ban the carrying of pillion passengers across whole cities.

"I'd like to know what people think as I'm really not sure this is right for London. But it's possible that temporary bans on moped passengers in particular areas would help to identify and better target police action, as anyone defying a ban would know they might be spoken to."

Ms Berry, deputy chairwoman of the assembly's police and crime committee, said she had raised the idea of the bans with senior Met officers.

Adie Kitachi, of the Motorcycle Action Group and the Motorcycle Crime Prevention Community, said: "It's a good idea. I pillion my partner sometimes but it is not that popular, so I don't think too many people would be aggrieved. What you do get are criminals using high-powered mopeds with a pillion passenger tooled up with weapons."

In 2011, Honduras banned motorcycle passengers after a series of drive-by killings and a similar ban was imposed in Medellin, Colombia, at the height of drugs cartel violence.

Commander Julian Bennett, of Territorial Policing, said: "We would consider any suggestion or proposals from anyone that might make this type of offence even more difficult to commit. However, any initiative adopted must be proportionate, practical and within current law."

Officers are now using a DNA-type tagging spray on moped thieves while they carry out crimes, so they can be identified without a pursuit, and are also deploying portable stinger traps.

In the past Scotland Yard has used "super-Asbos" banning convicted robbers from riding pillion on bikes.

(1st December 2017)

(ZDNET, dated 21st November 2017 author Charlie Osborne)

Full article [Option 1]:

Cisco and Interpol have announced a new agreement to share threat data on cybercriminal activities.

On Tuesday, the tech giant and international law enforcement agency said that sharing threat intelligence between the parties will be the "first step" in jointly tackling today's cybercrime.

Modern consumers and businesses are facing more and more digital threats every day.

Hardly a week goes by that we do not hear of a severe data breach resulting in the loss of consumer data, highly sophisticated phishing schemes designed to infiltrate corporate networks or ransomware campaigns that encrypt individual systems and demand blackmail payments in return for lost information.

The situation is getting no better, and there is arguably a skills gap in the cybersecurity industry. To make as much of a dent, government and law enforcement agencies should work with cybersecurity specialists to at least attempt to get on top of the problem and shut down major criminal enterprises.

Such a concept is no stranger to Europol, for example, which operates in Europe together with law enforcement to eradicate ATM fraud, black box schemes, and the takedown of Dark web websites used to buy illegal drugs, weaponry, and more.

Interpol is also on the scene, training police in different countries to identify cybercriminal schemes across the Dark web, as well as working with banks and financial institutions to detect fraud and criminal schemes worldwide.

Now, working together with Cisco under the agreement, signed in Singapore at Interpol's headquarters, the agency's global cybercrime center will work with Cisco to create a coordinated approach to data sharing in order to improve threat detection and lay the groundwork for future projects.

Cisco says the agreement supports the "organization's programs targeting both 'pure cybercrime' and cyber-enabled crimes," and also assists European countries with identifying cybercriminal schemes and the threat actors behind them.

"As cybercrime continues to escalate around the world, defenders from both the public and private sectors must meet the threat with equal force," said John Stewart, SVP and Chief Security and Trust Officer at Cisco. "Visibility and comprehensive threat intelligence across the cyber domain are critical to enable detection, analysis, and protection against emerging threats."

"We are pleased to collaborate with Interpol to exchange threat intelligence and find other knowledge-sharing opportunities to fight cybercrime globally," the executive added.

This is not the first time Interpol has reached out to a cybersecurity firm for help in tracking down cybercriminals.

In 2014, the agency inked a three-year deal with Trend Micro. Under the terms of the deal, Trend Micro gave Interpol access to its Threat Intelligence Service, alongside additional resources and tactical information. Trend Micro also agreed to assist in a cybercrime investigation training program.

In June, Europol and European law enforcement swept across six countries to take down the leaders of a cybercriminal ring which specialized in selling remote access Trojans (RATs), hacking tools, and software designed to circumvent traditional antivirus solutions.

(1st December 2017)

(The Register, dated 20th November 2017 author Rebecca Hill)

Full article [Option 1]:

The UK government is driving towards a sale of up to 6 million vehicle records to private parking firms, according to a transport lobby group.

The RAC Foundation monitors the number of vehicle-keeper records that the Driver and Vehicle Licensing Agency sells to firms, which use them to issue car owners with fines for parking violations on private land.

The DVLA charges companies £2.50 for each request, in which they can ask for the name and address of the registered keeper at a specific date and time.

It means the body could bring in as much as £15m with this year's batch, which might come in useful considering reports that government is looking at multimillion losses after scrapping the paper tax disc.

According to the foundation, the DVLA sold 1.5 million records in the second quarter of 2017-18.

Capita-owned ParkingEye reportedly made 466,668 requests, most for the months of July, August and September this year.

The RAC Foundation estimated that the DVLA was on track to sell "at least 5.6 million" records and could be "easily more than 6 million".

It said that last year the body sold 4.71 million records, while in 2007-08 the figure was less than half a million.

The RAC Foundation put the increase in requests partly down to rules that banned clamping on private land in England and Wales in October 2012.

MP Greg Knight has entered a private members bill into the House of Commons that aims to curb fines from private parking firms, which is due for debate on February 2.

The DVLA said that its data release charges "are set to recover the cost of providing the information. Fees from all vehicle fee paying enquiries equate to only 0.2% of the total amount DVLA collects from Licence fees and taxes".

(1st December 2017)

(The Register, dated 17th November 2017 author Rebecca Hill)

Full article [Option 1]:

London's Metropolitan Police force's use of "intrusive" technologies "without proper regulation" could put a fundamental principle of policing at risk, the London mayor has been told.

In a letter (PDF) to Sadiq Khan, the Greater London Assembly - the group elected to hold the mayor to account - expressed "significant concerns" about facial recognition technology.

The Met has used it at the two most recent Notting Hill Carnivals, but while it claims this is a trial, it is keeping schtum on the details - even in the face of reports it led to 35 false matches and one wrongful arrest this year.

"This is a hugely controversial topic and it is extremely disappointing that trials have been conducted at the Notting Hill Carnival with so little public engagement," said GLA oversight committee chairman Len Duval in the letter.

Khan and the Mayor's Office for Policing And Crime (MOPAC) have a responsibility to push the Met to improve engagement and transparency, he said.

Duvall added that it was particularly concerning that the trial was going ahead despite the lack of a national strategy on biometrics, which was originally promised by the government in 2012 but has been repeatedly delayed.

"The Met is trialling this technology in the absence of a legislative framework and proper regulation or oversight," Duvall said.

"The concept of policing by consent is potentially at risk if the Met deploys such intrusive technology without proper debate and in the absence of any clear legal guidelines."

He said the committee felt there was "a strong case" for Khan to "instruct the Met to stop trials" until either MOPAC establishes an internal framework or a national one is developed and consulted on.

The GLA also gave short shrift to the Met's attempts to alert the public to its work, saying there was "no indication" it planned to publish any results.

It added: "Simply putting out press releases is not enough: the Met must engage with the public and with stakeholders in a much more meaningful way before going any further."

The group's calls echo those made by the UK Biometrics Commissioner Paul Wiles, who has also called into question the police's use and retention of biometric images.

The GLA referred to this in its letter, criticising the fact there is "no simple way" for people to find out how long their personal data is held by organisations in the capital.

For instance, the Met keeps automatic number plate recognition data for two years, but Transport for London keeps the same data for 28 days. And images from the force's body-worn cameras are kept for 31 days, while TfL retains Oyster journey data for eight weeks.

"This is a very confusing picture and we ask you to consider how the GLA Group can make it easier for the public to find out how long their personal data is retained," Duvall said.

Elsewhere in his letter, Duvall warned the mayor that TfL's plans to use Wi-Fi connection data to sell advertising risks leaving customers feeling like they "have been taken advantage of".

He said TfL should have made this clearer, and urged it to address it when the data collection is rolled out across the Tube network.

The Home Office didn't respond on the record.

(1st December 2017)

(The Register, dated 17th November 2017 author Kat Hall)

Full article [Option 1]:

Thousands of Lloyds Avios Rewards American Express credit card customers have been targeted by fraudsters, the bank has admitted.

Reports first emerged on air miles site Head for Points, where readers asked if the credit card had suffered a major data breach.

One said: "About a week ago my wife's Lloyds Avios Amex card was used fraudulently by someone over in New York for a few different things so we called Lloyds to talk about this and get the card cancelled and a replacement sent out."

After contacting Lloyds, he said the bank informed him it was getting thousands of calls a day and was seeing a lot of fraud on Amex cards.

Another said: "Same for me - queued for 45 mins on Saturday afternoon to speak to the fraud team after my card was declined - there was an attempted US transaction on there. And spoke to a colleague this week with the Lloyds Avios Amex whose card had also stopped working. There's clearly been a massive leak somewhere..."

A Lloyds spokeswoman said: "A very small number of Lloyds Bank Avios Rewards American Express credit card customers have been affected by recent fraudulent activity. This has affected less than one percent of customers who hold these cards and we have introduced additional controls to provide further protection.

"These controls have been successful in ensuring that fraudulent transactions are identified and declined. We apologise to customers for any inconvenience caused. Impacted customers will receive a full refund of monies that have been taken fraudulently."

Earlier this week, customers of Lloyds Banking Group and TSB were shut out of their online banking - for the second time this month.

At the start of the year, the UK-based group fell victim to a DDoS that led to a two-day outage. Several more glitches followed throughout the year.

(1st December 2017)

(The Register, dated 17th November 2017 author Kat Hall)

Full article [Option 1]:

The abolition of the paper tax disc is costing the UK government £107m due to an increase in car tax evasion.

According to statistics from the the Department for Transport (DfT), 1.8 per cent of vehicles on UK roads in 2017 were unlicensed, compared to 1.4 per cent in 2015. This equates to around 755,000 vehicles and could lead to up to £107m of revenue loss over the course of a year.

Paper discs were replaced with an online direct debit system for payments in 2014. It has been held up as an example of successful digital government.

Back in June 2013, losses associated with car tax evasion were just £35m.

Since the introduction of the digital system, evasion has soared. According to the DVLA's 2015/16 accounts, unlicensed traffic rose from 0.8 per the previous year, costing the Exchequer £80m.

The Royal Automobile Club said this is "extremely concerning".

RAC public affairs manager Nicholas Lyes suggested that abolishing the tax disc in 2014 could be behind the rise.

"It appears that having a visual reminder was an effective way to prompt drivers into renewing their car tax - arguably more drivers are now prepared to try their luck and see if they can get away with not paying any vehicle tax at all, or are simply forgetting to tax their vehicle when they are due to," he said.

He added that the fact a third of untaxed vehicles were those that changed hands is a strong indication that many drivers are still not aware that tax does not carry over when ownership changes.

A DfT spokesman said that the vast majority of motorists paid tax on their vehicles correctly.

(1st December 2017)

(International Business Times, dated 16th November 2017 author Charlotte Tobitt)

Full article [Option 1]:

Did you realise you may be in a high security risk zone if you went on holiday in parts of India? Or that Denmark is one of the eight safest countries in the world? Or even that Iran is considered low risk, despite its proximity to Afghanistan and Iraq?

An updated interactive travel risk map for 2018, created by travel security firm International SOS, makes it easy to see a fairly localised level of risk around the world, ranking regions as insignificant, low, medium, high or extreme.

The eight safest places in the world right now are Greenland, Iceland, Denmark, Finland, Slovenia, Switzerland, Norway and Luxembourg, which have an insignificant travel security risk. This takes into account the current threat posed to travellers by political violence, social unrest, and crime.

At the other end of the spectrum, there is an extreme security risk in all or parts of Mali, Libya, South Sudan, Central African Republic, Somalia, Yemen, Syria, Iraq, Ukraine, Afghanistan, Guinea-Bissau and Pakistan.

There is also a high security risk in large swathes of Africa, Papau New Guinea, Venezuela, Mexico, Mozambique, north east India and Myanmar's borders.

A new survey undertaken by Ipsos Mori found that 63% of businesspeople perceived travel risks to have increased in the past year - this is actually a softening in attitudes after 72% thought the same in 2016.

The new travel risk map can also categorise countries by medical and road safety. Taking these into account, the most dangerous countries overall, with the highest risk categories in all three categories, are all in Africa - Libya, Somalia, Guinea-Bissau and Central African Republic.

See also

(International Business Times, dated 14th November 2017 author Karthick Arvinth)

Full article [Option 1]:

Further Information (uaware)

Foreign Office travel advice website :

(1st December 2017)

(Independent, dated 16th November 2017 author Jon Stone)

Full article [Option 1]:

Italian journalists have gone through the motions to set up a company in the name of a notorious mafia boss headquartered at 10 Downing Street - to illustrate weaknesses in British law they say helps people set up shell companies to launder money across the globe.

Reporters at Il Sole 24 Ore say they were moments away from spending £12 to register the company at the Prime Minister's address with Companies House under a false name with no real proof of who they were.

Describing the stunt as a "provocation", the newspaper said "there is nothing easier than creating ghost companies that can hide illegal activities or recycle money" under Britain's liberalised corporate registration system.

But Companies House, which is responsible for the registration of companies, says that had the reporters completed the registration process - which was not carried out in full to avoid breaking the law - the authority's automatic systems would have stopped the registration from going through.

"Had the application been submitted our systems would have picked up the false information and the incorporation would have been denied," a spokesperson said.

The journalists initiated the investigation after British overseas territories dominated the map of tax havens in the Paradise Papers leaks, with some MEPs accusing the UK of holding up EU efforts to crack down on tax dodging.

The British government says it supports EU efforts to set up a tax haven blacklist, but behind the scenes UK officials are reportedly arguing against the inclusion of UK jurisdictions like the Cayman Islands and Bermuda, as well as against strict enforceable sanctions against countries on the list.

A registration form for the company was filled out in the name of Matteo Messina Denaro, a Sicilian Mafia boss who has been on the run since 1993.

"London and Britain are the realm of ghost-related recycling companies," the newspaper says.

"Shield companies registered in the country are involved in at least 52 major money laundering cases where at least £80 billion has been cleansed over the past 14 years."

Though Britain has rules on the registration of beneficial ownership of companies, a lack of resources and controls on the list means that obviously fake companies face few obstacles.

The journalists say they stopped the process before paying £12 so as not to break laws that could have seen them sentence to two years in jail.

The paper argued: "Companies House, the body that manages and supervises the company's register, has neither the men nor the means to verify the reliability of the information that is entered at the time of the registration of a new entity."

The European Commission is backing three EU-wide policies aimed at stopping tax avoidance: a blacklist of global tax havens backed by sanctions; new transparency rules for tax intermediaries, bankers, and lawyers; and mandatory country-by-country reporting for profits.

In October the EU also announced it was launching an investigation into whether loopholes in UK tax rules, introduced in 2013, allowed multinational companies to unfairly avoid tax by shifting profits around.

The Paradise Papers consisted of over 13 million confidential documents regarding offshore investments by wealthy people around the world that were leaked to German newspaper Süddeutsche Zeitung.

The documents contain the names of more than 120,000 people and companies and shed more light on the tax practices of the very wealthy, following on from the Panama Papers leak released in 2016.

***This story has been updated to reflect Companies House's response to the original investigation

(1st December 2017)

(International Business Times, dated 16th November 2017 author Jason Murdock)

Full article [Option 1]:

Cash Converters, an electronics retailer, pawnbroker and money lender, has launched an investigation after discovering a data breach impacting UK customer records.

According to a breach notification email sent to impacted customers - and shared with IBTimes UK - the company said that its "webshop" service had been hacked. The stolen information, it admitted Thursday (16 November), was taken from a recently decommissioned website.

It confirmed that webshop account names, passwords and delivery addresses were compromised by the hackers. It claimed "full" card numbers were not taken - which left open the possibility partial data was stolen.

According to one Australian media report, the culprits are currently holding the data to ransom.

"Please be reassured that - alongside the relevant authorities - we are investigating this as a matter of urgency and priority," the breach notification reads.

"We are also actively implementing measures to ensure that this cannot happen again," it added.

Cash Converters said it was working with law enforcement in Australia and the UK to investigate the data leak incident, and has now forced a password reset for all UK webshop users.

The statement continued: "Although some details relating to the cybersecurity breach remain confidential while Cash Converters works with the relevant authorities, we will continue to provide as much detail as possible as it becomes available.

"The current webshop site was independently and thoroughly security tested as part of its development process. We have no reason to believe it has any vulnerability, however additional testing is being completed to get assurance of this.

"Our customers truly are at the heart of everything we do and we are both disappointed and saddened that you have been affected. We apologise for this situation."

It did not reveal how many customers were impacted in the hack, or when it occurred.

The previous website was decommissioned in September 2017, the company said. The notification email advised customers to change passwords and ensure they are unique to the website.

A spokesperson for Cash Converters did not immediately respond to request for comment and the company has not yet publicly acknowledged the incident on its social media channels. A PR contact sent IBTimes UK a statement, however the wording was taken from the breach email.

(1st December 2017)

(ZDNET, dated 15th November 2017 author Zack Whittaker)

Full article [Option 1]:

Security firm McAfee has blocked access to malware that appeared to be sent from the company's own network.

The malware was hosted on a third-party website but was shared via a domain associated with McAfee ClickProtect, an email protection service that the company touts as able to "protect your business from hacking." The service is meant to protect against phishing attacks, malware from links in emails, and prevent users from visiting sites that are known to be high risk.

But the malicious link was only found when a Paris-based security researcher, who uses the pseudonymous handle Benkow, found and tweeted a malware analysis report that included the link.

The link redirected users through the "" domain and on to the malicious Word document.

Anyone who downloaded and opened the malicious Word document would've been exposed to the Emotet banking malware.

"Emotet has been widely distributed via malspam campaigns containing links to hacked sites that host a decoy Word document," said Jerome Segura, lead malware intelligence analyst at security firm Malwarebytes, in an email.

"Upon opening it and allowing macros, the user unknowingly triggers the download of the Emotet malware binary, also retrieved from a compromised site," he said.

The malware uses a traditional macro-enabled Word document, often delivered by a direct link or in an email, which, when opened and activated, will download additional files using a PowerShell script, including the Emotet malware binary. After it installs, the malware phones home to its command and control server where it would siphon off sensitive data, like browser and mail passwords, which could be used to hack into accounts and transfer funds. Security researcher Marcus Hutchins said in a recent write-up that the malware connects to the command and control server using hard-coded IP addresses, but it uses proxies to evade detection.

For its part, McAfee said it was investigating the matter, but it also said the service "performed as designed."

"In the early hours of Nov. 13, the web destination in question had not yet been identified as a source of malware propagation," said a spokesperson.

"Later that day, however, McAfee's Global Threat Intelligence service had indeed identified the web property as a threat, changed the site's reputation ranking from 'low risk' to 'high risk,' and thereafter blocked McAfee customers from being able to reach the site," the spokesperson said.

The spokesperson said that by the time McAfee's research team became aware of the site's status from an email sent by ZDNet, the site had "already been blocked for some time."

But that doesn't line up with our version of events. Shortly up until McAfee said the site was blocked, the link was still active and pointing to the malicious Word document. It's also not clear about why the service would flag the site as high risk but would still allow malware to download.

McAfee was "still working to establish the exact timeline" of events, a spokesperson said.

It's not known exactly how the link came to be -- such as if the link was created by hackers to trick unsuspecting victims into downloading the malware, or if it was by mistake.

A McAfee spokesperson said it was not as a result of "deliberate abuse" of the system.

But hackers have ramped up their use of the Emotet malware in recent months, and they're increasingly resorting to sending carefully crafted emails and employing social engineering techniques. The hackers behind the malware often masquerade as phone, cell, and internet providers, and they would focus on targets predominantly in the US, UK, and Canada, according to a recent Trend Micro report.

But why the malware has resurfaced remains a mystery. Microsoft recently appealed to enterprise customers to help stamp out the malware, which is increasingly in the hackers' crosshairs.

Segura warned that even users with email protection systems in place, like enterprises, can still be duped.

"Users should beware of shortened or converted links and perhaps even more so when there might be assumptions that they are safe," he said.

"The same goes for signatures appended at the bottom of an email, saying 'this email is guaranteed virus-free' or similar," he added. "Not only does it give users a false sense of security, but criminals often also add such messages for social engineering purposes."

(1st December 2017)

(Mirror, dated 15th November 2017 author Josie Clarke annd Aidan Barlow)

Warning : the webpage shows the Royal Mail advertisement

Full article [Option 1]:

A watchdog has banned an advert showing balaclava-clad thugs brandishing baseball bats demanding victims to give up their identity details - after viewers found it too distressing.

The Royal Mail ad was intended to raise awareness of identity theft and fraud by likening it to a bank robbery , and was shown on Twitter and ITV Player earlier this summer.

In the video the gang are seen marauding through a bank and shouting: "This is a robbery."

But it prompted a review by the Advertising Standards Authority (ASA) who deemed it could cause unjustifiable fear and distress to viewers, after a number of complaints.

It shows a woman working in the bank being grabbed by the shoulder and wrists before being asked her full name and date of birth, while other bank customers were quizzed about their personal identity, passwords, and log-in details.

During the scene the apparent assailants yell at the public, including a child, some of whom appear scared and tearful.

At the end of the ad the slogan states: "Let's beat identity fraud." It is accompanied by the Royal Mail logo and the text: "The future in safe hands."

The ASA confirmed it had received seven complaints about the ads causing fear and distress without a justifiable reason, particularly for those who have been victims of violence.

Royal Mail said the ad was created to alert customers to the seriousness of identity theft by likening it to that of a bank robbery.

It said the level of violence in the ad was proportionate in light of its purpose and was not excessive.

The ASA said it understood Royal Mail and ITV's view that the ad served to highlight a serious and growing crime, and assisted customers to find information to protect themselves.

But in a statement the authority said: "We considered that the overall presentation of the ads, as seen by the complainants, was excessively threatening and distressing to the extent that it overshadowed the message the ad intended to convey.

"We concluded the ad was likely to cause fear and distress to viewers, in particular to victims of violence, without a justifiable reason."

A Royal Mail spokesperson said: "Royal Mail apologises for any offence that this advertisement may have caused.

"We accept the decision and will continue to work with the ASA in future. The advertisement appeared on social media and Video On Demand over a number of weeks in the summer, before the campaign concluded."

(1st December 2017)

(The Register, dated 14th November 2017 author Paul Kunert)

Full article [Option 1]:

Builders merchant Jewson has confirmed in writing to customers that their privates could have been exposed in a cyber break-in that occurred late this summer.

In a letter sent to customers - seen by The Reg - Jewson stated: "As a Jewson Direct customers, we regrettably are writing to inform you that our website ( has suffered a security breach and, as a result, your personal data including your credit/ debit card details may have been compromised."

The digital burglary is "likely" to have taken place on 23 August but was only discovered on 3 November. The website was temporarily shuttered on learning of the breach and remains closed. The ICO was then informed of the hack on 10 November. The hackers were seemingly left undetected for weeks, plenty of scope to do all sorts of mischief.

"We are commissioning a detailed and thorough forensic investigation into the breach. The investigations of the breach are ongoing," the missive added.

Based on the information to hand, Jewson warned that customers' names, location, billing address, password, email, phone number, payments details, card expiry dates and CVV numbers "may" have fallen into the hands of an "unauthorised person". Oddly, despite this, when we asked the firm, a spokeswoman told us that "no card data is stored by Jewson".

It is not known how the information was encrypted. Although we asked the organisation to clarify, a spokeswoman sent us this odd statement:


At this stage we are aware that a foreign piece of code was encrypted into the Jewson Direct (formerly Jewson Tools Direct) website. The code has been identified and removed, and we are investigating the breach of security and any related potential loss of information/personal data. No card data is stored by Jewson, however, until the investigation has been completed, customers have been informed of a potential breach of card data as an advisory measure.

We follow the Payment Card Industry Data Security Standard (PCI DSS). The Jewson Direct website has been taken offline and will not be turned back on until we are informed by independent third parties that any security issues have been corrected.


In a bid to "mitigate possible adverse effects of the breach", customers are advised to monitor their accounts. In further no-shit-Sherlook guidance, punters that spy any unusual activity or transactions they do not recognise should contact their credit or debit card provider.

The letter sent to customers vowed: "To help you monitor your personal information for certain signs of potential theft, we are offering you a complimentary 12 month memberships to Experian ProtectMyID. This service helps detect possible misuse of your personal data and provides you with identity monitoring support, focused on the [identification] and resolution of identity theft."

Reassuring indeed. Or maybe not.

In addition to the question about how the data they had held was encrypted, The Reg also asked Jewson how many customers details were likely compromised, how the miscreant accessed the data and what subsequent steps were taken to improve security.

Concerned customers can contact Jewson's customer services help desk on 024 7660 8235.

A representative of the Information Commissioner's Office told us, "We are aware of an incident involving Jewson, and will be making enquiries."

(1st December 2017)

(Independent, dated 13th November 2017 author Andrew Griffin)

Full article [Option 1]:

Netflix users across the world have been warned about a new scam that's spreading across the site.

Users are being sent emails that appear to be from Netflix, but are in fact from scammers. And once they're opened, the damage spreads quickly.

The emails are a classic example of phishing attacks: messages that look official and encourage people to enter personal information and other useful details. But since the links and the sites are fake, those details are actually sent to scammers who want to use them for malicious purposes.

This time around, they claim that accounts are being deactivated and that people need to go back on the website and hand over their payment and account details. But the accounts are fine, and those details will be stolen and used for more scams.

"Phishers will go to great lengths to try to take over your account or steal your personal information," Netflix's site warns. "They may create fake websites that look like Netflix, or send emails that imitate us and ask you for personal information."

It makes clear that it will never ask for payment details, identification numbers or passwords over email. It makes clear that it might sometimes email its users to tell them to update that information on the website - if it is hacked and people need to change their passwords, for instance, or if your credit card goes out of date - but that you should check that the link is actually to a address if it does.

Such scams tend to focus on highly used services - like Netflix, along with iCloud or Facebook - and send emails that appear to have come from the company itself. But in fact in all cases the link will be fake, and clicking through will lead to an identical but malicious version of the website.

Netflix is especially concerning because the logins are valuable not just as ways of getting people's information. Since Netflix logins can be used by a number of people, they're often traded online - and stolen Netflix accounts, as well as those for other subscription services, are one of the most easily available and valuable things sold on the dark web.

In all cases, the advice is the same: if you are sent an email by a service you use that wants you to enter some information, make sure you do it by heading to the website yourself. And if you've any concerns that you're being tricked, get in touch with the company - using contact details listed on its website - and ask.

If you think you've already been tricked by such scams, then there's a range of ways to make yourself safer. Change your passwords, for instance, and keep an eye on any activity on your accounts. It might also be helpful to let the company itself know, so they can provide advice and stop it from happening in the future.

You can see if anyone is using your Netflix account by heading to the viewing activity page. That will show you everything anyone has watched on your account, and on what profile, and you can also use Netflix's settings to see every time someone has logged in and where they did so.

(1st December 2017)



By Robert Laurence Binyon (1869 - 1943)

With proud thanksgiving, a mother for her children,
England mourns for her dead across the sea.
Flesh of her flesh they were, spirit of her spirit,
Fallen in the cause of the free.

Solemn the drums thrill; Death august and royal
Sings sorrow up into immortal spheres,
There is music in the midst of desolation
And a glory that shines upon our tears.

They went with songs to the battle, they were young,
Straight of limb, true of eye, steady and aglow.
They were staunch to the end against odds uncounted;
They fell with their faces to the foe.

They shall grow not old, as we that are left grow old:
Age shall not weary them, nor the years condemn.
At the going down of the sun and in the morning
We will remember them.

They mingle not with their laughing comrades again;
They sit no more at familiar tables of home;
They have no lot in our labour of the day-time;
They sleep beyond England's foam.

But where our desires are and our hopes profound,
Felt as a well-spring that is hidden from sight,
To the innermost heart of their own land they are known
As the stars are known to the Night;

As the stars that shall be bright when we are dust,
Moving in marches upon the heavenly plain;
As the stars that are starry in the time of our darkness,
To the end, to the end, they remain.

(12th November 2017)

(The Guardian, dated 10th November 2017 author Eleanor Ainge Roy)

Full article [Option 1]:

Thousands of online scammers around the globe are being fooled by artificial intelligence bots posing as New Zealanders and created by the country's internet watchdog to protect it from "phishing" scams.

Chatbots that use distinct New Zealand slang such as "aye" have been deployed by Netsafe in a bid to engage scammers in protracted email exchanges that waste their time, gather intelligence and lure them away from actual victims.

Cyber crime costs New Zealanders around NZ$250m annually. Computer programmers at Netsafe spent more than a year designing the bots as part of their Re:scam initiative, which went live on Wednesday.

Within 24 hours 6,000 scam emails had been sent to the Re:scam email address and there were 1000 active conversations taking place between scammers and chatbots.

So far, the longest exchange between a scammer and a chatbot pretending to be a New Zealander was 20 emails long.

The bots use humour, grammatical errors and local slang to make their "personas" believable, said Netsafe CEO Martin Cocker. As the programme engages in more fake conversations with scammers overseas, its vocabulary, intelligence and personality traits will grow.

Cocker says if the scammers aren't astute or paying attention, the exchanges could go on for a "very very long time".

"We are really concerned about the growth of predatory email phishing, while victims remain essentially powerless," said Cocker.

"Everyone is susceptible to online phishing schemes and no matter how tech savvy you are, scammers are becoming increasingly sophisticated. Re:scam will adapt as the scammers adapt their techniques, collecting data that will help us to keep up and protect more people across New Zealand."

Cocker said Netsafe had designed a bot that was as convincing and long-winded as possible, asking scammers a seemingly never-ending series of benign questions.

"Dear Illuminati, what a wonderful surprise," wrote a Re:scam chatbot responding to a scammer offering $5m.

"I'd love to join your secret club. Do you do a bingo night?"

"There is not bingo night," replied the scammer.

"Please complete attached form with bank details for your recieve full payments of 5 million."

"Terrific!" replied the Re:scam chatbot.

"But to avoid detection I am going to send my bank details through one number at a time. Ready? 4..."

"That is not nessasary," replied the scammer.

"7" said the bot.

Cocker says the bot works particularly well because New Zealand isn't targeted by any home-grown scammers - only those targeting the country from overseas.

"The bot does a pretty good job of impersonating how many New Zealanders would engage with scammers, it is fairly well-developed in terms of its phrasing and language and approach, so it is quite realistic," said Cocker.

Netsafe website :

(The Independent, dated 9th November 2017 author Aatif Sulleyman)

Full article [Option 1]:

An artificially intelligent bot that inundates email scammers with a never-ending stream of questions has been created.

Re:scam is designed to waste the time of the people behind email scams, and annoy them until they give up.

It's been developed by Netsafe, which says it's time regular web users "fought back".

At the time of writing, Re:scam has sent over 16,000 emails to scammers which, according to Netsafe's calculations, have collectively wasted more than 25 days of scammers' time.

"I adopt one of my many personalities to continue the conversations of any would-be victim," the bot, which also describes itself as "super-interested" and "a bit naive", says.

"I waste their time with a never-ending series of questions and anecdotes so that they have less time to pursue real people. Just like you, I mqke typos, and jokes that no one appreciates.

"They won't know when they're scamming, or getting scammed out of their own time. It's bad for business."

According to Netsafe, $12 billion is lost globally each year because of phishing scams.

The organisation is inviting anyone who thinks they've been targeted by a scam email to forward it to Re:scam, which will verify if it is a scam or not.

It will then use its own email address to target any scammers it manages to detect.

"Deleting a scam email protects you, but forwarding to protects others," says Re:scam. "It's also kinda funny."

The chat bot "service", for bogus mail to :


(10th November 2017)

(City AM, dated 9th November 2017 author Lucy White)

Full articl [Option 1]:

Misspending government funding tops the list of current fraud risk areas, ahead of cyber crime and money laundering, according to accountancy firm Moore Stephens and the Chartered Institute of Public Finance and Accountancy (CIPFA).

Almost half of accountants surveyed by Moore Stephens and CIPFA said grant fraud - where an individual, business or charity applies for money it is not eligible for, or spends it on activities not included in the conditions - poses a high or very high risk.

In one recent case, a Cambridge historian claimed £223,000 from the Heritage Lottery fund for a fictional archaeological scheme. He instead spent it on mortgage repayments and a new car, and was jailed for six years.

"It may seem surprising to find government grants eclipsing more 'fashionable' areas like cyber crime when it comes to fraud risk," said John Baker, a director at Moore Stephens.

"It may be the case that areas such as cyber and bribery have been addressed more recently due to the high profiles, leaving more traditional areas unattended."

Grant fraud can include cases where the funding came from the EU or the United Nations, for activities such as research or humanitarian projects, and Moore Stephens has warned that there could be an increase in fraudulent applications for EU grants as Brexit threatens to close the door.

Money laundering was seen as the second highest risk internationally, with 42 per cent of respondents saying it was a high or very high risk, followed by payroll fraud. In the UK, payroll fraud ranked second.

The top 10 fraud risks worldwide

Type of fraud / Percentage of respondents scoring high or very high risk

Grants : 48 %

Money laundering : 42%

Payroll fraud : 41%

False representation : 40%

Bribery : 40%

Bank mandate : 39%
(when a direct debit is changed send money to a fraudster disguised as a regular payee)

Cyber crime : 38%

Misreporting results : 37%

"Whale fraud" : 37%
(where finance staff receive a message asking to rush through a payment to a supplier)

Procurement fraud (receipt, evaluation and award fraud) : 32%

(10th November 2017)

(The Telegraph, dated 9th November 2017 author Martin Evans)

Full article [Option 1]:

Some police forces are failing to respond to "low priority crimes" - including theft, assault and violence, a report from Her Majesty's Inspectorate has found.

In its third annual review of how forces manage their resources, the police watchdog, found that not all crime victims were receiving the quality of service they deserved from the police.

Her Majesty's Inspectorate of Constabulary and Fire & Rescue Services (HMICFRS) acknowledged that forces were facing "significant" financial pressure, but said there were still efficiencies to be made in the service and shrinking budgets should not be used as an excuse to ignore some victims.

Mike Cunningham, the inspector who led the review, said his team had found numerous examples where police were leaving low priority crimes unresolved for long periods of time, and in some cases were not responding at all.

He said while decisions were often based on whether a victim was deemed vulnerable, it included offences such as theft, assault and even violence against the person.

Presenting the findings, Mr Cunningham, said police forces were under huge pressure to reduce demand on their shrinking resources.

But he added: "In reducing demand, it is important that forces do not simply suppress it, by which we mean fail to identify, acknowledge or deal with certain kinds of demand.

"HMICFRS is beginning to see examples of forces taking action to prioritise their demand in such a way that low priority and less urgent incidents can be left unresolved for long periods.

"While the prioritisation of tasks is important, forces need to ensure that victims receive the quality of service that meets their needs."

Inspectors found that many force control rooms where 999 and 101 calls are received, were struggling to meet demand.

Mr Cunningham said in Devon and Cornwall some low priority 999 callers were being left waiting on the line for so long that they eventually hung up.

The report comes at a time of intense debate over the future of police funding with many Chief Constables arguing that cuts are eroding the ability to tackle serious crime.

Last week the Home Secretary Amber Rudd issued a rebuke to forces asking for more cash urging police leaders to focus on cutting crime instead of lobbying for more money.

But the HMICFRS report acknowledged the financial pressure facing forces saying: "While most forces throughout England and Wales have risen impressively to the challenges they face, policing remains under significant stress."

Earlier this week, Met Commissioner, Cressida Dick told MPs that while further efficiencies could be made, proposed cuts would leave Scotland Yard struggling to bear down on offences such as gun and knife crime and even terrorism.

The two kinds of crime statistics

Crime levels in the United Kingdom are measured according to two rather different methods.

1. Police records data

Using the crimes actually recorded by the police each year allows us to see fast-moving changes in criminal trends. However, the data are strongly affected by changes in how crime is classified, how seriously the police pursue it and how willing the public is to report it. Better policing can make this crime rate appear to go up.

2. Crime Survey

In England and Wales (and, separately, in Scotland) a significant sample of the population is questioned about being the victim of crime in the past year. This survey cannot measure crimes where no named victim can be interviewed, such as corporate crimes or murder. However, it can flag crimes that frequently go unreported to the police, such as domestic abuse.

Which high-volume crimes are least likely to be solved?

Proportion of crimes ending with no suspect identified, year to June 2017 (Source : Home Office)

Theft from vehicle : 95%
Burglary in a non-dwelling : 87%
Other theft : 84%
Criminal damage to a vehicle : 79%
Burglary in a dwelling : 79%
Shoplifting : 46%
Public fear, alarm or distress : 33%
Harassment : 17%
Assault with Injury : 15%
Assault without injury : 14%

uaware comment : figures shown above are interpretation of graph within article.

(10th November 2017)


(London Evening Standard, dated 9th November 2017)

Full article [Option 1]:

A dramatic surge in crime on the Tube, with serious public order incidents up 230 per cent, is revealed today in official documents.

Total notifiable offences have risen by 22 per cent in the second quarter of this year, June 25 to September 19, compared with the same period 12 months ago. Sexual offences are up seven per cent on the Tube and 44 per cent on London Overground.

A report paints a picture of increasing low-level violence, pushing and shoving, verbal disputes and threatening behaviour during morning and afternoon peak times and later in the evenings, particularly on Friday and Saturday nights.

Transport for London said the rise "part reflects national trends in crime, with the latest figures for England and Wales showing an increase in all policerecorded offences of 13 per cent in the 12 months to June, with even greater rises for violent offences".

All forms of transport, with the exception of the bus network, "experienced an increase in the volume of reported crime and a higher rate of crime per million passenger journeys".

The TfL statistics come just 48 hours after it announced it was cutting up to 1,434 jobs and £ 3 billion from the health and safety budget to reduce overall spending. The documents reveal:

- Serious public order offences: rose from 233 to 768 - up 230 per cent

- Robberies: 17 to 42 - up 147%

- Theft of passenger property: 1,125 to 1,387 - up 23 per cent;

- Sexual offences: 343 to 367 - up 7%

- Sexual offences on London Overground: 18 to 26 - up 44%

- Total notifiable offences on the Tube : 3,318 to 4,053 - up 22%

Reported drug offences are down 46 per cent, violence against the person down 14 per cent and serious fraud down 51 per cent.

The details are in TfL's customer and operation performance report, dated today and revealed by Mick Cash, leader of the RMT union.

He said: "These are truly shocking figures. RMT has warned for years that cuts to staff would turn London Underground (LU) into a thugs and criminals paradise and our warnings have now come home to roost with a vengeance.

"Rather than TfL planning for a further 1,400 job cuts in the next tranche of planned reductions passengers need more staff acting as a deterrent and to be on hand to help co-ordinate our response to crime on London's transport network. The job cuts on LU must be halted and reversed."

TfL said: "We are addressing these incidents but it remains challenging given the sporadic nature of offences.

"The reporting of sexual offences of the transport system has continued to rise on LU and London Overground.

"This reflects the continuing efforts to tackle unwanted sexual behaviour on public transport."

It continued: "Increases in recorded crime on LU, Docklands Light Railway and London Overground are primarily driven by rises in reported sexual offences, low-level violence and public order offences and criminal damage."

(10th November 2017)

(The Telegraph, dated 9th November 2017 author Martin Evans)

Full article [Option 1]:

Britain's biggest police force is urging people to report crimes online and even collect their own evidence, after figures revealed that thousands of people were abandoning 999 calls before they get a response.

The Metropolitan Police is rolling out a new service which will let people report even serious offences using their mobile phone, tablet or computer rather than having to speak directly to a control centre.

The system is intended to speed things up and make reporting a crime more convenient.

But it comes at a time when there is mounting evidence to suggest the current 999 and 101 non emergency services are failing to cope with the volume of calls.

It has emerged that police call handlers are so stretched that many people simply hang up before their issue has been dealt with.

New figures reveal that last year more than 42,000 people who dialled 999 to ask for a police response, failed to complete the call.

The numbers were even worse for 101 non emergency calls, with almost 860,000 people giving up before they got a response.

Data released under the Freedom of Information Act, showed that more than 30,000 calls had taken more than 16 minutes to answer.

While Scotland Yard said there were a number of reasons why a call might be abandoned, including a loss of mobile signal, it will lead to concern that many people are simply giving when attempting to report low level crimes.

Earlier this week a report by her Majesty's Inspectorate of Constabulary and Fire & Rescue Services (HMICFRS) identified problems with a number of 999 services and urged police forces to find new and innovative ways to interact with the public.

The Met's new online reporting service will allow people to report low priority crimes with call handlers assessing each case within 45 minutes.

Scotland Yard already has an online facility available for minor crimes, but the new system will allow more serious offences to be reported via the internet.

Deputy Assistant Commissioner Mark Simmons said: "It is important the Met moves with the times and we know more and more people want the ability to report crime online in a place and at a time that suits them.

"The process has been made as simple and easy as possible. The public are taken through a series of online steps to make their report and the very first question asks them if this is in fact an emergency.

"He do not want people to report emergencies online; they should continue to call 999 in the normal way and police officers will respond.

"However, online reporting is a very easy alternative to calling our non-emergency number 101 and quicker than waiting in a telephone queue at busy times."

He said it was not an automated service and each report would be dealt with by an experienced 999 call handler.

He added: "We will respond within 48 hours. However, if those call handlers think that the crime needs a more urgent response they can divert the report to a police officer to attend.

"Where needed, we will continue to visit victims of crime face-to-face but online reports for less serious offences mean an officer does not need to visit an address to take details. This frees them up to attend the calls where they are needed most."

(10th November 2017)

(London Evening Standard, dated 9th November 2017 author Justin Davenport)

Full article [Option 1]:

Nearly 860,000 calls to Scotland Yard's non-emergency 101 number were "abandoned" in the past 12 months, figures revealed today.

They also show that more than 42,000 people dialling the emergency 999 number and asking for a police response failed to complete the call.

The number of uncompleted 101 calls in September was 78,008 - a rise of more than a third on the 57,734 for October last year. The figures were revealed to Labour London Assembly Member Andrew Dismore after a question to the Mayor.

It raises fears that Londoners trying to report "low-level" crimes could be giving up in frustration. Separate figures obtained after a Freedom of Information request show the number of 101 calls taking longer than 16 minutes to answer rose from 435 in January to 30,746 in June. The number answered within 30 seconds fell from 142,322 in January to 60,197 in June.

The worst month for uncompleted 101 calls was also June, with 151,147 - more than half the total of 284,704 calls received. There were also 7,908 uncompleted 999 calls that month, though this was only 3.5 per cent of the total 205,382 received that month.

Police point out that June was the month of the London Bridge terror attack and the Grenfell Tower fire, which put emergency services under huge pressure.

Scotland Yard also said there were many reasons why callers hang up. One is that people dialling 101 decide to report crimes online after hearing a recorded message about this service. An "abandoned call" can also be due to a mobile phone losing its signal.

However, senior officers admit that the Met's call handling centre has been short-staffed. In August, the force advertised for 190 new call handlers.

The figures come as the Met faces £400 million of cuts. The force plans to close more than half its 73 police stations and sell the buildings to raise £165 million.

Mr Dismore said he had received numerous complaints about long waits on the 101 service. "People are hanging on for half an hour and then giving up. I think the Met are trying to sort it out but people do not expect to call police and be kept waiting for 20 minutes or half an hour," he said.

"There is a real concern about what happens to the reporting of some so-called 'low-level' crimes if Londoners inevitably give up and abandon efforts to get through to an operator due to delays in call-answering."

He added: "With plans to close stations across London, there's a risk that some people who would use 101 as an alternative, as suggested by the police, will struggle to report crimes and other problems. Until the 101 number is operating as it should, plans to close stations should be deferred."

He said Londoners such as pensioners who might not use online services and those on low incomes without computer access would struggle most.

Chief Superintendent David Jackson, head of the Met's Command and Control department, said there had been a 12 per cent rise in the number of calls to the Met in the past year, which had had an impact on services, particularly for 101 calls as 999 calls are given priority at times of high demand. He added that June was the Met's busiest month for 999 and 101 calls in two years.

He said: "I know that our staff and officers really appreciate the support that all emergency services have received from the public following some awful events, and the public can help us by only using 999 in an emergency.

"If you need to contact police in a non-emergency, then visit our website to see if your matter can be dealt with on there, or if you call us on 101, then please bear with us at this time."

###Londoners turn to the internet to report crime

Thousands of Londoners are reporting crimes online as Scotland Yard says that fewer people are choosing to go to police stations over minor offences.

The Met released figures today showing that 9,000 crimes were reported online in June compared with 900 in February when this internet service was launched.

In total there have been 51,000 crimes or incidents reported online in London in the past six months. The Met said about eight per cent of crime reports were now done using a computer or smartphone.

Deputy Assistant Commissioner Mark Simmons said: "Research shows that while most people want to contact us by phone, the second preference is to contact us online."

Since February, officers have dealt with 85 crimes reported online which needed officers to attend. These included reports of burglaries, sex offences, domestic abuse and a historical rape.

Mr Simmons said: "I want to reassure people that this is not an automated service - each report will be handled by one of our experienced call handlers, the same ones who take 999 and 101 calls, within 45 minutes of a report being submitted."

Police say most crimes can be reported online unless there is a suspect on scene and a risk to life or property. They still want people to call to report a missing person or antisocial behaviour.

(10th November 2017)

(The Telegraph, dated 9th November 2017 author Auslan Cramb)

Full article [Option 1]:

Two hundred emergency calls to Police Scotland have "gone unheeded" in the past year, with officers not being deployed to incidents or being sent to the wrong town, according to Ruth Davidson.

The Scottish Conservative leader said the mishandled cases included a suicidal caller who was told to "hang up", and a 999 call from a couple saying their front door was "being kicked in".

She challenged Nicola Sturgeon on the issue at First Minister's Questions after a damning police watchdog report found a number of failings in the way police dealt with an emergency call from a vulnerable, domestic abuse victim.

Elizabeth Bowe, 50, rang the police on September 17 last year, but a member of staff at the Bilston Glen area control centre downgraded the status of her call and left a voice message saying the 999 service was "for emergencies only".

Her brother Charles Gordon, 52, called police later to say he had just killed Ms Bowe, and when officers reached her home in St Andrews - one hour and 24 minutes after her original emergency call - she was suffering from injuries that would prove fatal.

Ms Davidson said it was not an isolated incident and people wanted to know how many more times a call for help would go unheeded "before the situation in our emergency control rooms is sorted out".

She added that the Conservatives had uncovered 200 incidents in the last year "where police had failed to respond appropriately".

"In one case a suicidal man was told to hang up. In another two separate call handlers failed to record a report of a dead body in a house," she said.

"In another, a couple rang 999 to report their front door was being kicked in, they didn't get any help because firstly the wrong address was written down and secondly police officers weren't even dispatched. That is the reality of what is happening right now."

The Bilston Glen centre was also widely criticised in 2015 following the deaths of John Yuill and Lamara Bell after the couple lay undiscovered for days after a crash on the M9 near Stirling, despite their wrecked car being reported.

Ms Davidson said MSPs had been "promised" the reduction in the number of police control rooms would not result in a loss of local knowledge.

She added: "So let me read some more cases from this year. A woman threatened by her ex-partner who didn't get a response from police because they were sent to the wrong address.

"A man threatened with a knife where police were sent to the right flat in the right street but in the wrong town.

"A caller who rang as their mother and their niece were being assaulted and again police were sent to the wrong location."

Ms Sturgeon expressed her "heartfelt thoughts and sympathies" to the family of Ms Bowe, and said each of the cases cited was "serious and unacceptable".

But she also claimed Police Scotland had made "significant improvements" in call handling, adding: "I do think it is important also to put the situation into context. Ruth Davidson cites 200 incidents - as I say completely unacceptable - but Police Scotland handle 2.6 million calls every year.

"I am very clear that one of the incidents of the type Ruth Davidson has cited here today is one too many and lessons must be learned from all of these incidents."

The First Minister said that following the murder of Ms Bowe "the police have rolled out risk and vulnerability training to more than 800 staff, further guidance has been issued to all control room staff in regards to the regrading and closing of incidents, a national quality assurance unit for police call handling has also been established".

(10th November 2017)

(CNN Tech, dated 9th November 2017 author Selena Larson)

Full article [Option 1]:

Looking at cybercriminal black markets and public forums, the company found millions of usernames and passwords stolen directly through hacking. It also uncovered billions usernames and passwords indirectly exposed in third-party data breaches.

For one year, Google researchers investigated the different ways hackers steal personal information and take over Google (GOOG) accounts. Google published its research, conducted between March 2016 and March 2017, on Thursday.

Focusing exclusively on Google accounts and in partnership with the University of California, Berkeley, researchers created an automated system to scan public websites and criminal forums for stolen credentials. The group also investigated over 25,000 criminal hacking tools, which it received from undisclosed sources.

Google said it is the first study taking a long term and comprehensive look at how criminals steal your data, and what tools are most popular.

"One of the interesting things [we found] was the sheer scale of information on individuals that's out there and accessible to hijackers," Kurt Thomas, security researcher at Google told CNN Tech.

Even if someone has no malicious hacking experience, he or she could find all the tools they need on criminal hacker forums.

Data breaches, such as the recent Equifax hack, are the most common ways hackers can get your data. In one year, researchers found 1.9 billion usernames and passwords exposed by breaches. The company continued to study this through September 2017 and found a total of 3.3 billion credentials.

But digital criminals can be much more proactive in stealing your information. Two popular methods are phishing, which is posing as a trustworthy person or entity to trick you into giving up your information; and keylogging, or recording what you type on your computer.

Google researchers identified 788,000 potential victims of keylogging and 12.4 million potential victims of phishing. These types of attacks happen all the time. For example on average, the phishing tools Google studied collect 234,887 potentially valid login credentials, and the keylogging tools collected 14,879 credentials, each week.

Because passwords are not often enough to access online accounts, cyber criminals are trying to collect other data, too. Researchers found that some phishers try and siphon location, phone numbers, or other sensitive data while stealing login credentials. Mark Risher, director of product management at Google, said this was one of the study's key findings.

Google can automatically recognize when you're logging in from somewhere unusual -- if the company sees you attempting to login from Russia when you usually login from California, Google will ask to verify it's you. As a result, Google has tightened the location radius around what it considers to be usual login areas.

Google has also implemented additional layers of email security on its official Gmail app. The company said that applying the research insights to its security protections prevented 67 million Google accounts from being abused.

Last month, the company launched a handful of tools for people to further protect themselves, including a personalized account security checkup, new phishing warnings, and the Advanced Protection Program for Google's most at-risk users.

Although experts have suggested using multi-factor authentication (a layer of security in addition to your password) for a long time, public adoption lags behind. According to recent data from Duo Security, most Americans don't implement the extra layer of protection.

But that might be changing. Risher said Google is seeing more people adopt less convenient options in order to keep themselves safe. For example, Google said Amazon sold out of the Advanced Protection Program kits soon after they launched. The kit contains two physical security keys a person would be required to have in order to access to their account.

Google said it is sharing its latest findings so other companies can also implement better protections to guard against account hijacking.

"We talk a lot about how airlines don't compete over which one crashes more frequently," Risher said. "Likewise, we don't think security is something to keep to ourselves."

(10th November 2017)

(The Telegraph, dated 8th November 2017 author Katie Morley)

Full article [Option 1]:

Scam victims who fail to take "reasonable care" to protect themselves against criminals will not get their money back under a formal compensation scheme being designed by watchdogs.

From next year, an anti-fraud revolution will see consumers who have been conned into transferring money to fraudsters reimbursed by their bank - but only if they can prove that they did not act recklessly.

Victims who have lost life-changing amounts could be denied a single penny of compensation if they did not conduct "common sense" checks, such as spotting bogus email addresses or account details and names that do not correspond.

The plans are being drawn up by the Payment Systems Regulator (PSR) to curb a growing fraud epidemic in which criminals posing as legitimate organisations are extracting £200million from 40,000 victims every year.

Consumer groups said bank customers who fall for scams should not be blamed and called for banks to take the responsibility.

The fraud usually involves email interception or some form of trickery, whereby the victim unknowingly sends money to a criminal's account, meaning they are often unaware of the scam until it is too late.

Gareth Shaw, the Which? Money Expert, said: "These scams have become so complex and believable that many consumers couldn't be expected to spot them. Banks should consider introducing additional checks - such as delayed payments or third party signatures - with extra focus on protecting vulnerable customers."

James Daley, director at Fairer Finance, a consumer group, said: "The test should be how far did the bank go to stop the scam, not how far did the consumer go.

"It is perfectly possible for banks to install enough checks to fully put an end to this and the test should be how far have they gone - not how far have consumers gone. Losing their life savings is far too high a penalty for customers who have been negligent and this should not happen."

At present, just one in four victims are reimbursed, but this figure is set to rise considerably. The action follows a "super-complaint" by Which? over concerns people were being conned out of huge sums of money with no hope of compensation.

The PSR said it was considering changing the law to allow criminal funds frozen in bank accounts to be used to compensate victims.

The Telegraph has previously called for regulators to act to stop consumers being tricked as we have heard from dozens of consumers swindled by tricksters posing as solicitors, investment professionals, government departments and salesmen.

In one shocking case, a woman lost £130,000 in a sophisticated solicitor scam and reported it to First Direct, her bank, only to be told the fraud team had finished for the night.

Bank transfer fraud - How you can be targeted

Consumers have to be on guard every time they are asked to make a bank transfer as fraudsters grow evermore sophisticated and target their victims in a number of ways.

Conveyancing fraud:

Property buyers and sellers are at risk of losing life-changing sums should they become victims of "conveyancing fraud".

Criminals are able to hack into online systems and intercept emails between clients and solicitors just before completion.

They replace the details of the account where the payment is due with their own so the unsuspecting victims often pay hundreds of thousands of pounds into the fraudster's account. In the numerous cases reported by Telegraph Money this money is never reimbursed.

Rental fraud:

Potential tenants are tricked into transferring an upfront fee by bank transfer to a fake landlord or rental firm ahead of a property viewing. The fraudster then disappears.

Overpayment fraud:

Landlords have also been targeted by fraudsters. One bed and breakfast owner was sent a bank draft by a "customer" which amounted to more than the cost of the room. She transferred the excess £1,400 back to the fraudster. She later discovered the bank draft was fraudulent. Her bank refused to reimburse her.

Online marketplace fraud:

Countless readers have reported paying fake sellers on eBay, Gumtree, Amazon for items that fail to arrive.

Some of the largest losses are related to vehicle purchases where the fraudster asks for an upfront payment by bank transfer and promises to deliver the car on an agreed day. Victims only realise the ruse when the car does not show up and the seller disappears.

Those who buy vehicles on eBay are not eligible for its Money Back Guarantee which applies to most items paid for through the platform using PayPal. Motors should be viewed in person before the money is handed over directly to the seller.

Telegraph Money readers have also reported similar scams on Airbnb, the accommodation booking site. Fraudsters posing as hosts trick users into making bank transfers outside of the site for properties that don't exist.

Airbnb said hosts and guests are protected by making payments through its site.

BANK TRANSFER FRAUD - THE NUMBERS January - June 2017 (Source : UK Finance)

n = Personal (n) = non-personal

Total Cases : 17,064 (2,306)
Total Victims : 16,993 (2,244)
Total Lost : £51.7m (£49.5m)
Total returned to victim : £9.8m (£15.4m)

(10th November 2017)

(Reuters, dated 8th November 2017 author Axel Bugge)

Full article [Option 1]:

The "remorseless" growth of cyber crime is leading to 4,000 ransom attacks a day and gangs' technological capability now threatens critical parts of the financial sector, the head of Europol said on Wednesday.

Online criminals have become so sophisticated that gangs have created "conglomerations" with company structures that specialize in different criminal activities to carry out the attacks, Rob Wainwright, who leads the EU law enforcement agency, said.

"What really concerns me is the sophistication of the capability, which is becoming good enough to really threaten parts of our critical infrastructure, certainly in the financial, banking sector," he told Reuters.

And while not all those 4,000 ransom attacks - which demand money to restore access to files that have been frozen or encrypted - are on banks, the financial services sector is seen as a key target because of the potential profits for the criminals.

Even bank payment systems and ATM cash machines fall prey, Wainwright said.

The launch of ransomware attacks such as Wannacry, which struck firms around the world in May and June, has changed the dynamic of such attacks, by propagating them more widely through companies' computer systems, Wainwright said.

The rapidly spreading extortion campaigns underscored concerns that businesses have failed to secure their networks from increasingly aggressive hackers, who have shown they are capable of shutting down critical infrastructure and crippling corporate and government networks.

"The real threat comes from a sort of exponential, remorseless increase in the scale and significance of cyber criminal capability," Wainwright said on the sidelines of the Web Summit technology conference in Lisbon.

He said every year there now "seems to be a doubling, or tripling, of one kind of threat or another, in terms of scale".

He said the challenge of fighting cyber criminals is that they can be based "in their bedrooms", making it difficult to find them. A majority of cyber criminals "we are working against are Russian speaking, not just Russian", he said. Russia denies it is involved in hacking.

Last year, police authorities in several countries smashed 20 criminal groups that had created a "service-based economy" for the rest of the criminal market, such as providing ways to launder money or sell drugs online.

Such criminals gangs operate on the so-called dark web, which can only be accessed with special software.

It is used by criminals doing everything from selling drugs to guns, but also attacking payments systems and other parts of the financial system.

"There is this sort of cyber criminal underworld that's a lot bigger and smarter and adept than most people think," Wainwright said. "And, against it, we still have generally low cyber security standards."

(10th November 2017)

(Telegraph, dated 8th November 2017 author Helena Horton)

Full article [Option 1]:

###uaware note : this article includes photographs of the injuries sustained by Essex Police Officers

Essex Police Federation has asked for more protections for its officers as it shares photographs of injuries they have suffered.

The Federation has asked for protection for the police, as well as better equipment and is welcoming stricter punishments for those who assault emergency workers.

The Chief Constable of Essex Police, Steven Kavanagh, said: "Appalling. Too many Essex Police officers assaulted this weekend keeping the county safe. More needs to be done."

The Assistant Chief Constable, Andy Prophet, revealed that 12 police officers in Essex were injured over the weekend while on the job.

Steve Taylor, Federation Chairman, has said that more Tasers and better equipment, as well as a better resourced police service, would further protect Essex Police officers from injury and attack.

He said: "I'm encouraged by the cross-party support that the 'Protect the Protectors' bill has received around protection for emergency service workers."

"It's encouraging that all of our MPs here in Essex seem to be behind it, and we've had MPs speaking about the matter in Parliament, which is good and demonstrates that the efforts we've made locally to lobby our MPs is paying off to some degree.

"Let's not forget that 'Protect the Protectors' is a wider collection of issues, not just this one, and we're very keen that the success we've had in the emergency services workers protection bill can be replicated in protection for police drivers.

"The nature of police hasn't changed. There are fewer of us trying to do more, which will increase the risk.

"We're trying to keep our officers as safe as we can, we're trying to equip them with the very best that we can equip them with, and will continue to make those arguments and put those reasons to the Chief Officer team and the force."

The Emergency Workers (Offences) Bill passed the second reading stage in October.

It would introduce a new triable either way offence of assault or battery against an emergency worker, with a maximum penalty of a 12 month prison sentence; introduce a statutory aggravating factor for the courts to consider when sentencing certain assaults; and enable samples to be taken from people who spit at officers.

(10th November 2017)


(The Guardian, dated 7th November 2017 author Tom Babin)

Full article [Option 1]:

The bicycle was nothing impressive - an ageing mountain bike worth only a couple of hundred dollars - but Vancouver police officer Rob Brunt remembers it clearly. The owner, clad head-to-toe in cheap green waterproofs, on her way to work at the market on Granville Island, stopped Brunt to express worry about her bike. It was locked to a nearby rack, behind a car park and out of sight of passersby - a perfect place for thieves. It was her primary mode of transport and she couldn't afford to lose it.

The next time Brunt saw the woman, she was crestfallen. The bike had indeed been stolen, forcing her to miss a few days of work and get around on a borrowed ride. She was scraping together the money for a new lock.

The woman's story stuck with Brunt. "I learned from that the price of a bike is not indicative of the value to the owner," he says.

That was two years ago. Today, a remarkable turnaround has taken place on Granville Island, which was at the time the worst spot in Canada's worst city for bike theft. Since then, bike thefts have declined by more than 70%, an incredible improvement in a problem that is pervasive in nearly every major city in the world. Similar reductions across Vancouver are offering hope that something can be done to combat a phenomenon that stymies the growth of bike culture.

And the turnaround might never had happened if somebody hadn't stolen J Allard's bike.

Allard has become a bit of a folk hero in Vancouver's cycle community for his tireless work to stop theft - but he doesn't even live in the city. He makes his home across the US border in Seattle, where he's a giant in the tech industry - a former Microsoft executive who led the team that invented the Xbox. He was adjusting to life in Seattle after a high-profile departure from Microsoft several years ago when he woke one morning to find his beloved mountain bike gone.

The experience rattled him. Not only did he feel victimised, he was bothered by the lacklustre police response. He started to look into why bike theft had come to seem like a problem without a solution, accepted by so many as an unavoidable part of urban life.

Allard found a litany of barriers that have prevented meaningful action against bike theft: police are often burdened with other priorities, while stolen bikes can be sold online with impunity. The fragmented bike industry hasn't agreed on a standardised serial number, and riders themselves don't always properly lock their bikes. Allard says he couldn't find a single person in North America working full-time to stop bike theft.

"I just couldn't accept the answers to the questions I was asking after my bike was stolen," he says over a beer at a Vancouver pub. "I reject the notion that getting a bike stolen is just part of riding a bike."

But bike theft is rampant in cities all over the world. In London, about 20,000 bikes are reported stolen every year; 72 went missing from Milton Keyes station alone last year. Theft costs Portland $2m (£1.5m) a year, and that's just the bikes which are reported stolen. A 2015 report by the Netherlands' Central Bureau of Statistics stated that the 630,000 thefts reported to police constituted only about 30% of the total that went missing.

Allard decided to do something about it. What emerged was Project 529, an ambitious scheme aimed at stopping bike theft. The first phase was a global app-based database of bikes geared to riders and police forces, intended to both discourage theft and aid the return of recovered bikes. While online databases have existed for years, none had truly caught on with North Americans, nor was there one shared by police forces across state or international borders.

He quickly learned, however, that the problem went much deeper than encouraging riders to register bikes. A turning point came when he was introduced to Brunt, the veteran Vancouver beat cop who was working on bike theft after being posted to light duty following an injury.

Brunt gave Allard a new perspective on the problem, and access to a police force that was willing to try something new. Allard gave Brunt tech-industry ambition and almost limitless energy to combat the problem.

Together, the pair have turned Vancouver into a test case for a more comprehensive approach to stopping bike theft. They have personally visited every bike shop in Vancouver to discuss the problem, and to encourage owners to register each bike they sell (Allard personally upgraded the sales software for some shops himself to make that easier). They've visited community centres and set up booths at festivals to educate people and invite them to register. At Granville Island, which receives 10 million visits a year, Allard and Brunt worked with owners to relocate bike racks to safer locations, organised bike lock loans to customers, and plastered the Project 529 logo on as many bikes as they could to deter would-be thieves.

"I don't know if anybody else could do this but J," Brunt says. "He's so smart and so good at so many things that it's unbelievable. He's always presenting different perspectives and analysing things in different ways. He just thinks differently."

Across Vancouver, the number of bike thefts fell 20% in the first year the pair worked together. The next year, they fell another 30%. On Granville Island in June 2015, before the project started, 33 bikes were stolen. In June 2017, that number had fallen to seven.

Their work is getting noticed. Laura Jane of Vancouver bike-advocacy organisation Hub Cycling says theft was so bad in the city that she heard of people who had given up riding out of fear of their rides being pilfered. She's been heartened by the turnaround, which she credits to Allard's work and renewed focus by the Vancouver police.

"Cycling needs to be convenient, and there will always be some risk of theft, but what's encouraging is they have demonstrated some very clear steps in reducing bike thefts," Jane says. "This shows that theft is not inevitable in a bike-friendly city."

Still, Allard's business is hardly a runaway success. He has funded it so far using proceeds earned from the sale of his vacation home. Without more city police forces on board, and more cash - registration to 529 Garage is free, but he also sells upgrades - the project's future is uncertain.

"For everything else, we have the magic formula, but not the money side of it," Brunt says. "J is doing this out of his own pocket. He's spent thousands of his own dollars here, and he's not even Canadian. That's kind of heartbreaking to me."

Like any good tech-industry big-thinker, Allard has plowed ahead so far without much thought to funding. "If I had a business plan, I wouldn't be here," he says with a laugh. He acknowledges that Project 529 isn't as "scalable" as he might like, but he hopes Vancouver's results will inspire more cities to take an interest.

He's already signed up police forces in some commuter towns around Vancouver and is looking for more, but is eyeing something bigger: Seattle, a city where a bike is stolen every hour, on average. If Allard can inspire his hometown police force to take the problem as seriously as Vancouver does, he thinks he can put a dent in the cross-border sales that fuel bike thefts in both cities.

"Do I want to cut bike theft by 50%? Yes, of course, but that may not be achievable," he says. "But we can made a difference."

As for that young woman at Granville Island, Brunt remembers her story for another reason. After first meeting her, he and Allard convinced her to register her bike on the 529 Garage app. She did so, and uploaded some photos of herself in her green waterproofs alongside the bike. Eventually, her bike appeared on Craigslist, and with the help of the police and the information in the app, it was recovered and returned to her. It's a story with a happy ending.

(10th November 2017)

(Daily Mail / This is money, dated 7th November 2017 author Victoria Bischoff)

Full article [Option 1]:

Banks are working on plans to track down stolen money and return it to fraud victims within days.

They are setting up a new system that allows them find out where a payment has ended up - regardless of how many bank accounts the money has been moved through.

It means fraud victims will stand a far greater chance of getting back the cash they've lost.

Yesterday, new industry figures revealed for the first time the scale of bank transfer scams where con artists trick victims into handing over money.

In the first six months of this year 19,000 people were hit by this type of fraud, losing £101million. Just £25million, a quarter of the stolen money, was returned to customers.

Most victims are left permanently out of pocket because banks struggle to trace the stolen funds.

When a fraudster tricks someone into handing over cash, it is typically moved out of the receiving account and into another one within minutes.

From there it will be moved again and again through different accounts - known as mule accounts - with different banks.

It may be mixed with other money, some of which may be completely unrelated to crime, until it is almost impossible to work out where it originally came from.

The criminal will then withdraw the funds in cash, transfer the money overseas or use it to make a purchase.

At that point, your cash is usually gone for good - and banks won't offer a refund - which is why it is vital to track it down before it leaves the banking system.

A new digital tracing tool, which banks are calling the 'funds repatriation initiative', will make this possible.

Brian Dilley, group director of fraud & financial crime prevention at Lloyds Banking Group, says: 'The banking industry has been working together to develop a central system that enables us to trace and track the proceeds of fraud through the banking system.

'Money stolen by fraudsters often exits the banking system and is long gone before people know they've been conned, but an infrastructure allowing banks to identify money quicker as fraudsters try to move it down the line will make it harder for them to get away with stolen cash and help victims get their money back.'

At present, when a victim of fraud contacts their bank for help getting their money back the bank can only see the first account the money was moved into.

If the bank that received this money says it has already been moved out of the account there is little, if anything, they can do.

But under the new system the victim's bank will be able to enter the payment details into a central computer that will show almost instantaneously every account the money has moved through since it was stolen - and crucially, where it ended up.

Once they know what bank has the money they can call and ask for it to be frozen so fraudsters can't touch it again.

If the case is simple and does not involve foreign bank accounts, the money could be transferred back to the victim within days.

In more complicated scenarios the bank may need longer to investigate to ensure the money is going back to the right owner.

Experts say this new system could protect significant numbers of customers and prevent millions falling into fraudsters' hands.

As Money Mail has highlighted over the past two weeks, around £130million has been frozen in accounts opened by criminals.

Often, this money has been abandoned by fraudsters after banks have become suspicious and flagged the account for investigation.

In many cases banks are then unable to return the cash to the victim either because they can't trace where the money came from or are prevented from touching it by onerous rules and laws.

Money Mail is campaigning for a tweak to the law so this cash can be used to pay back fraud victims who've been left out of pocket.

If the original victims can't be found, banks should be allowed to use it as a compensation fund for other victims.

Barclays, HSBC, Santander, Nationwide and TSB have backed our campaign.

And over the past week Money Mail has convinced Lloyds bank to throw its full weight behind our proposals.

Initially, it had suggested the money might go towards general efforts to tackle fraud rather than as compensation.

But now it says: 'Lloyds fully supports Money Mail's campaign to change the law and unlock all the £130million in the frozen funds to compensate victims of fraud.'

If it was easier for banks to trace money through the system this money wouldn't amass in the first place.

Writing for Money Mail today, Stephen Jones, chief executive of banking trade body UK Finance, says: 'We need changes to the law to help stop the criminals in the first place, as well as helping victims get their money back.

'That is why the UK banking industry welcomes Money Mail's campaign.'

Banks have already begun piloting this new technology and are aiming to move into a second phase of testing early next year.

They say that realistically the new system will not be fully up and running for another two years.

There are also questions around who will fund the system, how people's data will be protected and if it will be mandatory for all banks and building societies to sign up.

There are also legal and data protection issues to consider.

For example, banks say that there needs to be protection in place in the event that they take money out of someone's account to return to a victim and the owner of that account turns out to be innocent.

For example, the criminal could have used the money to pay their rent. In this instance the bank can't just take back the money from the landlord, who may be completely unaware they have been paid in criminal money.

There will also need to be a framework in place to deal with disputes when things go wrong.

Despite being a giant leap forward, the new system will not protect all victims, as it cannot stop fraudsters taking money out of the banking system altogether.

Yesterday, the Payment Systems Regulator announced plans to force banks to reimburse people where firms 'have not met the required standards' in protecting customers.

It also wants to make it harder for criminals to set up bank accounts and is asking banks to share data so it's easier to spot scammers.

(10th November 2017)

(The Telegraph, dated 6th November 2017 author Martin Evans)

Full article [Option 1]:

Police are using an unmarked HGV lorry to scour Britain's motorways and catch drivers doing dangerous things being the wheel.

The elevated position of the cab allows police officers to see into the other motorists' cabs and record any illegal activity.

More than 4,000 drivers have been caught over the past two years including a lorry driver who was filmed checking his mobile phone and resting his foot on the dashboard while driving on the M18 motorway in Humberside.

Another motorist was spotted in the East Midlands steering with his knees while he ate his lunch and used his phone at the same time.

And in Surrey one driver was spotted by police trying to put toothpaste onto a toothbrush.

After spotting the offending driver and gathering evidence, officers in the HGV then radio a following police car which pulls the vehicle over.

Twenty-eight police forces have taken part in the initiative since it began in April 2015, catching 4,176 drivers in relation to 5,039 offences.

Nearly two-thirds of those pulled over were using a mobile phone. Other offences include not wearing a seat belt, not being in proper control of the vehicle and speeding.

Highways England's head of road safety Richard Leonard said: "The footage of the driver with his foot up on the dashboard is particularly alarming, and I dread to think what would have happened if he had needed to brake suddenly.

"We will continue to use the cab to tackle deaths and serious injuries and to encourage people to improve how they drive."

Chief Constable Anthony Bangham, National Police Chiefs' Council lead for roads policing, said the HGV cab is "an important element of our intelligence-led operations against dangerous driving".

He added: "People have to think about the consequences of their actions. A moment's distraction can change innocent lives. It is never a risk worth taking."

(1st December 2017)

(Which?, dated 4th November 2017 author Faye Lipson)

Full article [Option 1]:

UK victims of May's Equifax data breach have been left confused and panicked by a letter from the firm which says their personal information has been compromised - but doesn't say what Equifax is or why it holds their data.

Which? has heard from dozens of people who received the letter and were confused by it - with some fearing it to be a scam - because they have never heard of or directly dealt with Equifax before.

Equifax has now confirmed that only 27,000 of the nearly 700,000 people it has written to were its direct customers - and the rest may previously have had no inkling they were affected by the breach.

Equifax data breach: 15.2m Brits affected

In May this year, Equifax announced its data had been access by hackers in a cyber-attack. Some 15.2 million UK client records were compromised and more than 690,000 UK consumers are likely to have had sensitive details stolen.

These include email addresses, passwords, driving license numbers, phone numbers and partial credit card details.

Equifax is now writing to those worst-affected UK individuals to offer a choice of free ID-monitoring services.

Why does Equifax hold data for non-customers?

Equifax has confirmed that just 3% of the worst-hit victims were its direct customers.

How is this possible? As a credit reference agency, Equifax receives personal data from banks and financial institutions whenever someone applies for a bank account, mortgage or credit card. Consent for this is usually included in the application terms and conditions.

This means Equifax may hold data on you even if you've never dealt with it directly. Others will have transacted with Equifax by purchasing a credit report or identity monitoring services from it.

Victims express confusion, fear of further scams

Which? has seen evidence the letters are causing widespread confusion among the victims. One person who'd had their name, date of birth and telephone number compromised emailed us:

As far as I am aware I have never used this organisation, they now advise me to use their "free" services to help protect myself. If they are so incompetent in the first place to have been the subject of a cyberattack why should I trust any of the services they recommend.

Is this a scam on top of a scam?

In addition, the Which? Money helpline has fielded more than 25 calls so far this week from people concerned by the letter.

Technical expert and Trading Standards 'Scambassador' Scott McGready took to Twitter to blast the way Equifax has handled informing the public, branding it 'Like herding cats,' and insisting that 'more needs to be done'.

Which? asked Equifax to comment on the apparent confusion its letter had caused, but it declined to do so.

------------- See orginal article to view the Equifax letter --------------

How to verify your letter?

If you receive a letter regarding the Equifax data breach, and you're not sure if it's genuine, look up Equifax's number independently via a search engine or directory enquiries. Then give them a call to confirm the letter is genuinely from them.

Should I accept the free identity monitoring services?

If your data has been breached, you may be at heightened risk of identity fraud. To combat this, Equifax is offering its worst-affected UK customers free services which monitor how your identity is being used online - some of them run by Equifax itself, and one run by anti-fraud body Cifas.

If you are concerned about the security of Equifax's own products, you can opt to be enrolled in Cifas's Protective Registration scheme - however you will still have to give some personal information to Equifax so it can enrol you for free.

It is possible to enrol directly through Cifas, though this will attract a £20 charge (for two years' cover).

Which? tips for surviving a data breach

If you believe you've been a victim of a data breach, take the following steps to protect yourself:
- Contact your mortgage, current account and credit card providers to make them aware of the potential breach.

- Change your passwords on any online accounts holding sensitive information.

- Check your credit card statements and credit reports for unusual or unauthorised activity. Report any discrepancies to the provider immediately.

- Apply for protective registration from CIFAS - the Fraud Prevention Service. This will trigger additional checks any time someone tries to open a financial product in your name.

- Be extra-vigilant against phishing messages.

- Our (Which?) consumer rights guide explains how to spot a scam message.

(10th November 2017)


(International Business Times, dated 2nd November 2017 author Jason Murdock)

Full article [Option 1]:

A fake and potentially malicious application has been discovered on the official Google Play Store posing as WhatsApp Business - and has been downloaded up to 5,000 times.

The existence of the dodgy software was first highlighted by the popular WhatsApp change tracking website WABetaInfo, via Twitter user @MujtabaMHaq.

The suspicious Android app was published by a developer called Whasp. Business Inc., which has three other pieces of software uploaded to the Play Store.

These are versions of Kodi and the popular mobile game Temple Run 2, which appears under the name "HASAZKGIUSAZ." All three of the apps were uploaded in October 2017.

The software posing as WhatsApp Business later changed its name to Update Whatsapp (sic) and has already attracted numerous user complaints revolving around pop-up ads.

Several users have also vented in the comment section after being unable to log in to their accounts.

"DON'T DOWNLOAD THIS APP! IT'S FAKE! WhatsApp Business is not officially available yet for all," the WABetaInfo social media account tweeted to its 30,000 followers. It added: "Check only official channels to download WhatsApp Business in future."

Unfortunately for unwitting Android users, this was an official channel.

The application asks for a slew of invasive mobile permissions. If granted, according to the app's Google Play page, it will be able to receive data from internet, view network connections, have full network access, control vibration and prevent the device from sleeping.

Statistics say it was updated on 16 October and has had between 1,000 and 5,000 installs. At the time of writing, the software is still available for download.

As previously noted, WhatsApp Business is yet to launch as a standalone service.

According to the company it will enable users to "have a business presence on WhatsApp, communicate more efficiently with your customers, and help you grow your business."

Users will be able to create business profiles and use messaging and call features to stay in closer contact with potential customers, ultimately exanding the service's social network features.

(10th November 2017)

(BBC News, dated 2nd November 2017)

Full article :

A company that specialises in asking the public to take part in "surveys" in which the answers are then used to target respondents with unsolicited marketing calls has been fined.

An investigation found Verso Group had not been clear about what it was doing.

The Hertfordshire-based company came to regulators' attention after it was involved in one campaign that resulted in 46 million "nuisance calls" about payment protection insurance (PPI).

It has been ordered to pay £80,000.

The Information Commissioner's Office said it was the first such penalty following a wider investigation into the so-called data broking industry.

"This type of unlawful data directly fuels the nuisance call and spam text industry and creates misery for millions of UK citizens," said the ICO's deputy commissioner, James Dipple-Johnstone.

"Businesses need to understand they don't own personal data - people do."

Although the ICO has the power to issue fines of up to £500,000, the sum is still likely to be significant to Verso.

According to accounts filed in May, the Hertfordshire-based company's net assets totalled just £12,386.

A spokesman for Verso declined to comment.
Personal details

Verso has been in business since 2011 and describes itself as the "largest lead-generation business in the UK by some distance".

According to its website, it uses call centres in India, the Philippines and North America to carry out surveys with the public, with the stated aim of helping consumers cut their utility bills.

These are branded as being carried out by the UK Savers Club and I Love My Offers among other names. Verso says it carries out more than 115,000 such surveys each month.

The business then offers other companies the ability to target consumers via email, phone, postal mail and text, based on the lifestyle, financial and demographic information gathered from respondents.

In addition to PPI insurance, Verso says its clients have used the information to sell loans, legal advice about accidents, extended warranties and beauty products.

Two of the companies Verso has sold data to - Pro Dial and Emacs - have previously been fined by the ICO over the way they had conducted their cold-call businesses.

A follow-up investigation into Verso concluded it was not providing survey respondents with specific enough information about to whom it planned to pass their data, and thus had failed to obtain the necessary consent to sell it on.

Moreover, the ICO said it had found Verso to be "unhelpful and obstructive" when it had tried to look into the matter.

"Verso's contraventions were systemic - they were not isolated, one-off or occasional errors," the report said, "[and] were of a kind likely to cause substantial damage or substantial distress."

The watchdog has ordered Verso to pay the fine by mid-November, although it could also try to appeal against the ruling.

Citizens' rights over their personal information are set to be strengthened next year under the UK's Data Protection Bill.

The law - which implements the EU's General Data Protection Regulation - makes it possible for a person to oblige a company to delete information held about them.

It also raises the cap on the size of penalties the ICO can demand.

(10th November 2017)

(Sky News, dated 2nd November 2017 author Alexander J Martin)

Full article [Option 1]:

As law enforcement faces limited resources to investigate growing levels of cybercrime, the Metropolitan Police has brought in specialist technology to support its digital investigations.

The UK has 12 regional units which tackle organised cybercrime and many forces have their own trained specialists but cybercriminal activity is so common it is challenging to investigate before the offenders get away.

"Like biological evidence, cyber evidence degrades over time - websites are taken down and the trail goes cold," said Detective Superintendent Neil Ballard from the cybercrime unit.

To address this issue, the Met's cybercrime unit, Falcon, has started using technology first developed at the University of Cambridge and now developed by a company called Bromium.

Speaking to Sky News, Bromium's co-founder and president, Ian Pratt, said: "Our approach to cybersecurity is quite different from all the other companies that are out there.

"For every task that you're performing on a machine, for every document you open, every website you go to, we're actually going to create a virtual machine to run that particular task so that if anything bad happens, it's contained within that virtual machine."

As an academic, Mr Pratt led the systems research group at Cambridge for the best part of a decade and started the group's work on the Xen hypervisor, a technology which allows the hardware of a computer to support several operating systems at the same time.

Xen, which Bromium is based on, is used to virtualise computing environments so that if the user accidentally lets any malicious processes execute they can't spread and infect other parts of their machine.

Analysing malware can take months in a computer laboratory but, by using Bromium, the police specialists are able to let it execute in an isolated environment and follow how it behaves in real-time.

The Office for National Statistics estimates more than 3.7 million instances of cybercrime occurred in the UK in 2016, and 46% of British companies admitted they had been attacked by hackers that year.

A technical demonstration of Bromium shows how police can use its real-time forensics capabilities to identify key information about the criminal software infecting victims.

(10th November 2017)


(Women and Home, dated December 2017) [Option 1]

Don't fall prey to a scam this Christmas. Here's how to beat the online fraudsters and stay in control

The Christmas countdown is in full swing. You've work deadlines to meet, end of term concerts to attend, a house to decorate and an avalanche of presents to buy. You're in full on multitasking mode, shopping onlin when you can find the time, losing track of what you've bought and how much you have spent.

And in the midst of all this, an email pings into your mailbox from PayPal informing you that your account has been locked (Arghhh ! "Follow the link to unlock it"). Or perhaps its from Amazon asking for some added security information (didn't you just buy a present on Amazon, so it could be legit...?) Maybe you're distracted by a pop-up ad that seems to be offering the kind of clothes your teenage son lives in but at knock down prices.

When you're stressed and time pressed (and in December, who isn't ?), it's easy to fall for a scam - to quickly click on a link, to enter personal details as instructed or to make an impulse purchase from a site you've never heard of. Just one moment when your guard is down can result in a ruined Christmas - and New Year.

We all think we're safe, that we'd never fall for a scam but the sheer volume of fraudsters puts everyone at risk. Also, with just one email or text, they can target lots of people in one go. Each yar, hundreds of millions of pounds are lost to financial fraud.

Online Fraud

When you're Christmas shopping online, don't put yourself at risk. These are the ways to protect yourself and stay safe.

Be wary of finding sites by clicking on links in unsolicited emails or pop-up ads. Always access a website by typing the address into your browser.

If tempted to buy from a website, check for a padlock symbol on th company's address bar which is a good indication that it's reputable.


Check delivery timescales and keep records - print out your order and keep copies of the retailers terms and conditions, returns policy, delivery conditions, postal address (not a post office box) and phone number (not a mobile number).

Always protect yourself with a strong password, and keep your phone, tablet and PC protected by installing the latest software and app updates - they contain vital security updates that can help protect your devices.


If buying in an onlin auction, avoid sellers who do not display their contact details - and always contact the seller with more questions about the items and asking for more photos. You can also check the photo hasn't been lifted from another site by cutting and pasting it into your browser.

Don't be fooled by "postive feedback" below a sellers name. Fraudsters often earn these through buying many small items. If the feedback is all from sellers (not people who have bought things from this person), be wary.

How to spot a scam email

1. WATCH FOR EMBEDDED LINKS - In many cases, scam emails will contain embedded hyperlinks to a bogus site. Roll you mouse over any links to reveal their true destination.

2. CONSIDER WHAT IT'S ASKING - However convincing the reason, any email asking for personal details, to confirm financial information, to "reset your password" (when you haven't requested one), is likely to be bogus. A genuine bank or organisation will never ask for these in an email, on the phone or in writing.

3. NOTE THE SUBJECT - Subject lines in scam emails are often vague or general - for example, "info", "payment declined" or "important information about your account".

4. IF IN DOUBT, CHECK IT OUT - If still unsure, check with the company the email claims to be from. Contact them on a number you can trust and verify (Thats the number on their correct, or if its your bank use the number on your bank card).

5. LOOK FOR YOUR NAME - Emails addressing you in generic terms like "Dear Customer" rather than by name are the ones to watch.

6. SCRUTINISE THE SENDER'S ADDRESS - The display name may look authentic - from your bank, PayPal, Amazon or whoever it claims to be from. Roll your mouse over the sender's name and check it matches the correct email address of the company.

7. READ IT CAREFULLY, SEVERAL TIMES - Never respond on impulse. Many scams contain an urgency in the message to lower your guard and rush a response. For example, telling you your account will be frozen if you don't react instantly, or the window for collecting your refund closes in 24 hours. Research shows that one in four victims of fraud knew instantly that they'd made a mistake. If you're feeling flustered, slow down and take time to think.

8. THINK LIKE AN ENGLISH TEACHER - is it well written ? Scam emails quite often include messy layout, bad spelling and grammatical errors.

How can we protect ourselves

Vishing, smishing and number spoofing could you fall prey ?

Your phone rings and the warm well spoken caller claims to be from your bank (she knows your name, she knows your bank). She explains that your account is in danger and she will help you move your money to a new "safe" account. Or you receive a text message that appears on an existing thread of genuine messages from your bank. This time though, its informing you of fraudulent activity. You're advised to call a number or visit a website on a link provided.

Many of us may b wary of scam emails - so fraudsters are turning their attention to our phons too, mastering the art of "vishing" (calling and pretending to be from a bank or trusted organisation), "smishing" (approaching via text), and "number spoofing" (which makes texts and calls appear on existing threads or recognised numbers).

Rules to remember

1. DON'T give out personal or financial details. A genuine bank or organisation will never contact you asking for your PIN, full password or to move money to a safe account.

2. DON'T be tricked into giving a fraudster access to your personal or financial details. Never automatically click on an unexpected email or text.

3. ALWAYS question uninvited approaches and never give out personal or financial details, in case its a scam. Instead, contact the company directly using a known emil or phone number.

Take Five

This is a national campaign devised by Financial Fraud Action UK (FFA UK) and UK Government to help fight fraud. For more information and to see Carol Vorderman and Donna Air learning how to spot a scam, visit

(10th November 2017)

(BBC News, dated 1st November 2017 author Nick Triggle)

Full article :

More will be done to protect the NHS in England from "despicable" acts of fraud, the head of the health service's new anti-fraud body has said.

Sue Frith promised a crackdown as she released figures suggesting the yearly bill for fraud in the NHS topped £1bn.

Cases include patients falsely claiming for exemptions on dental and prescription fees, and dentists charging for work they had not done.

Ms Frith said the fraud takes vital funds from front line care.

Ms Frith, the chief executive of the NHS Counter Fraud Authority, said it would be looking at new ways to fight the crime.

The analysis by her team estimated that £1.25bn of fraud is being committed each year by patients, staff and contractors - the first time the health service has put a figure on total fraud committed itself.

The sum represents about 1% of the NHS budget.

The most common frauds

The two biggest single areas of fraud were related to patients and procurement of good and services, both of which was likely to cost the NHS in excess of £200m a year each, according to Ms Frith.

She said patient fraud included cases where people wrongly claimed for exemptions for the cost of things like prescriptions and dental fees.

Meanwhile, payroll fraud was thought to be costing £90m a year, while dentists were said to be claiming around £70m in work on NHS patients that has not been done.

Ms Frith said: "People may think it is just a small amount, but in large volumes it adds up and has an impact. It is criminal behaviour.

"It is despicable people would even claim things they are not entitled to. This is money that should be spent on front line patient care."

She acknowledged the NHS must do better at detecting and preventing fraud.

Last year investigators successfully pursued cases worth £9.6m, although another £30m of cases are pending.

But this is only a small fraction of what she suspects is out there.

Ms Frith said the £1.25bn was probably on the conservative side - previous estimates by experts have put it even higher.

She believes the new organisation, which is officially formed on Wednesday, will be able to improve on this detection rate.

It has been given independent status and allowed to focus solely on fraud.

Its predecessor organisation, NHS Protect, also covered security.

Responsibility for security has now been devolved down to local NHS trusts and the budget for tackling fraud increased by over 10%.

This will also mean more field officers to be appointed to gather evidence, as well as a greater effort on fraud prevention by reviewing contracts and systems put in place to safeguard against fraud, she said.

(1st November 2017)

(BBC News, dated 1st November 2017)

Full article :

The company behind Hilton Hotels is paying a $700,000 (£525,000) fine after being accused of mishandling two separate credit card data breaches.

The attacks were in 2014 and 2015.

More than 363,000 accounts were put at risk, although it remains unclear whether the perpetrators managed to extract any details.

US government investigators said the firm had taken too long to warn customers and had lacked adequate security measures.

The penalty will be divided between the states of New York and Vermont. Their attorney generals agreed the settlement with the company, which operates properties under the Waldorf Astoria, Conrad Hotels and DoubleTree brands in addition to Hilton.
Malware alerts

The first of the two cases was discovered in February 2015, when Hilton learned that one of its UK-based systems was communicating with a suspicious computer outside its network.

Checks revealed that credit-card targeting malware had infected its cash register computers, potentially exposing customers' card details between 18 November and 5 December 2014.

In the second incident, an intrusion detection system alerted Hilton to another problem in July 2015. A subsequent probe revealed that payment card data had again been targeted by malware since April of the same year.

Hilton only notified the public about the breaches in November 2015, which was more than nine months after the first discovery and more than three months after the second.

By this point, there had already been media reports that several banks suspected card details had been stolen from payment systems used in Hilton gift shops and restaurants.

Although the Virginia-headquartered firm still maintains it found no proof that any data had been stolen in either case, the attorney generals noted that the intruders had used anti-forensic tools that had made it impossible to determine exactly what had been done.

As part of the settlement, Hilton has promised to disclose future breaches more quickly and to perform regular security tests, among other enhanced safety efforts.

"Hilton is strongly committed to protecting our customers' payment card information and maintaining the integrity of our systems," the company said in a statement.

(1st November 2017)

(The Guardian, dated 1st November 2017 author Alan Travis)

Full article [Option 1]:

Britain's most senior police officers have clashed with national statisticians over whether the long-term decline in crime in England and Wales is coming to an end.

The clash has been fuelled by the latest set of official figures, which showed a 13% increase in police-recorded crime in the 12 months to June, including 20% rises in gun, knife and other serious violence.

Home secretary says police forces are sitting on £1.6bn reserves and shouldn't be asking for more money from government

The crime survey of England and Wales, which measures people's experience of crime, estimated that overall crime had fallen by 9% over the same period.

The debate matters because it is widely expected that the chancellor, Philip Hammond, will order a fresh public spending squeeze in his budget later this month, while police and opposition politicians say it would be irresponsible not to boost police budgets at a time of rising crime and an unprecedented terrorist threat.

Sara Thornton, the chair of the national police chiefs' council, was clear on Wednesday that the 13% rise in police-recorded crime should be seen as a major shift and not a blip.

"I have been a chief constable for 10 years, and for all that time the crime survey of England and Wales has shown reductions from its peak in 1995. And the crime survey is still showing a 9% reduction this year if, and only if, we exclude 5m online crimes," she told a joint summit of chief constables and crime commissioners.

"Recorded crime has increased by 13% in the past year," she said. "And I think that most would agree that some of that is due to the requirement to record more lower level crimes such as harassment and assault without injury, but there are also very worrying signs about the increase nationally in violent crime. Knife crime, gun crime and serious violence have all increased significantly."

Thornton said she didn't know whether this was "the beginning of the end of the great crime decline", but argued that the police couldn't take any risks. "I don't know that answer," she said. "But I do not think that we can risk viewing the rise in recorded crime as a blip. In the way that experts say there has been a shift rather than a spike in the terrorist threat, I think that we are seeing a shift rather than a blip in crime."

Her view was disputed in a special Office of National Statistics blogpost by Iain Bell, the deputy national statistician, who argued that while there have been genuine increases in crimes such as knife crime, burglary and vehicle theft, much of the 13% rise in police-recorded crime reflected greater recording by the police.

He agreed that when estimates of online crime are added to the official survey data shortly it was likely the existing headline figure would double.

"It is likely, then, that some of the fall in crime as measured through the survey is due to a switch in types of criminal activity to online, but even allowing for this the headline measure from the survey peaked in 1995, 8.4m above the estimate which now includes online fraud," he said. "This peak was long before internet use became widespread. So taking the long view, crime is clearly falling."

Indicative ONS data shows that the current crime survey headline estimate of 5.8m offences in England and Wales would rise to 10.7m when online crime is included. This would wipe out all the falls seen in the crime survey since 2004 and reinforces Thornton's decision to question whether crime has stopped falling.

Bell's argument appears to imply that the crime survey figures may show a rise year on year when the estimates of online crime are finally included, but the long-term trend will still amount to a fall in crime until the moment when they match the 1995 peak of 18m offences.

When online crime is included in the survey's figures it will certainly wipe out the 38% drop in the crime survey's figures since 2010, referenced by the home secretary, Amber Rudd, to justify her rebuke to the police over their lobbying for extra funding when there is an uptick in the crime stats.

Rudd was careful to acknowledge, however, that there had been genuine increases in homicides, knife crime and gun offences, the kind of high-harm but low-volume crimes that cause the public the most alarm.

(1st November 2017)



(ZDNET, dated 30th October 2017 author Zack Whittaker)

Full article [Option 1]:

A series of flaws in Google's internal bug tracker let a security researcher gain access to some of the company's most critical and dangerous vulnerabilities.

The company's internal bug reporting system, known as the Issue Tracker (or the "Buganizer"), is used by security researchers and bug finders to submit issues, problems, and security vulnerabilities with Google's software, services and products.

Most ordinary users have very little access to the bug tracker. But a security researcher found that by spoofing a Google corporate email address, he was able to gain access to the back-end of the system, and to thousands of bug reports -- some of them marked as "priority zero," the most severe and dangerous vulnerabilities, with which a hacker could do untold damage.

Alex Birsan, who discovered the flaws, told ZDNet that an attacker could have discovered and exploited submitted vulnerabilities to target and potentially compromise Google accounts.
(International Business Times, dated 27th October 2017 author Jason Murdock)

Full article [Option 1]:

The UK's National Health Service (NHS) could have prevented the unprecedented 'WannaCry' malware outbreak earlier this year if it had applied basic IT procedures and heeded warnings from security experts to apply software upgrades, a government report stated Friday (27 October).

The National Audit Office (NAO) spearheaded an investigation into NHS response to the cyberattack, the most widespread to hit the healthcare service.

The report said at least 81 out of 236 trusts across England were affected. A further 603 primary care and NHS organisations were infected, including 595 GP practices.

But the probe found that the Department of Health had warned the NHS about the risks of cyberattacks a year before the incident took place.

It also said that in March and April this year, regional NHS health Trusts failed to patch their computer systems with the fixes that would have stopped WannaCry from spreading - despite being informed of the updates by NHS Digital.

See also :

(The Register, dated 27th October 2017 author Kat Hall)

Full article [Option 1]:

(The Independent, dated 24th October 2017 author Aatif Sulleyman)

Full article [Option 1]:

A new cyber attack is affecting computer systems around Europe.

A strain of ransomware known as "Bad Rabbit" is believed to be behind the trouble, and has spread to Russia, Ukraine, Turkey and Germany.

Cyber security firm Kaspersky Lab, which is monitoring the malware, has compared it to the WannaCry and Petya attacks that caused so much chaos earlier this year.

(International Business Times, dated 20th October 2017 author Jason Murdock)

Full article [Option 1]:

Up to a million organisations around the world have already been infected by a new computer bot network that has the potential to "take down the internet", researchers warn.

According to cybersecurity company Check Point, a new botnet has been spotted which is enslaving internet-of-things (IoT) devices - mainly internet routers and remote cameras. "The next cyber-hurricane is about to come," the firm claimed in a report this week (19 October).

Research suggested that the new botnet is evolving at a rapid pace, and could soon be weaponised to launch cyberattacks in the same fashion as "Mirai" last year.

(BBC News, dated 16th October 2017 author Jane Wakefield)

Full article :

The wi-fi connections of businesses and homes around the world are at risk, according to researchers who have revealed a major flaw dubbed Krack.

It concerns an authentication system which is widely used to secure wireless connections.

Experts said it could leave "the majority" of connections at risk until they are patched.

The researchers added the attack method was "exceptionally devastating" for Android 6.0 or above and Linux.

(International Business Times, dated 12th October 2017 author Jason Murdock)

Full article [Option 1]:

A notorious computer Trojan which can be used by cybercriminals to drain bank accounts is now active in more than 40 countries across the world, researchers have found.

The malicious software - known as "Trickbot" - was most recently spotted infecting machines across Latin America including Argentina, Chile, Colombia and Peru, according to Limor Kessem, a security expert at IBM's X-Force division, in an analysis this week (11 October).

The number of infections in Latin America remains small, but IBM researchers believe that such a strategy is run-of-the-mill for the cybercrime gang responsible, which is known to "test the waters" before adding local banks to its list of official targets.

Trickbot first came to light in October 2016 after it hit financial institutions across Asia and Australia, later evolving to target the UK, Germany and Canada.

(Irish Times, dated 10th October 2017 author Conor Pope)

Full article [Option 1]:

Tens of thousands of people who have shopped in Supervalu, Centra and Daybreak stores in recent days have been warned to watch their next credit and debit card statements as a precautionary measure after an attempted cyber attack on the stores.

The supermarkets and convenience stores, as well as their parent company Musgrave, were targeted by criminals who tried to steal numbers and expiry dates of customers' cards.

Musgrave, which confirmed the attack on Tuesday, said it was engaged in an ongoing investigation with the Garda. It did not provide details of when the attack took place or how many of its customers were potentially involved.

The company said it had notified the Office of the Data Protection Commissioner of the incident. Its spokesman said it had committed to keeping the commissioner updated as its investigation progressed.

(The Register, dated 10th October 2017 author John Leyden)

Full article [Option 1]:

Cybercriminals in the Arab states are some of the most cooperative in the world, according to Trend Micro this week.

The infosec biz's latest study, Digital Souks: A glimpse into the Middle Eastern and North African underground, identifies the most popular kinds of hacking tools and commodities, and the most active countries in the region.

Hacktivism, DDoS attacks and website defacements are a staple in the Middle East. These tactics are often carried out by actors who harbour ideological mistrust towards the West as well as local governments. Major primary product categories are malware (27 per cent), fake documents (27 per cent), stolen data (20 per cent), crimeware (13 per cent), weapons (10 per cent), and narcotics (3 per cent).

(International Business Review, dated 9th October 2017 author India Ashok)

Full article [Option 1]:

One of the world's leading market research and investment advisory firms, Forrester, announced that it was hit by a cyberattack last week. According to the company, hackers stole sensitive research reports from the company.

The company offers customers trends, statistics and other market research, which is employed by businesses prior to launching their specific products and/or services. Forrester's clients use its website to log in and download specific research, which hackers accessed.

Forrester said that there is no evidence to suggest that confidential client and employee data, as well as financial information, were accessed by the hackers.

(Business Insider - Australia, dated 7th October 2017 author Becky Peterson)

Full article [Option 1]:

No one wants to be the next Equifax and it's a safe bet that at this very moment big and small businesses across the country are scrambling to bolster their cyber fortifications.

It's not an easy feat. But Steve Martino, chief information security officer at Cisco, has developed some clever techniques through years of fighting the bad guys.

Cisco employees are constantly kept on their toes as Martino probes them for weak spots and drills a defensive mindset into them.

In online business, big click-through rates are great: it means customers are clicking on links and web pages to buy stuff.

Inside a company though, high click-through rates can be deadly as a daily barrage of phishing emails and other nefarious tricks try to entice susceptible employees into clicking a dangerous link.

Martino sends out fake phishing emails to Cisco's entire staff every quarter. Anyone who clicks on the phishing link is brought to an employee training video to teach them how to avoid engaging with suspicious emails in the future. The method works because it helps every employee understand their role in protecting their company against attacks.

(City AM, dated 4th October 2017 author Catherine Neilan)

Full article [Option 1]:

BT has agreed to share "threat intelligence data" with global policing body Interpol, in a bid to combat cybercrime.

The two organisations today signed an accord in which BT will hand over data "relating to criminal trends in cyber-space, emerging and known cyber-threats and malicious attacks", as well as offering insight from BT's own threat intelligence experts.

BT is the first telecommunications provider to sign this kind of agreement with Interpol, although earlier this year it was one of seven private sector companies which supported an Interpol operation targeting cybercrime across the ASEAN region.

BT's threat intelligence and investigation team, based at the company's security operations centre in Singapore, has already provided information on regional threats, including data relating to local hactivist groups and phishing sites.

(Computer Weekly, dated 2nd October 2017 author Warwick Ashford)

Full article [Option 1]:

Europol-Interpol Cybercrime Conference sees No More Ransom anti-ransomware initiative highlighted as successful example of law enforcement agencies' collaboration.

Europol and Interpol have reconfirmed their strong commitment to continue their collaboration in the fight against cyber crime.

At the fifth annual Europol-Interpol Cybercrime Conference in The Hague, the two law enforcement organisations committed to building on successful examples of their cooperation.

These include No More Ransom, an anti-ransomware cross-industry initiative aimed at helping victims of ransomware to recover their data without having to pay a ransom.

(1st November 2017)


The Evening Standard is supporting charities against this horrendous crime and is highlighting its occurence by producing a series of articles.


(London Evening Standard, dated 18th October 2017 author Martin Bentham)

Full article [Option 1]:

Britain is to spend £3 million to stop women being trafficked from Vietnam to work here in brothels, nail bars and cannabis factories, the Government announced today.

The money will help catch criminals organising the trade, as well as supporting victims and preventing others being lured into modern slavery.

It follows evidence that Vietnam, along with countries such as Albania and Nigeria, is one of the top sources of overseas trafficking victims forced into slavery in this country. The spending was announced as the Home Office published a new report which identifies 17 different types of modern slavery in the UK, with disturbing details of how individual victims suffer.

They include one case in which a 13-year-old Romanian girl was trafficked into Britain by criminals, including her father, to carry out forced begging.

She spent seven hours a day on the streets and was then beaten and forced to hand over the money she raised, while also being used as a domestic slave by her abusers. In another case involving a trafficking victim, a London man arranged for a 14-year-old girl from a Lincolnshire care home to be driven to the capital to be sexually abused by him.

Other children trafficked for sexual exploitation were under 13. Trafficking from Vietnam, which accounted for 451 of the 3,805 slavery victims identified in the UK last year, remains a prime concern and prompted the decision to spend taxpayers' money there.

Home Office minister Sarah Newton said: "No matter what we do to eradicate the sickening and inhuman crimes associated with modern slavery here in the UK, true success can only be achieved by taking the fight onto the global stage.

"We will be investing £3 million to tackle the issue in Vietnam, where so many victims are trafficked with the promise of a better life, only to find themselves enslaved." The UK is spending a total of £33.5 million fighting slavery in "high-risk" overseas nations. Other countries where slavery victims come from include China, Ghana, Nepal and Pakistan.

(London Evening Standard, dated 12th October 2017 author Eleanor Rose)

Full article [Option 1]:

A squad of anti-slavery enforcers visited London car washes in a major response to the Evening Standard's special investigation into slavery.

The Standard yesterday exposed the horrors of Britain's car washes, where young men report being tricked and trapped, sleeping four to a room and subjected to injury and even death.

It was reported that Sandu Laurentiu-Sava, a 40-year-old Romanian, died by electrocution while showering in squalid quarters attached to the car wash where he worked in Bethnal Green. Others told of "leprosy-like" damage to their hands from using chemicals without gloves.

Officers from the Met police's Modern Slavery and Kidnap Unit, Gangmasters and Labour Abuse Authority (GLAA), and the HMRC launched a series of joint car-wash welfare visits after this newspaper urged authorities to act.

The Standard accompanied officials on visits to four hand car washes in east London. Staff told how they worked 12-hour days for as little as £3 an hour, revealing to officers that they "just work, eat and sleep".

They were seen washing cars in trainers and jeans, some of them not wearing gloves - often a cause for alarm, according to UK slavery experts. One Romanian, who asked not to be named, said he worked gruelling hours in cold weather, and was constantly soaked. "I work 12 hours a day, six days a week, for £40 a day. It's very difficult," he said, adding that he did not have a passport or bank account.

"You stay with your feet in water all day. Even in winter, I am not wearing boots." During the visits, officers also found a 17-year-old who said he had fled slavery in his native Albania hoping for a better life in the UK.

He told officers how he then ended up working 10 to 12 hour days in a car wash for low pay.

Chris Flint, investigator for the GLAA, said the multi-agency inspections were crucial to identifying labour abuses, from minimum wage infractions to the extremes of coercion, threat and injury.

Although the men did not identify themselves as victims of slavery during the visits, officers saw "clear hidden-economy exploitation", he said, adding: "It's all about protecting those exploited workers - and this is a fantastic example of that. We should be doing this day in, day out. Joint working works." More welfare visits are planned as the Metropolitan police seek to tackle "vulnerable premises" such as car washes.

A new monthly meeting at Scotland Yard has also been launched between agencies that deal with modern slavery to share intelligence and combine efforts.

Help end slavery by visiting the Evening Standard's digital action platform :


(1st November 2017)

(London Evening Standard, dated 31st October 2017 author Justin Davenport)

Full article [Option 1]:

Scotland Yard today unveiled new tactics in the battle against moped thugs rampaging across London, including deploying officers on scrambler motorbikes to chase down suspects.

Police are using the four specialist BMW scrambler bikes to go after moped riders who use alleyways and rat runs to evade more conventional pursuits.

Scotland Yard said it was using DNA sprays and mobile stinger devices to deflate tyres in the fightback against the moped gangs behind an epidemic of violence and crime.

Met Commissioner Cressida Dick announced the new tactics today, saying they were already making a difference with police recording a fall in the number of moped offences since July.

She also urged London's communities to "mobilise" and "channel their outrage" against the moped thugs to make the streets safer.

She said: "I have been clear that tackling violence is my priority. I was angered by the apparent perception amongst some criminals that they could operate with near impunity, committing strings of offences using scooters.

"We have brought all our tactics and specialists together to use every ethical option to put a stop to the rise; arrest those responsible; disrupt offenders; dismantle the criminal markets that make these offences lucrative and change the public's behaviour to make them a part of our effort."

Police have already used the DNA spray at least four times in London with at least one arrest.

The substance is sprayed on suspects, who cannot be chased for safety reasons, and it can be picked up under UV light if they are later arrested. The spray can link suspects to moped crimes committed weeks earlier.

Police say the scrambler bikes will be ridden by highly trained motorcycle officers and will be involved more in setting up ambushes for moped thieves than chasing them through the streets.

One source said: "They will be able to get ahead of moped gangs and set up traps using the mobile stingers or the DNA spray. It gives us much greater flexibility and movement."

The action comes as the Met has been battling a surge in the number of moped or scooter linked offences with around 16,000 thefts involving mopeds each year.

Victims have included Martin Lewis, founder of, while Daniel Radcliffe, the Harry Potter actor, helped a tourist whose face was slashed by muggers stealing his bag.

Last month charity worker Abdul Samad, 28, was stabbed to death after two moped muggers snatched his iPhone outside his front door in Paddington.

Today the Met said the latest statistics showed a 25 per cent reduction in the number of powered two wheel bikes stolen in the last six months to the end of September.

There was also a 24 per cent fall in the number of moped related crimes over the same period and rising arrest rates and convictions of prolific offenders.

The Met revealed it was using tactics successfully deployed by the Trident gangs team to respond to scooter offences, targeting moped thugs for other offences if possible.

Officers are also manning a 24/7 police control room to watch for scooter offences anywhere in London and co-ordinate an immediate response to tackle them.

Ms Dick said: "We know that our criminal cohort committing crime on scooters also carry knives, have links to networks who handle stolen property and who deal drugs. So if you are a persistent phone thief - using a scooter to commit your crimes - and we can prove your involvement in other offences, such as drug dealing, you will be arrested.

"This is where the public can help us. I want to mobilise communities, to channel their outrage as part of a joint effort to make our streets safer. Look after your belongings, follow our security advice and tell us about the people who are responsible for crime in your communities and help us tackle them."

(1st November 2017)

(Independent, dated 30th October 2017 author May Bulman)

Full article [Option 1]:

Racial stereotyping may be a "significant contributory factor" in deaths that occur in custody across England and Wales, yet authorities are failing to investigate whether discrimination has taken place, a major report has found.

The Government-commissioned review, which has been published today after a 15-month delay, also raises concerns that the Independent Police Complaints Commissions (IPCC) fails to act independently of the police when investigating deaths in custody.

Since the review was commissioned by the then Home Secretary Theresa May in July 2015, there have been a number of deaths following police contact - such as those of Rashan Charles and Edson Da Costa, both young black men - reigniting widespread public concern.

Since January, there have also been at least eight deaths involving restraint or taser and other uses of force; and five deaths of people who "became unwell" or were found unresponsive while in custody.

Dame Elish Angiolini QC, who authored the review, said the disproportionately high number of deaths of black men in restraint-related deaths, often in contentious circumstances, was a "serious issue" because it connects so vividly with the perception many in BAME communities have of the police service.

"Where there is evidence of racist or discriminatory treatment or other criminality or misconduct, police officers must be held to account through the legal system," the report states.

"Racial stereotyping may or may not be a significant contributory factor in some deaths in custody. However, unless investigatory bodies operate transparently and are seen to give all due consideration to the possibility that stereotyping may have occurred or that discrimination took place in any given case, families and communities will continue to feel that the system is stacked against them."

The report also recommends that to ensure it can achieve independence from the influence and culture of those it investigates, ex-police officers should be phased out as lead investigators within the IPCC.

It highlights concerns over the fact that police officers have the opportunity to confer with each other during a formal meeting that occurs before the IPCC becomes involved, stating that this can "seriously undermine" public confidence in the subsequent evidence of police officers.

"The longer those officers who are critical witnesses to the event remain together following the death, the greater the anxiety and suspicions by families and others that the evidence of individual officers has been inadvertently or deliberately fine-tuned to accord with the evidence of their colleagues," it states.

The review also found that recognition must be given to the wider dangers posed by restraining someone in a heightened physical and mental state, where the individual's system can become rapidly and fatally overwhelmed.

t states that the use of force and restraint against anyone in mental health crisis or suffering from some form of drug or substance induced psychosis poses a life-threatening risk.

Labour MP Dianne Abbott, who recently expressed concern about the investigation into Mr Charles's death, accused the Government of continuing to ply communities with "broken promises and delay tactics," urging that "enough is enough."

"I welcome the recommendations of the review but cannot understand why we have waited two and a half years for its publication. More families have lost loved ones while this Tory government continues to ply communities with warm words, broken promises and delay tactics," she told The Independent.

"These findings will come as no surprise to BAME communities and campaigners like those in the United Friends & Families Campaign. The Government must not drag their feet to bring about urgently needed reforms. Enough is enough."

In light of the findings, the Equality and Human Rights Commission (EHCR) said the Government was "failing those in need of protection", adding that there is a "long way to go" before people in police custody are adequately protected and full confidence is gained in the public system.

Rebecca Hilsenrath, chief executive of the EHCR, said: "The police have a duty to protect the lives of people in detention, the public deserves full confidence in our justice system, and the state must investigate any death for which it might be responsible.

"Sadly the long-awaited Angiolini Review, which reiterates the findings in our own report on non-natural deaths in detention, proves we've got a long way to go before we achieve any of these.

"The Government must use today's findings to improve the ability of public authorities to serve the needs of people with mental health conditions, to eradicate unavoidable deaths in detention, and to ensure that the families of the deceased are able to access justice effectively. Without this, we are failing those in need of protection."

The Government has responded to the findings saying it commits to review existing guidance so that the starting presumption is that legal aid should be awarded for representation of the bereaved at an inquest following a suspicious death or suicide in police custody or in prison.

It also makes clear that from December, police cells will not be used as places of safety for those under the age of 18 detained under the Mental Health Act and that transparency and accountability in the use of force by police has been improved through better data collection.

Home Secretary Amber Rudd said: "This simply isn't right, and is why the Government is taking steps to ensure that families bereaved in this way in future get the support and answers they need".

"The Government is committed to tackling this issue and that when tragically deaths in police custody do occur, we are clear that they must be investigated thoroughly and action taken to support families better in future".

Lord Chancellor and Secretary of State for Justice, David Lidington said: "We recognise that the route to legal aid in inquests relating to deaths in police custody and prison can be complex and intrusive for families.

"That is why I am taking immediate steps to make it the starting presumption that legal aid should be awarded in such cases. I want to prevent the distress for families of having to fill out complex forms on means-testing, and to make sure the bereaved are fully aware of their rights."

(1st November 2017)

(London Evening Standard, dated 27th October 2017 author Nicholas Cecil)

Full article [Option 1]:

A major investigation was launched today into whether millions of holidaymakers are being ripped off by hotel booking websites.

The inquiry by the Competition and Markets Authority will investigate how hotels are ranked in online searches, including whether results are influenced by the amount of commission a destination pays to the website.

It will also examine "pressure selling" and whether websites can create a false impression of the number of rooms available or rush customers into making a decision with warnings such as "six other people looking at this now" and "last booked three hours ago".

The competition watchdog also wants to establish if discounts advertised for a hotel are accurate, or are comparing a higher weekend room rate with the weekday rate for which the customer has searched.

The inquiry will also seek to unearth whether charges such as taxes or booking fees are hidden and may not be included in the advertised price.

About 70 per cent of people who shopped around for hotels last year used hotel booking websites such as, Trivago, Expedia, or

There is no evidence that any of them are engaging in bad practices but the CMA wants to ensure that consumers are not being ripped off.

"They should all be confident they have chosen the best accommodation for their needs and are getting a good deal," said chief executive Andrea Coscelli. "In today's increasingly busy world, sites like this offer real potential to help holiday-makers save time and money.

"To do this, sites need to give their customers information that is clear, accurate and presented in a way that enables people to choose the best deal for them.

"But we are concerned that this is not happening and that the information on sites may in fact be making it difficult for people to make the right choice."

The CMA has written to firms across the sector requiring them to give information about their activities.

Victoria Bacon, of the Association of British Travel Agents, said: "We have all experienced it when you go onto a hotel booking site and it says there are six rooms available at that price ... that's OK as long as it's true.

"If it is not true, or if it is misleading then it's against the law."

She added that the hotel website booking sector "lacked scrutiny".

"Travel agents, tour operators, ABTA members come under ABTA's code of conduct so they are scrutinised for these sort of things. Airlines come under the scrutiny of the CAA.

"This is a sector of the market, these hotel booking sites, which does not have that same level of scrutiny."

(1st November 2017)

(Metro, dated 30th October 2017 author Adam Smith)

Full article [Option 1]:

A gang who used the bank details of hundreds of students to carry out a sophisticated £2 million mobile phone fraud have been jailed.

Detectives from the Met's Cyber Crime Unit began an investigation in March 2014 after two University of Sheffield students complained their bank accounts were being used fraudulently.

The investigation uncovered a long-running and sophisticated fraud which was fleecing mobile phone companies EE, Vodafone, O2, T-Mobile, Three and Virgin.

Seven people were setting up phone contracts in the names of people who were not genuine subscribers.

The gang paid over 300 students, who would subsequently be saddled with debts and a poor credit rating, £50 for a phone contract to be taken out in their name and asked to post the new phones to an office in Fulham.

The fraudsters then would cancel the contract and they would send back cheap, counterfeit handsets and sell the original phones abroad.

Another way the gang would make money was to sell the SIM card to a text marketing company.

Detective Inspector Louise Shea, of the Met's Cyber Crime Unit, said: 'This was a meticulously planned fraud that was carried out on an industrial scale. The defendants used the personal details of students from across the country to obtain mobile phone contracts which they used to make a profit.

'The motive for this crime was pure greed and the fraudsters showed a complete disregard for the trust placed in them by the students who handed over their details, many of whom have been left with large debts.

In some cases, the students gave their parents' home address and this has subsequently affected their ability to apply for credit.'

She added: 'This case should act as a warning for any student who is offered a cash incentive to hand over their personal details.

'It may be tempting to earn some short-term cash in this way, but in the long-term you could be left with a large debt and a poor credit rating, which will affect your ability to get a mortgage or bank loan in the future.'

The mastermind of the fraud, which was run via three companies JBi Systems Ltd, JBi Capital Ltd and Netlink Services UK Ltd between August 2013 and August 2014, was Jonathan Boorman from Bath.

The 32-year-old was described as 'Big Boss' within a directory spreadsheet seized by Met detectives and eventually pleaded guilty to one count of conspiracy to commit fraud and one count of money laundering.

He was jailed for six years and four months, and banned for 10 years from being the director of any company.

His second in command was Alex Karonias, 32, of East Sheen, who pleaded guilty to one count of conspiracy to commit fraud and one count of money laundering and was jailed for five years and banned for 10 years from being a director.

Laura Kane, 28, from Kidderminster, was found guilty of two counts of conspiracy to commit fraud and one count of money laundering, and was jailed for five years and six months.

Charlie Shelton, 31, from London, pleaded guilty to one count of conspiracy to commit fraud and was jailed for three years and three months.

Rob Morrison, 31, also from London, pleaded guilty to one count of conspiracy to commit fraud and was sentenced to two years and three months.

Tom Maynard, 26, also from London, pleaded guilty to two counts of conspiracy to commit fraud and was sentenced to two years, suspended for two years, and 160 hours community service.

Reiss Rawson, 31, from Chelsea in London, was found guilty of one count of conspiracy to commit fraud and one count of money laundering. He was sentenced to two years, suspended for two years, and 160 hours of community service.

(1st November 2017)

(London Evening Standard, dated 29th October 2017 author Francesca Gillett)

Full article [Option 1]:

An online crime is committed every 10 minutes in England and Wales, shocking new figures show.

Official stats revealing the dangers of cyber space show police logged more than 55,000 internet-related offences in the space of a year, working out to an average of 150 a day.

The crimes recorded include child sex abuse allegations, harassment and blackmail. Fraud and computer misuse are not included in the statistics.

In April 2015, it became mandatory for police to return quarterly information on the number of crimes flagged as being either fully or partially committed online.

According to the latest findings, logged between July 2016 and June 2017, the number of web crimes rose by nearly 20,000 compared to the previous 12 months. However the data sources were not identical for both periods.

Statisticians from the Office for National Statistics, which published the data, said the amount of cyber crime is only set to rise as identifying these sorts of offences improves.

Harassment and stalking made up the largest chunk of the online-flagged crimes, with 33,148 in the year to June. Around one in seven of all the offences recorded as harassment involved the internet.

Online-flagged offences account for only a small proportion of the total number of crimes registered by forces, which stood at around 4.5 million in the year to June, excluding fraud.

A report from the probation watchdog on Thursday detailed how social media is being used by young offenders to plan and incite serious offences.

There have been questions over how well equipped police are to confront the shift, with the HM Chief Inspector of Constabulary Sir Thomas Winsor warning forces are "all too often overwhelmed".

Richard Garside, director of the Centre for Crime and Justice Studies, said: "Online-enabled offences make up only a small portion of all offences recorded by the police.

"Looking ahead, the challenge of preventing them and responding to them is only likely to grow. The police are only ever going to be able to play a small part in an effective response."

(1st November 2017)

(The Telegraph, dated 23rd October 2017 author Telegrah Reporters)

Full article [Option 1]:

The police have more officers per capita than in the 1960s, challenging claims that they are understaffed, figures show.

Despite claims that forces are struggling to cope, analysis of Home Office data shows that in 1961 there were 807 people for every police officer in England and Wales, whereas the most recent figures, released earlier this month in a House of Commons briefing paper, show that there are now 462 people for every officer.

Several police forces, as well as the police watchdog Her Majesty's Inspectorate of Constabulary, have said that recent cuts have left forces struggling to function properly.

The police were criticised for poor performance last week as the Daily Telegraph's data analysis showed that nine in ten burglaries were left unsolved.

The Metropolitan Police has also said that it would no longer look into lower-level crime as a result of spending cuts.

Meanwhile they have come under fire for awareness-raising stunts such as officers painting their nails to highlight modern slavery.

The figures, which appeared in the Mail on Sunday, suggest that police numbers compare favourably with previous decades.

Police numbers rose during the 1980s and early 1990s, before falling to a 10-year low at the end of the 1990s and rising sharply in the early 2000s.

They have been dropping again since 2009, when they had reached a high of 141,647.

The crime levels of 1961 and today are markedly different. In 1961, 806,900 crimes were committed whereas ONS data shows that 5.2 million crimes were recorded this year, a 13 per cent rise from the year before.

A briefing paper published ahead of the London 2012 Olympics shows that crime per 100,000 people rose sharply during the 1960s.

An average of one million crimes per year were recorded during that decade, rising to two million during the 1970s and 3.5m in the 1980s.

More recently, according to the crime survey for England and Wales, crime peaked in 1995 and has been falling since, though police recorded crime has risen in recent years.

Previous analysis of rising crime data has suggested that it can be partly attributed to changes in the way it is recorded, as well as the criminalisation of drug use and the rising value of people's property.

The National Police Chief's Council highlighted that the policeare dealing with different crimes now than 50 years ago.

A spokesman said: "Policing in 2017 is very different to in the 1960s. We are dealing with an unprecedented terror threat, police recorded crime is up 13 per cent and forces are dealing with more complex, resource-intensive crime like modern slavery, child sexual exploitation, cybercrime and online fraud.

"Our mission is also wider, acting as the service of last resort for people who have fallen through the gaps of other services as well as providing effective local policing. We are meeting these challenges with officer numbers at same level as they were in 1985."

Minister for Policing and the Fire Service, Nick Hurd, said: "We are clear that all crimes reported to the police should be taken seriously, investigated and, where appropriate, taken through the courts and met with tough sentences.

"This Government protected overall police funding in real terms since the 2015 Spending Review and maintained that protection in a fair funding deal this year.

"The independent Crime Survey for England and Wales - acknowledged by the ONS as our best measure of long term crime trends experienced by individuals and families, shows a substantial fall of 9 per cent, in the year ending June 2017 and 38 per cent since June 2010."

Figures also show that since 2010, the proportion of officers working at the frontline has increased and is currently at more than 93 per cent.

The Home Office has previously said that according to Her Majesty's Inspectorate of Constabulary there is "considerable scope to improve efficiency"

(1st November 2017)

(London Evening Standard, dated 23rd October 2017 author Martin Bentham)

Full article [Option 1]:

MI5 and police are to carry out the biggest shake-up of their counter-terrorism operations since the 7/7 London bombings in a new attempt to protect the public from further terror attacks.

The main aim of the overhaul will be to find better ways of identifying when known extremists classed as "former subjects of interest" - because they are thought to pose no imminent threat - suddenly decide to carry out attacks.

These will include changes to improve the detection of "trigger" activities - such as financial transactions, meetings or social media exchanges, and purchases of items that could be used in an attack - which could indicate a switch to murderous intent.

Measures to improve the way that police and Security Service officers work together to assess the risks posed by Islamist radicals are also expected, as well as a strengthened focus on Right-wing extremists.

The changes follow reviews by both police and MI5 of what they knew about those who carried out this year's terror attacks in London and Manchester.

They are understood to have concluded that there was extensive intelligence available before both the Manchester and London Bridge attacks and that potential misjudgments were made in relation to both incidents.

Some of the findings are expected to be published by the Government later this year, although some of the conclusions will remain confidential because they relate to techniques, intelligence, and working methods that remain vital for future counter-terrorism efforts.

The reviews were first announced by Theresa May following the London Bridge murders in June, when she said she "recognised people's concerns" that opportunities to stop those killings and the earlier attacks might have been missed.

Foreign Secretary Boris Johnson had earlier said that MI5 had questions to answer over its failure to stop Khuram Butt, one of the three London Bridge attackers, a known extremist who appeared in a Channel 4 documentary The Jihadis Next Door.

There were also claims that the Italian authorities had tipped off Britain about another of the London Bridge killers, Youssef Zaghba, a Moroccan whom they had stopped at Bologna airport last year over fears that he was trying to fly to Syria.

Similar concerns were raised about the failure to identify the risk posed by Manchester bomber Salman Abedi, despite evidence that he had taken part in fighting in his family's Libyan homeland and his father's alleged extremist connections.

Whitehall sources emphasise that there remains strong confidence in the ability of MI5 and police and that their existing methods have foiled a large number of attacks.

The changes resulting from the reviews were foreshadowed by Andrew Parker, the Security Service's director general, in a speech last week. He told security journalists that MI5 would be using "the harsh light of hindsight, to squeeze out every last drop of learning" from the attacks and would "look at new ways of doing things".

There are 20,000 "former subjects of interest" who have been assessed by MI5 but are judged not to pose an active threat. Both Butt and Abedi were in this group and were not identified when they switched to becoming extremists determined to carry out murder.

(1st November 2017)

(The Times, dated 22nd October 2017 authors Tom Harper and Leila Haddou) [Option 1]

Police have blamed victims' failure to support prosecutions for a growing number of unsolved crimes, amid fears of a criminal justice system in crisis.

The number of unsolved crimes attributed by police forces to victims' unwillingness to co-operate with their investigations has jumped by 224,000 over the past year. The figures, from the Home Office, include 127,000 violent offences.

Amid a surge in overall crime, sources said victims are increasingly "giving up" after they alert police, because budget cuts mean officers struggle to attend crime scenes, take witness statements and collect evidence.

The news echoes warnings earlier this year from HM Inspectorate of Constabulary, a police watchdog, that officers were allowing perpetrators of domestic violence to escape justice by "pushing responsibility" for prosecutions onto victims rather than building cases themselves.

Baroness Newlove, the victims commissioner, was "shocked" that officers had blamed so many failed cases on victims and said it was "vulnerable" people themselves who were in desperate need of support from the police.

"When I meet victims, many express concern that they will not be protected if the perpetrators are apprehended. Hence their reluctance to support the police," said Newlove, whose husband, Garry, was murdered by a gang in 2007.

"If vulnerable victims are to receive justice, they must have confidence that they will always be supported when they report a crime. These figures suggest we have a long way to go."

Last week the Home Office revealed an annual rise of more than 500,000 crimes in the year to June, bringing the total to just over 4.5m offences. The statistics which do not cover fraud offences, included an 8% rise in the murder rate - an increase of 46 victims - a 27% rise in gun crime, a 26% increase in knife crime and sexual offences up by 19%.

This weekend it was threatening to develop into a political crisis for the Government, which had cut police budget by 18% under Theresa May when she was Home Secretary.

"The cuts are making it more difficult for police to engage with victims, which is crucial to allow investigations to proceed.

"Neighbourhood police teams, family liaison officers, specially trained officers to deal with catastrophic violent crime - it's all disappeared. The government has continued to pretend they are there, but everyone knows they are not."

(1st November 2017)

(International Business Times, dated 20th October 2017 author Jason Murdock)

Full article [Option 1]:

Up to a million organisations around the world have already been infected by a new computer bot network that has the potential to "take down the internet", researchers warn.

According to cybersecurity company Check Point, a new botnet has been spotted which is enslaving internet-of-things (IoT) devices - mainly internet routers and remote cameras. "The next cyber-hurricane is about to come," the firm claimed in a report this week (19 October).

Research suggested that the new botnet is evolving at a rapid pace, and could soon be weaponised to launch cyberattacks in the same fashion as "Mirai" last year.

Check Point said: "While some technical aspects lead us to suspect a possible connection to Mirai, this is an entirely new and far more sophisticated campaign that is rapidly spreading worldwide."

"It is too early to guess the intentions of the threat actors behind it, but with previous botnet DDoS attacks essentially taking down the internet, it is vital that organisations make proper preparations," the team noted.

When the Mirai botnet hit a year ago, in October 2016, the computing power was exploited to take a slew of US websites offline - including Twitter, Reddit and Netflix - using denial of service attacks.

A few months later, in November, a variant of the Mirai botnet was deployed to take approximately 900,000 Deutsche Telekom routers offline, leaving customers without internet.

Essentially, IoT botnets are made up of web-connected smart devices that are infected with malicious software. With the popularity of the IoT, many products are being rushed to market without proper security - leaving them open to attack.

In the last few days of September, Check Point noticed an "increasing number of attempts" by unknown hackers to exploit several existing vulnerabilities in IoT devices.

It found that malware was being used against wireless IP cameras such as "GoAhead, D-Link, TP-Link, AvTech, Netgear, MikroTik, Linksys, Synology" and others.

The attempted infiltrations were coming from different sources, suggesting a botnet was at work.

"So far we estimate over a million organisations have already been affected worldwide, including the US, Australia and everywhere in between," Check Point warned.

The company's research started at the end of September 2017, and the team said it "soon realised" that it had stumbled upon the "recruitment stages of a vast IoT botnet".

In the last few days, the team said, the botnet has been evolving. "It is vital to have the proper preparations and defence mechanisms in place before an attack strikes," experts said.

In July, a 29-year-old man admitted to launching the Deutsche Telekom hack and was convicted in a German court. Known only as Daniel K., a court in Cologne handed him a suspended sentence of a year and eight months for "attempted commercial computer sabotage".

The culprits behind the latest wave of botnet activity remain unknown at the time of writing.

(1st November 2017)

(The Telegraph, dated 20th October 2017 author Martin Evans)

Full article [Option 1]:

London is now more crime ridden and dangerous than New York City, with rape, robbery and violent offences far higher on this side of the Atlantic.

The latest statistics, published earlier this week, revealed that crime across the UK was up by 13 per cent, with a surge in violence in the capital blamed for much of the increase.

Seizing on the figures, US President, Donald Trump, claimed the rise could be linked to the "spread of radical Islam", adding that it demonstrated the need to "keep America safe".

But critics dismissed his comments as "ignorant" and "divisive", with former Labour leader Ed Miliband calling him an "absolute moron".

Criminal justice experts insisted rising crime in the UK, and particularly London, was more to do with the way the city was policed and blamed the reduction in neighbourhood patrols across the capital.

While both London and New York have populations of around 8 million, figures suggest you are almost six times more likely to be burgled in the British capital than in the US city, and one and a half times more likely to fall victim to a robbery.

London has almost three times the number of reported rapes and while the murder rate in New York remains higher, the gap is narrowing dramatically.

The change in fortunes of the two global cities has been put down largely to the difference in tactics adopted by the two police forces.

Both Scotland Yard and the New York City Police Department (NYPD) have just over 30,000 officers each and budgets of around £3 billion a year.

But in the mid-1990s spiralling crime rates in New York - sparked by the crack cocaine epidemic - resulted in radical a new approach being adopted by the city's police department.

Under the leadership of Mayor Rudy Giuliani, and police commissioner, Bill Bratton, the NYPD introduced a zero tolerance approach to low level crime and flooded problem areas with patrols.

The force also put a huge amount of emphasis on community policing in order to build bridges between the police and members of the public.

As a result the murder plummeted from a high in 1990 of over 2,000 to a record low of 335 last year.

That figure is expected to fall even lower this year, and is currently in line to dip below 240.

But the last decade has seen the Metropolitan Police move away from the neighbourhood policing model and low level in favour of pursuing more serious offences.

Last week it emerged that Scotland Yard would not even bother investigating a large number of low level offences as part of a major cost cutting drive.

In addition a huge amount of police resources have been poured into high profile and politically sensitive cases, such as a the flawed VIP child abuse inquiry and the phone hacking inquiry.

At the same time crime rates in London have been creeping up and the latest statistics are likely to increase pressure of Met bosses to reassess their policing priorities.

Last year there were almost 70,000 burglaries in Greater London with more than 43,000 taking place in people's homes.

Robberies have also increased in London dramatically, largely as a result of people having mobile phones stolen.

Rory Geoghegan, head of criminal justice at the Centre for Social Justice, said neighbourhood policing had a wide range of benefits.

He said: "By embedding proactive community policing, the NYPD is helping tackle crime, improving the quality of life and building better relationships with the community.

"It's an approach and argument that London - and the country as a whole - is struggling to maintain never mind bolster, with too many preferring to talk excitedly about investing in crime hubs to hunt online trolls."

"The latest crime figures paint a depressing picture for London that reinforces the need for the sort of political and policing leadership that enabled the initial turnaround of the NYPD in the 1990s under Bill Bratton and enables the no less seismic shift being seen in New York City under Jimmy O'Neill today."

David Green of the think tank Civitas, also said there was urgent need to put bobbies back on the beat.

He said: "It has been suggested by academics that bobbies on the beat do not reduce crime, but it is quite clear that a uniformed presence on the streets will act as an effective deterrent.

"The police in this country remain too influenced by the intelligence led investigations focused on serious crime.

"That is exactly the opposite of the model that has proved so effective in New York City over the past 20-years."

(1st November 2017)

(Metro, dated 19th October 2017 author Dominic Yeatman)

Full article [Option 1]:

A MOPED robber brazenly walked into a busy café to snatch a laptop from a woman's hands.

CCTV footage shows the thief in a crash helmet stroll in and dart towards a woman working on her computer. He grabs it then flees on a moped with a getaway rider.

The snatch took less than five seconds. The café owner said it was the second time in three weeks that raiders have targeted her customers.

It's awful. The last time, it was another woman sitting in the same spot,' said Bona Sadiku. 'We thought that was a one-off, but clearly not.'

The raider struck on Tuesday, as crime figures from the London Assembly showed robberies in the capital rocketed 30 per cent over the last 12 months. It follows a spate of street robberies by criminal gangs on mopeds.

But the raid at the Bread and Bean Café in Archway, north London, shows thieves are moving on to stealing from people inside shops and businesses.

It's unbelievable moped gangs will now actually enter people's property,' said Ms Sadiku. 'It's gone to another level. It's horrific.'

Police plan to 'put up signage' to make people aware of the robbers' new tactic - but that response has angered locals.

Graham Parks tweeted: 'Thieves now so brazen they take laptop from woman in coffee shop. All police offer is putting up some signs.'

Officers replied: 'We are doing the best we can with the three officers we have for this large area.'

On Monday, charity worker Abdul Samad, 28, was stabbed to death outside his home in Paddington, west London, by moped thieves who are believed to have targeted him for his iPhone 7. Two youths, aged 16 and 17, have been arrested on suspicion of murder.

(1st November 2017)

(The Telegraph, dated 19th October 2017 author Telegraph Reporters)

Full article [Option 1]:

A new 555 emergency hotline may be set up for bank fraud victims under plans to tackle the growing number of crimes.

The emergency number specifically for bank fraud has been suggested in order to crack down on rising scams and alert banks to illegal money transfers.

The idea is reportedly being discussed by ministers, police and financial officials. Current advice states that victims should contact Action Fraud rather than 999 as police rarely investigate individual instances of bank fraud.

More than 900,000 cases of fraud were recorded in the first half of 2017 alone, equating to more than 5,000 a day.

The idea for a hotline was put forward at a meeting of the Joint Fraud Taskforce in September attended by Home Secretary Amber Rudd and senior staff from a number of UK banks.

Minutes published by the Home Office reveal that Brian Dilley, of Lloyds Banking Group, told the meeting about an "early stage idea" of having a single number - such as 555 - for the reporting of scams and fraud.

Currently victims of fraud are advised to call Action Fraud on 0300 123 2040. Details about how any hotline would operate are not clear as the suggestion is in its infancy.

The minutes say: "Brian Dilley (BD)... commented on the issue of communicating to customers who have been told not to trust unsolicited contact from their bank.

"BD outlined an early stage idea... for a central reporting telephone number e.g. 555 that victims of fraud/scams could contact.

"At its simplest the number could be a triaging facility directing victims to the appropriate agency and at its most ambitious it could sit in front of enhanced data sharing/analytics which would take in all reporting and provide standardised reporting and a collective intelligence picture across fraud and money laundering."

James Freedman, fraud ambassador for City of London Police, told the Daily Mail: "The problem is that people may liken the number to 999 and expect an emergency response. In reality fraud can take time to investigate.

"However, it is vital to encourage more people to report scams, even in instances where they have got their money back or not fallen for them at all, as this is the only way the body of information available to the police will grow."

A Home Office spokeswoman said: "Through the Joint Task Force we are in discussions with banks and UK Finance over a number of initiatives to enable the public to better protect themselves more effectively from fraud."

Cyber crime - most common UK online offences (Source : Office for National Statistics)

These are the ten most common cyber-crimes in the UK, with number of cases reported in the year to June 2016

1. Bank account fraud - 2,356,000

Criminals trick their way to get account details. For example: "Phishing" emails contain links or attachments that either take you to a website that looks like your bank's, or install malware on your system. A 2015 report by Verizon into data breach investigations has shown that 23pc of people open phishing emails.

2. Non-investment fraud - 1,028,000

AKA Ponzi schemes. Examples include penny stocks, pension liberation, and investment in commodities, such as wine or art, that later prove worthless

3. Computer virus - 1,340,000

Unauthorised software damages or takes control of your machine. For example: "Ransomware" encrypts your files and pictures then demands a payment to restore your access to it

4. Hacking - 681,000

Criminals exploit security weaknesses to illegally access other machines or networks. They steal sensitive data or subvert machines for their own purposes, such as sending spam or launching other cyber attacks

5. Advance fee fraud - 117,000

The victim is promised access to a great deal of money in return for a smaller upfront payment. For example, the classic "Nigerian Prince" email scam

6. Other fraud - 116,000

One example is "solicitor scams", where a solicitor's website is hacked, then clients asked to divert large payments into the criminals' bank accounts.

7. Harassment and stalking - 18,826

Threats, abuse and online bullying - what's commonly been termed "trolling" on social media

8. Obscene publications - 6,292

Pornography that meets the definition of the Obscene Publications Act, thus generally involving some form of physical abuse

9. Child sexual offences - 4,184

Assault, grooming, indecent communication, coercing a child to witness a sex act. These crimes may be being under-reported

10. Blackmail - 2,028

This includes threats to publish intimate photographs online

(1st November 2017)

(The Telegraph, dated 19th October 2017 authors Patrick Scott and Jack Kempster)

Full article [Option 1]:

Nine out of 10 home burglary investigations are closed without a suspect being identified, according to figures from the Home Office.

Of the 44,363 residential burglary cases recorded by police forces across England and Wales between April and June this year, 89.7 per cent ended without a suspect being identified.

[ Note : As part of the actual article this position provides access interactive crime by county database]

In cases like this police deem the crime to have been investigated "as far as reasonably possible" based on the evidence available with the case then closed "pending further investigative opportunities becoming available".

This is the first time that forces have published residential burglary crimes, with the previous crime category for this offence - burglary in a dwelling - not including outer buildings such as sheds and outhouses.

Prior to the new category being introduced, the proportion of dwelling burglaries ending without a suspect being identified had been rising - up to 79.8 per cent in the year to June 2016 from 75.8 per cent in the previous 12-month period.

However, with the category now having been broadened out to include crimes carried out on outer buildings, we now have a better idea of just how unlikely it is the police will be able to catch a burglar who takes something from people's properties.

Which forces are least likely to find home burglars

Proportion of residential burglaries ending in no suspect being identified, April to June 2017

Hertfordshire : 96.2%
Hampshire : 94.9%
Bedfordshire : 93.8%
Leicestershire : 93.6%
Surrey : 93.6%
Derbyshire : 93.1%
Merseyside : 93%
Northamptonshire : 93%
Metropolitan Police : 92.7%
Suffolk : 92.5%


Earlier this week a senior Metropolitan Police officer said it was not practical for the force to spend time attempting to catch the perpetrators of some petty crimes due to the demands on the force.

Deputy Assistant Commissioner Mark Simmons said the force had to work with fewer officers and less money, with the Crime Assessment Policy introduced to help prioritise resources.

"Clearly this is not about letting criminals get away with crime, or not investigating the cases we are solving at the moment, if we thought it was, we simply would not do this.

"With the pressure on our resources it is not practical for our officers to spend a considerable amount of time looking into something where for example, the value of damage or the item stolen is under £50, or the victim is not willing to support a prosecution.

"We need our officers to be focused on serious crime and cases where there is a realistic chance that we will be able to solve it."

In response to this, ex-Met detective chief inspector Mick Neville told The Sun: "This is justice dreamed up by bean counters in shiny suit land.

"No consideration is being given to victims. The new principles will focus police attention on easy crimes where there is a known suspect.

"Few professional criminals target people who know them, so the worst villains will evade justice. Not investigating high volume crimes like shoplifting with a loss of under £50 will give junkies a green light to thieve."

The figures from the ONS already show that there has been a large increase in the number of instances in which police have failed to identify shoplifters.

In the year to June 2015 one in three cases ended without a suspect being identified, but in the year to June 2017 this figure had risen to 45.6 per cent of the 375,105 settled cases.

###Which crimes are police forces least likely to solve ?

There are a number of other high volume crimes with extremely low probabilities for suspects being identified.

Of crimes with more than 40,000 recorded resolutions in the year to June 2017, police were least likely to catch the perpetrators of theft from vehicle crimes.

As many as 94.3 per cent of these crimes reached a dead end in the 12-months to June.

Interfering with a motor vehicle (91.8 per cent) and bicycle thefts (89.8 per cent) made up the rest of the top three, with residential burglaries coming in a fourth.

Police forces are far more likely to catch criminals when it comes to violent crimes such as assault and harassment, with cases of these crimes among the fastest risers nationwide.

Which high-volume crimes are least likely to be solved ?

Proportion of crimes ending with no suspect identified, year to June 2017

Theft from vehicle : 95%
Burglary in a non-dwelling : 89%
Other theft : 85%
Criminal damage to a vehicle : 79.5%
Burglary in a dwelling : 78%
Shoplifting : 45%
Public fear, alarm or distress : 32%
Harassment : 18%
Assault with injury : 16%
Assault without injury : 15%

(uaware note : shown figures are estimates from graph in article)

(1st November 2017)


(BBC News, dated 19th October 2017)

Full article :

The number of crimes recorded annually in England and Wales has passed the five million mark for the first time in 10 years, rising by 13%, figures show.

The Office for National Statistics said crimes in the 12 months to June were up from 4.6 million the previous year.

It said crime categorised as "violent" rose by 19%, with rises in offences including stalking and harassment.

The Crime Survey for England and Wales, based on people's experiences, suggests there were 10.8 million offences.

The survey, published on the same day as the official crime statistics, includes crimes that people do not report to police. When comparing like-for-like crimes, the survey reported a 9% reduction compared with the previous year.

The rise in the ONS statistics, which cover the 12 months to the end of June, is the largest annual rise in a decade and continues a recent trend of crime increases.

John Flatley, from the ONS, said: "While improvements made by police forces in recording crime are still a factor in the increase, we judge that there have been genuine increases in crime - particularly in some of the low incidence but more harmful categories."

But he said police figures alone cannot provide "a good measure of all crime in society".

"The recent increases in recorded crime need to be seen in the context of the overall decline in crime indicated by the Crime Survey for England and Wales," he said.

The ONS report said:

- Knife crime was up 26% year-on-year
- Nearly half of the increase in knife crime was attributed to London
- Sexual offences were up 19%
- The number of homicides (cases of murder and manslaughter) increased by 46 to 629, excluding the terror attacks in London and Manchester
- There were 1.2 million crimes of violence against the person

The 19% increase in "violence against the person" offences dealt with by police was "driven largely" by increases in the sub-categories of "violence without injury" (21%) and "stalking and harassment" (36%) and "violence with injury" (10%), the ONS said.

Crime minister Sarah Newton said "much" of the rise in violent offences was down to better crime recording.

However, she added: "We know that some of this increase is likely to be genuine. Which is why have taken urgent action to stop these crimes and keep our communities safe.

"This week we began consulting on tough new laws to crack down on acid attacks and knife offences. Our Domestic Abuse Bill will help to bring this heinous crime out of the shadows and ensure victims receive both support and justice, as we invest £100m to prevent and confront violence against women and girls."

She said the government was also investing £1.9 billion to counter the cyber-threats.

(1st November 2017)

(The Guardian, dated 18th October 2017 author Nicola Slawson)

Full article [Option 1]:

The government has told highway chiefs to reduce motorway closure times following accidents after new figures showed that traffic jams on the UK's major roads cost the economy £9bn a year.

Analysis by transport data company Inrix found that drivers faced 1.35m traffic jams in the past year, which is almost 3,700 per day.

The jams - mostly on roads in England, rather than Scotland or Wales - were calculated to cost £9bn in wasted time, fuel and unnecessary carbon emissions, based on assumptions about drivers commuting to work and fuel prices.

Highway chiefs have reportedly been told by the government to improve the system used in order to shorten the time it takes to clear motorways following accidents and incidents.

Jesse Norman, transport minister, has written to Highways England, which manages motorways and major A roads in England, to suggest improvements including using slip roads as contraflows in order to clear motorways of vehicles after closures.

A spokesman for the Department for Transport confirmed the letter had been sent but declined to comment further.

Mel Clarke, customer service director at Highways England, defended its record. She said: "In our first two years, we met our target to clear 85% of all incidents on our network within an hour and last year exceeded our target to keep 97% of lanes available to road users to help smooth the flow of traffic. We will continue to ensure roads are reopened safely but as quickly as possible."

The worst queue of the year occurred on the M5 northbound near Junction 20 in Somerset on 4 August. Traffic tailed back 36 miles at the peak of the 15-hour jam, caused when an accident involving two lorries created a fuel spill and led to the closure of two lanes.

In September the M1 was closed in both directions for nine hours after a suspicious object was found under a motorway bridge during the morning rush hour.

"Fuel spillages, emergency repairs and broken-down lorries contributed to the biggest pile-ups this year," Inrix chief economist Dr Graham Cookson said.

Next month could see a peak in traffic jams. Analysis of queues during the 12 months to August found that November 2016 was the worst, with almost 170,000 hold-ups - 50% above average.

Cookson said: "There are so many factors that influence congestion levels, it's hard to be certain why November was the worst month. We do know November 2016 was significantly colder than usual, in fact, the coldest month of the calendar year.

"The risk of ice on the road can lead to slower moving traffic and people are more inclined to take shelter in vehicles over cycling or walking in cold snaps."

(1st November 2017)

(London Evening Standard, dated 18th October 2017 author Jim Armitage)

Full article [Option 1]:

Police helicopter shortages pose a major risk to public safety during incidents such as the London terror attacks and the Grenfell Tower fire, senior officers have warned.

Helicopters carried personnel and did reconnaissance for up to 13 hours during the Westminster Bridge and Borough Market attacks.

But they can only fly for two to three hours at a time, so each major incident takes up five or six of the UK fleet of 19. That meant other calls for police air support had to go unanswered, officers warned.

The concerns are revealed in minutes for a meeting of the National Police Air Service (NPAS). It cited the attacks in London and Manchester, the Grenfell fire, and the "Justice for Edson" protest march in Stratford in June.

Details of how many requests for air support had to be turned down during the London attacks were redacted from the minutes, but sources said services were restricted both during the incidents and for some time afterwards.

NPAS raised the threshold for "Threat, Harm and Risk" used to gauge whether or not to dispatch helicopters.

The annual spend on helicopters has been slashed from £53.5 million in 2012 to £38.5 million now with eight out of 23 police airfields shut and the service centralised.

Phil Matthews, a former helicopter air observer seconded to the Police Federation, said: "It is frustrating; there's a lack of resources, and when you get a major incident, service to other incidents inevitably suffers."

The aircraft can save lives during car chases and rescues but often only make a big difference if they arrive quickly, he said. Shortages were worsened because of an ageing fleet. Six helicopters were retired last year but four new reconnaissance planes were yet to arrive.

The minutes say NPAS wrote to Home Secretary Amber Rudd in March and June "highlighting concerns around future fleet strategy and financing" but received no response.

NPAS chief Mark Burns-Williamson called that "unacceptable" at the meeting in June. The Home Office has since asked for fully costed proposals to renew the fleet. Chief Constable Dee Collings of West Yorkshire Police, which runs NPAS, said: "We've had some challenges but nothing I would not expect as the first 'pathfinder' national policing capability."

(1st November 2017)


(The Register, dated 17th October 2017 author Rebecca Hill)

Full article [Option 1]:

NHS leaders have admitted that the biggest ever loss of patient documents is worse than initially thought, as another 162,000 undelivered documents have been discovered.

The scandal was first revealed back in February, when the UK's national health service was forced to admit that 709,000 items of correspondence - which includes details of patients' test results, change-of-address forms and other personal information - had gone undelivered.

The error by NHS Shared Business Services (SBS) - a joint venture between Steria and the NHS - meant that between 2011 and 2016, these documents were left gathering dust in a warehouse.

A team was tasked with investigating the incident, which included assessing whether the information had adversely affected patients' health, and it was thought that the situation was under control.

However, NHS England chief executive Simon Stevens on Monday told the Public Accounts Committee that some more undelivered records had turned up in the course of the investigation.

He said that, as part of the work, the team had looked at whether clinicians had stuck to processes introduced in 2015 that intended to improve the transfer of NHS documents - and discovered that there were about 5 per cent of cases "where that hasn't been happening".

Pressed on what this was in real numbers, Stevens said it meant there were about 150,000 more records that needed to be "repatriated" to the relevant GP practices.

On top of this, the team dealing with the incident investigated local offices across the country and found a further 12,000 SBS items languishing undelivered.

Karen Williams, the former director of transformation and corporate operations at NHS England (she now works at HMRC), said that this was because these boxes "had been assumed to be records for filing and therefore hadn't been processed".

Committee members were clearly exasperated by the latest admission, with chairman Meg Hillier saying that they had expected to "be beginning to wrap this up".

"We're very disappointed to still be discovering more problems," she added.

Geoffrey Clifton-Brown, meanwhile, expressed dismay that the execs had "started this hearing very confidently" when discussing progress on the initial tranche.

"Then you tell us this bombshell... what's the situation today for dealing with the backlog?"

In response, Stevens said that the team was applying the same triaging processes to the new records, which involved first making sure the relevant GPs received the records, and then having them vetted for clinically important information.

He said the NHS expected to have all the records back with GPs by the end of December for initial assessment, and that the end of March was "feasible" for finishing the whole project.

Of course, this extra work is going to cost. The government stumped up £2.5m to deal with the initial portion of documents, which is being used partly to fund GP practices that have to search through the medical records.

When pushed on the extra resources needed to deal with this final stage, Stevens said that he couldn't give a further number on it, but "would say in the zone of a million, rather than £2.5m".

Stevens also detailed progress on the original 709,000 items, saying that 5,562 cases had been sent for a full clinical review, and of these 4,565 had been completed.

Some 3,624 have been clearly shown not to have caused harm, with the remaining 941 awaiting a final clinical review.

(1st November 2017)

(BBC News, dated 16th October 2017 author Jane Wakefield)

Full article :

The wi-fi connections of businesses and homes around the world are at risk, according to researchers who have revealed a major flaw dubbed Krack.

It concerns an authentication system which is widely used to secure wireless connections.

Experts said it could leave "the majority" of connections at risk until they are patched.

The researchers added the attack method was "exceptionally devastating" for Android 6.0 or above and Linux.

A Google spokesperson said: "We're aware of the issue, and we will be patching any affected devices in the coming weeks."

The US Computer Emergency Readiness Team (Cert) has issued a warning on the flaw.

"US-Cert has become aware of several key management vulnerabilities in the four-way handshake of wi-fi protected access II (WPA2) security protocol," it said.

"Most or all correct implementations of the standard will be affected."

Computer security expert from the University of Surrey Prof Alan Woodward said: "This is a flaw in the standard, so potentially there is a high risk to every single wi-fi connection out there, corporate and domestic.

"The risk will depend on a number of factors including the time it takes to launch an attack and whether you need to be connected to the network to launch one, but the paper suggests that an attack is relatively easy to launch.

"It will leave the majority of wi-fi connections at risk until vendors of routers can issue patches."

Industry body the Wi-Fi Alliance said that it was working with providers to issue software updates to patch the flaw.

"This issue can be resolved through straightforward software updates and the wi-fi industry, including major platform providers, has already started deploying patches to wi-fi users.

"Users can expect all their wi-fi devices, whether patched or unpatched, to continue working well together."

It added that there was "no evidence" that the vulnerability had been exploited maliciously.

Tech giant Microsoft said that it had already released a security update.

Security handshake

The vulnerability was discovered by researchers led by Mathy Vanhoef, from Belgian university, KU Leuven.

According to his paper, the issue centres around a system of random number generation known as nonce (a number that can only be used once), which can in fact be reused to allow an attacker to enter a network and snoop on the data being sent in it.

"All protected wi-fi networks use the four-way handshake to generate a fresh session key and so far this 14-year-old handshake has remained free from attacks, he writes in the paper describing Krack (key reinstallation attacks).

"Every wi-fi device is vulnerable to some variants of our attacks. Our attack is exceptionally devastating against Android 6.0: it forces the client into using a predictable all-zero encryption key."

Dr Steven Murdoch from University College, London said there were two mitigating factors to what he agreed was a "huge vulnerability".

"The attacker has to be physically nearby and if there is encryption on the web browser, it is harder to exploit."

Krack explained

Prof Alan Woodward explained the issue to the BBC.

When any device uses wi-fi to connect to, say, a router it does what is known as a "handshake": it goes through a four-step dialogue, whereby the two devices agree a key to use to secure the data being passed (a "session key").

This attack begins by tricking a victim into reinstalling the live key by replaying a modified version of the original handshake. In doing this a number of important set-up values can be reset which can, for example, render certain elements of the encryption much weaker.

This attacks appears to work on all wi-fis tested - prior to the patches currently being issued.

In some it is possible to decrypt and inject data, enabling an attacker to hijack a connection. In others it is even worse as it is possible to forge a connection, which, as the researchers note, is "catastrophic".

Not all routers will be affected but the people this could be most problematic for are the internet service providers who have millions of routers in customers' homes. How will they make sure all of them are secure?

(1st November 2017)

(Daily Mail, dated 16th October 2017 author Ian Drury)

Full article [Option 1]:

Convicts are being paid for 'cold-calling' householders from jail.

The inmates of some of the country's toughest prisons are being trusted to harvest sensitive information - sometimes involving financial affairs.

They are picking up £3.40 a day to call potential customers for insurance policies. They also carry out marketing surveys.

One of the cold-callers was a conman who ran a £5.7million telemarketing scam with thousands of victims.

Antoni Muldoon, 71, who was jailed for seven years for fraud, said: 'You try to find out as much information as you can.'

The personal details include names, ages, marital status and number of children. Householders can be asked whether they own or rent their home and whether they have life insurance.

Unaware they are talking to a convict, they are quizzed on their home contents, shopping habits and broadband and utility suppliers.

Concerns were raised about the scheme last night and over the prospect of the elderly and vulnerable being coerced into buying services or policies they don't need.

'You really could not make this up: a conman convicted of a telemarketing scam being the chance to make cold calls while in prison,' said Tory MP Andrew Bridgen.

'I'm all for the rehabilitation of prisoners and getting them ready for work but you would have thought fraudsters are the least suitable people for this.'

Until recently, convicts at Category B High Down prison in Surrey (pictured) - considered too much of an escape risk to be placed in lower security jails - were helping sell life insurance to the public

David Green, a former Home Office adviser and director of the think-tank Civitas, described the scheme as risky. 'On the surface this does not sound like a good way of rehabilitating offenders,' he said.

The £5.7m cold-calling fraudster

Antoni Muldoon was jailed in 2013 for masterminding a £5.7million internet fraud.

The 71-year-old led a gang of seven crooks who duped more than 17,000 victims into paying for bogus offers of escort agency work and debt elimination services.

Around 14,000 people, mostly women, paid up to £450 each to join websites with names such as Beautiful Adults.

The women were promised £600-a-day for going on non-sexual dates. The gang also cold-called people offering to write off their debts for fees of up to £2,000. The scam was rumbled by trading standards officers in Suffolk. Muldoon was arrested in Spain in 2012 and extradited.

He had used cash from the fraud to buy himself boats and a ten-bedroom villa.

Muldoon was jailed for seven years and five months for fraud at Ipswich Crown Court. In prison he took part in the cold-calling insurance policy scheme.

'Everyone is in favour of putting prisoners onto the straight and narrow but there is an inherent risk of giving people personal details, including possible financial information, when they are known to be dishonest.'

A Whitehall source said: 'It's bad enough getting unwanted cold calls from a normal salesman but it is terrifying to think that the person on the line asking for information is a prisoner. It's unnerving.

'Imagine if you were a rape victim and then you get a sex offender on the line asking all about your life.'

Until recently, convicts at Category B High Down prison in Surrey - considered too much of an escape risk to be placed in lower security jails - were helping sell life insurance to the public.

Yesterday the Ministry of Justice confirmed that inmates continue to work at 'call centres' set up in other prisons across England and Wales.

The centres are staffed by prisoners working for telesurvey firms, including Census Data Group.

They rent rooms inside jails where prisoners have headsets and screens and access to customers' names and email addresses.

Numbers are dialled off-site by the company's computer and transferred to the prisoners only when somebody picks up.

Inmates then follow a script and chat to the potential customer to try to persuade them to buy insurance. If that person shows an interest, the call is transferred to registered brokers outside the prison.

'You really could not make this up: a conman convicted of a telemarketing scam being the chance to make cold calls while in prison,' said Tory MP Andrew Bridgen ( pictured)

Convicted fraudster Muldoon, of Lowestoft, Suffolk, who was released from High Down in August, said: 'You talk to people and try and find out if they've got insurance and if you can persuade them to talk to a broker.

'Every other call you are told to get lost or to stop ringing them. But sometimes you can get them talking. You say, "You might be interested in life insurance?" and they'll say, "No, I'm 65" and you say, "I'm 71 and I'm still working". Obviously, you don't tell them where you're calling from.

'Then by the time they are talking to me about their family, you know, they might have a wife and children, have you thought about what happens if you die, they've become a friend.

'You say to them, "You talk to this broker, he'll sort you out" and you transfer the call on.'

Muldoon, who masterminded an escort agency and debt collection scam from his luxury properties in Spain, complained prisoners were being used as 'cheap labour'.

He said it was 'disgusting' that the wage, which is paid by the MoJ, was £3.40 a day rather than the £7.50 an hour minimum wage. Money earned can be used to buy items from the prison shop or spend on phone calls.

Census Data, located in Portishead near Bristol, is the largest, UK-based, consumer telesurvey company.

The firm's website says its technology makes approximately 100,000 calls each day and telephone advisers speak with over 5,000 UK consumers daily.

The inmates of some of the country's toughest prisons are being trusted to harvest sensitive information - sometimes involving financial affairs.

The company says it is 'committed to reducing reoffending by providing meaningful work experience and education to both serving and ex-offenders alike'. Marketing surveys using inmates at lower security jails began in 2013.

Reoffending rates for adult offenders released from custody was 43.4 per cent, according to MoJ figures released in July. The annual cost of those who commit another crime within a year of release cost society £15billion annual.

Rules on live marketing calls state that firms must not make unsolicited live calls to anyone who has said they don't want them or opted to block them by registering with the Telephone Preference Service (TPS).

There is no suggestion that Census Data has behaved unlawfully or unscrupulously. The firm could not be contacted to comment.

The Prison Service said that making inmates work was essential to helping them sort out their lives and 'develop vital skills'.

It said: 'Where prisoners do work as call centre operatives, they have absolutely no access to personal or financial details and do not make sales.

'Offenders are rigorously risk-assessed for suitability for the role and all calls are supervised and monitored.

'Prisoners are not able to make outgoing calls - they are connected to customers through an automated system.

Prisoners have no access to the internet and no means of recording any details.'

A Prison Service spokesman added: 'This work scheme stopped running at HMP High Down six months ago.'

Under the heading 'Social Responsibility' on its website, Census Data says: 'Approximately 10 million people in the UK have a criminal record. Census Data, as a responsible employer, is committed to reducing reoffending by providing meaningful work experience and education to both serving and ex-offenders alike.'

One of the cold-callers was a conman who ran a £5.7million telemarketing scam with thousands of victims.

It adds that its 'mission' is 'To reduce reoffending and create sustainable social impact by providing offenders with the skills and work experience to gain employment'.

Under the subtitile 'Our Vision', it says: 'Through the operation of a sustainable and innovative business model we will become the leading Global employer of serving and ex-offenders.

'By providing offenders with meaningful education we will enable them to develop relevant skills and experience that will be highly valued by employers. We will build open and transparent relationships with our customers that are focused on continuous improvement.'

(1st November 2017)


(The Sun, dated 16th October 2017 author Mike Sullivan)

Full article [Option 1]:

NOTE : The actual SUN article includes a flowchart describing "How the Police assess crimes"

Top cops' decision to stop probing thousands of crimes in bid to save £400million has been branded a crooks' charter.

It is expected that 150,000 fewer offences will be investigated as critics say that the Met is failing taxpayers and could force the public to become vigilantes.

HUNDREDS of thousands of crimes will no longer be probed by Britain's biggest police force.
Burglaries, thefts and some assaults are being ignored unless a victim report identifies a suspect.

It was revealed to the Met's 30,000 officers last month in a £400million cost-cutting move.
A former police chief said: "No consideration is being given to victims."
Critics say the Met is failing taxpayers by refusing to detect a range of offences.
They fear the worst criminals will evade justice - and force the public to turn vigilante.

Changes to the way victims' reports of a crime are assessed are expected to see 150,000 fewer offences being investigated each year. The new guidelines say:

- BURGLARIES should only be probed if culprits have used violence or tricked their way in;

- CRIMES involving a loss of under £50 should not be investigated unless there is an identified suspect;

- OFFICERS need not probe low-level incidents of grievous bodily harm or car crime unless there is an identifiable suspect;

- CCTV should only be analysed if the crime occurs in a 20-minute time frame and sharp images showing a suspect can be collected immediately.

The Met aims to save £400million by 2020. That comes on top of £600million it has already lost from its £3.7billion annual budget due to Government curbs on public spending.

Ex-Met Det Chief Insp Mick Neville said: "This is justice dreamed up by bean counters in shiny suit land.

"No consideration is being given to victims. The new principles will focus police attention on easy crimes where there is a known suspect.

"Few professional criminals target people who know them, so the worst villains will evade justice. Not investigating high volume crimes like shoplifting with a loss of under £50 will give junkies a green light to thieve."

Ken Marsh, of the Met Police Federation, added: "The public are getting a raw deal. And officers will be under immense pressure if a criminal who should have been caught goes on to commit a serious crime.
"I see people taking the law into their own hands."

Met chiefs believe they will reduce the overall number of investigations by a third without affecting detection figures, which are currently at 16.72 per cent.

A list of serious crimes including murder, sex offences and terrorism will still receive mandatory investigations.

By the end of 2018 officer numbers will have fallen to 28,000 from 32,000 12 months ago, says Mr Marsh.

Recorded crime in the capital rose by 5.7 per cent to 774,737 offences in the year to April 1. Gun crime was up 42 per cent and knife crime by a quarter.

Earlier this year The Sun revealed the Met solved eight per cent of 493,257 recorded burglaries from 2011-16.

It failed to identify a suspect in 85 per cent of those cases.

Deputy Assistant Commissioner Mark Simmons said: "Serious crime and calls are up while officer numbers are down. The only solution is to prioritise things.

"We want officers focused on the more serious crimes where there is a realistic chance we can solve it."

(The Telegraph, dated 16th October 2017 author Telegraph Reporters)

Full article [Option 1]:

A senior police officer has said it is "not practical" for officers to investigate crimes such as shoplifting and criminal damage as his force bids to save £400 million.

The Metropolitan Police said new guidelines would mean officers could "determine very quickly if it is proportionate" to investigate "lower level, higher volume offences" further.

Deputy Assistant Commissioner Mark Simmons said the force had to work with fewer officers and less money, with the Crime Assessment Policy introduced to help prioritise resources.

He said: "Clearly this is not about letting criminals get away with crime, or not investigating the cases we are solving at the moment, if we thought it was, we simply would not do this.

"With the pressure on our resources it is not practical for our officers to spend a considerable amount of time looking into something where for example, the value of damage or the item stolen is under £50, or the victim is not willing to support a prosecution.

"We need our officers to be focused on serious crime and cases where there is a realistic chance that we will be able to solve it."

Serious offences will continue to be investigated as before, Mr Simmons said.

He added: "Of course we are not talking about things like homicide, kidnap, sexual offences, hate crime or domestic violence, but the lower level, higher volume offences such as shoplifting, car crime and criminal damage.

"This is not to say these cases will not be investigated further, however by applying the assessment policy we will be able to determine very quickly if it is proportionate to do so."

Under the new policy, 150,000 fewer offences will be investigated every year, according to reports.

Ex-Met detective chief inspector Mick Neville told The Sun: "This is justice dreamed up by bean counters in shiny suit land.

"No consideration is being given to victims. The new principles will focus police attention on easy crimes where there is a known suspect.

"Few professional criminals target people who know them, so the worst villains will evade justice. Not investigating high volume crimes like shoplifting with a loss of under £50 will give junkies a green light to thieve."

(1st November 2017)

(The Register, dated 16th October 2017 author Kat Hall)

Full article [Option 1]:

Miscreants have made off with payment card details of "a small number of clients" following a data breach at Pizza Hut (US).

In an email to affected customers seen by Bleeping Computer, the fast-food chain wrote: "Pizza Hut has recently identified a temporary security intrusion that occurred on our website.

"We have learned that the information of some customers who visited our website or mobile application during an approximately 28-hour period (from the morning of October 1, 2017, through midday on October 2, 2017) and subsequently placed an order may have been compromised.

"The security intrusion at issue impacted a small percentage of our customers and we estimate that less than one per cent of the visits to our website over the course of the relevant week were affected."

However, some criticised the company for failing to inform customers immediately after the attack.

One wrote on Twitter: "Hey @pizzahut, thanks for telling me you got hacked 2 weeks after you lost my cc number. And a week after someone started using it. #timely"

Nicola Fulford, head of data protection and privacy at tech specialist law firm Kemp Little, noted that the Information Commissioner's Office advises organisations to report personal data breaches that may cause "serious harm" to individuals affected by data breaches.

Under the current law there is no obligation to notify, she said. "However, when the General Data Protection Regulation applies from May 25, 2018, it will be mandatory for organisations to notify data breaches that risk harm to individuals. Failure to do so means companies could face significant fines, €10m (£7.5m) or up to 2 per cent of worldwide turnover."

A Pizza Hut spokesman said the breach has only affected customers in the US and immediately took steps to halt it and remediate the security issue.

He said: "Pizza Hut takes the information security of our customers very seriously and invests in resources to protect the customer information in our care. We value the trust our customers place in us, regret that this happened, and apologise for any inconvenience this may have caused."

(1st November 2017)


(London Evening Standard, dated 14th October 2017 author Francesca Gillett)

Full article [Option 1]:

Acid-carrying thugs who are caught with corrosive substances twice will automatically be jailed for at least six months, under new Government proposals.

The new "two strikes and you're out" rule has been put forward as part of a crackdown on acid attacks, after a spike in the number of incidents in the capital.

It follows the same two chance rule for criminals caught carrying knives.

Online retailers could also face criminal proceedings if they deliver knives to a buyer's home, in a measure aimed at clamping down on the sale of blades to children and teenagers. The steps following a surge in violent offences recorded by police.

Home Secretary Amber Rudd said: "All forms of violent crime are totally unacceptable, which is why we are taking action to restrict access to offensive weapons and crack down on those who carry acids with the intent to do harm."

But shadow home secretary Diane Abbott warned: "Unless there are sufficient officers to enforce the law, new legislation will have a limited effect."

After a flurry of high-profile incidents, the Government announced plans earlier this month to create a new offence of possession of a corrosive substance in public without a good or lawful reason.

The full Home Office consultation document published on Saturday reveals the proposed crackdown will also see those convicted for a second time face a mandatory minimum sentence.

The approach will be modelled on a system rolled out in 2015 for offenders repeatedly caught with knives.

Minimum sentences were introduced for those aged 16 and over who are convicted of a second or subsequent offence of possession of a knife or offensive weapon.

The punishment is at least six months' imprisonment, which can be suspended, for adults. Young offenders face a minimum four-month detention and training order.

Judges must impose the minimum sentence unless there are particular circumstances relating to the latest offence, the previous offence or the offender which would "make it unjust to do so in all the circumstances".

The consultation document says it is not intended that "corrosive substance" will be defined in legislation as the offence "must be flexible enough to cover a range of possible situations: from someone possessing a corrosive substance in a public place that if used as a weapon can leave life-changing injuries; through to someone using a less harmful corrosive substance which if used as a weapon can still be very unpleasant to the victim but the effect is not lasting".

A new offence to stop the sale of acids and the most harmful corrosive substances to under-18s is also being weighed up.

Police figures show there were 408 attacks using corrosive substances between November 2016 and April this year.

"The use of corrosive substances as a weapon is centuries old, but whilst the number of offences is relatively small, we are concerned about its increasing use as a weapon," the document says.

It also sets out plans unveiled earlier this year to tighten the regime covering online sales of knives following concerns that age-verification checks can be sidestepped.

Where a knife is sold on the internet, it will be an offence to deliver the item to a private residential address.

The buyer would have to collect the knife in person at a location where their age can be checked.

The new offence "will provide additional safeguards to the current legislation", the consultation document says, flagging up concerns that "too many online sales break the law that knives must not be sold to under 18s".

The proposals relating to online sales of knives and possession and sales of corrosive substances apply to England, Wales and Scotland.

(1st November 2017)

(London Evening Standard, dated 13th October 2017 author David Churchill)

Full article [Option 1]:

Hundreds of sex offenders, including rapists, are escaping with "a slap on the wrist" by simply being cautioned for their crimes, the Standard has learned.

Figures obtained by the Standard reveal more than 1,100 cautions were given to sex offenders in London, meaning they dodged court and potentially lengthy prison spells. The tally includes 16 cautions for rape, which carries a maximum life imprisonment sentence if convicted in court.

Cautions, described as "warnings", require offenders to accept guilt and are mostly issued to deter first-time offenders or bypass court proceedings for lower-level offences. They are not recorded as convictions but can show on Disclosure and Barring Service checks, formerly CRB checks.

But the Scotland Yard figures show thousands more cautions were handed out for other violent and serious crimes as their use in London surged 25 per cent over the past five years.

Police and the Crown Prosecution Service insisted it was "rare" for offences as serious as rape to result in a caution. They said it could happen when victims cannot face the trauma of testifying in court. A caution ensures the offender is placed on the sex offenders' register and monitored.

However, campaigners called for a "wholesale review" as the Standard's findings revealed 183,043 cautions were issued from 2012 until last year, with 1,115 given for sexual offences, including 16 for rape.

The circumstances of the rape cautions in the figures are unknown. But previous cases in which cautions have been given for rape have involved child offenders, including siblings, and people suffering mental health problems. There have also been cases where crimes logged as rape by police have resulted in a caution for a lesser sex offence.

The figures were released following Freedom of Information requests submitted by the Standard. City Hall pledged to question the Government over the use of cautions.

Dianne Whitfield, of charity Rape Crisis, said issuing cautions for sexual offences was in most cases "wholly inappropriate" as "they don't in any way reflect the seriousness of the crime or the long-lasting and often devastating impacts that sexual violence has".

London's deputy mayor for policing and crime, Sophie Linden, said handing out cautions for serious sexual offences "means justice is not always being done".

She said: "We will be raising this issue with the Government." Scotland Yard said cautions for rape are "not a police decision" but are "authorised" by the CPS, along with other "indictable only" crimes which can only be tried in a crown court.

The CPS said it "carefully considers" the circumstances in each case and has only advised police in London to caution 2,500 offenders in the past five years, which includes minor offences and those dealt with by City of London Police as well as by Scotland Yard.

Mary Mason, of charity Solace Women's Aid, said there was a danger cautioning attackers might make them think they can escape with "a slap on the wrist". She said: "It's always in the public interest to bring a charge."

Richard Scorer, a specialist abuse lawyer from Slater and Gordon, said: "We are very concerned that perpetrators of serious crimes like sex offences are being given little more than a slap on the wrist."

The figures show 28,872 cautions were issued for London in 2012, which soared to 36,115 last year - a 25 per cent increase.

Crimes by numbers

The 183,043 cautions issued by the Met from 2012 - 2016 include :

- 138 for arson
- 1,115 for sexual offences, including 16 for rape
- 1,171 for burglary
- 1,269 for drug trafficking
- 1,646 for fraud or forgery
- 2,461 for "offensive weapon" crimes
- 5,220 for wounding / GBH
- 9,731 for harrassment
- 74,079 for possession of drugs

(1st November 2017)

(London Evening Standard, dated 13th October 2017 authors David Churchill, Barney Davis and Justin Davenport)

Full article [Option 1]:

This is the moment thieves use a high-tech gadget to override a £50,000 BMW's keyless security system and steal it in less than a minute.

Detectives are investigating a spate of thefts in London in which criminals have driven cars away from homes without taking the owners' keys.

Experts say gangs are finding new ways to exploit weaknesses in technology that allows cars to be opened without touching a key and started simply by pushing a button.

Thieves use gadgets, available online, which amplify signals between the car and new-generation keyfobs to trick the vehicle into thinking the owner is nearby.

When the car receives the signal, it unlocks, even though the keyfob may be some distance away inside the owner's home. Thefts involving these "relay attacks" are said to be increasing.

Scotland Yard's Organised Vehicle Crime Unit said today it was aware of the tactic and urged motorists to take simple precautions. Victims have shared CCTV footage of the thefts online.

The Standard has established that at least four people in north London have had high-value cars stolen in recent weeks by thieves using relay attacks.

One victim's BMW was stolen from his driveway in Southgate on Tuesday. Within half an hour, the same thieves drove off with his friend's car a couple of streets away.

Another victim, gym owner Graham Sinclair, 44, had his £85,000 BMW X5 stolen from his Enfield drive in the early hours of Friday morning.

He said: "I was actually awake until 4am and never heard a thing and the car was less than 20 metres away from me.

"There were no signs of forced entry and no break-in at the house.

"I reported it to BMW to see if they could immobilise but they couldn't... it's so frustrating to know someone got off with your car with that signal enhancer. These thieves are evolving fast and manufacturers need to match them."

Steve Launchbury, head of research at vehicle security experts Thatcham Research, said more cases of relay attacks were coming to light as technology developed.

Devices to boost the keyfob signals were available on the Dark Web for thousands of pounds and were more likely to be bought by organised criminals who could quickly recoup the cost.

However, Mr Launchbury said Thatcham had been able to build devices at relatively little cost.

Detective Sergeant Pete Ellis said: "This technology used to be confined to more high-end vehicles but it is becoming more widespread and therefore there is a potential for 'relay attacks' to become more common."

He said that anecdotally there were more cases when CCTV had recorded thieves using the technique.

He said a simple countermeasure was to keep keyfobs in so-called Faraday wallets, which jam signals.

Experts say gangs are stealing cars to order and often breaking them up into parts. One issue for criminals stealing cars through relay attacks is that once the vehicles are out of range of the keyfob it is difficult to restart the engines.

So, often cars are driven straight into containers and shipped out of the country. Another expert said anyone with the technical knowledge can assemble the gadgets for less than £100.

BMW said it was constantly working with the police and other authorities to "respond to the latest threats and anticipate new ones".

It added: "We are aware that BMW vehicles, along with those of many other manufacturers, have been targeted by organised criminal operations using highly sophisticated equipment to steal vehicles."

(1st November 2017)

(Mirror, dated 16th October 2017 author Merrick Williams)

Full article [Option 1]:

The biggest " crash for cash " insurance plot in Britain was foiled when conmen grabbed their necks in pain after a slow-motion bus crash.

Seven fraudsters pretended to have neck and hip injuries when a car driven by ringleader Merrick Williams crashed into the bus they were in on May 21, 2014.

The seven fakers were seen on CCTV holding their "injured" necks after the crash - which could have netted them £50,000 in an insurance pay out.

CCTV from the bus shows the car, driven by Williams, pass the bus on two occasions before hitting into the back of it at low speed.

One passenger appeared to be thrown to the floor by the smash but none of the others moved.

But a court heard insurance investigators also became suspicious due to multiple injury claims from the same bus.

Road experts ruled the crash was minimal and would have only caused a minor vibration.

Investigators soon discovered at least two of the claimants who were on the bus were friends with the driver Williams.

The eight were hauled to court in the biggest single case investigated by the Insurance Fraud Enforcement Department.

Cardiff Crown Court was told that innocent passengers were put in danger at the "farcical attempt" to sting insurers.

Prosecutor Suzanne Thomas told the court the men were filmed holding their necks and hips after the crash.

She said: "But when the bus driver of the bus called the police and paramedics not a single passenger stepped up to report an injury at the time.

"One of the fraudsters did go to hospital but he did not stay for long enough to be diagnosed or treated."

Insurance company AIG later received personal injury claims forms from the seven men who were on the bus.

Car driver Williams, 30, of Barry Island, south Wales, was jailed for 12 months and banned from driving for two years after admitting conspiracy to commit fraud.

City of London Police detective constable Aman Taylor, who led the investigation, said afterwards: "The attempted fraud was in a league of its own as this is the largest number of claimants ever tried together in an IFED case.

"By planning the bus crash, the men deliberately put the safety of innocent people, including children, at risk in a bid to make money and take advantage of the personal injury claims system."

AIG fraud manager David Halstead said: "Insurance fraud impacts all customers.

"We are extremely grateful to investigators for their hard work in bringing the perpetrators to justice in this particularly devious case."

Insurance Fraud Bureau Head of Investigations Jason Potter said: "Crash for cash scams like this might seem to some to be a harmless way to beat the system and get an easy pay out.

"But in reality those who commit crimes of this nature now stand a very good chance of getting caught and facing serious consequences.

"These incredibly dangerous and reckless incidents present a real risk of injury and potentially even death."

The other seven were handed suspended sentences and ordered to undertake community service after admitting the same offence.

They were Kassim Mukbill, 31, Nigel Iti, 24, Hamada Shuyeb, 24, Kieran Murphy, 29, Fami Haddad, 25, Aaron Ryan, 25, and Matthew Saunders, 33, all from Cardiff.

(1st November 2017)


(The Telegraph, dated 11th October 2017 authors Ben Farmer and Alec Luhn)

Full article [Option 1]:

Popular anti-virus software used by hundreds of thousands of people and businesses in Britain was reportedly hijacked by Russian government hackers to trawl for American secrets.
Cyber spies allegedly used software from the Russian firm Kaspersky Lab which is installed on computers around the world to improvise a search tool and look for the codenames of secret US programs.

Discovery of the operation led the American government to last month order the removal of the software from its computers, the New York Times reported.
The software is used by 400 million people worldwide and is one of the most widely used anti-virus tools in Britain, installed by hundreds of thousands to protect their computers from cyber crime.

The National Cyber Security Centre, the offshoot of GCHQ responsible for securing online life in Britain, said it did not give guidance on whether the software was safe to use.

Computer users must give their anti-virus software widespread access to files so they can be scoured for viruses. But such access potentially makes the software a perfect "backdoor" for hackers, according to computer experts.
Kaspersky Lab has repeatedly denied accusations it is complicit in Russian state cyber operations. Technical experts said hackers may have gained access to its software without the firm knowing.

The firm on Wednesday said it had "never helped, nor will help, for any government in the world with its cyberespionage efforts" and said its software "does not contain any undeclared capabilities such as backdoors as that would be illegal and unethical".

The scale of the intrusion was reportedly discovered more than two years ago when Israeli officials who had hacked into Kaspersky networks themselves saw evidence of Russian activity.

The Israelis warned America's National Security Agency (NSA) that they had witnessed Russian hackers using Kaspersky's access to search for US secret programs and send any findings back to Russian intelligence systems.

The Russian operation stole classified documents from one NSA employee who had stored them on his home computer which was installed with Kaspersky software.

Computer users must give their anti-virus software widespread access to files so they can be scoured for viruses. But such access potentially makes the software a perfect "backdoor" for hackers, according to computer experts.
Kaspersky Lab has repeatedly denied accusations it is complicit in Russian state cyber operations. Technical experts said hackers may have gained access to its software without the firm knowing.

The firm on Wednesday said it had "never helped, nor will help, for any government in the world with its cyberespionage efforts" and said its software "does not contain any undeclared capabilities such as backdoors as that would be illegal and unethical".

The scale of the intrusion was reportedly discovered more than two years ago when Israeli officials who had hacked into Kaspersky networks themselves saw evidence of Russian activity.

The Israelis warned America's National Security Agency (NSA) that they had witnessed Russian hackers using Kaspersky's access to search for US secret programs and send any findings back to Russian intelligence systems.

The Russian operation stole classified documents from one NSA employee who had stored them on his home computer which was installed with Kaspersky software.

The NSA said in September it was ordering the software off its computers because of the "risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products".

Kaspersky Lab estimates it has 400million users worldwide, but would not say how many people or which firms used its software in Britain. UK consumer research from Mintel last year showed it was used by seven per cent of people using anti-virus software.

A statement said: "Kaspersky Lab was not involved in and does not possess any knowledge of the situation in question.
"As the integrity of our products is fundamental to our business, Kaspersky Lab patches any vulnerabilities it identifies or that are reported to the company."

The firm said it wanted to work alongside the US authorities "to address any concerns they may have about its products as well as its systems".

Eugene Kaspersky, founder of the firm, has for years strongly denied accusations his company provides intelligence to the Kremlin and called suspicions of its ties there "total BS".

He was trained at a KGB cryptography institute and later served as an intelligence officer in the Soviet army. Although he left to start his company, Mr Kaspersky has kept up ties with the state. He has said he has friends in the interior ministry and the FSB, the KGB's successor agency, and told WIRED magazine that it was thanks to "very good relations" with the security service and police that he was able to quickly recover his son when he was kidnapped.

Russia is known for its high level of online surveillance: The FSB is able to monitor all telephone and Internet communications through surveillance boxes installed at all telecom providers, a system known as SORM.

(1st November 2017)

(EU Observer, dated 10th October 2017 author Nikolaj Nielsen)

Full article [Option 1]:

Preventing the arrival of immigrants with no legal rights to the EU is more important, in terms of EU policy priorities among member states, than fighting terrorism and online child pornography.

Erkki Koort, who chairs an internal security group at the European Council, representing member states, told MEPs on Tuesday (10 October) that fighting "the facilitation of illegal migration" involves more EU states than any other crime.

"For the upcoming [EU policy] cycle, the areas with the biggest number of member states participating are first [against] the facilitation of illegal migration," he said.

Human trafficking ranked second, followed by synthetic drugs and then more conventional narcotics like cannabis and cocaine. Koort then listed weapons trafficking and child sexual exploitation as near the bottom of the priorities. Other big ticket issues included value-added tax fraud, which followed child sexual exploitation.

While he noted the importance of fighting terrorism, he said it shouldn't act as a distraction against "extremely important aspects of security, notably organised crime."

The EU Council had in May outlined the same policy priorities when it comes to combatting organised crime but did not rank them in terms of importance.

Koort was discussing the same priorities but in the wider context of the upcoming so-called 'EU policy cycle' that stretches from 2018 until 2021.

Part of that assessment stems from a report by the EU police agency, Europol, which in March declared the existence of more than 5,000 international organised crime groups currently under investigation in the EU.

(1st November 2017)

(The Register, dated 10th October 2017 author Iain Thomson)

Full article [Option 1]:


Last month, US credit score agency Equifax admitted the personal data for just under 400,000 UK accounts was slurped by hackers raiding its database. On Tuesday this week, it upped that number ever-so-slightly to 15.2 million.

In true buck-passing fashion, at the time of writing, Equifax hadn't even released a public statement on the matter. Instead it fell to Blighty's National Cyber Security Centre to reveal the bad news that a blundering American firm had put them at risk of phishing attacks.

"We are aware that Equifax was the victim of a criminal cyber attack in May 2017," the NCSC said in a statement today.

"Equifax have today updated their guidance to confirm that a file containing 15.2m UK records dating from between 2011 and 2016 was attacked in this incident. NCSC advises that passwords are not re-used on any accounts if you have been told by Equifax that any portion of your membership details have been accessed."

Any answers to security questions - such as your mother's maiden name - given to Equifax during an account signup should now be considered compromised, the NCSC warned, and should be changed for other websites, if possible. Names, home and email addresses, telephone numbers, and account recovery question and answers were swiped by the hackers, and will be a boon to phishers obtaining the records, the centre warned.

UK folks should be on the look out for phishing emails asking for their financial information or luring them to fake websites using their Equifax records to make the messages look legit. Recipients will likely get an email quoting their home address and some digits of their phone number to prove its authenticity.

Hackers got into Equifax's servers in May this year by exploiting an flaw in Apache Struts for which it had neglected to apply a patch. It took until July, though, for the biz to find out it had been infiltrated, and it stayed quiet until early September when it admitted 143 million US citizens had their info exposed to miscreants. Some senior executives sold off their stock days before the world learned of the hack, conveniently. A week later, the biz said about 400,000 Brits had also been hit in the IT break-in.


You'd have thought that with that amount of time to play with, and the nature of the information involved, Equifax would have given a bravura performance in how to deal with a database security breach. Instead, to describe the company's response as a car crash is unfair to automakers. Its website detailing the hack,, looked so unofficial and rushed together that many initially feared it was a phishing site itself, and the credit agency later had to stress that signing up for free credit monitoring as a result of the attack would not waive your rights to sue.

Next, Equifax's chief security officer and chief information officer left the outfit - not fired but instead allowed to retire with their golden parachutes. Shortly before trying to blaming a single lowly IT staffer on the cockup, CEO Rick Smith also jumped ship, taking his $90m retirement pot with him.

In the meantime, outside investigators were checking up on Equifax's servers. Last week they upped the number of affected US citizens to 145.5 million, and that a probe into the UK side of things was still ongoing. The UK investigation ended on October 2, according to Equifax. Eight days later, the bad news comes out and hundreds of thousands of British peeps are now on high alert.

While it has lost three senior executives in well-compensated disgrace, it looks unlikely Equifax will face any further sanctions. After all, we're not customers of Equifax who can refuse to provide data for its servers - it just collects it all, one way or another, and sell it on to others.

The US government certainly doesn't seem interested in causing Equifax grief. Instead, its Internal Revenue Service awarded the biz a $7.5m no-bid contract last week to provide - you guessed it - identity verification services. With tough action like that, things will obviously get better. ®

Stop press

Just as we were hitting the publish button, Equifax emitted the following clarification, saying the actual number of people in the UK seriously affected is about 700,000 due to duplicated data:

Today Equifax can confirm that a file containing 15.2m UK records dating from between 2011 and 2016 was attacked in this incident. Regrettably this file contained data relating to actual consumers as well as sizeable test datasets, duplicates and spurious fields. Equifax has brought every analytical tool, technique and data asset it has available to bear in order to 'fill in the blanks' and establish actual consumer identities and attribute a current home address to them. This complete, we have been able to place consumers into specific risk categories and define the services to offer them in order to protect against those risks and send letters to offer them Equifax and third-party safeguards with instructions on how to get started. This work has enabled us to confirm that we will need to contact 693,665 consumers by post.

The balance of the 14.5m records potentially compromised may contain the name and date of birth of certain UK consumers. Whilst this does not introduce any significant risk to these people Equifax is sorry that this data may have been accessed.

(1st November 2017)

(International Business Times, dated 9th October 2017 author Jason Murdock)

Full article [Option 1]:

A new national crime hub designed to help investigate and prosecute online hate crime will be operational by the end of the year, the Home Office has revealed.

The scheme, managed by officers from the National Police Chiefs Council (NPCC), will spearhead Internet-based hate crime cases and ensure they are managed effectively.

The plans were touted by UK home secretary Amber Rudd a week after announcing tough new jail terms for those caught viewing terrorist content online.

According to the government, the new hate crime hub will assess whether reports could be considered criminal acts and will also liaison with online platforms - such as social media companies like Facebook and Twitter - hosting any hateful material on the web.

It will seek to identify the culprits of online hate and feed the intelligence it collects into the wider National Intelligence Model - a police database which gathers case information on a wide range of crimes to "help guide policing strategies."

While the Home Office said that the hub is expected to be up-and-running by the end of 2017, an exact timescale or funding model was not published by the British government.

The primary aim will be to "improve the police response" to hate crime online, it said.

"Online hate crime is completely unacceptable," Rudd said. "What is illegal offline is illegal online, and those who commit these cowardly crimes should be met with the full force of the law.

"The national online hate crime hub that we are funding is an important step to ensure more victims have the confidence to come forward and report the vile abuse to which they are being subjected.

"The hub will also improve our understanding of the scale and nature of this despicable form of abuse. With the police, we will use this new intelligence to adapt our response so that even more victims are safeguarded and perpetrators punished."

The news comes after Alison Saunders, the director of public prosecutions at the UK's Crown Prosecution Service (CPS), pledged to bulk up the response to internet-based attacks. She made the strong-worded comments in an August op-ed for The Guardian newspaper.

"Whether shouted in their face on the street, daubed on a wall or tweeted into their living room, hateful abuse can have a devastating impact on victims," she wrote.

"My message to victims is that the CPS, police and others in the criminal justice system are ready to listen and, where we have the evidence, to hold those committing hate crimes to account."

Worried about a child? You can contact the NSCPCC's trained helpline counsellors for 24/7 help, advice and support: Telephone : 0808 800 5000.

(1st November 2017)

(Manchester Evening News, dated 9th October 2017 author Rebecca Day)

Full article [Option 1]:

Greater Manchester has TWO of the top ten 'crash for cash' scam areas in the country.

Cheetham Hill, in north Manchester, is the sixth worst area in the UK for the scam.

And the OL8 postcode of Hollinwood, in the southwest of Oldham, was ranked ninth in the list of hotspots for the insurance claim racket.

The illegal scheme involves fraudsters deliberately staging a car crash or damaging their vehicle, in order to make a false personal injury claim.

The data was revealed by the Insurance Fraud Bureau (IFB), which calculated how many claims have been made nationally.

In 2015, the M.E.N reported how a gang of 16 fraudsters were locked up for their part in an illegal crash for cash plot stretching from Chorlton to Failsworth, Salford and Newcastle.

The gang swindled a total of £225,000.

The majority of the top 30 hotspots are in the north west and Midlands, with Birmingham being the most high-risk area. The number of victims in each area have not been given.

It's a dangerous and costly scam - the total cost of payouts by the car insurance industry is around £336 million a year.

Ben Fletcher, director of the IFB, also warns the scam 'endangers lives'.

He said: "These scams may seem to some to be a harmless way to beat the system and get an easy pay out with minimal risk. The reality is that not only do those people now stand a very good chance of getting caught and facing the consequences, but these scams put other motorist's lives at risk.

"Fraudsters are taking vehicles out on public roads and forcing innocent people into needless collisions.

"Not only does that present a real risk of injury, but sadly we know of at least one fatality that has occurred as a result of these incredibly dangerous and reckless incidents.

"These hotspots may be the worst affected areas for these types of scams, but crash for cash collisions can happen anywhere, so it's imperative that road users are aware of them, exercise appropriate caution and if they believe they've been a victim, report it as soon as they can."

Anyone who thinks they may be the victim of a Crash for Cash scam is urged to contact police on 101 or report it to the IFB's free phone number 0800 422 0421.

Here are the UK's top ten hotspots, according to the Insurance Fraud Bureau

1. Birmingham B8

2. Birmingham B6

3. Birmingham B10 and Bradford BD9

5. Bradford BD8

6. Cheetham Hill, Manchester M8

7. Bradford BD3

8. Birmingham B25

9. Hollinwood, Oldham OL8

10. Birmingham B11


Insurance Fraud Bureau website :

(1st November 2017)

(The Register, dated 9th October 2017 author John Leyden)

Full article [Option 1]:

Keeping the UK safe from cyber attacks is now as important as fighting terrorism, the new GCHQ boss has said.

Jeremy Fleming, director of the signals intelligence service, said increased funding for GCHQ was being spent on making it a "cyber-organisation" as much as an intelligence and counter-terrorism unit.

Fleming, who joined GCHQ from the security service (MI5) earlier this year, told The Telegraph: "If GCHQ is to continue to help keep the country safe as we prepare for our second century, then protecting the digital homeland - keeping our citizens safe and free online - must become and remain as much part of our mission as our global intelligence reach and our round-the-clock efforts against terrorism."

The UK's National Cyber Security Centre said last week that there had been 590 "significant" cyber attacks needing a national response in the last year, as previously reported. This included the WannaCry ransomware outbreak that disrupted the operations of several NHS trusts back in May and attacks on parliamentary email systems in June, among others.

Fleming's take on the importance of cybersecurity are the most extensive public comments he has made since leaving MI5 to head up GCHQ, but they shouldn't be confused as a significant shift in priorities or policies by the UK government. For example, the government reaffirmed cyber as a tier-one threat in its 2015 National Security Strategy (PDF, page 13) and has committed to spending £1.9bn between 2016 and 2021 on updating this. Cyber has been treated as a tier-one threat since the 2010 defence review.

(1st November 2017)

(BBC News, dated 7th October 2017 author Zoe Kleinman)

Full article :

In the flesh, Wayne May (not his real name) is an affable gentleman in his late 40s, softly spoken with a lilting Welsh accent.

When we meet he's casually dressed in jeans and a Batman T-shirt. He works full-time as a carer.
On the net, he's a tireless defender of scam victims and a fearless scam baiter - a person who deliberately contacts scammers, engages with them and then publishes as much information about them as possible in order to warn others.

He regularly receives death threats, and his website, Scam Survivors, is often subjected to attempted DDoS attacks - where a site is maliciously hit with lots of web traffic to try to knock it offline.
But Mr May is determined to continue helping scamming victims in his spare time, and has a team of volunteers in the US, Canada and Europe doing the same.

Scam Survivors is not an official platform - in the UK victims are encouraged to contact Action Fraud - but the team has dealt with 20,000 cases in the past 12 years, he claims.

According to the Office for National Statistics there were 1.9 million reports of "cyber-related" fraud in the year ending March 2017 in England and Wales. But the report also says that many incidents go unreported.

The Australian Competition and Consumer Commission website says nearly AUS$13m (£8m, $10m) has been lost this year to romance fraud alone.

Scamming may be an old trick but it's still an effective one.

Mr May, who does not charge but invites donations on his website, says his website gets up to 10,000 hits a day and the group also receives up to two dozen messages a day from people who are victims of sextortion - when a person is blackmailed after being persuaded to carry out a sex act on webcam, which is then recorded.
"A lot of people, when they come to us are already so far deep into it, they have nowhere to turn," he says.

"They're not stupid, they're just unaware of the scam."

"It's not obvious [that it's a scam] if they've never experienced it before."

He discovered he was "rather good" at baiting romance scammers and found relatives of victims were approaching him to help loved-ones.

"I started dealing more with the victims of the scams rather than the scammers themselves, so my priorities changed then from just having fun to actually helping people."

Many scams are not a particularly sophisticated form of fraud.

"There are constantly new scams coming out, and we need to be aware of those," says Mr May.
"But a lot of the scams aren't high-tech, they simply write messages to people and that's it.
"You might think, 'I'm not going to fall for this scam' but then you'll fall for another one. The scammers will find a chink in your armour."

The first thing Mr May has to explain to those who get in touch is that Scam Survivors cannot recover any money the victim has been persuaded to hand it over.

In his experience, the average victim will end up around £1,000 out of pocket, but some will go a lot further - one man who recently made contact with the support group had given more than £500,000 to a male Russian scammer he thought he was in a relationship with.

"We say upfront, we can't get your money back. We can't offer you emotional support. We're not psychiatrists. We're just people who know how scams work and how to deal with them," he says.

To prevent being a victim, his advice is simple: "Google everything."
Search the images you are sent, the messages you receive - often scammers use the same material and the more widely shared it is, the more likely it is to end up on a website dedicated to exposing scams.

If you fear blackmail, Mr May suggests setting up an alert so that you are notified if your name is mentioned online. If, in the case of sextortion, a video is published on the net, you will then know straight away and can report it, as you are likely to be tagged in it.

"Be aware and learn how to search everything," he says.
"If someone sends you a picture or text, search it, try to find out as much as you can. If you're unsure don't send them money."

Action Fraud, the UK's national fraud and cyber-crime reporting service, said all scams reported to it are passed on to the National Fraud Intelligence Bureau, which is part of City of London Police.
However, a spokeswoman told the BBC that only around 30% of all fraud cases had "viable lines of inquiry".
"We know that at these levels it is difficult for law enforcement agencies to investigate all these crimes," said a spokeswoman.
"We have to maximise our resources where there is the best chance of a successful investigative outcome."

Professor Alan Woodward, cyber-security expert from Surrey University, said it was still important to keep reporting scams to the national body even if individual justice was not always possible.
"For those contacting Action Fraud UK to report a crime it may appear that little happens, but your information is vital in constructing an accurate picture of where, when and how online scams are occurring," he said.
"It may be that the police are unable to solve your individual crime but by studying the big picture they are able to zero in on the scammers.
"Your report could be vital in completing the overall picture and enable law enforcement to prevent others suffering as you have."

No sympathy

Some people argue that the scammers themselves are also in desperate situations - many of them operate in some of the poorest parts of the world, such as West Africa and the Philippines.
Wayne May has no sympathy.
"These people aren't Robin Hood types," he says.
"If you go online and scam people you have the money to go online, if you can't afford food you can't spend hours in an internet cafe."
He is, however, haunted by one occasion when a woman from the Philippines he was scam-baiting offered to perform on webcam for him. When he declined she then asked if she should involve her sister.
"She called this girl over and she couldn't have been more than nine or 10," he recalls.
"That horrified me. I said, 'Don't do this, not for me, not for anybody. You shouldn't do this'. I couldn't talk to her again after that. I had to completely walk away."
He says he has no idea what happened to her.
"I can't let it affect me too much, otherwise I wouldn't be able to do what I do," he said.
"I've been doing it for almost 12 years now, and if I let every case affect me I'd be a gibbering wreck in the corner."

Common Scams

Romance - when a scammer builds an intense online relationship with someone, then asks for money
Sextortion - when a victim is persuaded to carry out a sex act on webcam which is then videoed and the scammer demands a ransom in return for not publishing the content on the net
Pets - a pet is advertised for sale, and then fees are demanded in order to get the pet to its new owner. The pet does not exist.
Hitman - Someone claims to be a hitman and says that they have been paid to kill you. They then say that if you are prepared to pay more, they will not carry out the threat.
419 - named after section 419 of the Nigerian criminal code - claiming money from another person under false pretence: such as needing assistance to release a large sum of fictional inheritance.

Advice for victims

- Drop all contact with the scammer.
- Don't try to track them down - remember, the scammer has your real details and possibly compromising information about you. It's not worth the risk to continue talking to them, and especially not worth confronting them.
- If you sent cash, there's no realistic way to get it back - beware the "recovery scam" where the scammer then claims to be an agency able to get the money back, for a fee.
- Contact the police.
- Share as many details about the scam as you can to warn others.

(1st November 2017)

(Consumerist, dated 6th October 2017 author Kate Cox)

Full article [Option 1]:

For months, government agencies have been warning that popular antivirus software could be giving Russian intelligence agencies a back door into American computers and secrets. Now a new report says not only that it could happen, but that it already has, at least once.

The Wall Street Journal reports that hackers working for the Russian government were able to access "highly classified" National Security Agency documents after a worker for the agency opened them on a computer using Kaspersky products.

The theft actually happened in 2015 but wasn't discovered until 2016, sources told the WSJ. The contractor opened work files - which included detailed data about how the NSA accesses and penetrates foreign computer networks - on his home PC, at which point the hackers were able to access them.

Kaspersky products have never been authorized inside of the NSA, the Journal notes. Employees and contractors were "advised" not to use them at home, but were not prohibited from doing so at the time of the 2015 incident. However, many other security-related agencies, including including the Army, Navy and Air Force and the departments of Defense, State, Homeland Security, Energy, Veterans Affairs, Justice, and Treasury all used Kaspersky software at some point, the WSJ adds.
Reputable goods

Until earlier this year, Kaspersky Lab for the most part largely enjoyed a very positive reputation in the United States.

The company, named for founder Eugene Kaspersky, began operations in Russia in 1997 and expanded its offerings to the U.S. in the years immediately after.

Its antivirus and security products have been consistently well-regarded since the early 2000s. Just last month, for example, PC Mag gave Kaspersky one of its "editors' choice" stamps in its annual antivirus rankings roundup.

The company offers a full security suite of products for home, small business, and enterprise users, and also now offers mobile products as well. At this point, Kaspersky Lab is one of the largest cybersecurity and antivirus companies in the world, boasting about 400 million users.

And that was all well and good, for a while… and then 2017 happened.
Russia whatnow?

Bloomberg actually reported on Kaspersky's ties to Russian intelligence back in 2015. While those reports gained some attention among national security officials, they went by and large unremarked in the wider world.

Security expert Brian Krebs told NPR in 2015 that he personally used Kaspersky products, and thought the concerns about them were largely overblown.

"If Kaspersky Labs wanted to do something bad, there's absolutely no question that they could," he told NPR - perhaps prophetically - at the time.

But, he added, "if Kaspersky was somehow found to be acting at the behest of the Russian government to spy on its customers, I think they'd pretty much be out of business overnight."

Here in 2017, however, concerns about Russian interference in American politics, intelligence, and affairs have been spiraling up in D.C. for months - and that includes Kaspersky.

This breach, the WSJ notes, is the first known instance of Russian entities actually using Kaspersky software to conduct espionage against the U.S. government. The suspicion that they could do so, however, has been slowly brewing for years and accelerating rapidly this year.

The company's reputational downfall in the U.S. has been swift:

- May: The heads of several intelligence agencies tell the Senate Intelligence Committee that they have concerns about Kaspersky software.

- July: Bloomberg again reports that Kaspersky not only has loose ties to Russian intelligence, but in fact has been working with the FSB (Russia's main intelligence agency).

On the same day, the federal government removes Kaspersky Lab from the list of approved vendors that U.S. agencies are allowed to do business with.

- August: The FBI reportedly approaches companies in the private sector and asks them to phase out any use of Kaspersky products.

- September: Best Buy stops selling any Kaspersky products either in stores or online.

A few days later, the Department of Homeland Security formally orders any federal agencies using Kaspersky software to stop, providing 30-, 60-, and 90-day windows for identifying what products are in use and figuring out how to replace them.

A spokesperson for the NSA declined to comment on the security breach to the WSJ, saying, "Whether the information is credible or not, NSA's policy is never to comment on affiliate or personnel matters."

(1st November 2017)

(The Guardian, dated 6th October 2017 author Sarah Marsh)

Full article [Option 1]:

A growing number of teenage girls are being approached online by fake model recruiters who lure them into sending indecent images of themselves, which are later used to extort money.

Facebook and Instagram accounts are being set up in the names of leading model agencies such as Storm Model Management, which discovered Kate Moss and represents Cindy Crawford.
Girls receive messages from someone who claims to be recruiting for the agency; they are encouraged to send topless photos or conduct a Skype interview in which they are asked to remove their clothes or wear lingerie.

Sarah Doukas, the managing director of Storm, said that in the past two years the number of calls the agency had received about scam agents had risen from one a week to almost daily messages.
"The rise of social media has impacted greatly on why modelling agency scams are increasing," Doukas said. "Firstly, a lot of young people's Instagram accounts are not private, and consequently they are easy to approach. Secondly, fraudsters are becoming more sophisticated because of social media generally.

"We are getting more scammers posing as 'friends' of the model agency and offering an introduction to us, and this is not legitimate. There was one example recently, which went on for several months, where a vulnerable girl was invited to a shoot and she ended up taking her clothes off. She had been approached by a fraudster claiming to know me."

In the UK last year there were 327 reported cases of scam model recruiters. DI Chris Felton, crime manager at the National Fraud Intelligence Bureau, said a "significant" number involved scammers operating on social media.

"Social media means [scammers] can now reach a larger audience than previously, and if you are after a younger demographic then it's an easy way to reach them," he said. "[The number of cases of scam model recruiters] may have gone up slightly, but if you look back, social media will have played a bigger role because it's how people communicate now."

In other instances, girls are asked to pay extortionate amounts of money to get portfolios or "comp cards" (essentially a business card). A legitimate agency would offer these for free.

Doukas said: "Young people and their parents or guardians must be vigilant and defensive - do not trust anyone until you have established they are legitimate, and do your research."

Alex Haddad, the director of BMA Models, said his agency was receiving 10 phone calls and 20 emails a week about scam agents - nearly twice as many as last year.

"[Scammers] use names from our agency, a booker or agent. They have used different people in the past - our website has a history of who works here on it. They then contact people from Snapchat, Instagram and Facebook and pretend to be a headhunter or recruiter," he said. "They will say they are scouting for models and ask for pictures, sometimes they ask for naked shots ... We are getting phone calls from concerned parents saying, 'Is this a scam? What is happening?'

"Some of them do Skype calls which are so-called interviews, and they ask things like, 'Would you shave your head or go topless?' It's always young girls who get targeted."

Jessica Barker, co-founder of the cyber security consultancy Redacted Firm, said she had heard cases of girls being lured into sending sexually explicit images and told the photos would be posted online unless the scammers were paid.
"Teenage girls using Instagram and sharing pictures get approached by someone who has a profile looking like a modelling scout or talent scout for TV and film, often in the US," she said.

"They say the girls look great and have the right look for film or whatever modelling campaign they are supposedly doing. Then they ask, 'Can we see some more pictures?' They flatter the girls a lot and give them hope in terms of what they are looking for. They encourage the girls to then share explicit pictures, and when they do they try to extort them of money."

Barker added: "Awareness is key. This form of attack is very unknown and people are not talking about it much in media. If you're in this situation, approached by someone asking you for explicit images, don't send them. A reputable model agency, for example, would never ask for someone to send naked images of themselves. If you have sent the images and are worried about being scammed, or you have received threats, tell a trusted adult."

(1st November 2017)

(The Register, dated 5th October 2017 author Kat Hall)

Full article [Option 1]:

The National Cyber Security Centre responded to 590 "significant attacks" over the last year including WannaCry, MPs' email addresses being targeted due to weak passwords and various threats to other large organisations.

The body was created in October last year, bringing together previously separate parts of government, MI5 and GCHQ. Its aim is to support and advise the public and private sectors on how to avoid computer security threats.

Over that time the body said it has also managed to reduce the time phishing sites are hosted for in the UK from 27 hours to less than an hour.

Other measures introduced include getting government departments to adopt the Domain-based Message Authentication Reporting and Conformance protocol (DMARC) to combat fake emails by validating whether the communications come from the said organisation.

Something we hope Home Sec Amber Rudd has set up.

DMARC has already prevented a huge number of potential attacks - for example, blocking at 120,000 emails from a spoof address.

Other measures include setting up a filtering service to stop government systems verging onto malicious websites by using data gathered from commercial partners and GCHQ.

Undoubtedly WannaCry was the biggest threat the unit responded to over the last 12 months. The outbreak led to "the first ministerial COBRA meeting following a cyber attack," said the report.

WannaCry affected more than 100 countries, including Spanish telecoms and German rail networks. In total, 47 NHS trusts were affected in the UK. More than 230,000 computers were hit globally.

Ciaran Martin, CEO of the NCSC, said: "The UK faces threats from across the globe on a daily basis and while we have brought together unprecedented expertise to defend the UK, it's not a question of 'if' cyber attacks will happen, it's a matter of when.

"The NCSC's first duty is to manage and mitigate against attacks. Our anniversary report shows the progress we have made working with government, industry and individuals to create a truly lasting national asset.

Public sector bods including police, the NHS and local authorities have named the growing threat of ransomware one of their biggest areas of concern next year.

(1st November 2017)

(London Evening Standard, dated 5th October 2017 author Hatty Collier)

Full article [Option 1]:

A leading trauma surgeon has told how the number of patients treated for gunshot injuries at a major London hospital has doubled in the last five years.

Martin Griffiths, a consultant vascular and trauma surgeon, said medics at the Royal London Hospital in Whitechapel where he works were expecting to treat 50 to 60 victims of gun crime this year alone.

He said the hospital's major trauma centre had seen a bigger rise in gunshot injuries compared to knife wounds and that the average age of victims was getting younger.

Dr Griffiths, who works with at-risk teenagers to prevent them from becoming involved in gangs and violent crime, made the remarks at a meeting held by the London Assembly Police and Crime Committee on Thursday.

Last year, gun crime offences in London increased for a third year running and by 42 per cent, from 1,793 offences in 2015/16 to 2,544 offences in 2016/17. Police have seized 635 guns off the streets so far this year.

Dr Griffiths, who also teaches medical students, said: "Our numbers of victims of gun injury have doubled [since 2012]. Gunshot injuries represent about 2.5 per cent of our penetrating trauma.

"Year on year, we have seen a 20 to 30 per cent rise in the past two or three years. We will admit 50 to 60 patients this year with gunshot injuries.

"We'll also seen a dozen or so under the care of our pre-hospital team who will die at the scene of injury."

Dr Griffiths said the average age of gun crime victims needing treatment at the hospital had decreased from 25 to the mid to late teens since 2012.

He added that medics at the Barts Health hospital's major trauma centre in Whitechapel had seen a bigger rise in patients with gun injuries rather than knife wounds and that most were caused by pistols or shotguns.

Met Police commander Jim Stokley, who was also invited to speak at the meeting, said that handguns and shotguns were the weapons of choice and that 46 per cent of London's gun crime discharges were gang-related.

He said: "We believe that a lot of it is associated with the drugs trade, and by that I mean people dealing drugs at street level and disagreements between different gangs."

Detective Chief Superintendent Kevin Southworth, head of the Met's Trident and Area Crime Command, said: "Seventy per cent of crimes we recover a cache of class A drugs with the weapon."

Dr Griffiths said he believed that introducing at-risk young people to a victim of gun crime who has been left disabled could be a useful prevention technique.

"When you talk to people about knife and gun injury, they think they're going to either be alive and fine or dead but they are very concerned about cosmetic injuries about colostomy bags about smelling bad, about being disfigured and about being disabled and those are much more horrific than being alive or dead. I think that's where the real leverage comes from when we're talking about gun injury," he said.

"I think meeting a gun victim who has been disabled is much more of a powerful stimulus for change."

He added that most victims of violence often want to retaliate and that investing in supporting families and building communities could help to prevent that.

"We need to fund initiatives properly and deliver into the community; that way we will have success. We need long-term planning and delivery. It's about planning from birth through to death and helping to support and build communities.

"It's not about sticking plasters, it's not about sewing up patients, it's about preventing injuries, understanding communities, supporting communities, and investing in youth."

(1st November 2017)

(Railway Magazine, dated 4th October 2017 author N Devereux) [Option 1]

The initiative was launched in 2015 by Railway Children - a charity that supports children who run away from home or are forced to leave because of poverty, violence or neglect - in close partnership with British Transport Police (BTP) and the rail industry to make the UK railway network a safer place for vulnerable children.

According to Railway Children, a child runs away from home every five minutes in the UK, and it is estimated 16,500 children are at risk of sexual exploitation every year.

Latest figures from BTP show its officers handled nearly 5,000 child safeguarding incidents in 2016, of which 1,620 (or 33%) were children who had run away or gone missing.

The individual railway stations to record the highest number of runaway or missing incidents last year were Manchester Piccadilly, Glasgow Central, Leeds, Birmingham New Street, and London Victoria.

A report published in 2014 by Parliament's Transport Select Committee also added momentum to the initiative, after recommending BTP should be brought in line with other police forces, which set targets to assess how well they support vulnerable children.

Since then, Railway Children has been working with BTP, operating companies and other charities to ensure incidents are reported and the right support is made available at the right time for 16 and 17 year olds.

Public Transport a hot spot for vulnerable children

A part of the programme (Safeguarding on Transport - ST), railway station staff have been given training on how to spot vulnerable children following warnings public transport is a hotspot for young people who have run away from home and are at risk of exploitation.

On September 14th, 2007, 14 year old Andrew Goosden walked out of the family home in Doncaster, boarded a train to London with a one way ticket, and then simply vanished. A short sequenceof CCTV stills captured that morning at Kings Cross station represents the last positive sightings of the schoolboy. Ten years later, Andrew is the face of the Missing People charity's FIND EVERY CHILD campaign.

Gaynor Little, Railway Children's Head of UK Programme - Safeguarding on Transport, said :" Often the perception can be that a young person seen loitering, for example is a source of trouble when in reality they could be overwhelmingly vulnerable and in need of help. The training we have developed with BTP will help railway station staff, including retail workers, identify children who before might have gone unnoticed.
"About 100,000 under 16s run away each year, with many becoming vulnerable to grooming and sexual exploitation, and areas surrounding major stations are a particular concern," added Gaynor.
"Our long term aim is to create a national safety network throughout the UK transport system, with improved staff awareness and confidence in how to respond when suspecting a young person is at risk."

New safeguarding project for Manchester transport hub

In June this year, Railway Children also launched its first project in Manchester as part of the ST programme. Since the launch, a significant number of children have already been referred to the new project by BTP's safeguarding unit after being identified as being at risk, and to prevent the slipping through the net in terms of professional support to ensure their safety and emotional well-being.

In these first few months, Railway Children's Manchester project has dealt with missing children and runaways, with complex issues including mental health problems, self harm, sexual exploitation, violence and conflict. All these young people and their families have then received follow-up support, either with a visit, by phone or letter. The project workers also liaise with local care homes, social workers and childrens services departments to help ensure appropriate support is put in place and to try and prevent repeat referrals. Nationally, there are plans to expand the Manchester project, with five more schemes planned over the next five years. These will be at locations identified by BTP and Railway Children as having most safeguarding incidents.

A real impact on the lives of young people

One young person who was found intoxicated at a North West station, has agreed to one-to-one work after feeling very depressed and suicidal. She had wante to step in front of a train and felt there was no-one helping with her mental health needs. Project workers have met with her and her family and further support has been provided.

Similar support is also being offered to a family after a young man witnessed his father assaulting a member of staff on a train while he was heavily intoxicated. Project workers are liaising with childrens service's to make sure this family have support for any issues at home with alcohol and domestic violence. They are also ensuring thee young person has a safe adult to talk to and get advice from.

Gaynor said: " Our project workers take referrals directly from BTP and provide ongoing support to children and families in whatever way best suits the individual case.

"During the first three months of this project we have been able to make some vey positive interventions. By sharing information and pooling our expertise, we can make aa real impact on the lives of young people who might otherwise be overlooked.

"The success of the programme also depends on the continued support from key partners such as the Railway Magazine and BTP. Railway Children is also delighted to be able to play a part in celebrating The Railway Magazine 120th anniversary and greatly appreciates the support from the publication and its readers in helping to improve the protection of vulnerable children in the UK."

Keeping children safe is everyone's responsibility

According to Railway Children's ST Programme partner British Transport Police, making the rail network a safer place for children is not just the responsibility for professionals from the voluntary and public sector.

Superintendent Richard Mann says: " We all have a responsibility to protect vulnerable children in our community. We are asking passengers and rail staff to be aware of young people who might need help.
"They may be travelling on their own, appear upset or with someone older than them who does not appear to be a relative. Even if the report turns out to be nothing, thats ok. We would rather look into all reports than not be told because someone is worried that they have been mistaken."

He added: " And if you are a young person who thinks you, or someone you know, might need help - or you'd just like to ask us a question, we're here for you. Whatever you need to tell us, you won't be judged or blamed, and we have specially trained people at railway stations who can help".

(1st November 2017)


(BBC News, dated 4th October 2017)

Full article :

uaware note : figures displayed in original article graphs

The worst mass shooting in the United States in modern times has once again raised questions about gun ownership and whether there should be tougher controls.

How does the US compare with other countries?

About 40% of Americans say they own a gun or live in a household with one, according to a 2017 survey, and the rate of murder or manslaughter by firearm is the highest in the developed world. There were more than 11,000 deaths as a result of murder or manslaughter involving a firearm in 2016.

An international comparison of gun-related killings as a % of all homocides

US (2016) : 64%
England and Wales (2015/16) : 4.5%
Canada (2015) : 30.5%
Australia (2013/14) : 13%

Homicides are taken here to include murder and manslaughter. The FBI separates statistics for what it calls justifiable homicide, which includes the killing of a criminal by a peace officer or private citizen in certain circumstances, which are not included.
Who owns the world's guns?

While it is difficult to know exactly how many guns civilians own around the world, by every estimate the US with around 270 million is far out in front.

Top 10 civilian gun-owning countries

(Firearms per 100 residents) - Source : Small Arms Survey (2011)

United States : 99
Yemen : 55
Switzerland : 45
Finland : 44
Cyprus : 36
Saudi Arabia : 35
Iraq : 34
Uruguay : 32
Canada : 31
Austria : 30

Switzerland and Finland are the European countries with the most guns per person - they both have compulsory military service for all men over the age of 18. Cyprus, Austria and Yemen also have military service.

How do US gun deaths break down?

There have been more than 90 mass shootings in the US since 1982, according to investigative magazine Mother Jones.

Up until 2012, a mass shooting was defined as when an attacker had killed four or more victims in an indiscriminate rampage - and since 2013 the figures include attacks with three or more victims. The shootings do not include killings related to other crimes such as armed robbery or gang violence.

The overall number of people killed in mass shootings each year represents only a tiny percentage of the total number.

Mass shootings account for a tiny proportion of all gun deaths

Off the total 33,594 who died in 2014 there were :

- 21,386 Suicides
- 11,008 Homocides (of which 14 died in mass shootings)
- 1,200 Other ( includes accidental deaths and war casualties)

There were nearly twice as many suicides involving firearms in 2015 as there were murders involving guns, and the rate has been increasing in recent years. Suicide by firearm accounts for almost half of all suicides in the US, according to the Centers for Disease Control and Prevention.

A 2016 study published in the American Journal of Public Health found there was a strong relationship between higher levels of gun ownership in a state and higher firearm suicide rates for both men and women.

How old are the killers?

The average age of attackers in 91 recorded US mass shootings is 34.

Paddock is one of three killers aged over 60. The others are: William D Baker, 66, who killed five people in Illinois in 2001; and Kurt Myers, 64, who killed five people in New York state in 2013.

The youngest killer is Andrew Douglas Golden, 11, who ambushed students and teachers as they left Westside Middle School in Arkansas, 1998. He was jointly responsible with Mitchell Scott Johnson, 13, for five deaths and 10 injured.

Attacks in US become deadlier - mass shootings since 1991

The Las Vegas attack was the worst in recent US history - and the three shootings with the highest number of casualties have all happened within the past 10 years.

Las Vegas, Nevada (2017): 58
Orlando, Florida (2016) : 49
Virginia Tech, Virginia (2007) : 32
Sandy Hook, Connecticut (2012) : 27
Killeen, Texas (1991) : 23
San Bernardino, California (2015) : 14
Fort Hood, Texas (2009) : 13
Columbine, Colorado (1999) : 13

(1st November 2017)

(Reuters, dated 2nd October 2017 authors Joel Schectman, Dustin Volz, Jack Stubbs)

Full article [Option 1]:

Hewlett Packard Enterprise allowed a Russian defense agency to review the inner workings of cyber defense software used by the Pentagon to guard its computer networks, according to Russian regulatory records and interviews with people with direct knowledge of the issue.

The HPE system, called ArcSight, serves as a cybersecurity nerve center for much of the U.S. military, alerting analysts when it detects that computer systems may have come under attack. ArcSight is also widely used in the private sector.

The Russian review of ArcSight's source code, the closely guarded internal instructions of the software, was part of HPE's effort to win the certification required to sell the product to Russia's public sector, according to the regulatory records seen by Reuters and confirmed by a company spokeswoman.

Six former U.S. intelligence officials, as well as former ArcSight employees and independent security experts, said the source code review could help Moscow discover weaknesses in the software, potentially helping attackers to blind the U.S. military to a cyber attack.

"It's a huge security vulnerability," said Greg Martin, a former security architect for ArcSight. "You are definitely giving inner access and potential exploits to an adversary."

Despite the potential risks to the Pentagon, no one Reuters spoke with was aware of any hacks or cyber espionage that were made possible by the review process.

The ArcSight review took place last year, at a time when Washington was accusing Moscow of an increasing number of cyber attacks against American companies, U.S. politicians and government agencies, including the Pentagon. Russia has repeatedly denied the allegations.

The case highlights a growing tension for U.S. technology companies that must weigh their role as protectors of U.S. cybersecurity while continuing to pursue business with Washington's adversaries such as Russia and China, say security experts.


The review was conducted by Echelon, a company with close ties to the Russian military, on behalf of Russia's Federal Service for Technical and Export Control (FSTEC), a defense agency tasked with countering cyber espionage.

Echelon president and majority owner Alexey Markov said in an email to Reuters that he is required to report any vulnerabilities his team discovers to the Russian government.

But he said he does so only after alerting the software developer of the problem and getting its permission to disclose the vulnerability. Echelon did not provide details about HPE's source code review, citing a non-disclosure agreement with the company.

FSTEC confirmed Markov's account, saying in a statement that Russian testing laboratories immediately inform foreign developers if they discover vulnerabilities, before submitting a report to a government "database of information security threats."

One reason Russia requests the reviews before allowing sales to government agencies and state-run companies is to ensure that U.S. intelligence services have not placed spy tools in the software.

HPE said no "backdoor vulnerabilities" were discovered in the Russian review. It declined to provide further details.

HPE said it allows Russian government-accredited testing companies to review source code in order to win the Russian defense certifications it needs to sell products to Russia's public sector.

An HPE spokeswoman said source code reviews are conducted by the Russian testing company at an HPE research and development center outside of Russia, where the software maker closely supervises the process. No code is allowed to leave the premises, and HPE has allowed such reviews in Russia for years, she said.

Those measures ensure "our source code and products are in no way compromised," she said.

Some security experts say that studying the source code of a product would make it far easier for a reviewer to spot vulnerabilities in the code, even if they did not leave the site with a copy of the code.

In a 2014 research paper, Echelon directors said the company discovered vulnerabilities in 50 percent of the foreign and Russian software it reviewed.

Still, security analysts said the source code review alone, even if it yielded information about vulnerabilities, would not give hackers easy entry into the military systems. To infiltrate military networks, hackers would need to first overcome a number of other security measures, such as firewalls, said Alan Paller, founder of the SANS Institute, which trains cybersecurity analysts

Paller also said HPE's decision to allow the review was not surprising. If tech companies like HPE want to do business in Russia, "they don't really have any choice," he said.

HPE declined to disclose the size of its business in Russia, but Russian government tender records show ArcSight is now used by a number of state firms and companies close to the Kremlin, including VTB Bank and the Rossiya Segodnya media group.

Whether the customer is Russia or the United States, overlooked errors in software code can allow foreign governments and hackers to penetrate a user's computer.

Exploiting vulnerabilities found in ArcSight's source code could render it incapable of detecting that the military's network was under attack, said Allen Pomeroy, a former ArcSight employee who helped customers build their cyber defense systems.

"A response to the attack would then be frankly impossible," Pomeroy said.

The HPE spokeswoman said Reuters' questions about the potential vulnerabilities were "hypothetical and speculative in nature."

HPE declined to say whether it told the Pentagon of the Russian review, but said the company "always ensures our clients are kept informed of any developments that may affect them."

A spokeswoman for the Pentagon's Defense Information Systems Agency, which maintains the military's networks, said HPE did not disclose the review to the U.S. agency. Military contracts do not specifically require vendors to divulge whether foreign nations have reviewed source code, the spokeswoman said.

The U.S. military agency itself did not require a source code review before purchasing ArcSight and generally does not place such requirements on tech companies for off-the-shelf software like ArcSight, the Pentagon spokeswoman said. Instead, DISA evaluates the security standards used by the vendors, she said.


Echelon operates as an official laboratory and software tester of FSTEC and Russia's FSB spy agency, according to Russian government registries of testing laboratories and software certifications reviewed by Reuters. U.S. intelligence has accused the FSB of helping mount cyber attacks against the United States and interfering in the 2016 presidential election.

Markov, Echelon's president, defended the reviews, saying that "if a vulnerability is found, everyone is happy" because the detected flaw means laboratory experts are "able to demonstrate their qualifications" and "the developer is happy that a mistake was detected, since by fixing it the product will become better."

Russia in recent years has stepped up demands for source code reviews as a requirement for doing business in the country, Reuters reported in June.

A number of international companies, including Cisco Systems Inc, the world's largest networking gear maker, and German software giant SAP, have agreed to the reviews, though others, including cybersecurity firm Symantec, have refused because of security concerns.


U.S. government procurement records show ArcSight is used as a key cyberdefense bulwark across much of the U.S. military including the Army, Air Force and Navy. For example, ArcSight is used to guard the Pentagon's Secret Internet Protocol Router Network (SIPRNet), which is used to exchange classified information, according to military procurement records.

The Pentagon spokeswoman declined to comment on risks posed by specific products to its network but said all software used by DISA is "extensively evaluated for security risks," and continually monitored once deployed.

Created in 2000 as an independent company, ArcSight broke new ground by allowing large organizations to receive real-time alerts about potential cyber intrusions.

The software draws activity records from servers, firewalls, and individual computers across a network - up to hundreds of thousands per second. The system then searches for suspicious patterns, such as a high number of failed login attempts within a few seconds, and alerts analysts.

A decade later, ArcSight had become "the core" cyber network defense tool the Pentagon's analysts "rely on to defend DoD networks," DISA said in a 2011 ArcSight procurement request.

Today ArcSight is a virtually irreplaceable tool for many parts of the U.S. military, at least for the immediate future, Pentagon records show.

"HP ArcSight software and hardware are so embedded," the Pentagon's logistics agency wrote in April, that it could not consider other competitors "absent an overhaul of the current IT infrastructure."

HPE agreed last year to sell ArcSight and other security products to British tech company Micro Focus International Plc in a transaction that was completed in September.

Jason Schmitt, the current head of the ArcSight division, said the product makes up a little less than half of the $800 million in annual revenue Micro Focus expects to get from the security software business purchased from HPE.

Schmitt said he could not comment on any source code review that took place before this year, when he took the job, but stressed such reviews do not currently take place. Micro Focus did not respond to requests for comment on whether it would allow Russia to do similar source code reviews in the future or whether Micro Focus executives knew of the review prior to the acquisition.

(1st November 2017)

(BBC News, dated 29th September 2017)

Full article :

The Food Standards Agency is investigating after reports of safety breaches at a factory owned by one of the UK's largest chicken suppliers.

The Guardian and ITV News said workers at a 2 Sisters Food Group site in the West Midlands had changed slaughter dates to extend the shelf life of meat.

Marks & Spencer, Aldi, Lidl and The Co-op have stopped taking chickens from the site while investigations continue.

2 Sisters said it viewed the allegations "extremely seriously".

The FSA said its inspectors found "no evidence" of breaches at the West Bromwich factory on Thursday but they were continuing to review the evidence.

The company also supplies Tesco and Sainsbury's, which are investigating the allegations.

An undercover reporter claimed to have witnessed workers changing the "kill dates" on chickens and allegedly saw meat of different ages being mixed together and codes on crates of meat altered.

Repackaging claim

The Guardian and ITV News said in a statement that more than 20 workers had confirmed the unhygienic practices took place, while some said they would no longer eat chicken from supermarkets.

Some workers also claimed the chicken that supermarkets reject is sometimes repackaged at the factory and sent out again.

The FSA said it took any allegations of inaccurate labelling and breaches in hygiene regulations "very seriously".

It urged the Guardian and ITV News to share the full details with the FSA, such as the footage taken and witness interview transcripts, so that it could investigate thoroughly and promptly.

FSA chairman Heather Hancock said: "Should we find any evidence of any risk to public health, any products on the market which we believe to be a cause of concern will be urgently removed from sale."

She reminded consumers to follow FSA guidelines for chicken:

- Cover and chill raw chicken
- Never wash raw chicken
- Only use clean hands, utensils and chopping boards when handling raw chicken
- Cook chicken thoroughly until there is no pink meat and the juices run clear

Tesco said it carried out its own regular audits of all its suppliers, adding that it took the allegations "extremely seriously" and would be carrying out a "rigorous investigation".

Aldi, Lidl, Sainsbury's and Marks & Spencer all issued statements announcing the launch of independent investigations.

'No stone unturned'

The 2 Sisters company was founded in 1993 by Ranjit Singh Boparan and now employs 23,000 staff. Although it has diversified, the bulk of the group's income still comes from processing poultry.

The company said it had been made aware of the allegations on Thursday but had "not been given the time or the detailed evidence to conduct any thorough investigations to establish the facts, which makes a fulsome response very difficult".

It said hygiene and safety remained at the "core" of its business, which was subject to frequent unannounced audits from the FSA and Red Tractor - the food industry's assurance scheme - among others.

It said the West Midlands site in question had received nine audits - five unannounced - during July and August this year alone.

It added in a statement: "If, on presentation of further evidence, it comes to light any verifiable transgressions have been made at any of our sites, we will leave no stone unturned in investigating and remedying the situation immediately."

(BBC News, dated 1st October 2017)

Full article :

One of the UK's largest supermarket chicken suppliers has suspended operations after an investigation allegedly exposed food safety breaches.

The 2 Sisters Food Group said staff at its site in the West Midlands will need to be "appropriately retrained" before it starts resupplying customers.

It comes after allegations that workers had changed slaughter dates to extend the shelf life of meat.

The Food Standards Agency (FSA) has also been investigating the claims.

The Guardian and ITV News claimed an undercover reporter witnessed workers changing the "kill dates" on chickens.

They also allegedly saw meat of different ages being mixed together and codes on crates of meat altered.

In a statement, the company said an internal investigation had shown "some isolated instances of non-compliance" at its plant in West Bromwich.

"We have therefore decided to temporarily suspend operations at the site to allow us the time to retrain all colleagues, including management, in all food safety and quality management systems."

All staff will remain on full pay and take part in training on site, it added.

"We will only recommence supply once we are satisfied that our colleagues have been appropriately retrained."

Marks & Spencer, Aldi, Lidl and The Co-op have stopped taking chickens from the site while investigations take place.

The company also supplies Tesco and Sainsbury's, which are looking into the allegations.

2 Sisters said the FSA had visited the site every day since the allegations came to light and had "not identified any breaches".

It went on: "We continue to work closely with the FSA and our customers throughout this period."

(1st November 2017)

(Good Housekeeping, dated November 2017)

It might feel like every day there is new of yet another terror attack somewhere in the world. The temptation is to stop doing the things we love in case it puts us in danger - but who wants to live like that ? The very last thing we ever want to do at Good Housekeping is to frighten our readers but we wanted to know, should the worst happen, what's the best way to stay safe ?

"We're living in turbulent times", says SAS hero Chris Ryan.

"But we've always had terrorism in Europe and, to me, it feels like the 70's and 80's when the IRA was active. The difference now is that there is constant footage for everyone to see on TV and people feel very uneasy. Actually, terror attacks are still rare and I don't want people to feel scared, but there are things I've learnt from my time in the SAS that can empower people, which is why I've written my new book, Safe.

For the record

During the first Gulf War in 1991, Chris Ryan was part of the SAS patrol known as Bravo Two Zero, which was trapped behind enemy lines in Iraq. He was the only member of the patrol to evade capture and made history by trekking 180 miles to safety in Syria.

Read on for Chris Ryan's advice....

How can I make myself more streetwise

These days, most people walk around chatting on phones, looking down at screens or wearing headphones. It means you're cutting off your two most important senses and won't be aware of any potential threat or be able to react in time.

Walk with your head up and stick to busy, well-lit areas. Act confidently but don't wear obviously expensive clothes and jewellery. Most people who catch your eye in the street look away again. If they continue to stare at you, it's a sign they're targeting you and may want to do you harm.

If you feel threatened, dial 999 on your phone. If you are unsure, dial the number but don't press send. Keep your finger over the button in case things escalate. If you're trapped, use whatever you can to get away - a can of hairspray sprayed in the face, for example.

The worst thing you can do in a knife attack is to curl into a ball as you won't be able to defend yourself. Protect your vital organs and inner arms as stab wounds here can be fatal.

Vehicle ramming incidents are on the rise. Walk along pavements with the traffic facing youso you have some warning and time to get out of the way. If you're on a bridge, the impact of jumping into the water could kill you. If there's no other option, concentrate on keeping your mouth closed, your arms by your side and legs bent, to lessen the impact.

I love travelling but don't want to be a target

Before you book anything, research your destination. Which countries does your destination border ? Are they unstable ? Always check

Put the number for emergency services of the country you're visiting into your phone.

When you get to your hotel or apartment, check fire escapes, entrance and exits so you'll know where to head if there's a fire or attack. Walk around outside to familiarise yourself with the layout.

If there is a hotel shooting, it may be saferto barricade yourself into a room. Use a wardrobe across the door first, then a bed and mattresses. If shots are fired, it will help slow down the bullets. Take cover and well away from the door.

In the Tunisian beach attack, when 38 people died, witnesses said they thought the gunfire was fireworks. Gunfire sounds like a whip being cracked.

If you are on a beach and hear gunfire, get away as quickly as you can. Don't go into the sea - you'll be a slow moving target. Avoid the hotel; use the route you've already identified to move away from the area.

Is there anything I can do in a terrorist attack ?

Your chances of being caught up in one of these are small, but you can't discount it. The police advise for a firearms attack is to run if you can, hide if you can't and tell the authorities what's going on. I agree. If there is a crowd heading in one direction, they're probably running away.

(1st November 2017)


(The UK Sepsis Trust)

If your child is unwell with a bug or infection, is rapidly geeting worse and you ae worried that their illness seems different to any previous illness, it could be sepsis.

Sepsis is rare but serious complication of an infection.


- Looks mottled, bluish or pale

- Is very lethargic or difficult to wake

- Feels abnormally cold to touch

- Is breathing very fast

- Has a rash that does not fade when you press it

- Has a fit or convulsion

---------- GO TO A&E IMMEDIATELY OR CALL 999 ----------


Sepis is rare in children, but if your child is unwell with a bug or infection, watch your child closely.

These symptoms may be the signs of sepsis :


- Temperature over 38 degree's C in babies under three months
- Temperature over 39 degree's C in babies aged three to six months
- Any high temperature in a child who cannot be encouraged to show interest in anything
- Low temperature (below 36 degree's C, check three times in a 10 minute period)


- Finding it much harder to breathe than normal - looks like hard work
- Making 'grunting' noises with every breath
- Can't say more than a few words at once (for older children who normally talk)
- Breathing that obviously 'pauses'

Toilet /Nappies

- Not had a wee or wet nappy for 12 hours

Eating and Drinking

- New baby under one month old with no interest in feeding
- Not drinking for more than eight hours (when awake)
- Bile stained (green), bloody or black vomit / sick

Activity and Body

- Soft spot on baby's head is bulging
- Eyes look sunken
- Child cannot be encouraged to show interest in anything
- Baby is floppy
- Weak, 'whining' or continuous crying in a younger child
- Older child who's confused
- Not responding or very irritable
- Stiff neck, especially when trying to look up and down

If your child has any of these symptoms, is geting worse, or is sicker than you would expect (even if their temperature falls), trust your instincts and seek medical advice urgently from NHS111 (telephone 111).


Visit : or

uaware note

This information was copied from a Sepsis Trust leaflet picked up from Boots during September 2017.

(1st October 2017)

(International Business Times, dated 27th September 2017 author Jason Murdock)

Full article [Option 1]:

Swarms of internet-connected devices infected with malware have become a popular tool for hackers as their collective power can be used to launch cyberattacks.

Known as bot networks - or botnets - they typically include hijacked computers, smartphones or internet of things (IoT) devices which can be deployed at will to spread malware, generate spam and conduct distributed denial of service (DDoS) attacks.

This week (27 September), Symantec released an updated botnet tracker, sharing insight into where bots are lurking in the Europe, the Middle East and Africa (EMEA) region.

According to the firm, 6.7m bots joined the global botnet in 2016, and Europe made up nearly one-fifth (18.7%) of the world's total bot population.

The UK, Symantec said, was Europe's 11th highest source of bot infections, falling from 7th place in 2015.

The City of London boasted the majority of the UK's bot infected devices with 34.4% of all British bots located there at the time of writing.

"More than 13.8m people in the UK were victims of online crime in the past year, and bots and botnets are a key tool in the cyber-attacker's arsenal," said researcher Candid Wueest.

"It's not just computers that are providing criminals with their robot army; in 2016, we saw cyber criminals making increasing use of smartphones and Internet of Things (IoT) devices. In fact, IoT devices may be part of the uptick in global bot infections in 2016.

"Nearly a third (31%) of attacks originated from devices in Europe alone."

Indeed, the cities of Madrid, Istanbul and Moscow had more bots in their cities than the vast majority of nations had in their entire countries, Symantec said.

But Russia was home to the largest number of bots in all of Europe, with 13.6% of Europe's bot-infected devices residing there. However, with the largest internet-connected population in Europe, Russia's 'bot density' is comparatively low, experts revealed.

'Bot density' or 'bots per connected capita' is a comparison between a country's number of internet users and the volume of bot infections.

It aims to make it clear which countries have a true higher rate of infection.

With one bot for every 41 internet users, Russia was 31st in Europe and 94th in the world for 'bot density'. This comparatively low infection rate may be influenced to some degree by the codes of conduct of Russia's hacking community, researchers said.

"Russians infecting Russians is considered a hacking faux pas," Wueest noted.

"There have been instances in the past of hackers being 'doxxed' or outed to police by the hacking community for the sin of infecting local computers.

"The number of bot infections isn't typically representative of where cybercriminals live. Infection rates are typically lower in countries where users have better cyber-hygiene and hackers are often the most 'hygienic' or paranoid when it comes to their devices."

In comparison, Rome's Holy See, the world's smallest country, had the highest bot density not only in Europe, but globally. Its significantly smaller internet-connected populace meant Vatican users had approximately "a one in five chance of using a 'zombie' device."

In most cases, victims caught up in these networks are unwitting participants in crime.

For example, bot networks played a key role in the alleged Russian influence campaign during the 2016 US presidential election when they were used to amplify divisive messages, circulate conspiracy theories and share pro-Donald Trump talking points.

In another case from last year, swarms of IoT devices were enslaved into the so-called Mirai botnet and used to takedown websites including Reddit, Twitter and Netflix.

Concerned that your device may be enslaved in a bot army?

Symantec said that some key warning signs includes if your device starts drastically slowing down, displaying mysterious messages or crashing for no apparent reason. It advised users to keep up-to-date with security updateds and never to click suspicious links.

(1st October 2017)

(The Telegraph, dated 27th September 2017 author Telegraph Reporters)

Full article [Option 1]:

Black Friday, the sales bonanza when millions of shoppers scour the internet for deals and discounts, is inching closer and closer.

Many shoppers will make their purchases by logging into online accounts with high-street retailers - accounts which contain sensitive details including credit card numbers, addresses and phone numbers and are often created in haste to bag the latest online deal.

But the Black Friday sales are also a great time for hackers: bargain-hunting consumers are often at risk of scam websites and fake marketing emails. Even on legitimate websites, poor security practices can land you in trouble.

Here are some simple tips from the Telegraph Technology team to keep you safe when shopping online this holiday season.

1. Never use a password more than once

Many of us are guilty of having had the same password for every account for years and, even worse than that, the most common 25 passwords include "123456", "password", and "abc123". The best way to keep your online accounts - from your internet banking to social media - secure is to never use the same password more than once.

Create a different password for each online account that you have and store them in a password manager, such as DashLane, 1Password or LastPass. These services store passwords securely, save time from endlessly typing them out when you log in, and can randomly generate keys for you.

Once you've set up a secure set of account logins make sure you don't share your passwords with anyone.

2. Check if you've already been hacked

If you're worried that you might have been hacked or had any of your personal details compromised, it would be wise to change your usernames and passwords immediately. Before coming up with a string of new keys, though, you can use a service such as have i been pwned to find out if you have an account that has been compromised in a data breach.

Enter an email address or username into the search bar and it will tell you if you've been a victim.

3. Update with the latest patches

Downloading software updates as and when they're available is a good way to protect yourself. Software updates for computers, phones, tablets, and other devices generally include improved security settings and patches that fix vulnerabilities. This is also true of updates to any apps or programs that you have installed on those devices.

To make sure you receive the updates as soon as they're available you can enable automatic updates on your devices, often by looking in Settings.

4. Check before you download

Before downloading apps onto your phone or software on your computer do some research - check what it's asking for access to (look for apps permissions in Settings), check an app's rating in the iOS or Google Play story, read reviews online, and make sure you're downloading the official version.

5. Use the latest anti-virus software

If you use a Windows computer you should protect it using anti-virus software, such as AVG or Sophos. Make sure you regularly install the updates and scan for malware.

6. Look for the padlock

When using secure online services, such as email, online shopping or banking, and social media, always check there is a padlock symbol in front of the URL, and that the web address begins "https://" before you log in or register. Websites must pass certain security tests to be accredited with the padlock, and the 's' stands for 'secure'.

7. Watch what Wi-Fi you connect to

Make sure your home WiFi is protected with a strong password that only you and your family know. When out and about never use a hotspot that may be unsecured, especially when what you're doing is personal or private.

8. Keep your settings private

Check the privacy settings on all of your social media accounts so that only the people you want to share your information with can see it. You can restrict what others see about you in the Setting sections of your account.

For example, you can make your posts private on Facebook, and restrict what Google can know about you. Use a site like Ghostery to find out what websites are tracking you and easily block them.

9. Beware of public mobile charging points

It's possible to hack into a smartphone that is charging via USB in a public place, such as an airport, cafe or on public transport. To avoid being a victim, only plug your phone into trusted computers when using a USB cable.

10. Stick to encrypted messaging apps

End-to-end encrypted messaging apps such as WhatsApp, iMessage and Telegram protect your privacy by masking the contents of your messages from would-be eavesdroppers.

11. Always be careful of suspicious messages

Never open or forward a suspicious looking email, or respond to a social media message from someone you don't know. Watch out for phishing emails and text messages that ask you to log in or provide bank details.

Companies, such as Apple and WhatsApp, and government services will never email or text you to ask you to log into your account, provide bank details or download a program.

12. Type out web addresses

It's good practice to be suspicious of hyperlinks (particularly shortened links) that come from outside sources, such as unknown senders in an email. If you're asked to log into an account or provide payment details, type out the URL yourself and go directly to the legitimate site to make sure that you're not on a fake site that's designed to look like the official one.

13. Post in haste, repent at leisure

What goes online stays online so never say anything that could hurt, anger or endanger yourself or someone else.

14. Log off, log out

Always make sure you log out of your accounts when you've finished with them and log off a computer when you've finished using it.

15. Be a clever dater

With hundreds of thousands of us turning to dating apps every day in the quest to meet potential partners, there are a few ways to make sure you don't put yourself in a compromised position.

Try to avoid disclosing private information when using online dating sites, and take every precaution that profiles you are looking at are genuine. Never be tempted to send or transfer money to people you meet online, however unfortunate their story.

###How to avoid dating scams

- If you're suspicious about a profile report it to the dating website or app so they can investigate it.

- Try doing your own detective work - ask them for their full name and look them up on Google and social media.

- Don't be afraid to question their authenticity - if they are genuine they won't mind you trying to verify them.

- Remember, they may spend months building a relationship with you and will only ask for money once you're emotionally involved.

- Ask a friend for advice as they are not as emotionally involved as you, they may be able to see something you can't.

- Look out for fake or stolen photographs. You can use sites like to check the authenticity of a photo and you can try doing a reverse image search on Google (by clicking on the camera logo in the search bar and uploading an image) to see if they are using a fake picture.

- Never give out too much personal information, such as your home address, phone number or email.

- Consider setting up a new email address to use for online dating and perhaps even get a cheap Pay As You Go phone to use for making phone calls.

(Source: James Preece - dating expert)

16. Use your common sense

If an email offer looks too good to be true, the prices on a website are abnormally low or you receive an unsolicited telephone call offering computer support, it's probably a scam.

(1st October 2017)

(ZDNET, dated 27th September 2017 author Danny Palmer)

Full article [Option 1]:

Purchasing cybercrime-as-a-service tools such as malware and DDoS for hire services is no longer just something for low level or aspiring hackers, organised criminal gangs are taking advantage of these services as the underground criminal landscape continues to become more professionalised and mature.

But that doesn't mean the likes of ransomware attacks or phishing campaigns are going away, they're also more prolific than ever.

Europol's newly released 2017 Internet Organised Crime Threat Assessment analyses a number of the key trends in cyber crime - with the likes of WannaCry ransomware emphasising the global nature of attacks - and warns how the increasing willingness of professional cybercriminals to turn to crime-as-a-service schemes is set to create further risks.

Non-technical criminal groups can buy the likes of ransomware, or phishing tools to help carry out or cover traditional crimes from investigation by law enforcement.

"Crime-as-a-service is becoming more mature; it's now serious, organised crime that are using these services, this is no longer script-kiddies or youngsters sitting in their basements," said Philip Amman, Head of Strategy of the European Cyber Crime Centre, speaking at the launch of the report.

Put simply, no single cyber criminal organisation can specialise in every form of attack or nefarious activity, so there's an increasing market for the hiring of skills or the purchase of toolsets to help facilitate criminal activity - be they online, physical or both.

"When they require something outside their own area of competency, they need only to find someone offering the appropriate tool or service in the digital underground; they can simply buy access to what they need," says the report.

Nonetheless, while cyber criminal activity continues to professionalise and diversify, Europol notes that many attackers continue to stick to what they know - and for many, that's ransomware, which the report says has "eclipsed" most other global cybercriminal threats.

Indeed, the first half of 2017 saw ransomware attacks on a scale never seen before, with the spread the WannaCry ransomware-worm in May, followed by the outbreak of the self-spreading Petya in June.

Europol warns how these attacks have highlighted how reliance on internet connectivity, combined with poor digital hygiene standards and practices can enable such attacks to spread far and wide - and that many organisations need to do more to protect themselves.

"The global impact of huge cyber security events such as the WannaCry ransomware epidemic has taken the threat from cybercrime to another level," said Europol Executive Director Rob Wainright.

Banks and other major businesses are now targeted on a scale not seen before and, while police have enjoyed success in disrupting major criminal syndicates operating online, the collective response is still not good enough.

However, despite the damage caused by the global ransomware attacks, the 2017 Internet Organised Crime Threat Assessment offers some silver-linings.

The report notes how one "unintended positive" of the global ransomware outbreaks is that it has raised awareness about the need for proper information security practices. Indeed, some in the criminal fraternity are already worried that this is the case.

But in order to combat the threat of cyber crime, Europol states that law enforcement must continue to focus on those developing and providing cyber crime and attack tools - particularly for the likes of ransomware, malware, and DDoS attack tools.

The idea is that by taking away the ability for criminal groups to simply buy the services they need, law enforcement will be able to focus on tracking down and stopping the kingpins.

"If we can do something to prevent cyber crime from happening in the first place, that's a win. Then law enforcement can focus on the top actors that provide key services and tools - DDoS for hire, botnets, counter-anti-virus. If we can counter that, law enforcement can focus on the main actors" said Amman.

The report identifies the No More Ransom initiative as successful example of this strategy, having provided free decryption tools to 29,000 victims and depriving criminals of an estimated EUR 8 million in ransoms. If law enforcement can make these attacks not-profitable, they will become unappealing to criminals.

Europol's newly released 2017 Internet Organised Crime Threat Assessment :

(1st October 2017)

(The Telegraph, dated 27th September 2017 author Martin Evans)

Full article [Option 1]:

The number of cars being stolen has soared by 30 per cent in the last three years as criminals work out ways to override sophisticated security measures, new figures have revealed.

The development of engine immobilisers and keyless technology had seen car theft fall to a record low four years ago.

But since then thieves have successfully developed techniques and technology that allows them to bypass modern anti-theft measures.

Organised crime gangs have been stealing many prestigious vehicles to order, before shipping them overseas.

As a result motorists are increasingly resorting to traditional security devices such as mechanical steering locks which fit over the wheel and were popular in the 1980s and 1990s.

Retailers report that the sale of such products has soared by almost 60 per cent in recent months as drivers seek to protect their vehicles.

Three years ago car theft reached fell to its lowest point in almost half a century, as manufacturers perfected technology that boasted of making many vehicles virtually theft proof.

Data from the Office for National Statistics (ONS) suggested that less than 70,000 cars were reported in 2014.

But the latest figures, released under the Freedom of Information Act, showed that since then, there has been a rapid increase in car theft, peaking at 85,688 in 2016 - a rise of almost 30 per cent.

Experts believe the rise is largely down to criminals catching up with the technology.

Mark Godfrey a director with RAC Insurance, which compiled the FOI data, said: "Unfortunately, these figures show a very unwelcome rise in the theft of vehicles from much lower numbers in 2013.

"Technology advances in immobilisers, keys and car alarms had caused the number of vehicle thefts to decrease significantly from more than 300,000 in 2002, but sadly they have now increased after bottoming out in 2013 and 2014.

"We fear thieves are now becoming more and more well equipped with technology capable of defeating car manufacturers' anti-theft systems."

Mr Godfrey said this was bad news for motorists because it caused car insurance premiums to rise, but said motorists could take steps to protect themselves by parking in well lit areas and never leaving the keys in the ignition.

But he added: "In addition, anti-theft devices such as steering wheel locks which were popular in the 1980s and early 1990s are starting to make a comeback as they are still a very effective visible deterrent.

"This is quite ironic as they were replaced a number of years ago by alarms and immobilisers, which until now, offered better theft prevention."

A spokesman for Halfords said they had seen a sharp rise in the sale of traditional security devices in recent months, following a spike in car crime.

David Hammond, car security expert at Halfords said: "Organised gangs have mastered how to get around high-tech security devices, leading to a significant rise in car thefts across the UK.

"To guard against falling victim to these car thieves, police are advising drivers to invest in a physical deterrent like a classic steel steering lock.

"These first became popular in the 1980s and '90s but remain an extremely effective - and visual - way of deterring thieves, and we've recently seen an increase in sales as car owners turn to old school solutions."

Deputy Assistant Commissioner Graham McNulty, the National Police Chiefs' Council Lead for Vehicle Crime said: "In recent years vehicle theft has started to increase across the country following many years of reductions.

"We are seeing more sophisticated operations by organised crime gangs exporting cars for profit as well as increasing scooter and motorcycle and keyless car theft.

"Police forces are working with the Home Office, the National Crime Agency, the National Vehicle Crime Intelligence Service, Europol and car manufacturers to design-out crime and disrupt these networks."

(1st October 2017)

(ZDNET, dated 26th September 2017 author Danny Palmer)

Full article [Option 1]:

Cyberattacks against ATMs aren't new, but until now they've mostly required the attackers to have physical access to the target machine in order to compromise it.

However, a joint report by Europol and Trend Micro warns how hackers are increasingly targeting banks' corporate networks in an effort to move across to ATMs and infect them with malware.

The fact the machines are basically moneyboxes attached to a Windows PC makes them an appealing target for attackers, but the icing on the cake for criminals is how large swathes of ATMs are running on obsolete or unsupported operating systems.

"A majority of ATMs installed worldwide still run either Windows XP or Windows XP Embedded. Some of the older ATMs run Windows NT, Windows CE, or Windows 2000. Microsoft," said the report.

According to the Cashing in on ATM Malware report, that means there are hundreds of thousands of cash machines which no longer receive support.

The WannaCry ransomware outbreak demonstrated how at risk unsupported and unpatched systems can be to cyberattacks, meaning that with the correct technical expertise, a criminal operation could exploit the vulnerabilities in an ATM to make off with a fortune via a network-based attack -- or even shutting down machines.

"Should a worm like WannaCry or NonPetya ever manage to breach these networks, then the effect could be devastating, knocking out the whole network," Simon Edwards, cybersecurity solution architect at Trend Micro told ZDNet.

It isn't theoretical; hackers have already demonstrated how they can remotely attack ATMs without physical access to the device on a number of occasions -- like many other forms of cyberattack, the infiltration begins with phishing emails sent to bank employees. If one of these is successful, the hackers can access the rest of the network.

One example is ATMitch, which saw hackers remotely infect banks -- one in Khazakstan and one in Russia -- with malware. The infection allowed the attackers to issue remote commands to the machine, allowing it to distribute money to people working alongside the hackers.

Another incident saw hackers able to access 41 ATMs in Taiwan, stealing a total of $2.5 million from 22 branches of First Commercial Bank without using cash cards or even touching the PIN pads. Some of the perpetrators were eventually tracked down and sentenced for their involvement, but not all of the funds were recovered.

Trend Micro and Europol have dubbed the rapid developments in network-based ATM malware attacks as "unnerving" because "the criminals have realized that not only can ATMs be physically attacked, but it is also very possible for these machines to be accessed through the network".

While this type of attack has mostly only been seen in regions such as South America and Asia, the report warns that it won't be long before North America and Europe see this type of attack as "we believe this to be a new tendency that is probably going to consolidate in 2017 and beyond".

As a result, the report warns, law enforcement agencies must be aware that cybercriminal groups are looking to target ATMs in this way -- and financial organisations must take more steps to secure their ATM installations by installing more security layers, such as keeping the machines on a separate part of the network.

(1st October 2017)

(London Evening Standard, dated 26th September 2017 author Ross Lydall)

Full article [Option 1]:

A device that could transform the treatment of sepsis worldwide by diagnosing potentially deadly infections within hours was unveiled today by London scientists.

Its inventors at Imperial College hope to have it available on NHS wards by next summer and say it could make the difference between "life and death" for critically ill patients.

There are about 123,000 cases of sepsis each year in England, and an estimated 30 million worldwide, with almost a third proving fatal.

Sepsis can be difficult to diagnose and very young and very old patients are most at risk.

Professor Chris Toumazou was due to tell a Royal Institution conference today about the LiDia test for blood infections that lead to sepsis.

It uses a semiconductor to analyse a 10ml blood sample, searching for evidence of about 20 of the most common bugs that cause sepsis, which leads to major organ failure.

The device - a disposable cartridge and main instrument box - gives results within two to three hours, compared to the several days that patients have to wait for their blood cultures to be analysed in the laboratory.

"By that time, the patient could almost be in rigor mortis," Professor Toumazou said.

The regius professor of engineering at Imperial said the "eureka moment" happened when he and a PhD student put saliva on a semiconductor and saw it spark into life.

He told the Standard: "The core of the technology is a semiconductor and microchips. As a result, it has been configured almost as a mini-computer.

"A blood sample is inserted at the front end. Within two to three hours, out comes the result. The result may be what the right antibiotic is, or should be, for that pathogen.

"This is one of the first technologies where we have focused on the genes of the bug… if you look at the DNA of the bug you can check whether or not it responds to antibiotics, or which antibiotics it is resistant to."

The device can be used by GPs or hospital doctors and cuts out the need to send samples to a lab.

Last year Professor Toumazou's spin-off firm, DNAe, won £38.5 million from the US government to expand its work into infectious diseases.

Alison Holmes, professor of infectious diseases at Imperial College London, said today's summit would highlight the work of UK experts.

"The potential for infectious diseases to spread rapidly is a live threat at a global level," she said.

(1st October 2017)

(Computer Weekly, dated 25th September 2017 author Warwick Ashford)

Full article [Option 1]:

Topping the list of most prepared European Union (EU) nations is the Netherlands, with an overall cyber attack preparedness rating of 60%, according to a report by Website Builder Expert (WBE).

Following the Netherlands is Estonia (58%), France and Italy (57%) and the UK (56%). Conversely, the least prepared nations are Slovakia and Malta (34%), Greece (35%), Spain (38%) and Lithuania (40%).

The overall scores are an average of the cyber security commitment rating and pecentage of protected internet connections for each country.

Estonia has the highest commitment rating of 85%, compared with the UK's 78%, while Italy has the highest percentage of protected internet connections (51%) compared with the UK's (33%).

Although being rated at the most prepared, the Netherlands is second only to Romania in terms of its cyber crime "victimhood" rating of 21%, compared with Romania's 23%. The Netherlands is followed by Portugal (20%), Poland (20%) and Italy (19%).

Countries with the lowest cyber crime "victimhood" ratings are Finland (12%) and Slovakia (14%), along with Germany, Ireland and Austria, which all have a rating of 15%.

Taking into account a range of factors including previous encounters with cyber crime, malware encounter rates, commitment to cyber security initiatives, and how exposed each country's internet connections are, the study shows that Malta is the EU nation most at risk of cyber crime, with a vulnerability score of 42%.

Despite ranking in the middle of the pack for malware and cyber crime encounters, it was Malta's high percentage of exposed internet connection ports (73% of all ports), lack of cybersecurity legislation and poor international co-operation that pushed it to the top of the vulnerability index.

This means that Malta's population, despite encountering a lower incidence of cyber crime than their European neighbours, are actually at far more risk in the long run with few protective or preventative measures in place.

Malta is followed by Romania and Slovakia, which both have a vulnerability rating of 41%, Spain (40%), and Portugal, Lithuania, Cyprus and Hungry with a rating of 39%.

On the opposite end of the scale, Finland was deemed the most cyber-secure country with a vulnerability rating of just 29%, which the report ascribed to the fact that Finland has one of the lowest cyber crime encounter rates in Europe and is one of the most prepared nations too, second only to the UK.

The UK's vulnerability rating is 31%, along with France and Italy, and second only to Estonia, Germany and the Netherlands, all with a vulnerability rating of 30%.

James Kiernan, director of WBE, said that with the threat of cyber crime becoming more evident each day, cyber security on an international level is more important than ever if countries want to protect their interests and residents.

"While it is reassuring to see countries such as the UK and Germany among the safer nations, the level of cyber vulnerability across Europe is still cause for alarm, especially in the wake of June's massive [NotPetya] cyber attack," he said.

The NotPetya attack appears to have targeted mainly organisations in Ukraine, including the central bank, the Ukrenego electricity supplier, the Chernobyl nuclear power plant, and airport and metro services throughout the country.

However, companies outside the Ukraine were also affected, including London-headquartered WPP, US-based pharmaceutical company Merck, multinational law firm DLA Piper, Russian oil company Rosneft, Netherlands-based shipping company TNT and French construction materials company Saint-Gobain.

Danish transport and shipping giant AP Moller-Maersk is believed to have been one of the hardest hit, with the financial impact of the attack estimated at $200m to $300m (£222m), while the UK's WPP estimates the cost at between £10m and £15m before insurance.

UK National Cyber Security Centre (NCSC) technical director Ian Levy recently warned that the UK risks a C1-level national cyber security incident if organisations do not change their approach to cyber security.

He said the NCSC wants to publish data and evidence to ensure that people really understand how to do risk management properly. "Cyber security is just risk management, which is not fundamentally different to HR, legal or financial risk management," he said.

Levy also believes that the way technology tends to be designed currently makes impossible security demands on people.

As a result, he said security professionals have spent the past 25 years saying people are the weakest link. "But this is stupid," he said. "People cannot be the weakest link [because] they are people who do jobs, and they are people who create value in their organisations.

"What this tells us is that the technical systems are not built for people. Techies build systems for techies, not normal people," said Levy.

(1st October 2017)

(The Guardian, dated 25th September 2017 author Nick Hopkins)

Full article [Option 1]:

One of the world's "big four" accountancy firms has been targeted by a sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients, the Guardian can reveal.

Deloitte, which is registered in London and has its global headquarters in New York, was the victim of a cybersecurity attack that went unnoticed for months.

One of the largest private firms in the US, which reported a record $37bn (£27.3bn) revenue last year, Deloitte provides auditing, tax consultancy and high-end cybersecurity advice to some of the world's biggest banks, multinational companies, media enterprises, pharmaceutical firms and government agencies.
Business Today: sign up for a morning shot of financial news
Read more

The Guardian understands Deloitte clients across all of these sectors had material in the company email system that was breached. The companies include household names as well as US government departments.

So far, six of Deloitte's clients have been told their information was "impacted" by the hack. Deloitte's internal review into the incident is ongoing.

The Guardian understands Deloitte discovered the hack in March this year, but it is believed the attackers may have had access to its systems since October or November 2016.

The hacker compromised the firm's global email server through an "administrator's account" that, in theory, gave them privileged, unrestricted "access to all areas".

The account required only a single password and did not have "two-step" verification, sources said.

Emails to and from Deloitte's 244,000 staff were stored in the Azure cloud service, which was provided by Microsoft. This is Microsoft's equivalent to Amazon Web Service and Google's Cloud Platform.

n addition to emails, the Guardian understands the hackers had potential access to usernames, passwords, IP addresses, architectural diagrams for businesses and health information. Some emails had attachments with sensitive security and design details.

The breach is believed to have been US-focused and was regarded as so sensitive that only a handful of Deloitte's most senior partners and lawyers were informed.

The Guardian has been told the internal inquiry into how this happened has been codenamed "Windham". It has involved specialists trying to map out exactly where the hackers went by analysing the electronic trail of the searches that were made.

The team investigating the hack is understood to have been working out of the firm's offices in Rosslyn, Virginia, where analysts have been reviewing potentially compromised documents for six months.

It has yet to establish whether a lone wolf, business rivals or state-sponsored hackers were responsible.

Sources said if the hackers had been unable to cover their tracks, it should be possible to see where they went and what they compromised by regenerating their queries. This kind of reverse-engineering is not foolproof, however.

A measure of Deloitte's concern came on 27 April when it hired the US law firm Hogan Lovells on "special assignment" to review what it called "a possible cybersecurity incident".

The Washington-based firm has been retained to provide "legal advice and assistance to Deloitte LLP, the Deloitte Central Entities and other Deloitte Entities" about the potential fallout from the hack.

Responding to questions from the Guardian, Deloitte confirmed it had been the victim of a hack but insisted only a small number of its clients had been "impacted". It would not be drawn on how many of its clients had data made potentially vulnerable by the breach.

The Guardian was told an estimated 5m emails were in the "cloud" and could have been been accessed by the hackers. Deloitte said the number of emails that were at risk was a fraction of this number but declined to elaborate.

"In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilising a team of cybersecurity and confidentiality experts inside and outside of Deloitte," a spokesman said.

"As part of the review, Deloitte has been in contact with the very few clients impacted and notified governmental authorities and regulators.

"The review has enabled us to understand what information was at risk and what the hacker actually did, and demonstrated that no disruption has occurred to client businesses, to Deloitte's ability to continue to serve clients, or to consumers.

"We remain deeply committed to ensuring that our cybersecurity defences are best in class, to investing heavily in protecting confidential information and to continually reviewing and enhancing cybersecurity. We will continue to evaluate this matter and take additional steps as required.

"Our review enabled us to determine what the hacker did and what information was at risk as a result. That amount is a very small fraction of the amount that has been suggested."

Deloitte declined to say which government authorities and regulators it had informed, or when, or whether it had contacted law enforcement agencies.

Though all major companies are targeted by hackers, the breach is a deep embarrassment for Deloitte, which offers potential clients advice on how to manage the risks posed by sophisticated cybersecurity attacks.

"Cyber risk is more than a technology or security issue, it is a business risk," Deloitte tells potential customers on its website.

"While today's fast-paced innovation enables strategic advantage, it also exposes businesses to potential cyber-attack. Embedding best practice cyber behaviours help our clients to minimise the impact on business."

Deloitte has a "CyberIntelligence Centre" to provide clients with "round-the-clock business focussed operational security".

"We monitor and assess the threats specific to your organisation, enabling you to swiftly and effectively mitigate risk and strengthen your cyber resilience," its website says. "Going beyond the technical feeds, our professionals are able to contextualise the relevant threats, helping determine the risk to your business, your customers and your stakeholders."

In 2012, Deloitte, which has offices all over the world, was ranked the best cybersecurity consultant in the world.

Earlier this month, Equifax, the US credit monitoring agency, admitted the personal data of 143 million US customers had been accessed or stolen in a massive hack in May. It has also revealed it was also the victim of an earlier breach in March.

About 400,000 people in the UK may have had their information stolen following the cybersecurity breach. The US company said an investigation had revealed that a file containing UK consumer information "may potentially have been accessed".

The data includes names, dates of birth, email addresses and telephone numbers, but does not contain postal addresses, passwords or financial information. Equifax, which is based in Atlanta, discovered the hack in July but only informed consumers last week.

(1st October 2017)

(The Register, dated 25th September 2017 author Kat Hall)

Full article [Option 1]:

Cops have closed 28,000 websites selling counterfeit goods over the last three years, the City of London Police's Intellectual Property Crime Unit (PIPCU) revealed today.

Out of those, more than 4,000 were registered using stolen identities of the UK public. Some 400 individuals have had their identity stolen and used in setting up criminal websites.

One of the main consequences of buying counterfeit goods on websites, social media and online is identity crime, it said.

When buying items, people will part with personal details such as their address and financial information which allows fraudsters to set up new websites selling counterfeit goods in their name.

That can negatively affect punters' credit score and chance of getting credit in the future, and can also take up to 300 hours for their identities to be fully regained.

Over 15,000 reports linked to identity crime were received by Action Fraud between April 2016 and March 2017.

PIPCU has launched an awareness campaign today which warns the public that "there's more at stake when it's a fake".

Apparently fake football shirts were among the most popular counterfeit items.

PIPCU recommended customers always ensure the website address begins "https" at the payment stage and watch out for pop-ups asking for confirmation of card details.

Detective Inspector Nicholas Court, from PIPCU, said: "We are aware of many occurrences where criminals have put consumers at risk, compromising their identity as a result of their online shopping habits."

In July, PIPCU confirmed it had confiscated hundreds of thousands of pounds worth of counterfeit Cisco networking gear.

(1st October 2017)

(Netsecurity, dated 22nd September 2017)

Full article [Option 1]:

An average of 1.385 million new, unique phishing sites are created each month, with a high of 2.3 million sites created in May. The data collected by Webroot shows today's phishing attacks are highly targeted, sophisticated, hard to detect, and difficult for users to avoid. The latest phishing sites employ realistic web pages that are hard to find using web crawlers, and they trick victims into providing personal and business information.

Phishing attacks have grown at an unprecedented rate in 2017

Phishing continues to be one of the most common, widespread security threats faced by both businesses and consumers. Phishing is the number 1 cause of breaches in the world, with an average of more than 46,000 new phishing sites created per day. The sheer volume of new sites makes phishing attacks difficult to defend against for

Today's phishing attacks continue to be short-lived

The first half of 2017 highlights the continuing trend of very short-lived phishing sites, with the majority being online and active for only 4 to 8 hours. These short-lived sites are designed to evade detection by traditional anti-phishing strategies, such as block lists. Even if the lists are updated hourly, they are generally 3-5 days out of date by the time they're made available, by which time the sites in question may have already victimized users and disappeared.

Attacks are increasingly sophisticated and more adept at fooling the victim

In the past, phishing attacks randomly targeted as many people as possible, with the hope that a substantial amount would open an infected attachment or visit a malicious web page. Today's phishing is more sophisticated. Hackers do their research and utilize social engineering to uncover relevant personal information for individualized attacks. Phishing sites also hide behind benign domains and obfuscate true URLs, carrying more malignant payloads, and fooling users with realistic impersonated websites.

Mix of companies impersonated continues to evolve

Zero-day websites used for phishing may number in the millions each month, yet they tend to impersonate a small number of companies. Webroot categorized URLs by the type of website being impersonated and found that financial institutions and technology companies are the most phished categories. The top 10 companies being impersonated throughout the first six months of 2017 are:

- Google : 35%
- Chase : 15%
- Dropbox : 13%
- PayPal : 10%
- Facebook : 7%
- Apple : 6%
- Yahoo : 4%
- Wells Fargo : 4%
- Citi : 3%
- Adobe : 3%

SEE ALSO (uaware)

1.4 million phishing websites are created every month
(ZDNET, dated 22nd September 2017 author Danny Palmer)

Full article [Option 1]:

(1st October 2017)

(Bloomberg Technology, dated 22nd September 2017 author Melissa Cheok)

Full article [Option 1]:

Singapore has overtaken nations including the U.S., Russia and China as the country launching the most cyber attacks globally, according to Israeli data security firm Check Point Software Technologies Ltd.

The company, whose software tracks an average of eight to 10 million live cyber attacks daily, said Singapore rose to pole position after ranking in the top five attacking countries for the previous two weeks.

"It is not particularly unusual for Singapore to be featured among the top attacking countries," said Eying Wee, Check Point's Asia-Pacific spokeswoman.

A key Southeast Asian technology hub, much of the internet traffic flowing through Singapore originates in other countries. That means a cyber attack recorded as coming from Singapore may have been launched outside the country, she said.

The Cyber Security Agency of Singapore said there are a number of reports measuring cyber attacks, which are based on various methodologies and therefore provide different perspectives of the situation.

"As a commercial hub with high interconnectivity, Singapore is undoubtedly an attractive target for cybercriminals," a spokesman for the agency said in an email, adding that it's important for the nation to maintain high cybersecurity standards and take necessary measures to protect its systems and data.
Cyber Defense

The city-state, which wants to become a global technology hub, recently stepped up efforts to tighten cyber security after several high profile attacks on government agencies and companies.

"Singapore has now found itself on someone's list," Singapore's Defense Minister Ng Eng Hen said in July. "The attacks are orchestrated, the attacks are targeted, they want to steal specific information, there are minds behind this orchestration."

Earlier this year, Singapore's military established a cyber defense unit while the government drafted legislation to impose new cyber security requirements aimed at helping companies protect critical information infrastructure.

In May, Singapore stopped most of its public servants from being able to access the internet from their work computers. The nation's central bank has also set up an international advisory committee dedicated to enhancing the safety and resilience of Singapore's financial sector.

(1st October 2017)

(The Register, dated 20th September 2017 author John Leyden)

Full article [Option 1]:

More data records have been lost or stolen during the first half of 2017 (1.9 billion) than all of 2016 (1.37 billion).

Digital security company Gemalto's Breach Level Index (PDF), published Wednesday, found that an average of 10.4 million records are lost or stolen every day.

During the first half of 2017 there were 918 reported data breaches worldwide, compared with 815 in the last six months of 2016, an increase of 13 per cent. A total 22 breaches in Q1 2017 included the compromise, theft or loss of more than a million records.

Gemalto estimates less than 1 per cent of the stolen, lost or compromised data used encryption to render the information useless.

Malicious outsiders (cybercriminals) made up the largest single source of data breaches (74 per cent) but accounted for only 13 per cent of all stolen, compromised or lost records. While malicious insider attacks only made up 8 per cent of all breaches, the amount of records compromised was 20 million, up from 500,000 in the previous six months.

North America still makes up the majority of all breaches and the number of compromised records, both above 86 per cent. The number of breaches in North America increased by 23 per cent with the number of records compromised increasing threefold (up 201 per cent).

Traditionally, North America has always had the largest number of publicly disclosed breaches and associated record numbers, although this may change somewhat next year when global data privacy regulations like the European General Data Protection Regulation (GDPR) and Australia's Privacy Amendment (Notifiable Data Breaches) Act come into play.

Europe only had 49 reported data breaches (5 per cent of all breaches), a 35 per cent decline from the six months before.

The UK had the second highest number of reported incidents after the US, with 40 (down from 43). A total of 28,331,861 data records were compromised in the UK in H1 2017 (up 130 per cent from H2 2016).

Half of data incidents in the UK involved a malicious outsider (50 per cent), with 38 per cent attributed to accidental loss. Two-thirds of the breaches in the UK are classified as identity theft (65 per cent).

Government was the single biggest source of security incidents with 12 in H1 2017, ahead of technology firms (seven) and healthcare (six).

The Breach Level Index, which has been running since 2013, benchmarks publicly disclosed data breaches.

As new regulations such as the UK's Data Protection Bill and GDPR come into effect, the numbers of disclosed breaches could skyrocket.

(1st October 2017)

(The Telegraph, dated 18th September 2017 author Telegraph Reporters)

Full article [Option 1]:

The UK's lead police officer on child protection has said forces will "potentially" have to look at working with so-called paedophile hunters.

Senior officers have previously said vigilante groups such as Dark Justice or The Hunted One could put child abuse investigations at risk.

But figures obtained by the BBC show an increase in the number of cases where evidence gathered by paedophile hunters is being used.

More than 44 per cent (114 of 259) cases of the crime of meeting a child following sexual grooming used this evidence in 2016, compared to 20 out of 176 cases in 2014 (11.3 per cent).

Chief Constable Simon Bailey, the national lead for child protection at the National Police Chiefs' Council, told the BBC: "(These) vigilante groups are putting the lives of children at risk.

"I'm not going to condone these groups and I would encourage them all to stop, but I recognise that I am not winning that conversation."

When asked whether police could work with vigilantes, he said: "I think that's something we're going to have to potentially have to look at, yes, but it comes with some real complexity."

Tyneside-based duo Dark Justice claim on their website to have helped apprehend 104 sex crime suspects, leading to 50 convictions.

A sting operation by a group known as The Hunted One descended into violence as they ambushed a man who sent sexual messages to a decoy account.

Their target, Mirza Beg, 29, was jailed at Maidstone Crown Court in August for 40 months after he turned up with condoms at the Bluewater Shopping Centre in Greenhithe, near Dartford, Kent, believing he was meeting a 14-year-old girl.

(1st October 2017)


(Yahoo Finance, dated 18th September 2017 author Matt Brian)

Full article [Option 1]:

A popular PC-cleaning software used by over 130 million people put users at risk after hackers were able to insert malware into legitimate downloads. Piriform's CCleaner, owned by antivirus provider Avast, was found to be hosting a "contained a multi-stage malware payload" that could install ransomware or keyloggers and further infect target computers on command.

According to Avast, around 2.27 million people ran the affected software, which was delivered via a hacked server. The impact is damaging, but considering that the application has amassed over 2 billion downloads and adds around 5 million new users each month, it could have been significantly worse. The company said it has already forced updates of the affected version and in its own words was "able to disarm the threat before it was able to do any harm."

Starting life as a "crap cleaner," CCleaner has earned a reputation for its ability to remove rogue programs and clear things like tracking cookies on Windows PCs. Users trust the brand, which makes it a prime target for attackers. "By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users' inherent trust in the files and web servers used to distribute updates," said Cisco Talos researchers, who discovered the threat, in a blog post.

The attack vector isn't a new one, but it's become a lot more prevalent in recent months. The Petya ransomware was distributed via a similar method and hackers also modified the Mac Bittorrent app Transmission on official servers to compromise users' computers.

In the past, attackers would create fake alternatives of popular applications and trick people into downloading them. The trend now, however, is to attack the download source directly and gain access to legitimate servers. Once they are in, it's a case of loading the trusted software with a nefarious payload, with the end-user being none the wiser.

"This is a prime example of the extent that attackers are willing to go through in their attempt to distribute malware to organizations and individuals around the world," Cisco Talos warns. "Attackers have shown that they are willing to leverage this trust to distribute malware while remaining undetected."


See also :

(Reuters, dated 18th September 2017 author Joseph Menn)

Full article [Option 1]:


(1st October 2017)

(ZDNET, dated 18th September 2017 author Corinne Reichert)

Full article [Option 1]:

Telecommunications provider BT and the New South Wales government have announced the launch of a global cybersecurity research and development (R&D) centre in Sydney.

The NSW government's Jobs for NSW invested AU$1.67 million in support of the centre, the state's Minister for Innovation and Better Regulation Matt Kean said, with BT making a AU$2 million investment in capital infrastructure.

"This facility is a major boost for our economy, and will be a real-time nerve centre protecting large enterprises, industries, governments, and even nations from cyber attack," Kean said.

BT will also make a "multimillion investment" in order to employ cybersecurity specialists, Kean added.

According to BT, the cybersecurity hub expands on its already existing security operations centre (SOC) in North Sydney, and will provide 172 new jobs over the next five years, including 38 graduate positions.

"The hub is BT's first cybersecurity R&D facility outside of the United Kingdom, and will employ highly qualified cybersecurity specialists," BT said on Monday.

"The areas of expertise in the new hub will include cybersecurity, machine learning, data science analytics and visualisation, big data engineering, cloud computing, data networking, and the full life cycle of software engineering."

Kean said the NSW government -- which also invested in a startup hub in July, and handed out AU$10 million to incubators and accelerators and AU$3 million in direct grants to startups while providing AU$96 million to the Jobs for NSW initiative -- is hoping the centre's opening will attract and retain IT talent in the state.

"This operation will help keep Australia's best cybersecurity talent here in NSW, and nurture our next generation of specialists to ensure we remain a regional leader in this fast-growing industry," the minister said.

"I'm confident job opportunities offered by BT will also act as an incentive for Australian citizens currently working overseas to come back home and bring their highly valuable skills with them."

BT has 14 SOCs worldwide, which develop, provide, and deploy managed security services for customers across 180 countries.

BT had in May told ZDNet that it was undertaking much of its ongoing development on its new cybersecurity platform -- the Assure Cyber Platform system -- out of its Australian R&D arm.

BT's Assure Cyber Platform makes use of both a computerised element, which uses learning algorithms to sort through the data and learn from it, in addition to a human element in order to combine creative attention to detail with the "relentless efficiency" of computers.

"At least for now, you can't replace people," BT Global Services chief architect for Asia, the Middle East, and Africa Matt Allcoat told ZDNet at the time.

"People have an uncanny knack to spot odd things ... so we have a load of visualisation software that we put on the front of the data lake, and it allows human operators to literally visualise on big screens what this thing is."

BT at the time also took the wraps off its Dynamic Network Services portfolio comprising three offerings: Bandwidth on demand; on-demand virtual services; and on-demand software-defined wide-area networks (SD-WAN).

The first stage enables customers to turn up and down the speeds they're using at will under consumption-based pricing, BT said, which is aimed at aiding the increasing uptake of cloud solutions.

The second phase will see "purely virtual" products, cloud service nodes, and technologies launch by mid-2018, with such network services able to be switched on and off as and where needed by companies, and will be charged via hourly usage, BT told ZDNet.

The final piece of the puzzle involves provisioning on-demand virtual networks, with BT kicking off its SD-WAN suite with the release of Nokia's Agile Connect product, to be joined by Cisco intelligent WAN (IWAN) products in the future.

BT said it is able to extend its virtual networks not only over its own infrastructure, but also over the top of any other carrier.

To match these new network offerings, BT said it was focused on improving its security services.

Earlier this month, BT then announced its new cloud-based "business-platform-as-a-service" offering, which is aimed at speeding up the time it takes businesses to go to market with digitised services.

BT said the new platform, labelled the BT Personalised Compute Management System (PCMS), allows customers to access, purchase, and bring their own digital services to market within around 12 weeks.

It utilises BT's "cloud of clouds" solution, which connects customers to cloud collaboration apps, security services, third-party datacentres, customer datacentres, and third-party cloud services including Cisco, Amazon Web Services, Microsoft Azure, Oracle, HPE, Salesforce, Equinix, Google, and IBM Softlayer.

PCMS contains a global catalogue of services with localised sales channels, allowing customers to buy online in their own currency, contract terms, taxation laws, and language, BT explained.

The platform currently has more than 45 digital business support processes, including customer management, product management, user authentication, order management, and billing solutions.

(1st October 2017)


(The Guardian, dated 16th September 2017 author Press Association)

Full article [Option 1]:

About 400,000 people in the UK may have had their information stolen following a cybersecurity breach at the credit monitoring firm Equifax.

The US company said an investigation had revealed that a file containing UK consumer information "may potentially have been accessed".

The data includes names, dates of birth, email addresses and telephone numbers, but does not contain postal addresses, passwords or financial information. Equifax, which is based in Atlanta, discovered the hack in July but only informed consumers last week.

In an effort to provide reassurance, the firm said it was unlikely people would be hit by "identity takeover". It said it would contact them in writing to offer advice and a free identity protection service to monitor their personal information and data.

Equifax's president, Patricio Remon, said: "We apologise for this failure to protect UK consumer data. Our immediate focus is to support those affected by this incident and to ensure we make all of the necessary improvements and investments to strengthen our security and processes."

Equifax alerted the public to the cyber-attack on 7 September. The data of 143 million people was breached in America.

Equifax said its UK systems had not been impacted by the attack but that information on British consumers may have been accessed because of a process failure in 2016 that meant a limited amount of UK data was stored on the US system between 2011 and 2016.

The UK consumer data that may have been stolen does not include "any single Equifax business clients or institution," it said.

The alert comes after the Information Commissioner's Office (ICO) ordered Equifax to alert British customers following the firm's announcement that criminals had exploited a website application to access its files.

Lenders rely on the information collected by credit bureaus such as Equifax to help them decide whether to approve financing for homes, cars and credit cards.

A spokesman for the ICO said: "It is always a company's responsibility to identify UK victims and take steps to reduce any harm to consumers.

"The Information Commissioner's Office have been pressing the firm to establish the scale of any impact on UK citizens and have also been engaging with relevant US and UK agencies about the nature of the data breach.

"It can take some time to understand the true impact of incidents like this, and we continue to investigate.

"Members of the public should remain vigilant of any unsolicited emails, texts or calls, even if it appears to be from a company they are familiar with.

"We also advise that people review their financial statements regularly for any unfamiliar activity.

"If any financial details appear to have been compromised, victims should immediately notify their bank or card company. If anyone thinks they may have been a victim of a cyber crime they should contact Action Fraud."

Equifax said the investigation into the data breach was ongoing and it was working with the Financial Conduct Authority and the ICO.

Cyber-attacks have become an increasing problem for firms that hold a large amount of customer data. HSBC and TalkTalk are among the most high profile British firms to be hit in recent years.

uaware - further information


The Equifax breach and 5 years of missed warning signs
(Huffington Post, dated 17th September 2017 author Dante Disparte)

Full article [Option 1]:


(BBC News, dated 14th September 2017 author Rory Cellan-Jones)

Full article :


(Equifax, 15th September 2017)

Full article [Option 1]:


(New York Post, dated 8th September 2017 author Lisa Fickenscher)

Full article [Option 1]:


(The Register, dated 17th September 2017 author Simon Sharwood)

Full article [Option 1]:


(1st October 2017)

(London Evening Standard, dated 15th September 2017 author Justin Davenport)

Full article [Option 1]:

Scotland Yard has reviewed response policing in parts of London after officers took nearly 40 minutes to reach emergency calls.

Police took an average 36 minutes to respond to 999 calls in Redbridge in June, and 35 minutes in Barking and Dagenham.

The boroughs are part of a trial "super borough" - which also includes Havering - set up in a bid to modernise the force.

Camden and Islington were also merged under the scheme and figures show the Met also failed to reach target response times for 999 calls in these boroughs in June.

Launched in January, the two areas are paving the way for a shake-up in policing in London which will see fewer senior officers and an end to the 32-borough structure.

Critics of the plan say it will leave vast areas under the command of relatively junior officers. Insiders claim that response officers are forced to race on blue lights from an emergency call at one end of a "super borough" to another miles away.

Concerns were raised about figures showing that police were failing to reach the most urgent "I-grade" or "immediate" 999 calls within a target time of 15 minutes.

Typically, these are calls where a resident is reporting a burglar in their home or where someone is in danger of serious injury.

Figures seen by the Standard show response times in the five test boroughs steadily worsened from January when the project began.

Insiders say hundreds of priority calls - so-called "S" calls which should be answered inside one hour - were not even attended on the day they were made but handed to the next shift.

Scotland Yard today admitted some emergency calls were handed over to the following day's shift but insisted police control room operators stayed in touch with callers to ensure that lives were not at risk.

Deputy Assistant Commissioner Mark Simmons, who is responsible for the trial, said: "We have had a problem with response times in these three boroughs [Redbridge, Barking and Dagenham, and Havering], some of the changes we put in place did not work in the way that we thought they would.

We have made significant changes to address that and we have made improvements in response times.

"They are not back to where we want them to be but they are heading in the right direction."

Police say 73 per cent of calls in the three boroughs are now within 15 minutes, compared with 50 per cent in June. The average response time is now just over 10 minutes.

(1st September 2017)

(The Register, dated 15th September 2017 author Iain Thomson)

Full Article [Option 1]:

Google has had to pull 50 malware-laden apps from its Play Store after researchers found that virus writers had once again managed to fool the Chocolate Factory's code checking system.

The malware was dubbed ExpensiveWall by Check Point security researchers because it was found in the Lovely Wallpaper app. It carries a payload that registers victims for paid online services and sends premium SMS messages from a user's phone and leaves them to pick up the bill. It was found in 50 apps on the Play Store and downloaded by between 1 million and 4.2 million users.

The malware is a strain that the researchers first spotted in the Play Store in January, but with one crucial difference. This time the authors had encrypted and compressed the malware, making it impossible for Google's automated checking processes to spot.

Once downloaded, the malware asks for permission to access the internet and send and receive SMS messages. It then pings its command and control server with information on the infected handset, including its location and unique identifiers, such as MAC and IP addresses, IMSI, and IMEI numbers.

The servers then send the malware a URL, which it opens in an embedded WebView window. It then downloads the attack JavaScript code and begins to clock up bills for the victim. The researchers think the malware came from a software development kit called GTK.

"Check Point notified Google about ExpensiveWall on August 7, 2017, and Google promptly removed the reported samples from its store," the researchers note. "However, even after the affected Apps were removed, within days another sample infiltrated Google Play, infecting more than 5,000 devices before it was removed four days later."

It appears that Google missed warnings about the malware infection. The user comments section of at least one of the infected apps was filled with outraged users noting that it was carrying a malicious payload and it appears that the apps were being promoted on Instagram.

Cases of malware infecting Google's Play Store are becoming depressingly common. Just last month it was banking malware and a botnet controller, in July commercial spyware made it in, advertising spamming code popped up in May (preceded by similar cases in March and April), and there was a ransomware outbreak in January.

By contrast, Apple's App Store appears to do a much better job at checking code, and malware is a rarity in Cupertino's app bazaar. While some developers complain that it can take a long time to get code cleared by Apple, at least the firm is protecting its customers by doing a thorough job, although Apple's small market share also means malware writers tend not to use iOS for their apps.

By contrast, Google's Bouncer automated code-checking software appears to be very easily fooled. Google advised users to only download apps from its Store, since many third-party marketplaces are riddled with dodgy apps, but that advice is getting increasingly untenable.

It's clear something's going to have to change down at the Chocolate Factory to rectify this. A big outbreak of seriously damaging malware could wreak havoc, given Android's current market share, and permanently link the reputation of the operating system with malware, in the same way as Windows in the 90s and noughties.

(1st October 2017)

(The Guardian, dated 14th September 2017 author Alan Travis)

Full article [Option 1]:

The number of people arrested for terrorism-linked offences rose 68% to a record 379 in the 12 months to June, one of the most intense periods for terrorist attacks in recent history.

The Home Office said it was the highest number of terrorist arrests in a year since records began in 2001. They included 12 arrests linked to the Westminster attack in March, 23 connected with the Manchester Arena bombing in May, 21 arrests following the London Bridge attack in June and one in relation to the Finsbury Park van attack soon after.

The Home Office quarterly bulletin on the police's use of their counter-terrorism powers says 123 of those arrested were charged - 105 with terrorism offences - and 189 were released without charge. The rest were either bailed pending further investigation or faced alternative action.

So far, 32 of the 105 charged with terrorist offences have been prosecuted and found guilty and 68 are awaiting prosecution.

The number of terrorist prisoners in British jails has also risen in the past year, by 35% to 204. The Home Office said 91% of those in prison on 30 June held extreme Islamist views and a further 5% had far-right ideologies.

Police use of stop and search powers under the counter-terrorism laws rose by 17%, from 552 stops to 646. But the proportion of people arrested as a result of stops fell from 12% in the previous year to 8% this year.

The deputy assistant commissionerand senior national coordinator for counter-terrorism policing, Neil Basu, said six terrorist plots had been prevented since the Westminster attack in March.

"There is no doubt that since March and following the attacks in London and Manchester we have seen a shift-change in momentum. But while the terrorist threat has increased in recent months, so has our activity, reflected by this significant increase in arrests.

"We're taking every possible opportunity to disrupt terrorist activity - be it making arrests for terrorism offences, intervening where there are signs of radicalisation, or working with communities to prevent terrorists operating in their area," he said.

"Police, together with the security services are determined to make the UK as hostile an environment for terrorists as possible."

The figures show there have been 19 terrorist plots foiled in the UK by police and the UK intelligence community since June 2013. A broad spectrum of people have been arrested in connection with terrorism investigations in terms of age, gender and ethnicity.

"These figures show that there is no such thing as a 'typical' terrorist," Basu said.

"We're seeing young and old; women and men; all from a variety of different ethnic backgrounds and communities. It's therefore important that members of the public remain vigilant in all situations, and report any suspicious activity to police."

(1st October 2017)

(The Guardian, dated 14th September 2017 author Damien Gayle)

Full article [Option 1]:

More young people are being cautioned or sentenced for carrying knives than at any time for nearly eight years, new figures have revealed.

Under-18s were penalised for knife possession 1,180 times from April to June, Ministry of Justice statistics show - the highest quarterly tally for that age group since the period July to September 2009.

In total, 5,237 knife possession offences were dealt with by the criminal justice system in the three months to the end of June - up 6% on the equivalent period in 2016.

An MoJ report accompanying the statistics said knife possession offences fell between 2008 and 2014, but the trend has reversed in the last three years.

The figures come amid fresh concern about knife crime, particularly in London where 13 teenagers have been fatally stabbed so far this year. Teenagers have also been charged in many cases where adults have been the victims of deadly stabbings.

Police have shifted their outlook on youth knife crime away from a narrative of gang violence, and now say young people are more often carrying blades for status and self-protection.

Whitney Iles, of Project 507, a social enterprise that tackles the causes of violence, said the increase in knife crime had created a vicious spiral that spurred more young people to carry weapons. Fewer educational opportunities and a lack of decent jobs has also left young people feeling dismal about their future, making them more likely to take risks and adopt violent lifestyles, she said.

"These kinds of things spread, so you have to look at it from the more people that are carrying knives it means that more and more people are going to want to protect themselves," Iles said. "If you carry a knife it means that you are willing to put your life in danger and it means that you feel like your life is in danger - you go straight into survival mode.

"If we've got young people that are not seeing themselves as able to live a longer life or have the opportunities that they need or deserve, then what we have is a lot of young people who are thinking more in the moment."

Two in five adult offenders and 13% of juveniles were given an immediate custodial sentence. Three in 10 juvenile offenders and 7% of adults received cautions.

Under a "two strikes" system introduced in 2015, minimum sentences were introduced for those aged 16 and over who are convicted of a second or subsequent offence of possession of a knife or offensive weapon.

The punishments are at least six months imprisonment for adults, while young offenders face a minimum four-month detention and training order.

Dominic Raab, the justice minister, said: "We're catching and prosecuting more of those who carry a knife or blade. Those convicted are more likely to go to prison, and for longer terms. Knives are a scourge of communities. Our message to those carrying a knife is that you should expect to end up in jail."

So far, 26 young people have been killed by knives in the UK in 2017, according to the Guardian's count.

(1st October 2017)

(CNBC and Reuters, dated 14th September 2017)

Full article [Option 1]:

Worries rippled through the consumer market for antivirus software after the U.S. government banned federal agencies from using Kaspersky Labs software on Wednesday. Best Buy said it will no longer sell software made by the Russian company, although one security researcher said most consumers don't need to be alarmed.

Best Buy declined to give details about why it dropped Kaspersky products, saying that it doesn't comment on contracts with specific vendors. The Minneapolis Star Tribune first reported that Best Buy would stop selling Kaspersky software.

The U.S. Department of Homeland Security cited concerns about possible ties between unnamed Kaspersky officials and the Kremlin and Russian intelligence services. The department also noted that Russian law might compel Kaspersky to assist the government in espionage.

Kaspersky has denied any unethical ties with Russia or any government. It said Wednesday that its products have been sold at Best Buy for a decade. Kaspersky software is widely used by consumers in both free and paid versions, raising the question of whether those users should follow the U.S. government's lead.

Nicholas Weaver, a computer security researcher at the University of California, Berkeley, called the U.S. government decision "prudent"; he had argued for such a step in July. But he added by email that "for most everybody else, the software is fine."

The biggest risk to U.S. government computers is if Moscow-based Kaspersky is subject to "government-mandated malicious update," Weaver wrote this summer.

Kaspersky products accounted for about 5.5 percent of anti-malware software products worldwide, according to research firm Statista.

Another expert, though, suggested that consumers should also uninstall Kaspersky software to avoid any potential risks. Michael Sulmeyer, director of a cybersecurity program at Harvard, noted that antivirus software has deep access to one's computer and network.

"Voluntarily introducing this kind of Russian software in a geopolitical landscape where the U.S.-Russia relationship is not good at all, I think would be assuming too much risk," he said. "There are plenty of alternatives out there."

Sulmeyer also said retailers should follow Best Buy's lead and stop selling the software.

Amazon, which sells Kaspersky software, declined to comment. Staples and Office Depot, both of which sell the software, didn't immediately return messages seeking comment.

Various U.S. law enforcement and intelligence agencies and several congressional committees are investigating Russian meddling in the 2016 presidential election.

Kaspersky said it is not subject to the Russian laws cited in the directive and said information received by the company is protected in accordance with legal requirements and stringent industry standards, including encryption.

Russia criticized the decision to band the software, saying the U.S. ban is delaying the recovery of bilateral ties between the two countries.

The decision by the U.S. government to stop using Kaspersky Lab products is "regrettable," the Russian embassy in the United States said.

"These steps can only evoke regrets. They only move back the prospects of bilateral ties recovery," the embassy said in a statement issued late on Wednesday.

It also called for consideration of Russia's proposal to form a joint group to address cybersecurity issues.

(1st October 2017)


(New Scientist, dated 13th September 2017 author Nicole Kobie)

Full article [Option 1]:

DID you hear that? Alexa certainly did. Voice assistants have been hijacked using sounds above the range of human hearing. Once in, researchers were able to make phone calls, post on social media and disconnect wireless services, among other things.

That is a problem because voice assistants can also be connected to services ranging from smart thermostats to internet banking, so security breaches are pretty serious.

The hack was created by Guoming Zhang, Chen Yan and their team at Zhejiang University in China. Using ultrasound, a command inaudible to us was used to wake the assistant, giving the attacker control of the speaker, smartphone or other device, as well as access to any connected systems (Cryptography and Security,

The attack works by converting the usual wake-up commands - "OK Google" or "Hey Siri" - into high-pitched analogues. When a voice assistant hears these sounds, it still recognises them as legitimate commands, even though they are imperceptible to the human ear.

Yet it isn't easy to pull off. The attacker needs to be close to the target device to hack it, although it may be possible to play the commands via a hidden speaker as they walk past. Assistants falling for the ploy included Amazon's Alexa, Apple's Siri, Google Now and Microsoft's Cortana.

"Voice assistants are now connected to everything from thermostats to smart banking"

But not all devices were equally easy to fool. To take control of Siri, the owner's voice had to be surreptitiously recorded for playback before being converted to ultrasound, as Apple's system recognises only the speaker.

To secure voice assistants in the future, ultrasound could be suppressed, says Tavish Vaidya of Georgetown University in Washington DC. However, we should focus on protecting against unauthorised commands rather than limiting what assistants can do, he says.

(1st October 2017)

(London Evening Standard, dated 13th September 2017 author Ed Cummings)

Full article [Option 1]:

Down a dirt track on the outskirts of Lagos, sitting in a bare concrete safe house behind an eight-foot fence, the women told me their stories. How they had left their homes after the promise of a better life in Europe, only to find themselves beaten, abused, raped and forced to work as prostitutes.

Recognised as victims of trafficking and returned to safety in Nigeria, these were the lucky ones, although some of them struggled to believe it. But in bleak rooms all over London and the UK, their fellow victims are still being exploited and abused.

Anywhere that people dream of a better life, traffickers lie in wait to take advantage of them. Just as it is an international centre of other kinds of business, London has become a global hub for modern slavery.

As Kevin Hyland, the Independent Anti-Slavery Commissioner, tells the Standard: "London is a global city, truly multicultural, and while that's one of the best things about the capital, we know that criminals have also exploited that.

Where do Britain's modern slaves come from?

The majority of confirmed victims of slavery in the UK in 2016 came from these 30 countries (including the UK).

United Kingdom : 326
Albania : 699
Afghanistan : 83
Bangladesh : 54
Bulgaria : 21
China : 241
Czech Republic : 37
DR Congo : 22
Eritrea : 109
Ethiopia : 41
Egypt : 19
Ghana : 45
Hungary : 36
India : 100
Iran : 60
Iraq : 39
Latvia : 21
Lithuania : 38
Nigeria : 243
Pakistan : 70
Poland : 163
Philippines : 45
Romania : 202
Slovkia : 73
Somalia : 37
Sudan : 79
Thailand : 23
Uganda : 21
Vietnam : 519
Zimbabwe : 19

"London has a huge population with busy airports and a big economy. There is immense demand for illicit services. The criminals have been getting away with it for far too long.

"Compared to smuggling guns or drugs, trafficking of people has been seen as low-risk. We need to develop an understanding of the whole threat picture.

"Until recently we've been operating on unfounded intelligence, or myths. If we don't get these basics right, our response will be wrong."

The National Referral Mechanism identified almost 4,000 potential victims last year, from a staggering 108 countries. As our map shows, the most common foreign nationalities of the victims are Albanian, Vietnamese and Nigerian, followed by Chinese and Romanian.

Given that Mr Hyland estimates the true number of victims to be much higher, up to 13,000 and, according to the National Crime Agency, possibly in the tens of thousands, it's likely there are even more countries involved.

Mr Hyland has launched a report into the trafficking routes from Vietnam. One of his goals as commissioner is to show the complex relationships between Britain and origin countries, each of which has distinct cultural factors that can seem alien to British observers.

Nigerian women might fear a Juju curse. Vietnamese boys - young males make up the largest cohort of Vietnamese modern slaves in Britain - live in fear of debt. A typical case might involve a friend or neighbour offering work in London to someone in the north of Vietnam. As identified in the commissioner's report, the price for transport could be anything from £10,000 to £33,000.

As collateral, the victim's parents might hand over the "red book", the deeds to their property. The journey could take months, with various overland routes leading to France, where the victim will wait with hundreds of other Vietnamese people for an opportunity to cross the Channel. Along the way, beatings and rape are common. Even if they get to the UK, they will almost never repay the debt.

Re-trafficking is another key issue. Once a Vietnamese person has been released from one exploitative situation, through escape, especially from less secure children's facilities or a raid, they can often find themselves walking the streets.

It's easy for them to end up being exploited again. It might be a nail bar, for example, rather than a cannabis farm: often the two businesses are interconnected, with nail bars used to launder drug profits.

Parosha Chandran, the UK's leading anti-slavery barrister and a United Nations expert on trafficking, says part of the problem is the lack of co-ordination between police departments. Too often, raids focus on disrupting the place of illegal cannabis cultivation, rather than investigating who is responsible for running the sophisticated, often multi-million-pound drug business the trafficking victims are caught up in.

Until a landmark case she won, children and adults found cultivating cannabis in this manner were prosecuted as criminals, rather than recognised as being victims of modern slavery.

"It's time for some critical leadership on investigating modern slavery," she says. "There are two crimes being committed [in these cases]: human trafficking and the illegal cultivation of drugs.

"Both have all the hallmarks of organised crime. Police departments must club together their expertise on financial crime, drug crime, modern slavery and witness protection to have an effective response.

"They need to trace money streams, preserve evidence at the scene and offer witness protection to victims to encourage them to come forward, to help with prosecutions. These gangs rule by fear."

While law enforcement has a part to play, it is not the only piece of the puzzle. Londoners who use cannabis, or visit nail bars or car washes, have a responsibility to spot the signs, and fight the modern slavery that goes on under their noses.

Ten key signs that someone is a victim - Spot the red flags and help stop slavery

- Is someone always watching them?

- Do they have injuries that appear to be the result of an assault?

- Do they seem frightened or won't look you in the eye?

- Do they always wear the same few clothes?

- Do they look starving or neglected?

- Are they living in dirty, cramped or overcrowded conditions?

- Do they live and work at the same address?

- Are they being controlled by a "boyfriend"?

- Do they have ID documents?

- Are their travel arrangements unusual?

Take action to end slavery by going to our online activity platform :

(1st October 2017)

(International Business Times, dated 12th September 2017 author Jason Murdock)

Full article [Option 1]:

With your feet up at the end of a long day and with the tiny kettle boiling, it can be very tempting to log into your hotel's WiFi connection and have a scroll through social media. You may quickly log in to your online banking, download some podcasts or even send some work emails.

But have you ever stopped to consider the hotspot you are connected to - which is probably using the name of the hotel followed by the word 'Guest' - is actually a trap?

That your usernames, passwords and other sensitive information may be flowing directly into the hands of a hacker? You should, cybersecurity experts warn.

This week (12 September), research from Broadband Genie, which asked 2,512 thousand people about their internet access when staying in hotels, found that more than 90% admitted to logging in when it's available.

A whole 58% said they were not worried about being monitored.

The survey revealed that the most popular uses for hotel WiFi included email and internet browsing.

A small, but still significant, number (26%) said they used it for work purposes. But nearly all respondents, it claimed, were accessing some form of private data.

You may think it's not important. Why would a hacker be interested in you, after all?

Unfortunately, hackers trade in data - and hotel WiFi connects transmit a lot of sensitive information. Emails contain passwords. Work email accounts are a chance to mould successful social engineering attacks. Your bank account - well, that one is obvious.

Does the connection even have a password?

"Assuming the hotel WiFi is unsecured, the range of potential attacks is broad," Ondrej Kubovic, a security expert at Slovakia-based antivirus firm ESET, told IBTimes UK.

"An attacker can passively eavesdrop on the victim's communication, alter it, hijack the user's session, redirect him/her to malicious sites, extract sensitive data or even manipulate the victim to download malware and take control of his/her device," he added.

Rob Hillborn, head of strategy at Broadband Genie, elaborated: "I think many go in on the assumption they are secure because they've paid for a service and are in a safe environment, where actually we should always be erring on the side of caution on any WiFi connection."

Studies show that such connections are a major weak spot for the general public.

In 2015, cybersecurity firm F-Secure conducted an experiment on the streets of London - creating a fake hotspot to see how many people joined without question. In one half-hour period, a whopping 250 devices connected to the hotspot, the firm later revealed in a report.

One of the terms and conditions of the hijacked hotspot's use was that the user must give up their first-born child or most beloved pet in exchange for the internet. Six people agreed.

"What are we really signing up for when we check the 'agree' box at the end of a long list of T&C's we don't read?" the firm pondered in a blog post at the time. "There's a need for more clarity and transparency about what's actually being collected or required of the user."

And when it comes to the more specific topic of WiFi in hotel rooms - hackers have been caught exploiting it for gain on numerous occasions - be it for money or espionage.

One of the most prolific groups to conduct these operations has, aptly, been dubbed DarkHotel.

n 2014, researchers from Kaspersky Lab, a Russian cybersecurity firm, found the group had - for years - been using malware on victims staying in hotels, mostly businessmen.

It took advantage of unprotected WiFi connections to launch phishing attacks.

"Considering their well-resourced, advanced exploit development efforts and large, dynamic infrastructure, we expect more DarkHotel activity in the coming years," Kaspersky Lab warned in a report at the time.

They were correct.

In 2017, the hackers were again profiled by security firm Bitdefender, which found the team had shifted its attention to political figures. "The threat actors have been able to run their business undisturbed for years," warned threat researcher Bogdan Botezatu in his analysis.

So the problem hasn't gone away. In fact, as more personal information is being bundled into smartphones and tablets, the issue is only likely to intensify, security experts believe.

"Hotel WiFi, or indeed any other public WiFi such as the ones found in airports and coffee shops, should always be approached with caution," Javvad Malik, a security advocate at AlienVault, told IBTimes UK. "It is relatively trivial for an attacker to set up a fake access point."

Users who want to browse the web using public WiFi should, if possible, use a virtual private network, or VPN, to add an extra later of security. In many cases, a common sense approach is paramount - be vigilant of what you click and make sure websites are legitimate.

(1st October 2017)

(London Evening Standard, dated 11th September 2017 authors Martin Bentham and Justin Davenport)

Full article [Option 1]:

A new £50 million base for armed police officers is to be built in central London to help protect the public from terrorism.

The new base will house at least 200 officers and contain a practice firing range, weapons storage and other facilities designed to enable the force's firearms specialists to hone their shooting and decision making skills.

It will be built in Limehouse and is being located in east London partly to make it easier to keep officers on hand to respond to any future terror attacks in the capital.

The move comes as the Met also announced it would trial the use of drones for firearms operations and other police actions in London.

Scotland Yard said it was borrowing a drone from Sussex Police to help deal with incidents such as high risk missing people, serious traffic collisions, searches for suspects and the identification of cannabis factories.

However, the drone would also provide aerial support for "pre-planned and spontaneous firearms operations" in an eight week trial. It will also be used in surveillance operations to provide life footage of operation deployments.

The decision to set up the new firearms base comes as the Met continues to expand its firearms capability through the recruitment of 600 extra armed officers.

Once completed that will take the total number of armed officers employed by the Met to 2,800.

The increase, which amounts to a rise of more than a third in the number of armed officers in London, was ordered last year before this summer's terror attacks in the capital and Manchester in recognition of the heightened threat since the Islamic State urged its followers to inflict murder in their own countries using whatever means possible.

But the need for armed officers to be available to respond rapidly has been illustrated by the incidents at Westminster and London Bridge in particular, as well as by attacks overseas in Barcelona and elsewhere.

News of the new base comes 100 days after the London Bridge attack when armed officers rushed to the scene to confront and kill the three Islamist attackers within eight minutes.

Disclosing the decision to set up a firearms base in Limehouse, Met Deputy Commissioner Craig Mackey said the force needed new sites for its armed officers and had already built a new firearms range at Hendon.

But the new Limehouse base would make it easier to ensure that officers were easily available to tackle both terrorist incidents and other crimes in which guns might be involved.

He added: " The reality is that when you have the sort of firearms capability we have, you have to acrredit and train people regularly.

"The firearms range at Hendon is up, but it's not just that one. As we redevelop in the east of London we are looking at a similar type of capability at Limehouse. That's about making sure we can keep those officers trained, accredited, and up to the standards they need to be, and available."

Mr Mackey said the projected £50 million cost was a "place marker" figure and that the eventual bill could be either higher or lower.

Other non-firearms officers would also be stationed at Limehouse, which will be built as part of a wider overhaul of the Met's property portfolio under which more than 250 buildings will be disposed of and a smaller number of new stations developed to take their place.

"You will see buildings that are multi-functional, that have uniformed operational officers, custody facilities, where we put road policing units, that's the sort of thing that Limehouse will be," Mr Mackey said.

The Met's armed officers will continue to train at a firing range in Gravesend. The opening of the Hendon range has given the force extra capacity but the centrally located Limehouse base will represent a further significant step up.

The Limehouse base will replace the existing Met firearms base in Leman Street in the City of London which is expected to be sold off.

At the moment, as well as armed officers stationed at prominent locations such as Parliament and Buckingham Palace, other Met firearms teams patrol the capital covertly in vehicles.

The aim is to ensure that they are available to respond rapidly to any incident, terrorist or otherwise, requiring an armed response. The speed at which the firearms teams are able to deal with incidents was illustrated at the London Bridge attack when armed officers rushed to the scene, before confronting and killing the three Islamist attackers within eight minutes of being deployed.

In terrorist incidents, firearms officers are trained to advance towards attackers, despite the risk to their own lives.

They are also instructed to fire repeatedly if necessary to ensure that an attacker is completely incapacitated, which will usually mean dead, because of the risk that a suicide belt or other bomb might otherwise be detonated.

A firm date for the construction of the new Limehouse base has yet to be set but it is part of a five year plan by the Met to transform its property portfolio by closing little used buildings while at the same time updating others or building new ones.

The aim is to improve the force's efficiency and save enough money to fund redevelopment and pay for 1,100 officers.

(1st October 2017)

(The Register, dated 8th September 2017 author Iain Thomson)

Full article [Option 1]:

US big box retailer Best Buy has pulled from its shelves Kaspersky Lab's PC security software amid fears of Kremlin spies using the antivirus tool to snoop on Americans.

Despite there being no concrete evidence to indicate that the security software is a threat, the retail chain is ending its long relationship with Kaspersky, a Best Buy spokesperson confirmed to The Register on Friday. As to the reasoning, the store chain just said that it doesn't comment on contracts with specific vendors.

"Kaspersky Lab and Best Buy have suspended their relationship at this time; however, the relationship may be re-evaluated in the future," the Russian biz told The Register today.

"Kaspersky Lab has enjoyed a decade-long partnership with Best Buy and its customer base, and Kaspersky Lab will continue to offer its industry-leading cybersecurity solutions to consumers through its website and other retailers."

The news caps off a lousy week for Kaspersky. On Monday US Senator Jeanne Shaheen (D-NH) introduced an amendment to the National Defense Authorization Act that would ban Kaspersky software from any federal computer, following on from her earlier ban on the software being used by the Department of Defense.

"Because Kaspersky's servers are in Russia, sensitive United States data is constantly cycled through a hostile country," she said in an op-ed supporting the amendment.

"Under Russian laws and according to Kaspersky Lab's certification by the FSB, the company is required to assist the spy agency in its operations, and the FSB can assign agency officers to work at the company. Russian law requires telecommunications service providers such as Kaspersky Lab to install communications interception equipment that allows the FSB to monitor all of a company's data transmissions."

What she didn't add is that under the terms of the Patriot Act and other legislation pushed through as part of The War Against Terror (TWAT), American software companies are under similar obligations if the government comes knocking at their doors.

Indeed, the CIA's investment arm In-Q-Tel even funds security startups. FireEye, Interset, ArcSight and Silver Tail Systems all got funding from the intelligence agency.

But why let the facts get in the way of a good bit of publicity? Bashing Kaspersky is very much the game de jour at the moment. The FBI has been giving classified briefings to politicians warning them about the software and conducting nocturnal visits to Kaspersky staffers' homes. Those of us without security clearance are being told to trust them and steer clear of the nasty Russian code, m'kay.

Eugene Kasperky, the eccentric founder of the firm that bears his name, has repeatedly and vehemently denied that there are any backdoors in his software that the FSB can use. He has offered the source code up for inspection by the US government, but no one's taking him up on it.

All this technology bashing has had another effect, however. It appears to have given Vladimir Putin ideas about doing exactly the same thing - a move that could be very costly for some technology companies.

At a meeting of technology executives in the Perm region, Putin told them that they should aim to be using only Russian software. Currently about 30 per cent of the software used by Russian business is home grown, and Putin told them that had to change - the government might penalize some companies if they don't.

"In terms of security, there are things of critical importance for the state, that are essential to support certain industries and regions," he said, the state mouthpiece RT reports.

"You shouldn't offer IBM [products], or foreign software. We won't be able to take it because of too many risks."

Updated to add

Best Buy has confirmed that customers who bought Kaspersky software can have it removed by the retailer's Geek Squad techies, who may also check the computer for child abuse images.

(1st October 2017)

(London Evening Standard, dated 8th September 2017 author Benedict Moore-Bridger)

Full article [Option 1]:

Fifty-nine Met police officers have been sacked or disciplined for racist behaviour in the past five years, the Standard can reveal.

Scotland Yard dismissed 18 officers following complaints about race discrimination and 41 were subject to other disciplinary sanctions.

The figures, from a freedom of information request, also show that 37 cases of discriminatory behaviour on the basis of race were referred to the Independent Police Complaints Commission between January 2012 and this May.

Between 1999 and 2011, 120 Met officers were found guilty of racist behaviour, with six forced to resign, one dismissed and the rest receiving a sanction, most commonly a fine.

In 1999 the Macpherson report, on the investigation into the 1993 murder of black teenager Stephen Lawrence in Eltham, branded the force "institutionally racist". Since then 550 complaints of racist behaviour against Met officers have been referred to the IPCC.

Details of dismissals or final written warnings include an officer in a squad car who remarked that an area of London needed to be "ethnically cleansed". Told that such a comment should not be made, the officer replied: "Why not?" Others made racist remarks to colleagues and the public, or on messaging apps. In 2013 Pc Alex MacFarlane was sacked for gross misconduct after being secretly recorded telling a man under arrest: "The problem with you is that you will always be a n*****."

Another off-duty officer racially abused a ticket inspector on a train when the friends he was with were told to pay penalty fares after trying to pretend they were also police officers.

Retired police superintendent Leroy Logan, founder and former chairman of the Met's Black Police Association, said: "This saddens me as an officer who gave evidence at the Stephen Lawrence inquiry. Nothing has really significantly improved so I am led to only come to the same conclusion - that the organisation is institutionally racist."

According to official statistics, only 13.4 per cent of the Met's workforce is non-white. However, Scotland Yard said the number of black and minority ethnic officers was increasing compared with previous years, and that work was being done to improve diversity.

The Met said: "Staff must act with professionalism and integrity at all times. Where conduct is proven to have fallen below standards expected, the MPS will take robust action to ensure staff are appropriately disciplined."

(1st October 2017)


(Wired, dated 4th September 2017 author Andy Greenberg)

Full article [Option 1]:

Keeping your internet property safe from hackers is hard enough on its own. But as WikiLeaks was reminded this week, one hacker technique can take over your entire website without even touching it directly. Instead, it takes advantage of the plumbing of the internet to siphon away your website's visitors, and even other data like incoming emails, before they ever reach your network.

On Thursday morning, visitors to saw not the site's usual collection of leaked secrets, but a taunting message from a mischievous group of hackers known as OurMine. WikiLeaks founder Julian Assange explained on Twitter that the website was hacked via its DNS, or Domain Name System, apparently using a perennial technique known as DNS hijacking. As WikiLeaks took care to note, that meant that its servers weren't penetrated in the attack. Instead, OurMine had exploited a more fundamental layer of the internet itself, to reroute WikiLeaks visitors to a destination of the hackers' choosing.

DNS hijacking takes advantage of how the Domain Name System functions as the internet's phone book-or more accurately, a series of phone books that a browser checks, with each book telling a browser which book to look in next, until the final one reveals the location of the server that hosts the website that the user wants to visit. When you type a domain name like "" into your browser, DNS servers hosted by third parties, like the site's domain registrar, translate it into the IP address for a server that hosts that website.

"Basically, DNS is your name to the universe. It's how people find you," says Raymond Pompon, a security researcher with F5 networks who has written extensively about DNS and how hackers can maliciously exploited it. "If someone goes upstream and inserts false entries that pull people away from you, all the traffic to your website, your email, your services are going to get pointed to a false destination."

A DNS lookup is a convoluted process, and one that's largely out of the destination website's control. To perform that domain-to-IP translation, a your browser asks a DNS server-hosted by the your internet service provider-for the location of the domain, which then asks a DNS server hosted by the site's top-level domain registry (the organizations in charge of swathes of the web like .com or .org) and domain registrar, which in turn asks the DNS server of the website or company itself. A hacker who's able to corrupt a DNS lookup anywhere in that chain can send the visitor off in the wrong direction, making the site appear to be offline, or even redirecting users to a website the attacker controls.

"All of that process of lookups and handing back information are on other people's servers," says Pompon. "Only at the end do they visit your servers."

In the WikiLeaks case, it's not clear exactly which part of the DNS chain the attackers hit, or how they successfully redirected a portion of WikiLeaks' audience to their own site. (WikiLeaks also used a safeguard called HTTPS Strict Transport Security that prevented many of its visitors from being redirected, and instead showed them an error message.) But OurMine may not have needed a deep penetration of the registrar's network to pull off that attack. Even a simple social-engineering attack on a domain registrar like Dynadot or GoDaddy can spoof a request in an email, or even a phone call, impersonating the site's administrators and requesting a change to the IP address where the domain resolves.

DNS hijacking can result in more than mere embarrassment. More devious hackers than OurMine could have used the technique to redirect potential WikiLeaks sources to their own fake site to try to identify them. In October of 2016, hackers used DNS hijacking to redirect traffic to all 36 of a Brazilian bank's domains, according to an analysis by the security firm Kaspersky. For as long as six hours, they routed all of the bank's visitors to phishing pages that also attempted to install malware on their computers. "Absolutely all of the bank's online operations were under the attackers' control," Kaspersky researcher Dmitry Bestuzhev told WIRED in April, when Kaspersky revealed the attack.

In another DNS hijacking incident in 2013, the hackers known as the Syrian Electronic Army took over the domain of the New York Times. And in perhaps the most high-profile DNS attack of the last several years, hackers controlling the Mirai botnet of compromised "internet-of-things" devices flooded the servers of the DNS provider Dyn-not exactly a DNS hijacking attack so much as a DNS disruption, but one that caused major sites including Amazon, Twitter, and Reddit to drop offline for hours.

There's no foolproof protection against the kind of DNS hijacking that WikiLeaks and the New York Times have suffered, but countermeasures do exist. Site administrators can choose domain registrars who offer multi-factor authentication, for instance, requiring anyone attempting to change the site's DNS settings to have access to the Google Authenticator or Yubikey of the site's admins. Other registrars offer the ability to "lock" DNS settings, so that they can only be changed after the registrar calls a site's administrators and gets their ok.

Otherwise, DNS hijacking can enable a full takeover of a website's traffic all too easily. And stopping it is almost entirely out of your hands.

(1st October 2017)

(The Telegraph, dated 4th September 2017 author Matthew Field)

Full article [Option 1]:

Six million Instagram accounts have been exposed online after hackers created a dark web database of personal information, revealing private phone numbers and email addresses.

The scale of the hack on the photo-sharing site emerged after the Instagram account of singer Selena Gomez was compromised last week. UK security researchers discovered hundreds of contact details on the dark web of celebrities including Emma Watson, Taylor Swift and Harry Styles.

In addition to leaking the details of hundreds of A-listers, hackers created an online database where cyber criminals could access private user details for $10 per search.

Instagram initially said a "low percentage" of accounts had been affected, although the hackers claim they have details on as many as six million users, the Daily Beast reported.

Instagram has since responded with its advice on how to protect accounts and report suspicious activity.

The hackers, claiming to be Russian and calling themselves "Doxagram", advertised the account details on online forums with links to the dark web, claiming "it is only $10 (price of 2 cups of coffee) for celebrity contact info".

One website linked to the hack has since been taken down, with Facebook, which owns Instagram, purchasing domain names used by the hackers to take them offline.

An official Instagram account for the President of the United States of America, run by the White House social media team, was also reported to be among the exposed details.

"We quickly fixed the bug, and have been working with law enforcement on the matter," said Instagram co-founder Mike Krieger. He added account passwords had not been exposed by the security flaw.

UK cybersecurity company RepKnight identified 500 celebrity accounts that had been compromised by the hack.

"While Instagram has now fixed the bug that lead to the leak, the cat is out of the bag now, and those affected will have to take extra care to maintain their privacy," said RepKnight analyst Patrick Martin.

How was the data stolen?

The potential vulnerability on Instagram was found by researchers at Kaspersky Labs and reported to Facebook.

A flaw in the password reset option in the Instagram mobile app exposed mobile phone numbers and email addresses, but not passwords. The simple attack involved sending a request for a password reset to an account and intercepting the private phone and email details sent in response to the security query.

The vulnerability existed in a 2016 version of Instagram, meaning those with up-to-date accounts should be safe.

How to protect yourself on Instagram

Instagram has since offered its official advice on what to do if your account has been affected. Instagram said users should exercise additional caution if they receive any calls or emails from unknown or suspicious sources.

"Additionally, we're encouraging you to report any unusual activity through our reporting tools," Instagram said. "You can access those tools by tapping the "…" menu from your profile, selecting 'Report a Problem' and then 'Spam or Abuse.'"

Instagram has a page which offers users advice on how best to keep their account protected and what to do if they think an account has been hacked. Users should change their password or send themselves a password reset email if they think they have been affected.

It also suggests users turn on two-factor authentication on their accounts for added protection.

How to turn on two-factor protection on Instagram

- Go to the settings tab in the top right corner of your profile
- Scroll down and select "two-factor authentication"
- Tap "require security code"
- You will then need to add a phone number to your account
- After this a code will be sent to your phone every time you try to log into your account

While this can keep an account safe from hackers, the information taken from Instagram included phone numbers, showing not all data is safe when stored online, even if it is kept private.

Protect your online identity

1. Report suspicious activity

Notify Instagram, Facebook, Twitter and Tinder if you believe you're being impersonated, those accounts will be removed if the case is proven.

2. Use Google Reverse Image Search

If you suspect somebody may have stolen your images, use Google's tool that allows you to search the internet for use of that picture. Simply click on the camera icon on Google Images ( and upload.

3. Keep your profiles locked down

It may not be overly sociable, but if you want to minimise the misuse of your photos, keeping your profiles private - so that only friends can see them - is essential, particularly on Facebook and Instagram.

(1st October 2017)

(BBC News, dated 4th September 2017 authors Jonathan Gibson and Riyah Collins)

Full article :

Postal workers are being offered £1,000 per week to steal bank cards, a BBC investigation has found.

Online adverts offer huge sums to tempt Royal Mail staff to intercept letters containing cards and PINs.

More than 11,000 people in the UK have been affected by this type of fraud in 2016, where bank cards are stolen in transit, according to UK Finance.

Royal Mail would not disclose how many workers had been convicted but claimed "the theft of mail is very rare".

It added its security team was investigating the findings by BBC Inside Out West Midlands and it had no evidence of its employees being involved.

West Midlands Police said its economic and fraud teams are not aware of the BBC's findings and it has not had any reports of this type of fraud.

A BBC journalist posed as a postman and responded to an advert offering £1,000 per week to intercept letters.

After a few weeks working to build up the gang's trust, he was able to persuade a member to meet him.

Our reporter secretly filmed a meeting outside the bus station in Lewisham, south-east London, where the gang member explained what was expected.

"We're going to tell you, for example, that Ms *****, she's going to have a letter from NatWest," he told the undercover journalist.

"Any letters from NatWest for Ms *****, intercept. As simple as that.

"If you open up a new account you're going to get your card and you're going to get your PIN, right? Two letters, that's all it is.

"We do that, you intercept the letters, bring them back to us, you get paid."

One gang in Birmingham has been operating for 30 years, according to the unidentified member who said the leader has "been in the game for 30 years".

"He's worked with a number of postmen.

"I've worked with two. One was in the Midlands - Coventry - and one was on the outskirts of London, Romford area.

"But my guy, he lives in Birmingham and I obviously do the work, he sorts out the other side."

On their second meeting in a south London park, the undercover journalist confronted his contact.

The gang member offered no answer and ran away when asked why he was trying to recruit postal workers to commit fraud.

Royal Mail would not comment on how many of its workers had been prosecuted for stealing mail since it was privatised in 2013.

However, 1,759 Royal Mail workers were convicted of theft between 2007 and 2011.

Figures from UK Finance show the problem does not seem to be getting any better with the number of cases, and the cost to card issuers, rising each year since 2014.

In 2016, there were 11,377 cases of fraud where a card is stolen in transit, costing card issuers £12.5m.

UK Finance said it works closely with Royal Mail to target these types of gangs. It has its own police unit with prosecution powers.

"We do have our own police unit and they target organised criminality," Katy Worobec, head of fraud detection at UK Finance said.

"They try and get the people who are actually organising the criminality behind the scene.

"Once you've taken that part of the gang out, the thing falls apart.

"We've got a very good relationship with Royal Mail to help target these types of gangs and we've seen some good successes in the past."

Royal Mail said: "We take all instances of fraud - alleged or actual - very seriously.

"Our security team is reviewing the programme's findings as a matter of urgency and will continue our close and ongoing cooperation with the relevant law enforcement agency.

"The overwhelming majority of postmen and women do all they can to protect the mail and deliver it safely. The safety and security of mail is of the utmost importance to Royal Mail.

"We deliver millions of items safely every day and the theft of mail is rare. The business operates a zero tolerance approach to any dishonesty. We prosecute anyone we believe has committed a crime."

"I don't trust postman"

Darren Blythe, from Banbury, had his bank card intercepted by postal worker Damon Alvey in 2013.

He sensed something was wrong when the new bank card he requested did not arrive within the estimated time.

"I was waiting and waiting and eventually I rang the bank and that's when they told me my bank account had been wiped out totally."

Alvey, from Thame, was jailed for 10 months in 2014 for the fraud which saw about £3,000 taken from Mr Blythe's account.

"He left me with just over £2 in my account," Mr Blythe said.

"It made me really depressed. I was stuck indoors for days and days on end."

Although his money was refunded by the bank within two weeks, Mr Blythe said he did not "trust postmen any more really".

Cases (Source : UK Finance)

2011 : 8,536
2012 : 9,018
2013 : 9,125
2014 : 9,302
2015 : 10,914
2016 : 11,377

(1st October 2017)

(London Evening Standard, dated 4th September 2017 author Michael Bow)

Full article [Option 1]:

The contactless card payment limit should stay at £30 to prevent a rise in card fraud, the head of the City of London police said.

The maximum contactless payment went up from £20 to £30 two years ago but Commissioner Ian Dyson said current concerns over contactless technology meant it was safer to keep the cap in place for now. Today marks 10 years since the launch of contactless.

"I would advise against increasing it for the moment because the losses could be quite significant," he said. "At some point the technology will change and you can raise the limit. The cap is there for sound reasons."

A poll last month found that more than half of retailers wanted the contactless limit increased.

The average supermarket shop is £25, which has influenced the £30 limit on the card. The average contactless card payment is around £8 or £9.

Regulators have been forced to tackle the technology after it emerged some merchants didn't download payment data to the bank until the end of the day, opening the door for fraud.

However, the technology is still relatively safe - about 2.7p in every £100 that was spent was lost to contactless fraud last year.

"I am not advocating a return to waiting five days for payments to clear but with that convenience the public must accept that there is a risk involved," Dyson added.

(1st October 2017)

(International Business Times, dated 4th September 2017 author Jason Murdock)

Full article [Option 1]:

Hackers are now using a sneaky pop-up technique posing as a font update to spread "Locky" ransomware and a remote access tool (RAT) to users on Google Chrome and Mozilla Firefox which, if clicked, can give cybercriminals complete access over infected computers.

Palo Alto Networks security expert Brad Duncan analysed the hackers' campaign - widely known as "EITest" - which has been using pop-ups since at least December 2016. He has now published his findings in a company blog post and as an update on the SANS Internet Storm Centre.

Two separate attacks were recently spotted in the wild, each using social engineering tactics to send a victim to a compromised website which then displayed a pop-up warning: "The HoeflerText font wasn't found".

An update button - if used by the targeted victim - would instantly download a malicious package.

In one of the August 2017 campaigns, sent via botnet-based spam, Duncan revealed that the pop-up "returned a malicious JavaScript file" disguised as a font library.

It was specially crafted to download and install the Locky strain of ransomware, Duncan said.

The second attack, which took place during the same timeframe, was altered to send out a type of malware under the name "Font_Chrome.exe".

This, it transpired upon analysis, was not a form of ransomware but instead a variant of file downloader which was programmed to spread the "NetSupport Manager RAT".

Locky is a notorious strain of ransomware which typically spreads via spam emails, locks down computer files and demands digital currency for their return. It emerged in February 2016, making an immediate impact by infecting a major hospital in Los Angeles, California.

That campaign alone netted hackers $17,000. The NetSupport RAT in question, meanwhile, is commercially-available software previously linked to hacks on gaming service Steam last year.

According to Duncan, the find signified "a potential shift in the motives of this adversary". The identities of those behind the latest campaigns, however, remains a mystery.

He wrote: "It's yet to be determined why EITest HoeflerText popups changed from pushing ransomware to pushing a RAT. Ransomware is still a serious threat, and it remains the largest category of malware we see on a daily basis from mass-distribution campaigns."

Indeed, in 2017 experts documented multiple ransomware outbreaks. Two major campaigns, using malware called "WannaCry" and "NotPetya" spread to hundreds of thousands of computers across the world. In both cases, experts have suggested the involvement of nation states.

"Users should be aware of this ongoing threat," Duncan said of the EITest campaigns.

"Infected users will probably not notice any change in their day-to-day computer use. If the NetSupport Manager is found on your Windows host, it is probably related to a malware infection."

In March 2017, a security researcher called Mahmoud Al-Qudsi spotted the same HoeflerText pop-ups on a compromised website hosted on WordPress.

(1st October 2017)

(The Telegraph, dated 3rd September 2017 author Francesca Marshall)

Full article [Option 1]:

Tens of thousands of people have been left bewildered after receiving letters and text messages demanding payment of hundreds of pounds in fines dating back over a decade.

The demands for unpaid parking tickets and invalid TV licences have been issued in a bid to claw back millions of pounds lost from historic fines.

The orders are part of a scheme being run by the Ministry of Justice with the help of new technology, using databases held by other government departments and online tracing tools which have even managed to locate people who have moved homes.

Since the scheme was launched in September 2016 around £9 million has already been recouped for the taxpayer, but it was not until March this year that the Historic Debt team expanded their tracing activity to include outstanding debts of over 10 years old.

The letters have however left many people confused with some even believing it was a scam and ignoring the requests all together.

The confusion can be blamed in part to the letters failing to include information on the particular incident in question, leaving people to wonder how they are able to prove their innocence.

Recipients are therefore being forced to contact their local magistrates court in order to trace what their alleged offence was.

In one incident a man was charged with a driving offence, despite being abroad at the time, but as a result of the mounting late repayment charges was left with no choice but to pay up.

Mark Thornton, 46, of Kilburn, North London, told the Mail on Sunday how, out of the blue, he received an official letter demanding £183.

He said: "It didn't actually say what the fine was for but eventually we were told it was for an untaxed vehicle. My wife and I were living in Switzerland in 2010, when it was supposed to have occurred.

"'We didn't have the paperwork any more and we didn't want to rack up more fees so we just paid it. It felt Kafka-esque."

The government department responsible has advised that it has been contacting debtors in order to seek payments and further enforcement activity will follow where appropriate.

Such incidents were also reported by The Mail on Sunday with some recipients being hit with further charges from bailiffs and threatened with court action.

Sandra Straupmanis, 54, of Shadwell, East London, received a demand for £205, which related to non-payment of a TV licence seven years ago.

Her son, Dagnis, 29, said: "My mother was very distressed. She rang the number on the letter and discovered it was for a property she had long moved out of.

"Someone else in her shared house put her name on the licence. But she had no way of proving that."

The Ministry of Justice have since said that those who believe they are being wrongly accused can appeal at magistrates court.

An HM Courts and Tribunals Service spokesman said: "The Historic Debt project was set up to tackle outstanding debt.

'It has collected £9 million, including compensation owed to victims of crime. Anyone who believes they have been wrongly contacted can appeal through their local magistrates' court."

A spokesman added that not all debtors have been contacted at this time and that the pursuit of following up the debts will continue.

If you have been contacted the Ministry of Justice advise that you make immediate payment or contact the National Enforcement Service contact centre.

###Parking Fine - When you do have to pay

If you get a Penalty Charge Notice issued by the local council, unless you have grounds to appeal, you should pay up. Here you have broken the law. The penalty is just that - a genuine penalty or fine - not just a "charge".

According to Citizens Advice, the law says that if you have a compelling, or very persuasive, reason for appealing, the council can use its discretion to decide whether to cancel the notice.

First, drivers will have to complain to the council in writing, with any witness statements or photographs included.

If the council accepts your reasons for appealing, your fine will be cancelled and you'll have nothing to pay. If the council rejects your reasons, you will be sent a notice of rejection. You will then have 28 days to make a formal appeal.

The appeal process has two stages before being referred to the courts.

(1st October 2017)

(The Guardian, dated 3rd September 2017 author Sarah Marsh)

Full article [Option 1]:

Growing numbers of people are falling victim to organised gangs who lure them into sending sexually explicit images and then threaten to post the pictures online unless they get payment.

There has been a sharp rise in webcam blackmail, also known as sextortion. The number of cases reported to the police more than doubling between 2015 and 2016, reaching 1,250 last year. This year so far there have been more than 700 cases.

The figures come as the man who blackmailed Ronan Hughes, 17, was jailed for four years. Iulian Enache, 31, shared intimate photos belonging to Ronan after the schoolboy failed to pay a ransom. The teenager killed himself hours afterwards.

The National Crime Agency (NCA) says the true number of sextortion cases could be even larger because many go unreported. It said the issue was high on its agenda.

The NCA put the rise down to better reporting, but also said copycat criminals were inspired by what they read in the media. Some of the gangs involved operated from overseas, it said.

David Jones, head of the NCA's anti-kidnap and extortion unit, said: "This is a project that is very close to my heart after the sad deaths of four young men because of sextortion reported in recent times. I strongly suspect there may be other suicides linked to it, but I have no evidence for that. It's just my speculation.

"We are keeping this issue on the public radar, first and foremost … making sure all intelligence packages are collated and gathered together to fully exploit all opportunities to put people before judicial systems."

The phenomenon has grown with the use of social media. It can affect anyone, but experts say young men are particularly vulnerable. The majority of cases include men between 18 and 24, but victims have also been as young as 14. Others have been in their 50s to 80s.

The rising figures are mirrored by an increase in calls to the revenge porn helpline, with cases about sextortion rising from 70 in 2015 to 89 last year. They predict a 20% rise in cases this year and a 51% increase from 2015 to 2017.

Laura Higgins, who manages the helpline, said: "Sextortion can be committed by individuals or international, organised crime groups. Our advice to victims is: do not pay or give the perpetrators anything that is being demanded, keep all messages as evidence, immediately cease all contact with the individual and report the matter to the local police.

"The victims will often feel silly or shamed. This is not the case. The fault is with the perpetrator or perpetrators who have violated the trust of the victim and abused that power as a means of coercion."

The NCA said evidence suggests that criminal groups operate in the Philippines, Ivory Coast and Morocco. They pose as young women online and strike up a conversation. They encourage their victims to share explicit photographs and then threaten to share them widely unless they receive payment.

Jones said: "I hope we are on track getting on top of this, but there are likely to be a number of victims who won't come forward to talk about this because of the embarrassment factor.

"We say don't do that ... for whatever reason people may not have any form of encouragement or confidence to report the issue but what I will say is that this is something we take a serious view of and it will not be tolerated in any form whatsoever."

Dr Jessica Barker, a cybersecurity expert, said: "Police figures show a big rise, but that is likely to be the tip of the iceberg as most people who experience sextortion don't report it to the police. There is a lot of embarrassment about it and lots of people feeling like it only happens to them.

"With these crimes it's often criminal gangs, not individuals in their bedroom doing this. These people operate almost like businesses, having office space and teams."

She said teenage girls could also be affected. "What I hear from the female point of view is that teenage girls get targeted over Instagram and get messages. So someone will comment on their photo on Instagram and say: 'I am a model agent or talent scout. I am a casting director in Los Angeles and you have the look we want.' They will exchange messages and build up a rapport and then say, 'We need more photos', and that will go on until they get the girl to send explicit images and then it reverts to sextortion."

Vicky Green of the charity Marie Collins Foundation said young people should be educated about manipulation and that the fault lies not with them for sending a picture but the perpetrator for soliciting it.

Jon Pearn, 64, from Plymouth: 'I told the person trying to blackmail me, this is your unlucky day'

I was on my Facebook and someone sent me a friend request and I pressed yes by accident. The person I accepted was supposedly a young lady and they started sending me private messages.

They asked to Skype me and eventually we spoke over that. She asked: "Do you like sex?" I jokingly replied: "Who doesn't?" And then she said: "You show me yours and I will show you mine."

I said OK but as she suggested it, then she should go first. I was shown a woman stripping over Skype and then I showed her a photo of my penis in response.

That's when the tone changed and the person I was speaking to told me that they were called Angel and they wanted money from me or they would send the pictures to my nieces. I think because we were friends on Facebook they could see my family and knew how to get in touch with them.

Now I look back, I think the clip I saw on Skype may have just been a video of someone. I don't know, it probably wasn't real.

The language when I was asked for money was quite threatening. They said: "Pay up or we will ruin your life." They asked for £500 initially but I said: "Do what you want. I don't care." I told them it was their unlucky day as they had messed with the wrong person.

Eventually they lowered their ask to £100 but I still told them to bugger off. I did think that it would have been different if I had been married or in a relationship but I had nothing to lose.

This happened to me two years ago and I went to the police, but I am not sure if the perpetrator was ever caught. My message is, on Facebook don't friend people you don't know. If people threaten you, don't be ashamed tell the police. Tell them to get stuffed.

(1st October 2017)

(The Times, dated 2nd September 2017 author Katie Gibbons) [Option 1]

An online listings site that hosts adverts offering trafficked children for sex in the US is running hundreds of explicit postings for sexual services in Britain.

The multimillion dollar site ////////.com, which has been investigated by the US senate for its "knowing facilitation" of child prostitution, operates in the UK yet remains largely unknown.

The company has been linked to the sex trafficking of potentially thousands of children, who are advertised in its "dating" and "escort" sections using coded emojis and phrases.

In the last month alone, dozens of adverts featuring sexually explicit photographs of young girls and boys were posted on /////// the British site. Their blurbs used phrases such as "fresh" or "new in town" and the cherry, growing love-heart and lolipop emojis, which have been identified as codes for under-age sex.

Kevin Hyland, the UK independent anti-slavery commissioner, has now called for tighter regulation of such sites to prevent British children from being trafficked and sold for sex online.

"This is wholesale serious crime where people are trading in human suffering and trading in young children," he said. "We need to really think about how we police the internet and how we protect the most vulnerable."

Eight civil actions have been bought in the US this year on behalf of young women allegedly sold for under-age sex through the site, including a 16 year old killed by a customer within three weeks of first being pimped through the dating section.

The company have avoided criminal liability in the US as websites are not legally responsible for third part content. Efforts to amend this legislation are being fought by global tech giants, including Google, Facebook, Amazon and Microsoft, in the name of free speech.

About 70 per cent of the 10,000 trafficked children recorded in America go through ///////.com, according to the National Center for Missing and Exploited Children. However, with sites in 943 locations across 97 countries, experts believe the global number trafficked through the site to be closer to 100,000.

The company has asserted that it is committed to preventing trafficking and the sale of children and as a passive carrier has no control over sex related adverts. However, data files seen by The Times reveal that ///////.com hired workers at a call centre in the Philippines to aggressively drum up sex-related business in the UK.

Though there is no recorded evidence of British children being sold for sex through ///////, the company could be held liable in Britain, if they were. James Perry, chairman of the Law Society's criminal law committee, said:" If cases like this emerge in the UK then /////// might well be caught by section 14 of te Sexual Offences Act 2003 which creates an offence of facilitating a child sex offence anywhere in the world".

Spreadsheets,emails, audio files and employee manuals from Avion - the data outsourcing company hired by /////// - reveal that a team of ten were dedicated to drumming up business in the UK. Others targeted Australia, South America and Europe.

They trawled the internet for new sex adverts and offered them free listings. In the first week of March, Avion workers earning $600 a month processed more than a thousand British sex-related adverts. The offshore data haul was inadvertently discovered by the global property company Co-Star while investigating a hack of its own data.

Andrew Florance, its chief executive who is co-operating with the authorities in multiple jurisdictions, said: " As soon as we saw the images it became clear it was very serious. We found what appeared to be child pornography and contacted the FBI. I can confidently say they appeared to be aggressively targeting Britain."

A British child protection chief, who wished to remain anonymous, accused the authorities of an "outdated" approach to traffickers, who were "always one step ahead". She said:" It is very, very likely that children are being bought and sold on listings sites in Britain."

Bharti Patel, chief executive of Ecpat, a global anti-child trafficking organisation, has called for tighter regulation of online platforms to "stop this heinous abuse" that earns traffickers billions.

Reported incidents of child traficking in Britain surged by 30 per cent last year, reaching a record 1,278.

In the US, a senate investigation found that users of ////// were advised how to phrase their posts to avoid removal. Those advertising sex with a "teen" would receive the error message "Sorry, 'teen' is a banned term" and could resubmit their post with sanitised language.

Moderators were instructed to take out words such as "rape", "lolita" and "barely legal" and graphic photographs of what appeared to be children but the adverts themselves remained online. At one point 80 per cent of posts were being moderated.

/////// chief excutive and co-founders have faced several charges of pimping and human trafficking. In eah case the denied any wrongdoing and they have repeatedly avoided prosecution under Section 230 of the US Communication Decency Act. The general counsel for //////, was unable to comment on the allegations because of active legal proceedings.

However, she denied that the site knowingly hosted adverts selling children for sex and said the company "worked continuously" with law enforcement to prevent trafficking.

uaware note

The name of both the company and its website have been redacted from this impression of actual The Times article.

(1st October 2017)

(BBC News, dated 2nd September 2017)

Full article :

Cyber-criminals start attacking servers newly set up online about an hour after they are switched on, suggests research.

The servers were part of an experiment the BBC asked a security company to carry out to judge the scale and calibre of cyber-attacks that firms face every day.

About 71 minutes after the servers were set up online they were visited by automated attack tools that scanned them for weaknesses they could exploit, found security firm Cybereason.

Once the machines had been found by the bots, they were subjected to a "constant" assault by the attack tools.

Thin skin

The servers were accessible online for about 170 hours to form a cyber-attack sampling tool known as a honeypot, said Israel Barak, chief information security officer at Cybereason. The servers were given real, public IP addresses and other identifying information that announced their presence online.

"We set out to map the automatic attack activity," said Mr Barak.

To make them even more realistic, he said, each one was also configured to superficially resemble a legitimate server. Each one could accept requests for webpages, file transfers and secure networking.

"They had no more depth than that," he said, meaning the servers were not capable of doing anything more than providing a very basic response to a query about these basic net services and protocols.

"There was no assumption that anyone was going to go in and probe it and even if they did, there's nothing there for them to find," he said.

The servers' limited responses did not deter the automated attack tools, or bots, that many cyber-thieves use to find potential targets, he said. A wide variety of attack bots probed the servers seeking weaknesses that could be exploited had they been full-blown, production machines.

Many of the code vulnerabilities and other loopholes they looked for had been known about for months or years, he said. However, added Mr Barak, many organisations struggled to keep servers up-to-date with the patches that would thwart these bots potentially giving attackers a way to get at the server.

During the experiment:

- 17% of the attack bots were scrapers that sought to suck up all the web content they found
- 37% looked for vulnerabilities in web apps or tried well-known admin passwords
- 10% checked for bugs in web applications the servers might have been running
- 29% tried to get at user accounts using brute force techniques that tried commonly used passwords
- 7% sought loopholes in the operating system software the servers were supposedly running

"This was a very typical pattern for these automatic bots," said Mr Barak. "They used similar techniques to those we've seen before. There's nothing particularly new."

As well as running a bank of servers for the BBC, Cybereason also sought to find out how quickly phishing gangs start to target new employees. It seeded 100 legitimate marketing email lists with spoof addresses and then waited to see what would turn up.

After 21 hours, the first booby-trapped phishing email landed in the email inbox for the fake employees, said Mr Barak. It was followed by a steady trickle of messages that sought, in many different ways, to trick people into opening malicious attachments.

About 15% of the emails contained a link to a compromised webpage that, if visited, would launch an attack that would compromise the visitor's PC. The other 85% of the phishing messages had malicious attachments. The account received booby-trapped Microsoft Office documents, Adobe PDFs and executable files.

Mr Barak said the techniques used by the bots were a good guide to what organisations should do to avoid falling victim. They should harden servers by patching, controls around admin access, check apps to make sure they are not harbouring well-known bugs and enforce strong passwords

Deeper dive

Criminals often have different targets in mind when seeking out vulnerable servers, he said. Some were keen to hijack user accounts and others sought to take over servers and use them for their own ends.

Cyber-thieves would look through the logs compiled by attack bots to see if they have turned up any useful or lucrative targets. There had been times when a server compromised by a bot was passed on to another criminal gang because it was at a bank, government or other high-value target.

"They sell access to parts of their botnet and offer other attackers access to machines their bots are active on," he said. "We have seen cases where a very typical bot infection turns into a manual operation."

In those cases, attackers would then use the foothold gained by the bots as a starting point for a more comprehensive attack. It's at that point, he said, hackers would take over and start to use other digital attack tools to penetrate further into a compromised organisation.

He said: "Once an adversary has got to a certain level in an organisation you have to ask what will they do next?"

In a bid to explore what happens in those situations, Cybereason is now planning to set up more servers and give these more depth to make them even more tempting targets. The idea is, he said, to get a close look at the techniques hackers use when they embark on a serious attack.

"We'll look for more sophisticated, manual operations," he said. "We'll want to see the techniques they use and if there is any monetisation of the method."

Brian Witten, senior director at Symantec research

We use a lots of honeypots in a lot of different ways. The concept really scales to almost any kind of thing where you can create a believable fake or even a real version of something. You put it out and see who turns up to hit it or break it.

There are honeypots, honey-nets, honey-tokens, honey anything.

When a customer sees a threat that's hit hundreds of honeypots that's different to when they see one that no-one else has. That context in terms of attack is very useful.

Some are thin but some have a lot more depth and are scaled very broadly. Sometimes you put up the equivalent of a fake shop-front to see who turns up to attack it.

If you see an approach that you've never seen before then you might let that in and see what you can learn from it.

The most sophisticated adversaries are often very targeted when they go after specific companies or individuals.

(1st October 2017)


(The Guardian, dated 31st August 2017 author Haroon Siddique)

Full article [Option 1]:

The number of people requiring specialist treatment for acid attacks has doubled over the last three years, NHS England has revealed, as it issued first aid guidance on how to help victims.

Following a spate of recent assaults using corrosive substances, the NHS is predicting that the number of people receiving intensive treatment such as reconstructive or eye surgery will continue to rise.

The figures, published on Thursday, compiled from the 28 specialist burns centres in England, paint only a partial picture of the scale of the problem, as they only capture the most serious incidents, but nevertheless make alarming reading.

One burns centre, St Andrew's in Essex, which serves London and the south-east, is on course to help more than 30 people this year, compared to the 32 who received specialist treatment across the whole of England last year. That was up from 16 in in 2014 and 25 in 2015.

Prof Chris Moran, national clinical director for trauma at NHS England, said: "Whilst this type of criminal assault remains rare, the NHS is caring for an increasing number of people who have fallen victim to these cowardly attacks.

"One moment of thoughtless violence can result in serious physical pain and mental trauma, which can involve months if not years of costly and specialist NHS treatment."

NHS England has partnered up with leading burns surgeons who have treated acid attack victims to issue first aid guidance, instructing the public to "report, remove, rinse":

- Report the attack: dial 999.
- Remove contaminated clothing carefully.
- Rinse skin immediately in running water.

David Ward, president of the British Association of Plastic, Reconstructive and Aesthetic Surgeons (BAPRAS), which helped develop the guidance, said surgeons had "seen first-hand the devastating impact on patients admitted to A&E after vicious corrosive substance attacks. They cause severe pain, scarring which can be lifelong, and can damage the sight, sometimes leading to blindness. Unfortunately these vindictive attacks are on the increase.

"The minutes after an acid attack are critical for helping a victim. This guidance BAPRAS has published with NHS England gives the important, urgent steps a victim or witness can take to help reduce the immediate pain and damage, and long-term injuries."

Corrosive substances are increasingly being used in assaults or robberies, with experts pointing to a crackdown on the use of knives and guns, leading street gangs to instead use more readily available corrosive substances, as a reason for the rise.

The number of crimes using acid or other "noxious substances" has more than doubled in London over the last three years, from 186 in 2014-15 to 397 in 2016-17, official figures show, including 45 in April this year. Large percentage increases have also been recorded elsewhere, including in the West Midlands and West Yorkshire.

Recent incidents include the attack on Resham Khan and her cousin Jameel Muhktar, who had acid thrown through their car window on Khan's 21st birthday on 21 June in Beckton, east London. They both suffered horrific face and neck injuries. John Tomlin, 24, has been charged with grievous bodily harm in relation to the attack.

Delivery drivers have expressed particular fears for their safety after Jabed Hussain, an UberEats driver, had acid thrown over him by two men who stole his moped, in the first of five acid attacks to take place in a three-mile radius in 90 minutes across east London last month.

NHS England said it had liaised with organisations including police forces, ambulance services and the Royal College of Surgeons to ensure the first aid advice was also shared with frontline emergency service staff. Last month, it was announced that police officers in London were being issued with 1,000 acid attack response kits, including protective gear and five-litre bottles of water, to allow officers to give immediate treatment to victims.

(28th September 2017)

(London Evening Standard, dated 30th August 2017 author Mark Blunden)

Full article [Option 1]:

Two million customers may have had their personal details stolen from electronic retailer CeX after its systems were hacked, the firm said today.

CeX, which runs the WeBuy electricals buying and selling website, sent out an email last night warning it had "been subject to an online security breach". Formerly Complete Entertainment Exchange, the Watford-based firm was founded in London 25 years ago and now has more than 200 stores internationally.

Managing director David Mullins said an "unauthorised third party accessed our computer systems" and he believes that "some customer data has been compromised".

This includes "personal information" of first name, surname, address, email address and phone number, and for a "small number" of customers, also what the company says is encrypted data from expired credit or debit cards.

CeX called the hack a "sophisticated breach" but gave no further details, and advised customers to change their password.

Mr Mullins said: "We are investigating this as a priority and are taking a number of measures to prevent this from happening again."

Further information (uaware)

See also :

(28th September 2017)

(The Register, dated 29th August 2017 author John Leyden)

Full article [Option 1]:

More than a third of national critical infrastructure organisations have not met basic cybersecurity standards issued by the UK government, according to Freedom of Information requests by Corero Network Security.

The FoIs were sent in March 2017 to 338 organisations including fire and rescue services, police forces, ambulance trusts, NHS trusts, energy suppliers and transport organisations. In total, 163 responses1 were received, with 63 organisations (39 per cent) admitting to not having completed the "10 Steps" programme. Among responses from NHS Trusts, only 58 per cent had completed the scheme.

In the event of a breach, critical infrastructure organisations could be liable for fines of up to £17m, or 4 per cent of global turnover, under the government's proposals to implement the EU's Network and Information Systems (NIS) directive from May 2018.

The findings suggest that many key organisations are not as resilient as they should be in the face of growing and sophisticated cyber threats. Corero's questions revealed that by not detecting and investigating brief DDoS attacks, organisations could be "leaving their doors wide-open for malware or ransomware attacks, data theft or more serious cyber attacks".

When asked "Have you suffered Distributed Denial of Service (DDoS) cyber attacks on your network in the last year?", just eight organisations (5 per cent) responded "yes".

(28th September 2017)

London Evening Standard, dated 29th August 2017 author Justin Davenport) [Option 1]

The number of phones snatched by moped thieves more than doubled last year, as police say gangs target unwary pedestrians using their devices.

Criminals are using mopeds or pedal cycles to steal more than 30 phones a day from Londoners, figures reveal. More than half of the devices were iPhones, with 4,705 taken in 2016/17.

In total, thieves on mopeds and scooters stole 7,041 mobiles in the past financial year, compared with 3,210 in 2015/16. In addition, pedal cycle muggers snatched 4,526 last year, compared with 3,044 the previous year.

Police in London are battling an epidemic of moped crime. Officers say it is driven, in part, by demand for mobiles, which can be sold for their parts.

Detectives point to an increase in the value of phone parts, saying some iPhone pieces can now fetch £150 or more. As well as selling phones, gangs are also using them for other criminal activity, such as drug dealing.

Dr Simon Harding, a criminologist at Middlesex University and an expert on gangs, said: "One of the things that is driving this now, apart from the fact many of these phones cost between £500 to £600, is that gang members need four to five separate phones. They Like us on Facebook Follow us on Twitter and Instagram have one to call mum, another for girlfriends and maybe two or three for drugs deals, which are called 'trap phones'.

"There is a constant demand for these phones. I have interviewed gang members and they all have three or four phones on them.

"They have all seen The Wire and other TV programmes and know how they can be tracked by their phone. If the cops chase them the phones get smashed up."

A stolen iPhone can fetch about £100. Some gangs are stealing 20 in an hour.

The figures, obtained via a Freedom of Information request, show that Islington has the highest number of moped mobile thefts in London. Last year 1,592 were recorded, compared with 1,114 in the previous 12 months.

Five boroughs - Isling­ton, Hackney, Camden, Westminster and Tower Hamlets - account for almost three quarters of moped phone snatches in London.

Commander Julian Bennett, the head of the Met police's Operation Venice, which targets moped gangs, said: "These offenders rely on the unwariness of the public to snatch their phones whilst they make calls.

"It is so important that the public is aware of their surroundings at all times and protect their personal property, particularly when emerging from a train or Underground station or anywhere where they might suddenly decide to take out and use their phone. Smartphones are very valuable to these criminals and they can snatch them in an instant."

He said police were employing overt and covert methods to target criminals using mopeds and bicycles to snatch valuables.

In recent weeks the Met has revealed it is trialling "DNA" sprays to mark fleeing suspects so they can be identified later, and stinger devices to punc­ture tyres.

Peo­ple are urged to be aware of their surroundings, not to text while walking, use the phone's security features and keep a record of its IMEI number.

(28th September 2017)

(The Times, dated 28th August 2017 author Adam Sage) [Option 1]

A Romanian couple with seven children will go on trial in France tomorrow accused of running a gang of young pickpockets who netted €1 million from tourists at Disneyland Paris.

Police say that the daily takings of one girl in the gang, whose members were aged 12 to 17, was between €500 and €800.

Marian Tinca, 57, and Maria Iamandita, 51, from Craiova, are accused of operating a Fagin's kitchen in which children were trained to steal wallets and phones.

Prosecutors claim that they were housed in poor areas north of Paris and sent out to steal in groups of three or four. In the morning they operated around the big department stores and would arrive at Disneyland in time for the afternoon parade.

One distracted the victims, the second carried out the theft and the others disappeared with the bounty.

Prosecutors will tell the court in Meaux, 25 miles from Paris, that Mr Tinca, who is said to have started the gang after he and his wife divorced, congratulated them when they brought home a lot of money and castigated them when they did not. Mrs Iamandita was in charge of taking the proceeds back to Romania. They will be tried along with ten others accused of being their accomplices.

The gang, whose members came from eight branches of one family, operated between 2014 and last year. Police became suspicious in 2015 when they started to receive a flow of reports from tourists whose belongings had been stolen. The children were arrested frequently but refused to give their names and claimed to be under 13, the age below which they cannot be detained under French law. They were systematicaly placed in foster care but all left within a few days.

The adults accused of running the operation were arrested in February last year after an investigation that involved tapping phones and despatching undercover officers to follow the suspects. The police in Craiova co-operated with their French counterparts.

The prosecution says that the loot was distributed to numerous members of the clan. Some used it to buy houses, a few gambled it away and others spent it on luxury goods.

(28th September 2017)

(The Register, dated 28th August 2017 Kieren MacCarthy)

Full article [Option 1]:

The New York Police Department will scrap 36,000 smartphones, thanks to a monumental purchasing cock-up by a billionaire's daughter.

The city spent millions on the phones back in October 2016 as part of its drive to bring the police force into the 21st century. And the woman behind the purchase - Deputy Commissioner for Information Technology, Jessica Tisch - praised them for their ability to quickly send 911 alerts to officers close to an incident.

There was only one problem: Tisch chose Windows-based Lumia 830 and Lumia 640 XL phones, and Microsoft officially ended support for Windows 8.1 in July.

Even though those two models are eligible to be upgraded to Windows 10 Mobile, the NYPD will need to redesign more than a dozen custom apps it created to run on Windows 8.1. And every phone will need to be manually updated to the new operating system. In addition, Microsoft is only promising to support upgraded Windows 10 phones through to June 2019.

In other words, the phones are effectively obsolete and so, according to the New York Post, the police department has decided to scrap them altogether and go with iPhones instead.

(28th September 2017)

(The Times, dated 28th August 2017 author Alexandra Frean) [Option 1]

Criminal gangs are using LinkedIn to perpetrate "CEO fraud", mining the social network for information about job titles and a company's chain of command to impersonate senior executives and give bogus orders to those below them.

The frauds typically involve an email purporting to be from a finance director or chief executive sent to an underling in the company's finance department, ordering them to transfer money quickly to a bank account for a specific reason.

"The attackers use LinkedIn to do corporate reconnaissance. It tells them a lot about who does what in an organisation," said Andrew Nanson, who is director of Corvid, the military cyberdefence division of Ultra Electronics. "The criminals are using social engineering techniques. Most of the time people follow instructions they get on email, especially if its from a boss. If an email looks like it comes from a certain person, why would'nt someone believe it was from them?"

Attackers make an email appear to come from an official company account using simple techniques, such as replacing a character with another similar one. An l may be become an i, so that Barclays appears as Barciay.

"The human brain will try to help you and you will read it as Barclays and your spam filter might not know there is no such thing as Barciay," Mr Nanson said.

He added that attackers also scour corporate press releases for information about new contracts and who is in charge of them, identifying the customer and supplier by name.

"Six months after the announcement [the supplier] sends an email saying, "our account details have changed, please send all future payments to....""he said. It's very, very common. I'm aware of organisations that have lost hundreds of thousands through diversionary payment fraud," Mr Nanson said.

This year the magazine Fortune reported that Google and Facebook were tricked by Evaldas Rimasauskas, a 48 year old Lithuanian, into sending him more than $100 million.

According to the US Justice department, he forged email addresses, invoices and corporate stamps to impersonate a large Asian based manufacturer with whom the tech firms regularly did business.

A report last year from the City of London police's National Fraud Intelligence Bureau showed that £32 milion had been reported lost as a result of CEO fraud in Britain. The actual figure is likely to be far higher, as many may not realise they have been hit. Action Fraud, the cyber crime reporting centre, reported last year that the average loss is £35,000, but one company lost £18.5 million.

Most organisations now train staff to spot phishing attacks. Many cyber security systems can identify malware and malicious websites, but this often fails to stop diversionary payment fraud.

Linkedin declined to comment.

(28th September 2017)

(The Times, dated 27th August 2017 author Andrew Gilligan) [Option 1]

Police in parts of London have been taking an average of 11 hours to respond to some 999 calls after a "disastrous" reorganisation by the Metropolitan police.

In June, in three east London boroughs, officers took an average of 28 minutes to respond to the most urgent calls: those graded by police as needing "immediate" emergency assistance. For the next grade down - calls classed as of "significant" urgency - police took an average of 11 hours and 22 minutes to respond.

In the first week of August the three boroughs had an average of 98 emergency calls "outstanding" and "unassigned" at any one time. The peak was on the morning of August 3, when an average of 163 callers waited for police to be assigned to their emergencies.

The figures are given in reports to the crime and disorder subcommittee of the Havering council, one of five boroughs where the new is being piloted.

Darren Rodwell, leader of the Barking council, another of the five boroughs affected by the re-organisation, sadi police response times in his area had "fallen off of a cliff". He said: " We have the second highest number of acid attacks in London. We've had more teenage stabbings in the last six months here than I can ever remember. But despite our keeping raisin our concerns, it did'nt feel like the message was getting through. We need the mayor to help us".

Abdul Hai, cabinet member for community safety at Camdem council, another of the boroughs in the plot, said he had expressed concerns to police about the changes. "The critical, key thing is the response times, " he said. "There was a period when response times went up quite significantly."

In Camdem and Islington, for the week ending July 25, an average of 25 urgent 999 calls were "outstanding" and "unassigned" at any one time, according to figures given to the London Assembly. At th peak, 54 urgent callers were waiting for assistance.

Under the plans, intended to save money by using officers more flexibly, London's 32 borough commands - which carry out local policing, employing the vast majority of officers - would be merged into 12 much larger units. The first two pilots - the east area, covering Barking, Havering and Redbridge, and the north central area, covering Camdem and Islington - have been fully operational since April.

Serving Met officers said the plan was a "disaster" that put them and the public at risk. "Each borough still has its own radio channel, so the risk is you're not on the right channel if you need to call for backup", said one officer. "Then you've got officers going into places without any local knowledge. It just doesn't work.

Last month the London mayor, Sadiq Khan, said the changes aimed to "strengthen local policing" and "improve the overall service to Londoners". However, he admitted last night that performance was "unacceptable" and said he had demanded "immediate Improvements".

Mark Simmons, Met deputy assistant commissioner, said performance had improved since June, with the average response time to "immediate" calls in the east area now just over 12 minutes.

(28th September 2017)

(The Times, dated 27th August 2017 author Tim Shipman) [Option 1]

Hundreds of motorists a year are being convicted for driving while intoxicated on drugs after a crackdown dramatically raised the conviction rate.

Half of those caught in roadside drug tests were found to be driving under the influence of cocaine, cannabis or both.

In 2015, the latest year for which official figures have been published, 1,442 drivers - about four a day - were convicted of offences that included being in charge of or attempting to drive a vehicle, or causing death, while exceeding the legal drug limit.

Police forces have recently focused on drug driving: Merseyside police reported 109 arrests for offences during a four-week operation in June.

Ministers have now released figures showing that roadside drug tests to detect cannabis and cocaine introduced in 2015, have increased the conviction rate among those stopped from 80% to 98%.

Previously officers would have to gather evidence that the driver was impaired, or would have to get medical opinion, before being allowed to take a blood or urine sample at a police station.

As well as the new roadside tests, officers are able to test for ecstasy, LSD, ketamine and heroin at a police station with a blood test, even if a driver passes the roadside check.

Drivers can also be convicted of drug driving after taking too many prescription drugs such as morphine, diazepam and temazepam.

The justice minister Dominic Raab said: "Our message is that any driver who risks the lives of others by taking the wheel under the influence of drugs will be punished.

(28th September 2017)

(The Times, dated 27th August 2017 author Richard Kerbaj) [Option 1]

Ship owners were warned about the threat of cyber-attacks only weeks before America began investigating the "possibility" that hackers caused the collision between one of its warships and an oil tanker, The Sunday Times can reveal.

The International Maritime Organisation (IMO), a London-based UN-affiliated body that regulates shipping, last month published guidelines urging ship owners to safeguard vessels against the "current and emerging threats" of cyber-hacking.

This weekend Lord West, a former admiral in the Royal Navy, also raised concerns about cyber-attacks, saying he was worried by merchant vessels' vulnerability.

The revelation follows the collision between the American destroyer USS John S McCain and a Liberian oil tanker, Alnic MC, in the South China Sea last week, leaving 10 US sailors dead or missing.

The route of the tanker taken from tracking signals and posted online by the VesselFinder website, shows it making a sudden turn to port just before the collision. Military intelligence officials fear the tanker may have been sent off course by a remote attack on its navigation systems.

It was the fourth time a US warship has been involved in an accident in Asian waters this year, raising questions about possible interference by state-sponsored hackers, sources say.

The US defence department warned in last years annual report about China's use of "electronic warfare" as a way to "reduce or eliminate US technological advantages". It said Beijing's capabilities include "jamming equipment against multiple communication and rada systems and GPS satellite systems.

Zhang Zhaozhong, a rear admiral in China's People's Liberation Army, celebrated the collision of the USS McCain, accusing the ship of "making a lot of trouble in the South China Sea.... what goes around comes around".

The IMO's new guidlines describe "an increasing need for cyber risk management in th shipping industry".

It is the second time it has warned about cyber attacks, after a 2014 paper revealed that "state sponsored hackers, terrorists and other malicious actors have turned towards exploiting weaknesses in cybersecurity".

Peter Roberts, a cyber expert who runs the military sciences unit at the Royal United Services Institute, said: "The offensive use of cyber has tended to follow the doctrine of electronic warfare of old. Competitor states - China, Russia, Iran, North Korea amongst others - continued to develop and invest in their electronic warfare capabilities ... and now [that] means they have a competitive advantage."

###Further information - uaware

(28th September 2017)

(CBC News, dated 26th August 2017 author Matthew Braga)

Full article [Option 1]:

When Dutch police took the notorious Hansa marketplace offline last month, they had a message for the underground site's pseudonymous drug dealers: we know who you are. The question, of course, was how.

Hansa existed on the dark web, and required a special web browser called Tor to access. Tor is designed to protect its users' privacy by keeping the true location of their computers anonymous. And yet, police said they would be able to unmask some of Hansa's users all the same.

On Friday, The Daily Beast appeared to have figured out why. It reported that Dutch police may have uploaded a specially crafted Microsoft Excel spreadsheet to Hansa's site, with hidden code inside designed to phone home to police.

When a user opened the spreadsheet, it would silently connect to a server controlled by police. Investigators would receive their real IP address, and not the anonymous IP address they would otherwise be assigned by Tor. Number in hand, there's a good chance they could get that user's real name and address from their internet service provider.

In many cases, police don't have to go to such lengths. Some criminals unwittingly give up their IP addresses. But the technique likely used against Hansa's users is becoming increasingly necessary as criminals get better at covering their tracks.

###"Designed to avoid suspicion"

There are myriad ways for authorities to get the IP addresses of their targets during criminal investigations. Some, such as the approach used by Calgary Police in a 2012 investigation, are relatively simple.

In that case, Detective Sean Joseph Chartrand of the Calgary Police Service entered a Yahoo chat room posing as an underage girl, court filings show. A man named Michael J. Graff, using a pseudonym, started chatting with Chartrand. Graff sent a series of sexually explicit messages and photos, along with an email address, and invited Chartrand - who he believed was named Ashley - to contact him there.

That was Chartrand's in. He used a now-defunct service called SpyPig to hide a tiny invisible image in an email, and sent it to Graff. When Graff opened the email, his computer retrieved the image from SpyPig's server - and in the process, revealed the IP address of his computer to SpyPig and Calgary Police.

"Det. Chartrand's email using the SpyPig code was specifically designed to avoid suspicion and conceal the SpyPig tracking function," reads a filing from the case.

Kent Teskey, the criminal defence lawyer in the case, was unaware of other cases where similar techniques have been used, as were other privacy lawyers and researchers contacted by CBC News.

###Network investigate techniques

The service used by Calgary Police isn't very sophisticated, nor is it exclusively used by police. Internet marketers, for example, have embedded tiny invisible images inside emails for years to track who opens their emails, at what time, and from where.

But in cases where a carefully crafted email or link may be suspicious or impractical, police have turned to more advanced and covert techniques.

In the Hansa drug market investigation, the tracking code was reportedly hidden inside an Excel file listing recent transactions. Similar code was hidden inside a video that contacted an FBI server when played.

But nothing compares in scope or scale to an FBI investigation in 2015, where the agency installed spyware on over 1,000 computers that accessed a child porn site called Playpen. The FBI refers to its hacking tools as network investigative techniques (NIT).

It's unclear whether police in Canada - who typically decline to comment on operational matters - have deployed similar software here.

(28th September 2017)

(BBC News, dated 25th August 2017)

Full article :

More than 300 number plates have been banned from use when the 67 vehicle registrations are released next week.

The Driver and Vehicle Licensing Agency (DVLA) has withheld them because they are deemed potentially offensive.

Among those are MU67 DER, BU67 GER, DO67 GER, BA67 ARD, MU67 GER, HU67 WLY and OR67 SAM. Other "words" like AF67 HAN and NE67 ECT also make the list.

A DVLA spokesman said it had a responsibility to ensure plates do not "cause upset or offence".

In June, the Swansea-based agency admitted that a plate JH11 HAD "slipped through the net".

Words which look as if they spell the word jihad among the new plates have also been banned, information supplied under the Freedom of Information Act to BBC Wales has shown.

Also on the list are a range of plates that start with the word NO and end with another complete three-letter word (and the 67 is irrelevant), including NO67 DAD, NO67 FUN, NO67 MUM and NO67 SON.

The spokesman said: "The agency applies a clear policy of withholding potentially offensive registration numbers equally to normal issue series and those made available to purchase from our sales team.

"Such numbers are withheld if they are likely to cause offence or embarrassment to the general population in this country on the grounds of political, racial and religious sensitivities or simply because they are in poor taste when displayed correctly on a number plate."

###Cracking the code?

- To certain eyes, or on some deliberately-designed plates, a 6 can look like a "G" or an "S"
- A 7 can be read as a "T" or even an "L"
- And when put together, the number 67 can be read by some as an "R" - but only if you look really, really hard

(28th September 2017)

(London Evening Standard, dated 25th August 2017 author Martin Bentham)

Full article [Option 1]:

Victims of crime in London could be denied a personal visit from police unless they are judged to be sufficiently "vulnerable", one of Scotland Yard's most senior officers has warned.

Deputy commissioner Craig Mackey said the "absolutely feasible" change would see the Met assessing the level of risk faced by a caller when deciding whether to send officers for a "face to face service".

He said members of the public who might be prioritised in future included people with learning difficulties, the elderly and people who did not speak English as their first language.

Healthy middle-aged men such as himself might miss out. Mr Mackey said burglary victims would "probably always get a service" but that "vehicle crime, those sorts of things" were among the types of offence where police might not attend unless the person affected was vulnerable.

He admitted this was a "difficult area" of policy, but said it could be required to help the force cope with major spending cuts over the coming years.

Speaking to the Standard, Mr Mackey also set out how the Met is striving to prevent officers numbers falling below the landmark 30,000 figure in the face of a projected £400 million drop in funding over the next five years.

Looking ahead to how the force will cope with less money and fewer officers, he said: "That's where you get into some of the difficult areas around do you always offer the same service to everyone? Increasingly, as we go forward we will look at things like trying to assess people and crime on the sort of the threat, the harm, the risk, and people's vulnerability.

"It's absolutely feasible as we go forward that if my neighbour is a vulnerable elderly person who has experienced a particular type of crime, that she gets a face-to-face service that I don't get. So we triage things... we assess people's vulnerability.

"Vulnerability can manifest itself in a number of ways: people with learning difficulties, a whole range of things, some people for whom English isn't a first language. That's about how we get those resources focused on the things you can make a difference with. But also as we go forward, as demand grows, you have to have a way of controlling and triaging."

The deputy commissioner said that it was inevitable that the force would become "smaller", despite rising crime, a growing population and the heightened terror threat.

The scale of the reduction will depend partly on future funding decisions and inflation, which was currently above the assumption in the Met's budget, and the exchange rate, which affects technology purchases. Mr Mackey said a sweeping overhaul of its operations would help to minimise the impact on the public.

This includes a property sell-off which will involve the closure of police stations, safer neighbourhood bases, offices and other sites. The use of technology will also be expanded to enable officers to file crime reports on patrol.

Mr Mackey said: "The Met will get smaller over the next four or five years. We are at 30,700 officers now. Realistically, we will be about 30,000 through most of next year. It's almost impossible to predict beyond that.

"It's about how you maximise what you've got. With buildings, you take running costs out and that equates to keeping more officers. Nothing in this changes when people ring us and say, 'Please, please come'. That 999 service is absolutely not changing.

"The reality is that the core part of the service that there's an emergency, please come quick, is what we all joined policing to do, to protect and to make sure it's the best we can possibly do."

In one scheme in west London, Hammersmith police station will get a £60 million upgrade while five other stations, including Notting Hill and Fulham, close. The plan, which will also pay for the refurbishment of Kensington police station, will save £1.25 million a year in running costs, equivalent to the cost of 27 officers, and provide £55 million in one-off capital receipts.

Similar schemes, which will lead to the closure of more than 250 Met buildings, will generate enough savings to pay for the employment of 1,100 officers a year and help fund the modernisation of remaining buildings. Mr Mackey said each borough would retain at least one police station open 24 hours a day. He said many of the buildings that will be shut currently had no public access - and that many of those which did had a low number of people attending.

(28th September 2017)

(The Telegraph, dated 23rd August 2017 author Jow Whitwell)

Full article [Option 1]:

The deluge of cyber-attack stories in the news is becoming commonplace. Recorded cyber crime cost the UK economy £10.9bn in 2015/16; and unreported crime could cost magnitudes more. For small businesses alone, the average cost per attack is around £3,000.

Fortunately, the level of attention criminals are paying to cyber crime is more than matched by those fighting against them. But for SMEs with limited budgets, securing themselves can be a tricky job.

"When it comes to cyber security, a little can go a long way"

The risks remain the same of course: DDoS attacks, ransomware, phishing scams or data dumping can lead to a loss of trust or even fines for data breaches - both of which can close companies for good.

With resources strained, the onus is on small-business leaders to invest shrewdly in technology and staff training, alongside their other responsibilities. But when it comes to cyber security, a little can go a long way.

Define your needs

Using a checklist such as the Government's cyber-essentials questionnaire can help to calibrate your thoughts. It will also highlight ways in which you may have undermined your own security without thinking.

Taking a look around you is essential, too: talk to similar companies and study the way they are being affected. Then take steps to mitigate.

Don't overthink

You are not a hacker; you are not a computer expert; you are a just a regular human. But, there are still simple steps you can take that can make a huge difference ­- as Nik Whitfield, chief executive of cyber-security company Panaseer, explains. "Activate firewalls on computers and access points to the internet," he says.

"Maintain good passwords; activate two-factor authentication for hosted software services; remove unused user accounts; and ensure only administrators have full administrative access to computers."

And importantly: "Run a reputable anti-virus product and ensure it automatically updates on a daily basis."

Update regularly

For the next 24 hours, take note of the update messages you get on your digital devices; your operating systems may be out of date.

"Using yesterday's technology is a great big welcome mat, laid out to invite attackers"Dr Mike Lloyd, CTO, RedSeal

As Dr Mike Lloyd, chief technology officer at cyber-security analytics platform RedSeal, puts it: "Operating systems are more like milk than cheese - they get worse rapidly with age, not better.

"The WannaCry attack is a perfect example of the dangers of an out-of-date operating system. Using yesterday's technology isn't just inefficient; it's a great big welcome mat, laid out to invite attackers."

So, the key message is to update - and soon.

Judge a business by the technology it keeps

In the same way you wouldn't let unscrupulous types enter your house, you need a certain degree of diligence around the technology you allow into your business. Introducing compromised technology to your broader system carries risk.

Consider the next person who wants to charge their phone on-site; they may want to charge that phone from their office laptop, which, because it is connected to the rest of your system, could become a problem. You could consider providing staff with mobiles and computers as standard.

Short of that, every business should build a culture of security awareness. Take the load off management and instil a sense of responsibility in your staff around passwords, software updates and navigating the internet with a degree of scrutiny.

There can be no such thing as security perfection; the landscape changes daily. But with the right technology, the right habits and the right mindset, you can defend against the worst.

(28th September 2017)

(The Telegraph, dated 23rd August 2017 author Martin Evans)

Full article [Option 1]:

Police chiefs should be allowed to fire officers whose IT skills are not up to scratch, a new report has suggested.

The think tank, Reform, said being able to get rid of staff who were not computer literate, would mean forces would be in better shape to tackle surging levels of cybercrime.

But serving officers have slammed the suggestions, insisting that the police are already well versed at using technology to fight crime of all descriptions.

According to the report, restrictions preventing serving officers from being made redundant, means Chief Constables are currently "hamstrung" when it comes to tailoring their forces to meet the changing face of crime.

The report said: "Senior managers, officers and staff argued that the ability to fire officers without the necessary skills would allow chiefs to get the skill base to meet digital demand and shift culture."

In 2012 a major review of police pay and conditions recommended the introduction of a system of compulsory severance.

But the proposal was not taken forward, meaning officers kept the right to a job for life.

The new study from Reform, published today, (Wed) has called for the issue to be revisited.

Alexander Hitchcock, co-author of the report, said: "Chiefs should have the ability to make officers redundant if officers' roles have changed because of digital crime, and officers have not been able to develop the IT skills to fill these roles.

"But this will be a small minority of officers. We are arguing that forces should give officers every chance to develop IT skills through apps and university partnerships, as well as have the equipment to help them meet digital demand."

He added: "As people live more of their lives online, they need confidence that the police will help them do this securely.

"Bobbies urgently need the technology, skills and confidence to patrol an online beat."

Studies suggest that almost half of all crime is now either dependent on or enabled by technology, with people now 20 times more likely to fall victim to fraud than robbery.

The report also called for the recruitment of 12,000 IT volunteers to help in the fight against cybercrime, and said the government should invest an extra £450 million in police technology.

But the suggestions were not welcomed by rank and file officers.

Simon Kempton, lead on Digital Policing and Cybercrime, for the Police Federation, said: "It is entirely wrong to suggest that the police service has failed to change; indeed no part of either the public or private sector has gone through as much change as policing over the last decade.

"This report shows a lack of understanding of the regulations governing policing which already allow for the dismissal of underperforming officers through clearly defined processes.

"Policing requires a broad base of expertise and to simply dismiss officers who are less conversant with the digital world (rather than giving them proper training) is to treat with absolute contempt those who are prepared to sacrifice everything for the public they serve."

Four common cyber crimes

1 - Phishing - The aim is to trick people into handing over their card details or access to protected systems. Emails are sent out that contain either links or attachments that either take you to a website that looks like your bank's, or installs malware on your system.

A report by Verizon into data breach investigations has shown that 23% of people open phishing emails.

2 - Identity theft - According to fraud protection agency Cifas, the number of victims rose by 31 per cent to 32,058 in the first three months of 2015. Criminals use online 'fraud forums' to buy and sell credit cards, email addresses and passports.

3 - Hacking - In a Verizon study of security breaches there were 285 million data exposures, which works out to about 9 records exposed every second. 26% of these attacks were executed internally within organisations.

It is estimated that 90% of all data records that were used in a crime was a result of hackers employed by organised crime.

4 - Online harrassment - Over half of adolescents and teens have been bullied online, while 73% of adult users have seen someone harassed in some way online and 40% have experienced it.

(28th September 2017)

(The Register, dated 23rd August 2017 author Rebecca Hill)

Full article [Option 1]:

There were almost 90,000 cases of identify fraud recorded in the first six months of 2017 - 5 per cent higher than the first half of last year, according to data released today.

Fraud prevention firm Cifas, which released the figures, said identity fraud was rising at record levels and now accounts for more than half of all fraud reported by its members.

"We have seen identity fraud attempts increase year on year, now reaching epidemic levels, with identities being stolen at a rate of almost 500 a day," Cifas chief exec Simon Dukes said.

These frauds are "taking place almost exclusively online", he said, with online crime comprising 83 per cent of the total in the most recent figures.

There has also been a shift in the types of product targeted by identity fraudsters this year.

Although plastic cards and bank accounts remain the most common products - with 29,852 and 24,759 reported cases, respectively - these figures represent declines of 12 and 14 per cent.

Meanwhile, there has been a 61 per cent increase in telecoms-related fraud, rising to 9,097, and a 56 per cent increase in online retail, rising to 5,097.

The figures also give an indication of the ages of the fraud victims, although not all cases recorded a date of birth, and some frauds involve an entirely fake identity.

The overall profile of fraud by age group remained the same as in the first half of 2016, with most of the cases in the 31-40 and 41-50 brackets (24 per cent and 23 per cent, respectively).

However, under-21s saw a big increase in identity fraud this year, jumping 50 per cent, from 684 to 1,023 cases in the first half of 2017, compared with 2016.

Glenn Maleary, head of the economic crime division at the City of London police, said the increase in online fraud was "no surprise", adding that increased use of social media allows criminals easier access to a wealth of personal information.

Dukes echoed this statement, noting that the "vast amounts" of data held online - and exposed to breaches - is "only making it easier for the fraudster".

Dukes added: "For smaller and medium-sized businesses in particular, they must focus on educating staff on good cybersecurity behaviours and raise awareness of the social-engineering techniques employed by fraudsters. Relying solely on new fraud prevention technology is not enough."

CIFAS article :

(28th September 2017)

(The Guardian, dated 22nd August 2017 author Moya Sarner)

Full articles and Photographs [Option 1]:

The tricky thing is knowing if you have been bitten by a tick. They are hard to find and can be very small when they first attach because they're not full of blood," says Professor James Logan, head of the department of disease control at the London School of Hygiene and Tropical Medicine. There are three sizes of tick, and they all feed on blood: the larvae are tiny, the nymphs are about the size of a poppy seed and are most likely to transmit Lyme disease, while the adults reach the size of a pea when they are full of blood. "If you are out somewhere where there are likely to be ticks - particularly moorland, but anywhere where there are deer - you need to be checking yourself and your kids every hour or so, and especially when you get home. Even Richmond Park in London has ticks with Lyme disease," he advises. Organisations such as Lyme Disease Action and Public Health England have information on where there is a known prevalence of Lyme disease, such as Dartmoor, Exmoor, the Scottish Highlands and some national parks, but, warns Logan: "Technically it could happen anywhere."

Once you find a tick, the key is to remove it as quickly as possible. Use specially made very fine tweezers - "Not the kind you pluck your eyebrows with, those are too big," says Logan - or you can buy claw-shaped tick-removal tools in pharmacies, outdoor pursuit shops and online. If using tweezers, pull the tick directly upwards - do not twist it - and grab it as close to the skin as possible, to ensure you remove the head and mouth. "When the tick bites you, it injects saliva and a kind of cement into your skin, which means it clings on very tightly - if you pull the body, the head will snap off, stay in the skin and you could become infected," warns Logan. If you use the claw-shaped tool, twisting helps to remove the tick. "I carry a tick-removal tool whenever I go on a walk in the countryside," he says.

The next step is to keep an eye on the bite. "In the majority of people, it will disappear, and there will be no consequences," says Logan. But half of those who do get Lyme disease go on to develop what's known as erythema migrans, a bull's eye-shaped rash that looks like a red spot surrounded by normal skin, then a red circle that starts to expand. "If you have that after a tick bite, you probably have Lyme disease," he says - but if you don't see the mark, it doesn't mean you don't have Lyme. It could take a few days, weeks or months to show, and you might also develop flu-like symptoms: feeling tired with achy joints. "If any of those things occur after the bite, then it's worth going to see your GP. The key is to tell them about the tick and where you've been, so they can make their assessment as to whether it's likely to be Lyme disease," says Logan. If it is, they'll prescribe a course of antibiotics, which should clear up the infection. "The consensus is it's not a good idea to take antibiotics 'just in case' - there has to be some evidence that you're ill or have a very high chance of having contracted Lyme disease," he explains.

Some people with Lyme disease describe getting short shrift from their GP, so what should you do if you don't feel you've been taken seriously? Logan says: "Some GPs are very well informed - such as in the Scottish Highlands, where they regularly see people with tick bites - whereas a GP in a city centre is much less likely to see people with tick bites or Lyme disease very often." If you want a second opinion, you can ask to be referred to another GP, and go to the Hospital for Tropical Diseases, where there are specialists. "What I don't recommend is going online and finding a lab that offers to test for Lyme disease - you have no idea if that lab is accredited, and it could give you a fake result." Lyme Disease Action also offers advice, and the website has information about how to protect yourself from ticks.

(28th September 2017)

(The Telegraph, dated 20th August 2017 author Ben Riley-Smith)

Full article [Option 1]:

Cold callers who con elderly Britons out of their private pensions will be fined up to £500,000, ministers have announced as they unveiled an outright ban on the practice.

Fraudsters will also be barred from contacting prospective customers by emails or texts as the Government vows to better protect "vulnerable" pensioners.

The crackdown is designed to end the 250 million cold calls made every year aimed at convincing people to move their pensions savings into fake trusts.

The scams often involve encouraging people to invest in foreign property or wine collections with the lure of higher yearly returns - only for the money to be stolen once transferred.

The crackdown comes after the Telegraph repeatedly exposed the scale of cold calling in Britain and the impact it can have on families and businesses.

Speaking to this newspaper, Guy Opperman, the pensions minister, said the suffering of those caught up in the scams had convinced the Government to act.

"For some people, their private pension is their biggest asset. The loss of that asset is a catastrophic situation," Mr Opperman said.

"The Government believes these changes will provide proper protection for hard-working pensioners who have saved all their lives and want to know we are standing up and protecting them.

"We want to ensure there is no exploitation of the vulnerable or the elderly, because there is some evidence this has happened in the past. We want it to stop."

An estimated eight cold calls are made every second in Britain targeting private pensions - the equivalent of 250 million calls a year.

New figures show people have been conned out of £43 million by pension scammers in the last three years, with the average victim losing £15,000.

Repeated Tory governments have vowed to tackle the problem and hopes were raised of an outright ban when a consultation was announced last year.

There were fears the policy has been ditched when it was not mentioned in the recent Queen's Speech, which lays out what laws the Government wants to bring forward.

However ministers today announce two major changes. The first is an official ban on cold calls targeting private pensions, including text messages and emails.

It will be enforced by the Information Commissioner's Office, with fines of up to £500,000 for those caught breaking the rules.

Businesses will only be exempt from the ban if the individual concerned has expressly requested information or has an existing relationship with the company.

The second change will stop people from transferring their private pensions pots into so-called "dormant" companies, which are not actually investing any money.

Stephen Barclay, the Economic Secretary to the Treasury, said: "It's utterly unacceptable that people who have worked all their lives to build up a pensionpot should be subject to scams which may leave them out of pocket.

"Pensions are often the most valuable asset a person has upon reaching retirement - and that's why we are determined to crack down on scammers and protect our hardworking savers."

This newspaper has repeatedly reported on the blight of cold calling in Britain today, especially revealing those people behind the companies that making vast profits from the enterprise.

Much of the problem is fuelled by technology that can help fraudsters carry out vast numbers of calls automatically, using recorded messages instead of genuine human interaction.

Legislation will be needed to make the changes, with Government sources indicating that it is unlikely they will get on the statute book before Christmas.

Instead it is hoped the ban can come into law in early 2018, once key pieces of Brexit legislation have been passed or made sufficient progress in Parliament.

(28th September 2017)

(The Times, dated 20th August 2017 author Mark Hookham and Caroline Wheeler)

Full article [Option 1] :

Van hire companies could be forced to share their customers' details with the government so they can be checked against databases of terrorist suspects, it emerged this weekend.

Anti-terror police and government officials have met the vehicle rental firms to discuss how to share data that could indicate people who were trying to hire vehicles to carry out attacks.

The use of a van to mow down pedestrians in Las Ramblas in Barcelona last week is the latest example of an increasingly common tactic.

In June attackers used a Hertz rental van to attack people walking over London Bridge, while just over two weeks later a rented van was driven into a group of people outside a mosque in Finsbury Park, north London.

Toby Poston, director of communications at the BVRLA, the trade body for vehicle rental businesses, said the organisation had met polic and government representatives about sharing information. "They [rental firms] are not going to get a copy of the counter terrorism watchlist, but if we can have some way of cross-referencing reservations systems .... then it gives us a bit more forward warning and the ability for the police to analyse that and use their intelligence to monitor people," he added. Officials are believed to be looking at how firms can share credit card and customer identification information without breaching data protection laws and whether new legislation is needed.

More than 4.6 van rentals take place each year.

Ben Wallace, the security minister, appealed yesterday for car hire rental staff to "think twice, look twice at those driving licences" and to call the government's anti-terrorist hotline if they have suspicions.

(28th September 2017)


(The Telegraph, dated 20th August 2017 author Francesca Marshall)

Full article [Option 1]:

Thousands of people may have been put at risk of contracting Hepatitis E from pork products sold at a leading supermarket.

The virus, which can cause liver cirrhosis and neurological damage, could have infected up to 200,000 people in the UK each year from 2014 to 2014, according to a Public Health England (PHE) report.

By tracing the habits of those infected, the study concluded that only "Supermarket X" was significantly associated with Hepatitis E (HEV), in particular own brand sausages. Only pork products from Europe, mainly Holland and Germany, and not the UK carry the strain.

Both PHE and the Food Standards Agency (FSA) have declined to name the supermarket in question.

A spokesman from PHE said: "We clearly state in the paper that the association with the supermarket does not infer any blame.

"If it was thought there was an immediate public health threat or available preventative measures, we would have taken action."

However, sources told the Sunday Times that the supermarket involved was Tesco. When questioned by The Daily Telegraph, the supermarket giant said it would not be able to comment on the allegations specifically.

A spokeswoman for the retailer added: "We work very closely with the FSA and PHE to make sure customers can be confident in the safety and quality of the food they buy.

"This particular research was carried out six years ago on a small number of people, and although it provided no direct link between specific products and hepatitis E we always take care to review research findings such as this.

"Food quality is really important to us and we have in place an expert team to ensure the highest possible standards at every stage of our supply chain, as well as providing clear information to customers on how to handle and cook pork in the home to minimise the risk of hepatitis E."

The FSA said that they were aware of the findings and "reviewing all aspects of hepatitis E" with other government departments and industry.

(28th September 2017)

(The Times, dated 20th August 2017 author James Gillespie) [Option 1]

A new team of undercover police officers will seek to track and trap paedophiles grooming children online in a £20m initiative which is also aimed at curbing the activities of vigilantes.

A 12 month pilot scheme in Norfolk led to 43 arrests and will now be launched across the country.

Senior officers have made it clear that they do not appreciate vigilantes who go online and pretend to be children before arranging to meet and then "arrest" suspected paedophiles.

Dark Justice, a prominent vigilante group, said the police move would not deter them. "The government have had the time to tackle this epidemic for a long time but simply haven't," a spokesman said.

"It has been proven that no more than 30 officers are on line at any one time tackling this problem throughout the whole country, so the public have started chipping in where they can and we are highly passionate about what we are doing to tackle this problem head-on.

" Due to the government cuts the police have become reactive not proactive like ourselves. The only way to tackle this problem is by doing it head-on and not beating around the bush".

Simon Bailey, the Norfolk chief constable and National Police Chiefs Council lead for child protection, said: "This increase in our undercover capability will send a clear message to so-called paedophile hunters: if you have information about child abuse, tell the police. Don't try to take it into your own hands, you could undermine police investigations creating more risk for the children we all want to protect.

"They [paedophile hunters] are taking risks they don't understand and can undermine police investigations.

"There is also the risk of wrongly accusing someone; if someone is wrongly accused of being a paedophile in a hugely public way that makes people who live with them, live near them or work with them assume they have committed the offence.

"The temptation to kill themselves may be just as great even if they are innocent; that is an appalling consequence to contemplate.

"Revealing the identity of suspected paedophiles gives the suspect the opportunity to destroy evidence before the police can investigate them .... and thse people have no way of safeguarding child victims."

A trial in Cardiff collapsed this month when a judge ruled that the evidence given by self-appointed paedophile hunter David Poole, 38, was "at best inaccurate and at worst a lie".

Bailey said the police were arresting more than 400 suspected offenders and safeguarding over 500 children each month.

(28th September 2017)

(The Guardian, dated 18th August 2017 author Sarah Marsh)

Full article [Option 1]:

The number of calls to the modern slavery hotline has doubled in a week after the National Crime Agency's report on the "shocking" scale of the problem.

The helpline, for people to report suspicions of modern slavery, received 150 calls in seven days this week, up from a weekly average of 75.

The surge came after the agency said modern slavery and human trafficking were far more prevalent than law enforcement had previously thought.

In a recent crackdown, the NCA said it had lifted the lid on the "shocking" scale of the crime, with potentially tens of thousands of victims in the UK.

Justine Currell, executive director of Unseen, an anti-slavery and anti-trafficking charity, said the warning had prompted a sharp rise in calls to them.

People were reporting workers at car washes, in construction and nail bars, she said. These workers often received low pay and endured poor living conditions. "[The calls] are still coming in thick and fast, we refer them to the police whenever we can," Currell said.

"Some say they got their car washed in the village and the people doing it looked worn down but they will not tell you where it is … we cannot do anything with that information but we leave it on file and if they contact again then we can add to what we know,.

"Quite often there will be no indicator, someone might just have a bit of a feeling, but we cannot refer 'a feeling' on to the police. Normally we have to work with the person calling and identify if the concerning factors indicate modern slavery."

Caroline Young, deputy director for vulnerabilities at the NCA, said the agency was pleased with the response.

She said: "We launched the campaign because we think the public have an awful lot to offer in terms of assisting us and being able to spot … something peculiar and different going on."

Unseen said since it started operating its helpline last October there had been a steady rise in calls, from 40 a week to about 70-75.

Aidan McQuade, director of Anti-Slavery International, said the growing call numbers suggested the NCA work was helping to raise awareness, which was a "positive step forward".

However, he noted that a key concern was whether there was "appropriate capacity in policing to deal with required level of investigation needed to get a grip in this issue in the country".

McQuade said: "It's important to understand that [this problem] does not emerge in a vacuum - it's not just evil people enslaving vulnerable people it's unscrupulous people taking advantage of gaps in the law and policy or implementation of the law and policy.

"So we do tend to see slavery occurring in uninspected places ... places that are not being inspected by the police and by labour inspectors … places where there are un-unionised work forces."

Young said: "[The police] have got lots of things to deal with … it's part of everyday working life, juggling those priorities but looking after those who report modern slavery is part of their core responsibilities."

Currell said tackling modern slavery was a postcode lottery: "The police are mainly doing their best and there are pockets of good practice as with anything … it can be a postcode lottery but … they are trying to deal with it in way that recognises how complex and hidden it is.

"If you look at places like Greater Manchester police or West Yorkshire and the Met, they have all got trafficking teams and have the resources … they have a single point of contact and have the capability to do that rather than provincial forces who will struggle and not have a bespoke team focused on that particular crime area."

(28th September 2017)


(The Telegraph, dated 16th August 2017 author Telegraph Reporters)

Full Article [Option 1]:

The number of bobbies on the beat has plummeted, according to the public, as statistics showed the number of people who believe police are "highly visible" in their community has fallen by almost half.

Just one in five (22 per cent) people said they feel officers are highly visible, according to the latest Crime Survey for England and Wales, which looks at the period from April last year to March this year.

This compared with 39 per cent in April 2010 to March 2011, while the percentage of the public who said they "never" see police foot patrols has risen by more than half, from 25 per cent to 39 per cent.

It follows a survey last year, which found that one in three people in England and Wales has not seen a bobby on the beat in their local area in the past year.

The poll carried out for police watchdog HM Inspector of Constabulary (HMIC) found 36 per cent of people had not seen a police officer or PCSO on foot in their areas in the past year - while just under a quarter (23 per cent ) had seen uniformed personnel "once or twice".

The watchdog warned of the "erosion" of neighbourhood policing as police forces are forced to make further financial cuts.

Labour's Shadow Policing Minister Louise Haigh said: "Bobbies on the beat don't just reassure the public they collect vital community intelligence and help to keep us safe. Savage cuts mean this tried and tested bedrock of British policing is being chipped away as police withdraw from neighbourhood policing altogether.

"Police visibility has rarely been lower and the blame lies squarely at the Government's door.

"The Tories shamefully accused the police of crying wolf over police cuts, but now the public are seeing the brutal reality; crime rising and fewer officers on hand to keep them safe."

(28th September 2017)

(International Business Times, dated 16th August 2017 author James Tennent)

Full article [Option 1]:

A new study from pet insuarnce providers Direct Line has shown a marked rise in the number of cats being stolen around the UK - one figure suggesting the increase has been as high as 40% in the last three years.

The data also shows another shocking statistic for pet lovers around the country. According to data from UK police forces, only 18% of the stolen cats are ever recovered.

In 2016, the research said that 261 cats were stolen around the UK - an increase on 2014 when just 181 cats were thought stolen. Other research highlighted by the company said that the number of cat thefts could in fact be higher, with as many as 360,000 adults believing that a cat in their care was stolen during the past year.

As some pedigree kittens can fetch a large price, the breed of cat seems to matter when analysing cat theft data - though whether there's enough of it is another question. Many police forces do not record the breed of cat involved in thefts though many more do record dog breed.

From the data available, Bengal cats seem to be the most sought after. Bengals are larger than normal domestic cats and have leopard-like markings from being bred to resemble big cats in wild.

Where you live could matter too, with most of the recorded thefts occurring in London, followed by Kent.

Prit Powar, Head of Pet Insurance at Direct Line, said: "If an owner believes their cat is missing, they should first check the immediate vicinity such as in neighbouring gardens or garages as well as asking local people if they have seen it."

Failing that, owners should contact a local animal warden, Powar said, and make sure to keep animals microchipped with the information up to date.

(28th September 2017)

(London Evening Standard, dated 16th August 2017 author Martin Bentham)

Full article [Option 1]:

The Serious Fraud Office earned taxpayers more than £1 million for each of its employees last year after a record run of success, figures have revealed.

The statistics show that £516.8 million was paid into Treasury coffers by the SFO during the 12 months up to the end of the financial year in early April.

That equates to just over £1 million for each of its 500 staff. This year's revenue also equates to more than the SFO's total running costs of £473 million for the past decade and means that it has become one of the Government's most successful earners.

The figures, drawn from an analysis of data in the SFO's annual reports, will heighten the debate about the organisation's future and bolster arguments in favour of its survival. Theresa May had said in the Tory election manifesto that she wanted to abolish it as a separate organisation and hand its functions to the National Crime Agency.

However, senior Conservative MPs, including the former attorney general Dominic Grieve and the chairman of the Commons Justice Select Committee, Bob Neill, have voiced opposition. There was no mention of the idea in the Queen's Speech this summer.

Most of the money earned by the SFO during the past financial year came in a "deferred prosecution agreement" struck with Rolls-Royce in January. The deal, under which Rolls-Royce agreed to pay £497.25 million, followed a four-year investigation into corruption and bribery involving the company in Indonesia, Thailand, India, Russia, Nigeria, China and Malaysia over 30 years.

The earnings last year compare favourably with the £54.6 million cost of running the SFO for the 12-month period. The £516.8 million total also outstrips the £473.2 million operating bill for the organisation over the past 10 years.

In its annual report, the SFO said it had "remained sharply focused on reducing the harm caused by high-level economic crime and preserving the reputation of the UK as a safe place to do business... we remain uniquely well-placed to investigate and prosecute the top-tier of serious and complex economic crime and our operating model underpins our success".

This year's figure of £516.8 million does not include money recovered by the SFO from confiscation orders imposed upon convicted fraudsters.

Nor does it include the £129 million fine paid by Tesco under the terms of another deferred prosecution agreement agreed in April over allegations of false accounting by the retailer. That income will be included in next year's SFO accounts.

(28th September 2017)

(The Times, dated 15th August 2017 author Ben Webster) [Option 1]

The number of people killed by dog bites has almost tripled since the introduction of the Dangerous Dogs Act in 1991, prompting campaigners to call for a change in the law to target behaviour rather than breed.

In the ten years before the act, 11 people were killed, but in the 26 years since there have been 73 deaths - an average of 2.8 a year compared with 1.1 - according to figures from Born Innocent, which wants the act reformed. It said that by focusing on banning specific breeds the act was misleading people into thinking that other dogs were safe and diverting attention from irresponsible owners of any type of dog.

The act bans four breeds : the pitbull terrier, the Tosa and the Brazilian and Argentine mastiffs.

In Calgary there are no ban on breeds but owners are fined C$250 (£150) for not having a licence and up to C$10,000 if their dog attacks someone. The number of bites reported has halved.

Shaila Bux, of Born Innocent, said: " if we go by statistics then current legislation has failed in every area that it was set to tackle. We are at a crossroads with the Dangerous Dog Act in its current format : politicians must be brave enough to admit that the act has failed and implement laws that will reduce dog bites whilst not punishing dogs based on how they look. The law should target irresponsible owners and their dog's behaviour.

She said that figures showed that more people died from bee or wasp stings or being attacked by cows and pigs. There were ten deaths from dog bites in the three years from 2013 to 2015, compared with 14 from stinging insects and 27 by pigs, cows and other mammals.

The RSPCA has also called for the act to be reformed and last year published NHS data showing that hospital admissions after dog bites had risen by 76 percent in a decade in England, from 4,110 in 2004-05 to 7,227 in 2014-15.

Samantha Gaines, the RSPCA's do welfare expert, said" Other countries have moved away from a breed specific approach and have achieved a reduction in dog bites through education and fostering responsible dog ownership."

The Department for Environment and Rural Affairs said: " Prohibiting certain types of crucial to help deal with the heightened risk they pose. However, any dog can become dangerous if it is kept by irresponsible owners in the wrong environment, which is why the act covers any type of dog that is dangerously out of control."

(28th September 2017)

(London Evening Standard, dated 15th August 2017 author Justin Davenport)

Full article [Option 1]:

Police in the City of London are unable to share footage from body cameras directly with prosecutors because of differences in computer software systems, it was revealed today.

Instead, police have to transfer footage onto DVDs which are then hand-delivered to the Crown Prosecution Service.

The City of London force is one of several across the UK which cannot download video to the CPS, it has emerged. Only the Met is able to share footage digitally with prosecutors, with officers now routinely submitting more than 3,000 clips a month.

The 700-strong City force, which patrols the Square Mile, is rolling out body-worn cameras to all its front-line officers and launched a trial of the system early last year.

Researchers from the London Metropolitan University were employed to examine the effectiveness of the cameras and look at officers' attitudes to the new technology.

The study, released today, found that a big majority, 83 per cent of 149 officers questioned, welcomed the introduction of cameras but several highlighted frustration that they could not share footage with the CPS.

One officer remarked: "The only thing we weren't taught, which still hasn't gone live yet, is how we send data to CPS."

The report by two criminologists headed by Dr James Morgan from the London Met said the failure to synchronise the systems inhibited "successful policing outcomes".

Researchers found that the cameras had not led to more efficient justice in the City, with figures showing only a slight increase in the number of guilty pleas submitted following their introduction.

The study suggested that because technology was not available to send footage to the CPS, the evidence was not routinely available in court. A City police spokesman said: "This is a national issue which affects a number of forces and is currently being addressed, and a system is currently being developed to allow the direct transfer of footage."

Digital policing chief constable Andy Marsh said forces were working on ways to share footage wirelessly.

In other findings the London Met university study recorded that the number of complaints from the public about incivility or oppressive conduct halved during the trial period, though the numbers were small - down from 11 and 10 in 2014 and 2015 to five during the trial period in 2016. All but one of those five complaints were dismissed.

Some officers said having a camera had a calming effect on confrontational situations and backed up their evidence, debunking malicious complaints.

Some said the cameras were also useful in prosecuting minor crimes such as motorists or cyclists breaking red lights when in the past it was often one person's word against another's.

One officer said: "We have all had trouble in proving that someone is drunk, violent, or abusive.

"That is usually what we deal with on Friday, Saturday, Thursday, Wednesday nights even ... with the body camera it will be good to have the footage to back up what I'm saying."

Dr Morgan said: "There have been assumptions about cop culture which see the police as resistant to change but we found a group of officers who very much wanted to have their side of the story told."

(28th September 2017)

(The Times, dated 15th August 2017 author Fiona Hamilton) [Option 1]

Police forces have spent nearly £23 million on body cameras even though trials have raised questions about their effectiveness and suggested that they do little to reduce crime, according to a report published today.

Big Brother Watch, the civil liberties and privacy organisation, found that 32 of the 45 police forces in the UK had adopted body cameras but that forces were unable to say how often the footage had been used in the courts. Nearly 48,000 cameras have been purchased for use by officers, the group said.

Yesterday the Metropolitan Police announced that armed officers would wear head-mounted cameras for the first time to increase transparency.

Senior police across the country have justified the increasingly widespread use of the technology on the grounds that it helps relations with the public, reduces assaults on officers and improves prosecution rates because the footage provides better evidence.

However, Big Brother Watch found a series of studies cast doubts on what impact the technology had on crime.

An evaluation by North Wales police said it had seen "no increase in detection rates" and that " the current effect of (body worn video) on complaint volumes appears to be very marginal."

A report for Durham Constabulary said it was "unlikely any impact could actually be attributed to body cameras" in regard to a reduction in crime figure.

A Metropolitan Police trial, covering the use of 500 cameras by 814 officers found no overall impact on the number of stop and searches carried out, no effect on the proportion of arrests for violent crime and no evidence
that the cameras had changed the way officers dealt with either victims or suspects.

The three largest forces in the country - the Met, Greater Manchester police and West Midlands police - use cameras that do not feature a front facing screen to make it clear to a citizen that they are being filmed. All cameras show a blinking light when recording.

Using freedom of information requests, Big Brother Watch found that 71 percent of forces had adopted cameras at a total cost of £22.7 million.

Renate Samson, chief executive of the group, said: "Police trials of the technology have proven inconclusive. If the future of policing is to arm all officers with wearable surveillance, the value of the technology must be proven and not just assumed. It is not enough to tell the public they are essential policing tools if the benefits cannot be shown."

Andy Marsh, National Police Chiefs Council lead on body worn video, said: " that they were evaluating its effectiveness and benefits to forces and the public. He said: " Video captured is fully admissible and increasingly used as evidence in court. Ongoing trials and accademic research indicate that the use of body worn video can reduce complaints and help to bring about quicker fairer justice."

(28th September 2017)


(Metro, dated 14th August 2017 author Rob Waugh)

Full article [Option 1]:

If you've logged in to hotel Wi-Fi on the continent recently, you might want to change your passwords, experts have warned.

Hardcore hackers with suspected links to Russian intelligence have been targeting travellers in Europe, breaking into laptops to steal passwords.

Hotel Wi-Fi is notorious for putting users at risk - and hackers are believed to have used malware to 'sniff' passwords from users in top European hotels.

Guests in eight countries, researchers at security firm FireEye said on Friday.

The espionage group, dubbed APT 28, sought to steal password credentials from Western government and business travellers using hotel wi-fi networks, in order then to infect their organisational networks back home, FireEye said in a report.

The wave of attacks during the first week of July targeted travellers who were staying in several hotel chains in at least seven countries in Europe and one in the Middle East, it said.

Several governments and security research firms have linked APT 28 to the GRU, Russia's military intelligence directorate.

Moscow vehemently denies the accusations.

In the July attacks, FireEye found spear-phishing emails were used to trick hotel employees to download an infected hotel reservation document, which then installed GAMEFISH malware run remotely from internet sites known to be controlled by APT 28.

(28th September 2017)

(The Telegraph, dated 14th August 2017 author Telegraph reporters)

Full article [Option 1]:

Farmyards are being turned into fortresses to ward off "brazen thieves" amid a surge in crime in rural areas, figures show.

Insurance claims for rural crime have risen by more than 20 per cent in the six months to June, with insurers warning that emboldened criminals are forcing farmers to take extraordinary steps to protect their property - including the installation of tracking devices on their tractors.

Publishing its annual report on rural crime across the UK, NFU Mutual said that the surge contrasted with a £40m decline in claims last year, adding that the trend was "deeply worrying".

Commenting on the figures, Tim Price, a rural affairs specialist at the firm, said: "While the fall in rural theft in 2016 is welcome news, the sharp rise in the first half of 2017 is deeply worrying.

"Countryside criminals are becoming more brazen and farmers are now having to continually increase security and adopt new ways of protecting their equipment.

"In some parts of the country, farmers are having to turn their farmyards into fortresses to protect themselves from repeated thieves who are targeting quads, tractors and power tools."

Last year England bore the brunt of the criminal activity in rural areas, with total claims totalling just under £34m. Claims in Northern Ireland amounted to £2.5m, whilst those made in Wales came to £1.3m.

Farmers tools and specialist equipment were the most common items targeted, whilst more than £2m worth of quad bikes were stolen during the same period.

However, the costs of illegal cattle and livestock rustling continue to fall, down to £2.2m.

(28th September 2017)

(BBC News, dated 14th August 2017)

Full article :

Arrests of passengers suspected of being drunk at UK airports and on flights have risen by 50% in a year, a BBC Panorama investigation suggests.

A total of 387 people were arrested between February 2016 and February 2017 - up from 255 the previous year.

Meanwhile, more than half of cabin crew who responded to a survey said they had witnessed disruptive drunken passenger behaviour at UK airports.

The Home Office is "considering" calls for tougher rules on alcohol.

The arrest figures obtained by Panorama came from 18 out of the 20 police forces with a major airport in their area.

Trade body Airlines UK said it should be made illegal for people to drink their own alcohol on board a plane.

'Barmaids in the sky'

A total of 19,000 of the Unite union's cabin crew members were surveyed and 4,000 responded, with one in five saying they had suffered physical abuse.

A former cabin crew manager with Virgin, Ally Murphy, quit her job last October after 14 years and told Panorama: "People just see us as barmaids in the sky.

"They would touch your breasts, or they'd touch your bum or your legs. I've had hands going up my skirt before."

In July 2016 the aviation industry introduced a voluntary code of conduct on disruptive passengers, which most of the big airlines and airports signed up to.

The code's advice included asking retailers to warn passengers not to consume duty-free purchases on the plane, while staff are also asked not to sell alcohol to passengers who appear drunk.

Panorama found more than a quarter of cabin crew surveyed were unaware of the code of practice and, of those who had heard of it, only 23% thought it was working.

One anonymous crew member told Panorama: "The code of conduct isn't working… We're seeing these incidents on a daily, a weekly, a monthly basis. It's the alcohol mainly in the duty free that is the significant problem."

Alcohol in the air

- Entering an aircraft when drunk or being drunk on an aircraft is a criminal offence, with a maximum sentence of two years' imprisonment

- Licensing laws which prevent the sale of alcohol outside permitted hours do not apply to airside sales of alcohol at UK international airports. Bars can remain open to serve passengers on the earliest and latest flights - from 04:00 in some cases

- About 270m passengers passed through UK airports last year* and travellers spend an estimated £300m on alcohol at UK airports each year - around a fifth of total retail sales of £1.5bn**

- The Civil Aviation Authority reported a 600% increase in disruptive passenger incidents in the UK between 2012 and 2016 with "most involving alcohol". They say the increase is partly down to improved reporting of incidents

Sources: Airlines UK* and UK Travel Retail Forum**

Manchester Airport is one of the signatories but when Panorama's undercover reporter asked at World Duty Free whether she could open alcohol bought at a duty-free shop to consume on the plane, she was told "officially probably not, unofficially I think you'll get away with it". Another shop in the airport did give the right advice.

World Duty Free said it was committed to dealing with the issue and that it displays "clear advisory notices at till points, on till receipts and on carrier bags that remind customers that alcohol purchases cannot be opened until their final destination is reached".

Airlines UK, which represents carriers such as Virgin, British Airways and EasyJet, wants the government to amend the law to make consumption of a passenger's own alcohol on board an aircraft a criminal offence.

'There for one reason'

Airlines can limit the amount of alcohol sold to passengers on board flights.

Low-cost airline Jet2 has already banned alcohol sales on flights before 08:00 and managing director Phil Ward agreed further action was needed.

"I think they [airports] could do more. I think the retailers could do more as well.

"Two litre steins of beer in bars, mixes and miniatures in duty free shops, which can only be there for one reason - you know, they're items that are not sold on the high street.

"We can't allow it not to change."

A House of Lords committee report earlier this year called for tougher rules on the sale of alcohol at airports.

Committee chair Baroness McIntosh of Pickering said: "We didn't hear one shred of evidence to show the voluntary code was either working now or had any possible vestige of success in working any time soon."

The Home Office said it was considering the report's recommendations, which include revoking the airports' exemption from the Licensing Act, "and will respond in due course".

Karen Dee, chief executive of the Airport Operators Association, said: "I don't accept that the airports don't sell alcohol responsibly. The sale of alcohol per se is not a problem. It's the misuse of it and drinking to excess and then behaving badly."

She said they were working with retailers and staff to make sure they understand the rules.

(28th September 2017)

(BBC News, dated 14th August 2017)

Full article :

Armed officers are to be issued with head-mounted cameras in a effort to provide "greater transparency" in police shootings, the Met Police says.

The Met - the UK's largest police force - said officers in its armed response units will have cameras fitted to baseball caps and ballistic helmets.

It will give "a documented and accurate account" of situations, the Met added.

Armed officers had trialled body-mounted cameras, but in 2015 they were criticised as "unfit-for-purpose".

Their introduction followed criticisms of the Met over the death of Mark Duggan, who was shot by armed officers in August 2011, sparking riots across England.

However, the force said it was still examining how cameras could be used in such undercover operations.

'World's largest rollout'

The new cameras will be worn by officers who carry an "overt" firearm.

The police watchdog, the Independent Police Complaints Commission (IPCC), said during the trial the positioning of the cameras on officers' bodies had obscured and impacted on the the quality of some footage.

The Met says it has decided that because of the way armed police operate, head cameras are a better option.

The firearms command will receive around 1,000 cameras, the force added, saying it was part of "the largest rollout of body worn cameras by police in the world".

'Greater transparency'

Commander Matt Twist said armed officers "very much welcome" the cameras.

"It provides a documented and accurate account of the threats officers face and the split second decisions they make," he said.

"The cameras also offer greater transparency for those in front of the camera as well as those behind it."

Body-mounted cameras have already been issued to frontline officers in 30 of the 32 London boroughs, as well as to officers from the roads and transport units, the territorial support group and the dog unit.

The deployment of 22,000 cameras, which do not permanently record, is anticipated to be complete by the end of October, the force added.

The Mayor of London, Sadiq Khan, said cameras were "a huge step forward in bringing our capital's police force into the 21st century and building trust and confidence in the city's policing".

(28th September 2017)

(BBC News, dated 11th August 2017 author Brian Milligan)

Full article :

Two centuries ago, when Victorian engineers were designing the latest in transport technology, Japanese knotweed sounded like a very clever idea.

A plant that typically colonised volcanoes in Japan was imported to Britain to help hide, or possibly even stabilise, railway embankments.

Since then its spread has caused much unhappiness amongst home-owners and prospective house purchasers.

It can crack tarmac, block drains, undermine foundations and invade homes. Its presence can be enough to cut a property's value by up to 20%, or prevent a mortgage lender approving a loan.

But just as new technology created the problem originally, new technology may help to solve it.

How close is it to me?

Five years ago, the Environment Agency commissioned a new app to track Japanese knotweed, using the crowd-sourcing principle.

More than 20,000 people have now downloaded it, and their data has pin-pointed over 6,000 knotweed locations.

Note : The App is also available on Apple itunes and Google Play (see full article for links)

"If we can get more people taking an interest and submitting records, so much the better," says Dave Kilbey, director of Natural Apptitude, which designed and launched the app.

"Hopefully it will mean people will become a bit more aware of the problems, and what to look for."

So far the results show a particular concentration of knotweed in South Wales, the Midlands, London, Scotland's central belt and Cornwall - where the plant was also introduced by Victorians into ornamental gardens.

Those looking for a property can use the app to find out if knotweed has been found nearby - but the fact it is not on the map does not mean it is not present; it is simply that no one has reported it.

How to recognise Japanese knotweed

- Dense thickets of green, purple-speckled, bamboo-like stems up to three metres tall

- Heart or shield-shaped leaves

- Alternate leafing pattern along stems

- Completely hollow stems that can be snapped easily

- Tiny creamy white flowers August to October

Rivers and canals

The data provided by the PlantTracker app is also added to the National Biodiversity Network (NBN) atlas, which aims to track the whereabouts of all the UK's plants and animals, from bee orchids to goshawks.

Even though it has only been available to the public since April, and is not yet fully functional, the atlas has further information about Japanese knotweed locations.

The map shows more than 43,000 historical records for the plant, going back to 1900.

But Purba Choudhury, communications officer for the NBN, says that if there are no records in your area, that doesn't guarantee its absence.

"Conversely, the record you are seeing might be an old record, and the Japanese knotweed might have been removed since the record was uploaded," she says.

What if I find knotweed?

Trying to destroy Japanese knotweed by yourself is virtually impossible.

That is because the roots, or rhizomes, spread rapidly underground, and can regenerate from tiny amounts of material. In fact it can grow at the rate of 10cm a day during the summer.

"Digging it out of the ground can just spread it terribly," warns Stephen Hodgson, the chief executive of the Property Care Association (PCA).

"If you've got it in your garden, either leave it alone, or treat it properly."

The advice is as follows:

- Do not try to dig it up: Tiny root fragments can regenerate into another plant

- If you cut down the branches, dispose of them on-site. Compost separately, preferably on plastic sheets

- Do not take it to your local council dump. It needs specialist waste management

- Do not dispose of it in the countryside. This is against the law

- Do not spread the soil. Earth within seven horizontal metres of a plant can be contaminated

- Take advice from the Invasive Non-Native Specialists Association (INNSA) or the Property Care Association (PCA) on local removal contractors. Many treatments don't work.

In an experiment being conducted in South Wales, thousands of plant lice were released last summer, in the hopes that they would help destroy some of the knotweed along river banks.

But otherwise the accepted best-practice treatment is for professionals to inject the plant with industrial-strength weed killer glyphosate.

David Layland, the joint managing director of Japanese Knotweed Control, based in Stockport, says it is the only thing that works.

"Once we inject into it, it transfers into the root system pretty quickly, and then it binds with the roots. Over time, it rots away into the subsoil."

But professional treatment is costly, starting at about £2,500, and going upwards to £30,000 for a major infestation.

Court case

Just as big a worry for many home-owners is the discovery that your neighbour has Japanese knotweed on his or her property, and refuses to do anything about it.

But under the 2014 Anti-Social Behaviour, Crime and Policing Act, local councils or police forces can now issue a Community Protection Notice (CPN), forcing neighbours to take action, and fining them if they don't.

"I think when they are enforced - and they are starting to be enforced - CPNs are very effective," says Stephen Hodgson. "But they are, and should be, a measure of last resort."

In the meantime judges at the Court of Appeal are gearing up to provide an important precedent on who should pay if a landowner allows knotweed to encroach on somebody else's property.

Next year they will rule on the case of Williams v Network Rail - after two homeowners in South Wales were awarded £15,000 to compensate them for knotweed which had spread into their gardens.

(28th September 2017)

(The Guardian, dated 10th August 2017 author Jamie Grierson)

Full article [Option 1]:

Modern slavery and human trafficking is far more prevalent than law enforcement previously thought, with a recent crackdown lifting the lid on the "shocking" scale of the crime and potentially tens of thousands of victims in the UK, the National Crime Agency (NCA) said.

Will Kerr, the NCA's director of vulnerabilities, said the figures were far higher than those identified by the system set up by the government to identify victims of trafficking, which stood at abut 3,800 in 2016.

"It's likely in the tens of thousands," Kerr said. "The more we look for modern slavery the more we find evidence of the widespread abuse of the vulnerable. The growing body of evidence we are collecting points to the scale being far larger than anyone had previously thought."

There has been a wide range of cases uncovered, from a Romanian organised crime gang making €5m (£4.5m) advertising prostitutes online and laundering the proceeds, to a 12-year-old girl being trafficked into the UK to take children to school.

Victims are predominantly from eastern Europe, Vietnam and Nigeria, with a roughly equal balance between men and women, the NCA said. There were currently more than 300 live policing operations targeting modern slavery in the UK, it added.

In May and June alone, there were 111 arrests related to 130 potential victims in the UK as part of an operation led by the NCA.

The agency has launched a campaign to increase public awareness and encourage people to report suspicions to a modern slavery hotline.

Kerr said examples included those working at car washes and in construction, agriculture and food processing. They receive very little pay and are forced to put up with poor living conditions.

Others sold into slavery could be kept in pop-up brothels, where sex workers who have been promised a better life are left penniless with few clothes other than underwear, while some work in cannabis factories, he said.

"As you go about your normal daily life and as you're engaged in a legitimate economy accessing goods and services, there is a growing and a good chance you will come across a victim who has been exploited in one of those different sectors," he said. "That's why we are asking the public to try and recognise the signs and to report their concerns and suspicions to us."

He cited one example of a 12-year-old girl being stopped at border control, having been bound for a life as a domestic slave. "She was being brought in to work for a family in part of the UK, where she had effectively been sold by her father - or it had been facilitated by her father - and she was being brought in to take this family's children to school and pick them up every day, and clean the house in between," he said.

Kerr said criminal charges were pending against those involved in the case.

"People are being exploited on an hourly and daily basis. The full scale and extent of it, we don't know. But what we have found is that in every medium-to-large town and every city in the UK, we have found evidence of vulnerable people being exploited," he said.

The modern slavery helpline, which launched in 2016, operates 24/7, with fully trained specialist staff. The helpline has so far received 1,799 calls and made 1,051 referrals, with more than 2,000 potential modern slavery victims indicated.

Mark Burns-Williamson, Association of Police and Crime Commissioners national lead for human trafficking and modern slavery, said: "The main point we really need to drive home is that this horrendous crime is happening everywhere and we need our communities help to stop it."

He added: "General indicators of human trafficking or modern slavery can include signs of physical or psychological abuse, fear of authorities, no ID documents, poor living conditions and working long hours for little or no pay.

"Human trafficking and modern slavery destroy lives. They are terrible abuses of human rights, shamefully robbing people of their dignity, causing total misery to the victims, their families and our communities. We all need to work together to stop it."

Philippa Rowen, chaplain to the bishop of Derby, said the Church of England would be launching a three-year project in October to help dioceses respond to modern slavery in their communities. "We need communities that have their eyes open, who are aware enough of their surroundings that they can say when something doesn't look right," she said.

"When the man cleaning their car has no safety equipment, and looks underfed and tired. When their neighbours live-in nanny never seems to leave the house and is too frightened to talk to them. When the holiday let at the end of the road is being visited by different men all through the day and night.

"The Church of England, with a presence in every parish, is uniquely placed to be those eyes and ears, and to spread this message further."

(28th September 2017)

(The Telegraph, dated 9th August 2017 author Helena Horton)

Full article [Option 1]:

When a man took a picture up Gina Martin's skirt when she was enjoying herself at a festival, she was sure he could be punished.

However, after being told he did nothing illegal, she has taken things into her own hands and started a campaign which has reverberated across the country - to make 'upskirting' a specific offence under the law.

'Upskirting' is the term for when people put cameras under unsuspecting women's skirts and take a picture of their crotch, usually just before the woman notices what has happened.

On the 8th July 2017, this happened to Ms Martin, who was at the British Summertime Festival.

After seeing the man standing in front of her had an image of a woman's bare legs and crotch on his phone screen, she realised it was of her.

She thought quickly and grabbed the phone, giving it to the festival staff, who called the police.

The police arrived and asked the man to delete the photo. However, five days later, Ms Martin was told the case was closed as the police said the man hadn't broken any laws.

Ms Martin, a 25-year-old writer from London, started a petition to change this.

The campaign to make upskirt photos illegal under the Sexual Offences Act of 2003 has been signed by more than 53,000 people.

"At British Summer Time music festival in London, the two men whose faces I've obscured in the photo above were taking up-skirt photos of my -you know what I mean- without me knowing," she wrote.

"Please join me in calling on the Met Police to reopen my case and help me to get justice by prosecuting the men. "

She said that it is a common practice, and that police should take action.

"This happens regularly to so many women and by putting pressure on the police to prosecute we're also aiming to raise awareness nationwide that this is a crime," she wrote.

"We want the law to specify clearly that this is a sexual offence with a victim, by adding this offence to the Sexual Offences Act 2003."

Men who have taken 'upskirt' photographs have been prosecuted before under different laws.

If Ms Martin had been in a place which would reasonably be expected to provide privacy, such as her home or a changing room, it could amount to voyeurism under section 67 of the Sexual Offences Act.

However, a festival field would not fit under the remit of this law.

'Upskirting' can also come under the criminal offence of "outraging public decency" if two or more people see the photograph - but in Ms Miller's case, no such charge was made.

The Metropolitan Police said in a statement: "The Met takes allegations of voyeurism seriously and does and will investigate them thoroughly. We use a range of policing tactics and deploy officers on specific operations to target this sort of criminal behaviour based on intelligence. We understand that it can be incredibly invasive and distressing for those that this happens to.

"In this specific case we believed the allegation had originally been dealt with in line with the victim's wishes. We have subsequently recontacted the victim and inquiries are ongoing."

Ms Martin also doesn't think it is good enough that it can only fall under outraging public decency to take a photograph up a woman's skirt.

She told the BBC: "I found out that the one law I could charge under was an old common law called "outraging public decency" - a law that states something lewd or indecent happened in public and at least two people saw it. Ironically, it is usually applied to flashers. So, to put it plainly, the only law that protects a victim of upskirting in England and Wales is one that worries about what the public saw, not the victim who's been harassed.

"It's an old law too - victims don't push for it because they don't know about it. If they had known about that law would the police have dealt with my case differently?

"Something has to change here, and that's why I'm campaigning to make upskirt photography a sexual offence. Scotland just did it. So we could too.

"My case has since been reopened and I hope that the men are prosecuted. But this isn't just about my case. My next step is to have the laws amended so that upskirt photos are listed as a sexual offence and a "victim crime", not a public nuisance."

Since she started her petition, the Metropolitan Police re-opened her case.

The Northumbria Police and Crime Commissioner Dame Vera Baird told the Today programme on Saturday that upskirting "needs to be an offence, there is no doubt about it".

(28th September 2017

(BBC News, dated 9th August 2017)

Full article :

Two men are suspected of stealing nearly £20,000 from shoppers by watching them enter their Pin codes and then stealing their bank cards.

A CCTV image of the men, believed to be working with others, has been released by Sussex Police.

Victims' purses and wallets were stolen as they left stores and cash withdrawn from nearby ATM machines before they became aware of the theft.

One one occasion they targeted a person in a hospice shop.

There have been 22 such reports in Sussex since November last year, mostly in supermarkets, but also from pubs and fast food restaurants. The amounts stolen vary but have reached as much as £3,500.

The men are described as being of Eastern European appearance, one bald and the other with dark hair.

Investigator Kayleigh Bartup said: "We are working with the large supermarket brands to raise awareness about these incidents among staff and customers.

"Be alert and aware of strangers when shopping and never leave your bag or trolley unattended at any point. Try not to be distracted by strangers, and also be alert for any suspicious activity around your vehicle.

"It appears that these men, and others, may strike up to twice a day in different towns, and then lay low for a while, so we need to maintain awareness even when there are no reports."

Incidents include:

- Tesco in Lewes on 19 November 2016 - £1,360 obtained
- Sainsbury's in East Grinstead on 13 February - £1,749 obtained
- Morrisons in Seaford on 7 March - £1,800 obtained
- Asda in Brighton on 11 March - £1,000 obtained:
- Waitrose in Eastbourne on 12 May - £2,500 obtained
- Sainsbury's in East Grinstead on 26 May - £1,219 obtained
- St Catherine's Hospice shop, East Grinstead on 26 May - £240 obtained
- Waitrose in Burgess Hill on 8 June - £900 obtained
- Waitrose in Hove on 17 June - £3,500 obtained

(28th September 2017)

(Liverpool Echo, dated 9th August 2017 authors Rebecca Koncienzcy and John Fitzsimmons)

Full article [Option 1]:

The Royal Mail is warning the public about a scam that is duping people out of money.

It involves missed delivery cards being posted through your letter box, but they are actually FAKE.

The clever con makes the cards look like the 'something for you' cards you typically receive from Royal Mail when you have missed a delivery.

They use the same colour scheme, headings and four-box layout. Indeed, the only clear difference is that the scammers' cards do not have the Royal Mail logo on them.

Recipients are invited to call a number beginning 0208 in order to arrange a delivery, The Mirror reports.

They are then put through to an automated message where they are asked to leave their details and a 'consignment number'. Victims have claimed that calling the number - which isn't registered to Royal Mail - has cost them £45.

A spokesperson for the Royal Mail said that it was looking into the scam as a "matter of urgency", adding that people receiving missed delivery notes should be vigilant and ensure that they contain the Royal Mail's logo.

While this particular version is new, scammers have seen the value in using fake missed delivery notes for some time now.

For example, back in 2015 fraud experts Action Fraud highlighted a scam where postcards were being delivered to homes, claiming that a parcel containing jewellery was waiting to be collected.

The postcards said: "The office is attempting to reach you. To claim this parcel and accept this offer, you must telephone the number below immediately and arrange for a delivery.

"The item is prepaid, but a processing and delivery free of £10 must be remitted. This fee can be paid only by telephone and only with a credit card (VISA or MasterCard). This is your only notification"

Of course, even after the money was paid, no such delivery took place.

There is undeniably something exciting about getting a parcel, rather than a letter. For one thing, at least it won't be a bill!

It may seem obvious, but any time you receive a note through the letterbox about a missed delivery, the first question should be whether you have actually ordered anything.

(28th September 2017)

(The Times, dated 9th August 2017 author Mark Bridge)

Fourteen years ago Bill Burr became the guru of secure passwords.

His advice - to do away with memorable words in favour of garbled strings of letters, numbers and special characters that would be near-impossible for criminals to guess - became accepted as gospel around the world.

The former employee of the US National Institute of Standards and Technology (NIST) has now acknowledged that the guidance he published in 2003 only makes people more vulnerable to hackers.

The trouble, according to security researchers, is that in reality the recommendation caused many people to adopt highly predictable "complex" passwords, such as "Pa$$w0rd", to try to remember them.

Mr Burr also suggested that people should change their passwords regularly and at least every 90 days. This advice, which was adopted by corporations, universities and government bodies, gave individuals grappling with ever-growing numbers of passwords an even greater incentive to adopt easy combinations.

Many people have come to update their passwords by making the simplest tweaks "Pa55w0rd1" becomes "Pa55w0rd2", "Pa55w0rd3" and then "Pa55w0rd4", for example.

Because of the stress surrounding complex passwords, people also tend to use the same or similar credentials on different sites. This means that if log-in details are stolen in a data breach, such as the Yahoo hack, criminals can use the same password to access a victim's accounts on other sites.

To counter these problems, crytography experts have highlighted the merits of long "simple" passwords, made up of strings of ordinary words.

In a widely circulated diagram, the Nasa engineer turned cartoonist and author Randal Munroe calculated that it would take 550 years at 1,000 guesses per second to crack the password "correcthorsebatterystaple", while "TrOub4dor&3" could be cracked in three days.

Mr Burr, 72, who is now retired, told The Wall Street Journal: "much of what I did I now regret. In the end, it was probably too complicated for a lot of folks to understand, and the truth is, it was barking up the wrong tree".

NIST recentl reissued its digital identity guidelines, dropping the advice on passwords expiration and special characters and urging organisations to allow longer passwords that are more memorable.

On the other hand, the document says that they should prohibit obvious passwords such as single dictionary words, the account creator's street, or sequences such as 123456.

It also recommends that companies provide password strength indicators.

Ciaran Martin, head of GCHQ's National Cyber Security Centre, has also criticised the standard advice for passwords. In February he told Radio 4's Today programme that even his own "best Technical People" would struggle to remember complex, changing logins for multiple accounts.

Mr Burr, who programmed US Army computers during the Vietnam War, told The Wall Street Journal that he had wanted to base his guidance on real-world password data, but too little was available in 2003 and he was under pressure to publish quickly.

(28th September 2017)

(London Evening Standard, dated 9th August 2017 author Martin Bentham)

Full article [Option 1]:

More than 1,000 sex crimes were committed on the Tube and Overground network last year as the number of offences rose to a new peak, official figures reveal today.

British Transport Police statistics show that there were 1,032 sex offences on Transport for London's rail network in the year to the end of March.

That is up 15 per cent on the previous annual tally and nearly double the total of 567 recorded two years earlier.

Sex crimes were also up in the force's South area, which covers commuter routes from Kent, Surrey, and Sussex into London.

At least part of the rise is thought to be the result of a "Report It to Stop It" campaign to encourage more victims to come forward.

The figures will, however, raise renewed concerns about the activities of sex pests on the Tube and rail network following complaints from campaigners about groping, leering and other unpleasant and potentially illegal conduct by some passengers.

Today's statistics also show a rise of 6.4 per cent in overall crime on the Tube and Overground, pushing the annual total to 11,410 offences.

This included nearly 400 more violent attacks, as well as increases in criminal damage, drug and public order offences. Racially or religiously aggravated crimes "causing public fear, alarm or distress" were also up with 576 offences in the past 12 months, compared with 419 in the previous year. There was also small rise in robbery, but falls in theft and fraud.

The crime rise on London's transport network is mirrored by a similar nationwide rise in offences recorded by British Transport Police.

The force's chief constable Paul Crowther said one reason was that the number of passengers had grown, with an extra 17.5 million journeys nationwide over the year. Stations such as St Pancras had also become "entertainment hubs" drawing "more people to their shops, bars and coffee shops".

He warned, however, that pressures were increasing with the additional problem of protecting the public from terrorism.

"In the last 12 months, BTP officers have been at the forefront of a number of major incidents, including a tram derailment in Croydon in November and critical incidents in Westminster, Manchester and London Bridge and Borough Market," Mr Crowther said.

"Coupled with increasing demand on our services, a growing rail infrastructure and the ever-present threat of terrorism, these are certainly challenging times for police forces. However, I am confident that BTP is in the right position to keep our railways safe."

Crime on the Tube and railways

British Transport Police figures of recorded crime in the Transport for London division. Use the drop down menu to see the stats for different types of crime

2016-17 = n 2015-16 = (n)

Total notifiable crime/offences : 11,410 (10,719)
Sexual crime : 1,032 (894)
Violence against the person : 2,352 (1,963)
Robbery : 103 (97)
Drug crime : 253 (201)
Public order : 1,884 (1,617)
Criminal damage / malicious mischief : 1,005 (736)
Theft of passenger property : 3,901 (4,236)
Line of route crime : 79 (71)
Motor vehicle / cycle crime : 429 (448)
Theft of railway / commercial property and burglary : 171 (194)
Fraud : 131 (186)

(28th September 2017)

(International Business Times, dated 9th August 2017 author Associated Press)

Full article [Option 1]:

The malware entered the North Carolina transmission plant's computer network via email last August, just as the criminals wanted, spreading like a virus and threatening to lock up the production line until the company paid a ransom.

AW North Carolina stood to lose $270,000 (£207,000, €230,000) in revenue, plus wages for idled employees, for every hour the factory wasn't shipping its crucial auto parts to nine Toyota car and truck plants across North America, said John Peterson, the plant's information technology manager.

The company is just one of a growing number being hit by cybercriminals looking for a payday.

While online thieves have long targeted banks for digital holdups, today's just-in-time manufacturing sector is climbing toward the top of hackers' hit lists.

Production lines that integrate computer-imaging, barcode scanners and measuring tolerances to a hair's width at multiple points are more vulnerable to malevolent outsiders.

"These people who try to hack into your network know you have a set schedule. And they know hours are meaningful to what you're doing," Peterson said in an interview.

"There's only a day and a half of inventory in the entire supply chain. And so if we don't make our product in time, that means Toyota doesn't make their product in time, which means they don't have a car to sell on the lot that next day. It's that tight."

He said that creates pressure on manufacturers to make the criminals go away by paying the sums demanded. "They may not know what that number is, but they know it's not zero. So what is that number? Where do you flinch?"

Last August at the 2,200-worker Durham transmission factory, the computer virus coursed through the plant's network, flooding machines with data and stopping production for about four hours, Peterson said.

Data on some laptops was lost, but the malware was blocked by a firewall when it tried to exit the plant's network and put the hackers' lock on the plant's computer network.

The plant was hit again in April, this time by different crooks using new malware designed to hold data or devices hostage to force a ransom payment, Peterson said. The virus was contained before affecting production, and no ransom was paid to either group, he said.

"Top targets globally"

Manufacturers, government and financial firms are now the top targets globally for illicit intrusions by criminals, foreign espionage agencies and others up to no good, according to a report this spring by NTT Security.

A survey of nearly 3,000 corporate cybersecurity executives in 13 countries last year by Cisco Systems found about one out of four manufacturing organisations reported cyberattacks that cost them money in the previous 12 months.

Since 2015, US manufacturers considered "critical" to the economy and to normal modern life, like makers of autos and aviation parts, have been the main targets of cyberattacks - outstripping energy, communications and other critical infrastructure, according to Department of Homeland Security incident response data. The numbers may be imprecise because companies in key industries often don't report attacks for fear of diminished public perception.

But attacks demanding ransom against all US institutions are spiralling higher. The FBI's Internet Crime Complaint Centre received 2,673 ransomware reports in the year ending last September - nearly double from 2014.

Global infections are growing

While manufacturers are increasingly prey to these cyber-stickups, it may just be because criminals are playing the odds and striking as many enterprises of all types as they can across a targeted region, said John Miller, who heads a team at cybersecurity firm FireEye that tracks money-driven online threats.

Attackers "aren't necessarily going after manufacturing to the exclusion of other sectors or with a preference above other sectors. It's more that, 'OK, we're going to try to infect everybody in this country that we can,'" Miller said.

One high-profile example came in May and June, when auto manufacturers including Renault shut down production after they were swept up in the worldwide onslaught of the WannaCry ransomware virus.

But attackers also are increasingly injecting ways to remotely control the robots and other automated systems that control production inside targeted factories.

The threat of computer code tailored to hit specific targets has been around since researchers in 2010 discovered Stuxnet, malware apparently designed to sabotage Iran's nuclear program by causing centrifuge machines to spin out of control.

Stuxnet is widely believed to be a covert American and Israeli creation, but neither country has officially acknowledged a role in the attack.

Malicious software that attacked Ukraine's electricity grid last December was built to remotely sabotage circuit breakers, switches and protection relays, researchers said.

Cyberattacks that reach into industrial control systems have doubled in the past two years in the US to nearly four dozen so far in the federal fiscal year that ends in September, outstripping last year's total, according to DHS data.

"I think the emerging threat you're going to see in the future now is really custom ransomware that's going to be targeted more toward individual companies," said Neil Hershfield, the acting director of the DHS team that handles emergency response to cyberattacks on industrial control systems.

(28th September 2017)

(London Evening Standard, dated 9th August 2017 author Martin Bentham)

Full article [Option 1]:

Britain's top law enforcement agency has allowed child traffickers to escape justice by ignoring information which could have stopped them preying on victims, the Government's slavery watchdog warned today.

Kevin Hyland, the independent anti-slavery commissioner, said that important information about modern slavery offences had "sat dormant" on the National Crime Agency's databases because the crime was not being taken seriously enough.

As a result, offenders had not been pursued. Measures to protect other potential victims had also not been taken in a failure which he likened to allowing a rapist to "run around London" without police taking action.

Mr Hyland's comments came in an interview with the Evening Standard in which he also suggested that legislation might be needed to force tech firms to take stronger action to prevent traffickers from using the internet to lure victims online.

He also disclosed that law enforcement officials from Nigeria are to be deployed at British airports to help identify traffickers and victims as they fly into the country.

His most striking remarks, however, came as he expressed concern about the failure of law enforcers to act on information about victims logged via the "national referral mechanism" and held by the NCA.

A total of 3,805 victims from 108 countries were recorded via the system last year after being identified as slaves forced into labour exploitation, prostitution or domestic servitude.

Mr Hyland said recent improvements taken in response to his complaints meant the information was now being used more consistently.

But there had still been too many occasions - including cases involving child slavery victims - on which the data had not been used to track down criminals and prevent further crimes.

He said: "We understand that lots of victims perhaps don't want to see the police, but once the state has got that information they need to do something about it - see if there are other victims, if there are prevention opportunities.

"Also, even without the victim you can sometimes arrest the offender, as in murder or domestic abuse.

"If we knew there was a rapist running round a part of London and the victims didn't want to come forward you would hope that the police would take some sort of action with the information that was there.

"Yet with modern slavery we have had information like that, which has included cases involving children, where there is no proactive response, where the information has just sat there dormant in the National Crime Agency's databases."

Mr Hyland said that the Home Office had agreed to examine the system in response to his complaints and insisted that trafficking should in future be tackled in the same way as other forms of serious organised crime.

He emphasised that there had been a "sea change" in the NCA's approach in recent months with the "beginning of a professional response". But he remained concerned.

"I want to make sure that all the processes that are there for other crimes are adhered to - that this is seen as equally serious," he added.

"We know this is crime where somebody operates one minute in eastern Europe, the next minute they are in London, then Birmingham, then Manchester, and unless we bring all that information together and assess it in the correct way we are going to miss opportunities to stop it."

Mr Hyland also expressed concern about the number of British children being used as slaves, including for activities such as smuggling drugs, with 255 juvenile trafficking victims from this country recorded last year.

He also called on tech firms to do more to stop their services being used by traffickers and warned that legislation might be needed.

"If you look online, adverts are posted overseas and the promises that are made, you can see some of the jobs are false and they are just luring people over. We need the companies involved to take responsibility."

Official figures show that forced labour is the most common form of slavery, but there are also many victims of sexual exploitation and domestic servitude. One third of cases recorded last year involved children.

The National Crime Agency said in a statement: "The NCA takes action on every referral it receives. We pass information to police forces so it can be acted on, and rigorously analyse all intelligence, in order to co-ordinate the most effective response against criminals who try to profit from the exploitation of vulnerable people."

Doctor made woman a domestic slave

The problem of modern slavery was highlighted earlier this summer when a London GP and her husband were jailed for trafficking a woman to the capital to exploit her.

Ayodeji Adewakun, 45, a doctor, and her husband Abimbola Adewakun, 49, a nurse, both from Bexley, brought the 29-year-old from Nigeria and used her as a domestic slave in their home for more than two years. Their victim was contracted to work from 7am to 5pm from Monday to Saturday looking after the pair's children for £500 a month. But they paid her nothing and, after being confronted by the woman, only handed over £350.

She never received a day off, worked night and day, and suffered health problems. After protesting, she was banned from using the family bathroom and made to wash her clothes by hand.

At Southwark crown court Dr Adewakun was sentenced to six months' imprisonment for trafficking for the purpose of exploitation. Her husband was jailed for nine months for the same offence.

(28th September 2017)

(Science Alert, dated 8th August 2017 author Peter Dockrill)

Full article [Option 1]:

Passwords suck. They're hard to remember, we all have about a million of them, and they're not supposed to be anything easy or memorable like your cat's name (sorry Furball1).

Worst of all, when massive data breaches happen to the companies we actually trust with our online credentials, our usernames and passwords can become totally exposed - but luckily, there's now a simple way to find out if you've been compromised like this.

Troy Hunt is an Australian security researcher and the man behind Have I Been Pwned (HIBP), a website that lets people check if their email addresses and usernames have been involved in some of the biggest data breaches ever - involving companies like Myspace, LinkedIn, Adobe, Dropbox (and sadly hundreds more).

Have I been Pwned website :

Now, Hunt has approached the same problem from the opposite perspective, building a new tool called Pwned Passwords that does the same kind of thing, but this time it lets you enter just your passwords to see if they've been leaked in any of the aforementioned hacks.

There's a staggering 320 million leaked passwords stored in this database, and if you're wondering whether it's maybe irresponsible to collect them all in one place like this, there are a couple of things to bear in mind.

One, none of the passwords here are stored alongside the email addresses or usernames that they pair with, so if any people are still using these long-exposed passwords, their anonymised listing here shouldn't make things any easier for hackers.

Two, Hunt's whole point with Pwned Passwords is to draw attention to the issue of how just how many of our passwords have been outed by hackers up until now - by letting people check if one of their passwords is out there on the big bad internet.

Again, all of these passwords are already out in the wild - some have been for a long time - so hopefully most users have already changed them.

There are two ways of using Pwned Passwords: an online search tool on the website itself, and by downloading the whole list of 320 million leaked passwords, which are stored across three separate text files (note: you're looking at more than 5GB in total, as the list is very long).

Before we go any further, a word of warning. You really shouldn't type any active passwords you're currently using in to the online search tool, because it goes against the whole principle of never sharing or distributing your passwords, even if it's with a website set up by a professional security researcher.

As Hunt explains on his blog:

- "It goes without saying (although I say it anyway on that page), but don't enter a password you currently use into any third-party service like this! I don't explicitly log them and I'm a trustworthy guy but yeah, don't.

- The point of the web-based service is so that people who have been guilty of using sloppy passwords have a means of independent verification that it's not one they should be using any more."

What this means is that if you want to see if any of your current passwords have been exposed, you really ought to download the whole list and search through it from the privacy and security of your own device.

It's an extra step of hassle, sure, but it's worth it, guys, and it's still a pretty simple thing to do.

For extra security - and to protect anybody still using these leaked passwords - the passwords in the list files have been encrypted with SHA-1 hashes, so you'll need to generate the hash of your password before you search for it in the list (instructions for generating SHA-1 hashes are easily found online).

Hopefully, whichever way you choose to use the service, you'll find that none of your passwords have been leaked, but if they are, now's as good a time as any to change them - and if you don't already, you should really consider using a password manager to store and generate your passwords.

For more on how to make the most of Pwned Passwords, check the instructions on the site, and have a read of Hunt's blog post introducing the service.

One last thing, if searching the service doesn't bring up any of your passwords, that's good news for sure, but it doesn't necessarily mean your password hasn't been leaked at some point - just that it's not included as part of this database.

"One quick caveat on the search feature: absence of evidence is not evidence of absence," as Hunt explains, "or in other words, just because a password doesn't return a hit doesn't mean it hasn't been previously exposed."

Stay vigilant, folks!

(28th September 2017)


(London Evening Standard, dated 8th August 2017 author Justin Davenport)

Full article [Option 1]:

A police "front counter" which opened in south London after £500,000 restoration work two years ago has been earmarked for closure under new cost-cutting plans.

Residents have condemned the move to close the premises as a "waste of public money" in a growing protest over police station cuts.

The front counter was opened in February 2015 in a former shop in Streatham High Road as a replacement for the local police station which was closed in the last round of cutbacks.

Now Mayor Sadiq Khan has announced plans to axe 40 stations as well as dozens of neighbourhood officers and public "contact points" in libraries and supermarkets in an effort to meet £400 million of government savings.

Senior police officers and the Mayor argue few people visit the buildings and that most people want to report crime over the phone or online.

The Mayor has proposed there should be one 24-hour police station in every borough while local ward officers should hold "community contact sessions" in "convenient locations".

However, the plans are meeting increasing resistance from residents and politicians. In Streatham, Julian Heather, chairman of a safer neighbourhood panel, said: "People were furious when they closed the original police station. The front counter was supposed to be a replacement and they spent about eight years and half a million pounds bringing it back into use as a police front counter and local neighbourhood base.

"Shutting it after just two or three years is a monumental waste of money, it is squandering public money."

He added: "People want a proper focus in the community where they know the police are based." In Wimbledon, residents are campaigning to save their local police station - which is earmarked for closure, while neighbouring Mitcham will stay open.

Local Tory MP Stephen Hammond said: "Wimbledon police station is integral to the local community, there is a vibrant night-time economy and a large transport hub which needs policing. If you are going to close a station it makes sense to close the one with less contact with the community which is Mitcham. This also strikes me as a deeply political move, since Mitcham is Labour and Wimbledon Conservative.

"The Mayor needs to make sure that he is policing London correctly and there is a good need for a police station at Wimbledon."

Meanwhile, the leaders of 20 Labour- run boroughs around London have declared their opposition to further police station closures.

In an open letter coordinated by Lambeth leader Lib Peck, they called on the Government to scrap planned cuts to the police service and work with the Mayor to keep stations open.

A total of eight are earmarked for closure in Lambeth, with only Brixton remaining open. A spokeswoman for the Mayor's Office for Policing and Crime said the plans were still open for consultation. The Mayor said recently that government cuts left him no choice but to take drastic action.

He said: "We will still be able to maintain a 24/7 front counter service in every borough and are improving the telephone and online services that Londoners value so highly.

How cash could have been spent

Annual salary for 12 detective constables

19 fully kitted police cell vans

333 new X2 model Tasers

28,000 handcuffs

(28th September 2017)

(The Times, dated 8th August 2017 author Bernard Lagan)

There are many creatures, big and small, to be feared in Australia but strolling on a suburban beach in a few feet of water should have been safe enough.

Yet when Sam Kanizay, 16, decided to paddle in the sea near his home in Melbourne his legs became covered in blood and both he and hospital staff struggled to stem the bleeding. Doctors were left puzzled by the "pin-sized holes" in his legs and feet through which the blood seeped out, many of which required stitches.

Scientists eventually identified his attackers as tiny carnivorous creatures, half a centimetre to a centimetre long, known as sea fleas and found in many inshore waters.

"I didn't feel anything untoward when I was in the water," Sam said: "It was cold, so I expected my legs to go numb. Blood covered both my feet nd I was leaving little pools of it everywhere. I thought I had maybe stood on a rock, but the amount of blood quickly told me it wasn't it."

Genefor Walker-Smith, a marine scientist, told The Age newspaper that the number of bites inflicted on the teenager was highly unusual and it appeared that he had been attacked by a swarm of sea fleas. She said it was possible she said it was possible that he had disturbed a dead fish on which they were feeding.

Like leeches, sea creatures release an anticoagulant, which stops blood from clotting.

"It probably made it worse that Sam was standing still - they may not have been ablet cling on too tightly if he had been moving through the water," Dr Walker-Smith said.

Officials in the state of Victoria warned swimmers in Port Phillip bay to wear a wetsuit with boots.

(28th September 2017)

(Cosmopolitan, dated 4th August 2017 author Katie Jones)

Full article [Option 1]:

Hotel room safety is often a big concern for tourists, particularly for those who are travelling alone. And while the doors to most hotel rooms are fairly secure, there's one tip that globetrotters have shared when it comes to protection from intruders.

The Mirror points out that when asked to advise on the best security device to pack in hand luggage, frequent traveller David Klain said he never goes on holiday without a doorstop.

"Believe it or not, this is one of the best security devices anyone can have when travelling!" he explained on Quora.

"When staying in a hotel, you can put that doorstop under the door preventing someone from breaking in (the chain on the door will stop no one). In the case of a terrorist attack or lone gunman/active shooter incident, typically they will go through all rooms but, if they can't get the door open, move on to other rooms before working their way back to the doors that wouldn't open. This buys you time for you to get away/police to respond/etc."

Klain isn't the only seasoned traveller to advocate the household item as a safety measure. Former police officer and expedition leader, Lloyd Figgins, also recommended it to Wanderlust as a "simple and effective" way of preventing even those with a key from entering a room.

"Once you are in your room, simply lock your door and push the wedge under it. For added security, simply place more wedges under the door," he explained.

There are a number of precautions travellers can take while on trips abroad. To help you prepare for a holiday, use the government's foreign travel checklist for advice and safety tips :

(28th September 2017)

(The Guardian, dated 4th August 2017 author Rowena Mason)

Full article [Option 1]:

Police are unable to properly pursue members of organised gangs on mopeds because they risk being prosecuted for dangerous driving, the shadow policing minister has said.

Louise Haigh called for a review of police driving laws after officers were warned by the Police Federation not to carry out emergency manoeuvres that would be illegal for any other "careful and competent" driver.

The federation has called for the law to be changed after rulings that the police should be held to the same rules as other motorists, with the exception of the speed limit, even though they are trained to a higher level. Police are allowed to ignore road traffic signals, such as red lights, if this does not endanger anyone, but there are legal concerns that this exemption is meaningless because driving a vehicle on a road always carries a risk of danger.

Writing for the Guardian, Haigh said that without changes to the law the government risked "handing over our streets to criminals".

"[Officers] should be assessed based on their special training and circumstances, not compared to how you and I might normally drive. That, in turn, requires legislative change and for the government to stop dragging its feet," said Haigh, who is a member of Diane Abbott's shadow Home Office team.

"We need to have confidence that the police will enforce the law. The police need to have confidence that the law itself allows them to do so. If we don't tackle this we will hand our streets over to criminals and it will be the poorest communities that will suffer the most."

She said officers were at significant risk if prosecuted because their driving behaviour would be assessed on the same basis as any "competent and careful driver"; there were no specific exemptions for emergency manoeuvres beyond "disapplying" the speed limit.

"That is hampering the ability of the police to apprehend very serious offenders and take them off the streets. Bikers who have progressed well beyond petty crime into much more serious gang-related activity, to the point where the Met police has now classified moped-enabled crime as serious organised crime," Haigh said.

Figures obtained under freedom of information laws show moped-enabled crime has risen 10-fold in London since 2011 to more than 5,000 incidents a year.

In June, the federation warned all of its 120,000 members in 43 force branches that emergency manoeuvres in pursuit of suspects could land them in trouble.

Tim Rogers, the federation board member for roads policing, said: "Legal advice has recently highlighted that police response and pursuit drives are, in most circumstances, highly likely to fall within the definitions of careless and/or dangerous driving. There are no exemptions to the offences of careless or dangerous driving to permit emergency driving … Officers have a sworn duty and must uphold that duty. Officers should drive in a way which is lawful and does not contravene the laws of dangerous or careless driving. Officers are advised not to undertake any manoeuvre which may well fall outside the standard of the careful and competent non-police driver."

A Home Office spokesman said: "All emergency services, including the police, are exempt from speed limit, traffic light and sign violations when undertaking an emergency service response. However, they remain subject to the general law on motoring in the same way as members of the public - including the law on careless and dangerous driving. Decisions on the management of pursuits and response driving are an operational matter for forces."

(28th September 2017)

(The Guardian, dated 3rd August 2017 author Rupert Jones)

Full article [Option 1]:

An invisible traceable gel that stays on skin and clothes for years will be sprayed on anyone who tries to break into a Co-operative cash machine as part of a hi-tech initiative to combat ATM crime.

The Co-op group has teamed up with forensic technology company SmartWater to roll out the deterrent. The gel was invented by former West Midlands police officer Phil Cleary and his chartered chemist brother Mike.

The technology is being installed at about 2,500 cash machines at Co-op food stores across the UK, after a pilot scheme in 2016 resulted in a more than 90% reduction in ATM crime.

The Co-op revealed industry figures that showed north-west England was the number one UK hotspot for ATM crime, accounting for almost 29% of attacks carried out between January and June this year. London was in second place at 19%.

SmartWater has adapted the technology to ensure that criminals who attack ATMs, and any cash they manage to steal, are marked with the water-based gel.

"Invisible to the naked eye, an amount of gel the size of a speck of dust can provide the solution for scientists to undertake a successful analysis and help police with identification, with the forensic signature guaranteed to last five years," the firm said. The gel glows neon yellow under UV light and is "difficult for criminals to remove".

The Metropolitan police has a partnership with SmartWater aimed at cutting the number of burglaries in London. "As a result, all custody areas have suitable detectors fitted, with prisoners routinely scanned, and hundreds of patrol staff have been equipped and trained to detect it," said DCI Iain Raphael, Enfield borough commander. "We welcome any crime prevention initiative such as this … Criminals contemplating attacks on Co-op ATMs should take note."

The Co-op said the technology was effective regardless of how a cash machine was targeted. It added that gas attacks - where gas was piped into the machine from cylinders and ignited from a distance - were in decline.

ATM raids involving a saw or angle grinder are most common in the north-west, while black box attacks are a particular problem in London. The latter involves an unauthorised device being fitted to cash machines that causes them to dispense all their cash. Another method involves thieves trying to remove an ATM with a rope or heavy machinery such as a digger.

Chris Whitfield, director of retail and logistics at the Co-op, said: "ATM crime impacts customers and communities - it can also have a disproportionate impact on rural police force areas where cash dispensers are more of a lifeline for residents and the local economy."

(28th September 2017)

(London Evening Standard, dated 1st August 2017 author Justin Davenport)

Full article [Option 1]:

Police used force against suspects and individuals more than 100 times a day in London, according to data released for the first time today.

It showed the number of cases where officers used tactics ranging from handcuffs and physical restraint to Tasers and firearms.

In the three months to the end of June, individual officers recorded "incidents of force" 12,605 times, or an average of 138 cases a day.

Nearly half - 5,397 - were described as "compliant handcuffing" while other common tactics included the use of "unarmed skills", restraint and "tactical communications" to defuse situations.

However, the data also showed that Taser stun guns were deployed on 1,102 occasions, although they were only fired 100 times.

Firearms officers aimed weapons on 281 occasions, police used batons 46 times and controversial spit guards were used 25 times.

The figures record armed police firing weapons on only two occasions, believed to be the incidents involving a raid on suspected terrorists in Willesden, when a woman was shot, and the terror attack in Borough Market when three extremists were shot dead.

The statistics record that force was used 10,925 times against men, 1,643 against women and 37 against transgender individuals.

Most incidents, 6,404, were against men aged between 18 and 34 years, although there were 17 children under the age of 10 who were subject to the use of force.

However, police say children could have been restrained by an officer for their own safety or to detain them, incidents which would have been recorded as force.

The data revealed that 45 per cent of those who were subject to force were white, 36 per cent were black and 10 per cent from the Asian community.

Around 14 per cent were believed to have mental health issues.

Police dogs were deployed 24 times - and people were bitten by the dogs on 17 occasions. CS spray was drawn 87 times and used on violent suspects 68 times.

The figures were released after hundreds took to the streets in London to protest over the deaths of two black men after they were apprehended by police officers.

Rashan Charles, 20, died last month after being restrained by officers in Dalston, while Edson Da Costa, 25, from East Ham, died after contact with the police five weeks earlier.

The figures showed 655 suspects were injured, 11 seriously.

Commander Matt Twist said of the figures: "Our officers face the most dangerous situations every day. The use of force techniques are there to stop violence and danger, protecting not only the officer making an arrest but the public at the scene, and the person being arrested.

"It is important to recognise the type of force used with the most common being the use of compliant handcuffs.

"These figures will ensure transparency to the public who will get a better idea of what officers face on a day-to-day basis."

He added: "We can see from the data that on 643 occasions officers were injured in this period."

The figures include the first data on the use of spit guards after they were deployed to all custody suites across London.

Westminster officers recorded the most use of force followed by Lambeth, Croydon, Hackney and Wandsworth.

Commander Twist added: "It is really important to note that this first three month period is very early data and not comparable against anything else.

"It will take time for us to ensure officers comply with filling out this form after every use of force interaction becomes routine or second nature.

"We know that there will be instances of force used in this period which have not been recorded, but having scrutinised the data we have already seen a steady increase in the number of online recording.

"We have been training officers on the new form through officer safety training and briefings."

Officers are asked to record "tactical communications" as "force" to show where their attempt to defuse situations by talking failed and they had to resort to more robust tactics.

(28th September 2017)

(London Evening Standard, dated 3rd August 2017 author Martin Bentham)

Full article [Option 1]:

A huge human trafficking ring that has been flying hundreds of Iranian migrants, some as young as five, into Britain has been smashed after the arrest of more than 100 people by European law enforcers and the Met.

The alleged leader of the criminal gang was detained at Heathrow as he tried to escape justice by flying to Brazil. Another 14 gang members were held in Malaga, southern Spain, where the smuggling operation was based.

The EU's law enforcement agency, Europol, said that more than 200 people a year had been smuggled by the gang for around 10 years. Most were flown into Britain, although some were sent to other European countries.

Europol said the gang had run a "perfectly structured" criminal operation in which each migrant was charged around £22,000 and provided with accommodation, transfers and flights.

There was no immediate information from the Home Office about how many Iranians have managed to enter Britain illegally or whether any of those detained have been removed from the country.

But the discovery of the operation will raise renewed concerns about the security of Britain's borders and the ability of traffickers to use fake or legitimate documents from other EU countries to smuggle illegal migrants into the country.

Announcing the successful operation against the gang today, Europol said that Spanish National Police had "dismantled an international criminal network involved in smuggling Iranian nationals into the UK on commercial flights" on an "action day" across Europe.

As the well as the alleged ringleader arrested at Heathow, another 14 members of the trafficking ring were arrested in Spain, along with 42 Spanish citizens suspected of selling their documents to help the gang carry out is smuggling operation.

A total of 44 Iranians were also detained at airports across Europe carrying forged passports. Seven other Iranians, including a child aged five, were also found during searches carried out by Spanish police. Passports, more than 400 blank identity cards, firearms, cash, computers, printers and a "high-end vehicle" were also seized during the searches.

Europol said that law enforcers had become aware of the gang, which was operating out of Malaga in southern Spain, after seven Iranian citizens were caught a year ago using fake passports to board a lane flying to this country from Germany.

Investigations found that the flight tickets had been bought at travel agnecy in Malaga and realised that there was "a migrant smuggling network operating in the city".

"The criminal group was perfectly structured and each member had a defined role, ranging from recruiting the irregular migrants in their country of origin, to facilitating the transfers, hosting them in safe houses in Spain, and supplying the travel documents," Europol said.

"The network operated from Málaga and used Spain as a transit country. In total, 101 individuals were arrested. The Spanish National Police arrested 14 members of the criminal group in Málaga, as well as another 42 individuals accused of selling their Spanish documents to the members of the organisation for prices ranging from 500 euros (£445) to 3000 euros (£2,680).

"Another 44 individuals of Iranian nationality were intercepted at different European airports carrying forged passports. The leader of the criminal group was arrested by the Metropolitan Police at Heathro