The articles on this page are either produced by the operator of the website, from national publishers or Government departments. Where the information is from an external source all information on the origins of the article will appear under the title.

Links annotated [Option 1] will direct you to a website that will possibly download a 3rd party cookie to your computer. Your Browser or security software may be set up to prevent this download from taking place.

NEWS 2016 will soon be found within the ARCHIVE menu.











THE LONDON BOROUGHS WITH THE BIGGEST RISES IN HOME BREAK-INS AT CHRISTMAS
(London Evening Standard, dated 9th December 2017 author Patrick Grafton-Green)

Full article [Option 1]:

www.standard.co.uk/news/crime/revealed-the-london-boroughs-with-the-biggest-increases-in-residential-burglaries-over-christmas-a3714356.html

An east London borough has been named as the worst for home break-ins over the Christmas period.

Redbridge has the highest increase in residential burglaries over Christmas of all London boroughs, official figures reveal.

The borough sees a rise in break-ins of 52 per cent during the months of November to January, compared to the rest of the year.

Redbridge also has the highest rate of burglary in the capital over the festive period, with an average of 8.39 homes per 1,000 targeted.

Comparison service ValuePenguin analysed data from the Met Police’s crime data dashboard for every borough in the capital between April 2010 and October 2017.

According to the data, every borough sees an increase in burglaries at Christmas. Harrow – with a hike of 43 per cent, and Bexley – with a 38 per cent increase – also fare badly.

The lowest increases – of just two per cent – are seen in Islington and Kensington and Chelsea.

Despite seeing a substantial rise in burglaries over the winter months, Bexley has the lowest burglary rate of any London borough during the rest of the year, with thieves targeting 2.89 homes per 1,000.

This jumps up to four over the festive season, still the second lowest rate of any London borough.

After Redbridge, the boroughs with the highest burglary rates over Christmas include Barnet, with an average of 7.71 homes targeted per 1,000, and Haringey, with 7.62.

Sutton, where 3.7 homes per 1,000 are targeted, has the lowest rate of any London borough.

Superintendent Shaun Wilson, Met operational lead for burglary, told the Standard: “I think it is fair to say around Christmas time and in the approach to Christmas, we do see a traditional increase in burglaries.

“This is often at a time people are buying gifts, often expensive gifts, and leave them safe places and sometimes not so places.

“It’s a period when people go on holiday, spend long periods away from home, visit family and friends and spend time socialising and partying.

“This leads to an increase in vulnerability, which gives burglars a chance to exploit that.”

Supt Wilson said advice fell into three main categories, online profiles, people going out and people going away.

He said: “Often people will advertise they have been given an expensive item. Check your security settings, other people will be peering into that, and think about what you are putting online.

“If you are going away, tell neighbours, people that you trust, that you are going away.

“The mail will start stacking up and it soon becomes obvious that you are away. Have someone you trust come in, turn lights on and off, put on the television and radio, open and close curtains.

“Don’t leave expensive items or wrapped up gifts near windows for people to see.

“Keys should not be left in doorways, near the letter box – people will reach through and nick the keys.”

He added that Christmas was also a time to keep an eye on the vulnerable and elderly, who are in particular danger of being targeted.

A Redbridge Council spokesman said: "Burglary rates traditionally increase at this time of year and we are working in partnership to support the police to bring burglary back to more acceptable levels.

"We have introduced a number of measures such as; alley gating schemes, free home security improvements for the most vulnerable, home security advice for residents and a wide range of activities to tackle bogus callers and rogue traders.

"We remind homeowners to keep doors and windows locked and to use timers on light switches when they go out."

Un-Merry Christmas

Percentage burglaries that go up during the Christmas and New Year period.

n = average Christmas burglary rate (Nov-Jan) per 1000 households
(n) = average burglary rate rest of year per 1000 households

Barking and Dagenham : 6.74 (5.24)
Barnet : 7.71 (5.79)
Bexley : 4 (2.89)
Brent : 7.24 (5.51)
Bromley : 5.66 (4.33)
Camden : 6.06 (5.08)
Croydon : 5.91 (4.89)
Ealing : 6.34 (5.02)
Enfield : 7 (5.31)
Greenwich : 4.74 (4.06)
Hackney : 4.6 (4.42)
Hammersmith and Fulham : 5.96 (5.55)
Haringey : 7.62 (6.14)
Harrow : 7.09 (4.96)
Havering : 6.81 (5.1)
Hillingdon : 6.74 (4.92)
Hounslow : 5.7 (4.45)
Islington : 5.1 (5)
Kensington and Chelsea : 5.24 (5.13)
Kingston upon Thames : 4.03 (2.99)
Lambeth : 6.07 (5.59)
Lewisham : 6.23 (4.99)
Merton : 5.51 (4.22)
Newham : 5.06 (4.11)
Redbridge : 8.39 (5.52)
Richmond upon Thames : 4.56 (3.88)
Southwark : 5.04 (4.69)
Sutton : 3.7 (2.94)
Tower Hamlets : 4.1 (3.76)
Waltham Forest : 6.49 (5.3)
Wandsworth : 4.68 (4.18)
Westminster : 5.34 (4.69)

(10th December 2017)


NATWEST, HSBC AND CO-OP SECURITY FLAW LEFT BANKING APP USERS AT RISK OF HACKING
(Birmingham Mail, dated 7th December 2017 author James Rodger)

Full article [Option 1]:

www.birminghammail.co.uk/news/midlands-news/natwest-hsbc-co-op-security-14006931

Mobile banking customers are being advised to update their apps after experts discovered a security flaw that left millions vulnerable to hackers.

Researchers found that several apps, including those from HSBC, The Co-operative and NatWest banks, had a specific weakness that could be exploited by criminals to gain access to users' details such as username, password and Pin code.

The vulnerability, believed to have put 10 million users around the world at risk, has been fixed but the experts say it is not clear whether the flaw was exploited by attackers.

They recommend using the most recent version of the banking apps and installing updates as soon as they are offered.

The team from the University of Birmingham detected the weakness using a tool they developed to test 400 apps considered to be high security.

Dr Tom Chothia, a senior lecturer in Cyber Security at the University of Birmingham, said: "In general the security of the apps we examined was very good, the vulnerabilities we found were hard to detect, and we could only find so many weaknesses due to the new tool we developed.

"It's impossible to tell if these vulnerabilities were exploited but if they were attackers could have got access to the banking app of anyone connected to a compromised network."

They found that a hacker connected to the same network as the app user, such as WiFi or a corporate network, could perform what they call a "man-in-the-middle attack" to trick the software into revealing personal details.

The apps with the security flaw had one particular technology - known as certificate pinning - in common. Certificate pinning is normally used to improve security in apps but contains vulnerabilities that remain undetected in standard checks.

he team also uncovered the risk of other potential threats including "in-app phishing attacks" against Santander UK and Allied Irish (GB).

A phishing attack would have let a hacker take over a part of the screen while the app was running and use this to fraudulently ask the victim for their confidential information by sending emails or messages that look like they are from a legitimate organisation.

The team worked with the banks involved as well as the UK government's National Cyber Security Centre to fix the vulnerabilities.

(10th December 2017)


THOUSANDS OF MORRISONS STAFF WIN CLAIM FOR PAYOUT AFTER ADDRESSES, BANK DETAILS AND SALARIES WERE POSTED ONLINE
(Daily Mail, dated 1st December 2017 author Scott Campbell)

Full article [Option 1]:

www.dailymail.co.uk/news/article-5136127/Victory-Morrisons-workers-data-leak-compensation-claim.html

Thousands of Morrisons staff have won their claim for a payout after their addresses, bank details and salaries were posted online.

The case has potential implications for every individual and business in the country.

It follows a security breach in 2014 when Andrew Skelton, a senior internal auditor at the retailer's Bradford headquarters, leaked the payroll data of nearly 100,000 employees.

The file - which was put online and sent to newspapers - included their names, addresses, bank account details and salaries.

A group of 5,518 former and current Morrisons employees said the leak exposed them to the risk of identity theft and potential financial loss and that Morrisons was responsible for breaches of privacy, confidence and data protection laws.

They are seeking compensation for the upset and distress caused.

Morrisons said it could not be held directly or vicariously liable for Skelton's criminal misuse of the data and that any other conclusion would be grossly unjust.

Following Mr Justice Langstaff's decision on liability on Friday, Nick McAleenan of JMW Solicitors said: 'The High Court has ruled that Morrisons was legally responsible for the data leak.

'We welcome the judgment and believe that it is a landmark decision, being the first data leak class action in the UK.'

The judge ruled that vicarious liability, but not primary liability, had been established.

He said: 'I hold that the Data Protection Act (DPA) does not impose primary liability upon Morrisons; that Morrisons have not been proved to be at fault by breaking any of the data protection principles, save in one respect which was not causative of any loss; and that neither primary liability for misuse of private information nor breach of confidentiality can be established.

'I reject, however, the arguments that the DPA upon a proper interpretation is such that no vicarious liability can be established, and that its terms are such as to exclude vicarious liability even in respect of actions for misuse of private information or breach of confidentiality.'

He added: 'The point which most troubled me in reaching these conclusions was the submission that the wrongful acts of Skelton were deliberately aimed at the party whom the claimants seek to hold responsible, such that to reach the conclusion I have may seem to render the court an accessory in furthering his criminal aims.

'I grant leave to Morrisons to appeal my conclusion as to vicarious liability, should they wish to do so, so that a higher court may consider it, but would not, without further persuasion, grant permission to cross-appeal my conclusions as to primary liability.'

Mr McAleenan said: 'Every day, we entrust information about ourselves to businesses and organisations. We expect them to take responsibility when our information is not kept safe and secure.

'In the Morrisons case, almost 100,000 bank account details, National Insurance numbers and other data was entrusted to a fellow employee to look after. Instead, however, he uploaded the information to the internet.

'This private information belonged to my clients. They are Morrisons checkout staff, shelf stackers, factory workers - ordinary people doing their jobs.

'The consequences of this data leak were serious. It created significant worry, stress and inconvenience for my clients.'

In July 2015 Skelton was found guilty at Bradford Crown Court of fraud, securing unauthorised access to computer material and disclosing personal data and jailed for eight years.

The trial heard that his motive appeared to have been a grudge over a previous incident where he was accused of dealing in legal highs at work.

-----------------------
UK COMPANIES KEEP CLOSE EYE ON MORRISONS DATA LEAK CASE
(Financial Times, dated 8th October 2017 author Jane Croft)

Full article [Option 1]: www.ft.com/content/42423624-a466-11e7-9e4f-7f5e6a7c98a2

A landmark High Court trial of a case by Wm Morrison workers over a huge leak of personal data by a former employee will begin this week.

The lawsuit was brought by 5,500 current and former Morrisons workers. They are seeking compensation over the 2014 data security breach in which payroll information of almost 100,000 staff was posted on the internet.

The legal case, which is believed to be the first data leak class action in the UK, will be keenly watched by companies who worry it could spark a new wave of court cases from workers and customers in the event of a data breach.

The two-week High Court case is due to determine whether Morrisons is liable for the data leak. If the claimants are successful, a second trial will go ahead to determine the level of compensation for victims.

The details posted on the internet included bank and salary details as well as addresses and National Insurance numbers.

The workers claim that Morrisons failed to prevent the leak, which exposed staff to the risk of identity theft and potential financial loss. They argue that the supermarket was ultimately legally responsible for breaches of privacy, confidence and data protection laws.

Morrisons denies all legal liability and is vigorously defending itself. The company declined to comment ahead of trial.

The lawsuit stems from the conviction of Andrew Skelton, a former senior internal auditor at Morrisons who posted the personal information on the internet. He was jailed for eight years in 2015 for fraud, securing unauthorised access to computer material and disclosing personal data.

His 2015 trial at Bradford Crown Court heard that Skelton bore a grudge against his employer after he was subjected to disciplinary action for using the company's post room to conduct eBay deals.

A package suspected to contain illegal drugs was found in the mail room at Morrisons' Bradford headquarters and Skelton was only allowed to return to work after the substance was tested and found to be a legal dietary aid. He was, however, given a warning for running an eBay business using the supermarket's mail room.

The jury heard he wrote a draft resignation letter at the time of the warning in 2013 speaking of his "anger and frustration". He then leaked the data and alerted newspapers and websites. He attempted to cover his tracks by implicating a fellow employee, using the colleague's details to set up a fake email account, the trial heard.

When the supermarket was alerted to the data breach, Morrisons acted quickly to take down the material. It also offered identity theft protection and to compensate anyone who suffered fraud as a result of the leak. Morrisons incurred costs of almost £2m, including professional and legal fees, for dealing with the fall out.

Paul Glass, partner at law firm Taylor Wessing, said the outcome of the High Court lawsuit will be scrutinised by other companies because there have been few cases to test the law in this area.

"The facts are quite specific in this case. However I think companies will be watching this case closely to see what the court decides on some of the data protection claims being run such as the argument that Morrisons failed to take appropriate steps to protect data," he said.

"I would expect to see more of a shift to the US model where after a data breach companies could in future expect to receive class action type lawsuits," he said, adding that it may force companies to check their liability insurance to be sure it covers such incidents.

Suzanne Horne, partner at law firm Paul Hastings, called it a "watershed case" for companies. "There is only so much companies can do to protect data - you can train staff and put policies and technology in place but how do you prevent a rogue employee with their own agenda?" she said.

The lawsuit is being brought by law firm JMW Solicitors. Nick McAleenan, a partner and data privacy law specialist at JMW, said: "At the trial in October, the court will decide whether Morrisons bears any legal responsibility for the misuse and disclosure of the payroll information of the many thousands of people bringing claims in this case."

Data breaches are becoming more common. Equifax, the US credit-reporting company, recently admitted that as many as 400,000 UK consumers might have had their personal information stolen.

Payday lender Wonga in April warned 250,000 current and former customers that there might have been "illegal and unauthorised access" to personal data, and last October UK telecoms group TalkTalk was hit with a record £400,000 fine after the personal data of more than 150,000 customers were stolen in a cyber attack in 2015.


(10th December 2017)


LONDON'S BEST AND WORST BOROUGHS FOR BUS CRIME
(London Evening Standard, dated 3rd December 2017 author Francesca Gillett)

Full article [Option 1]:

www.standard.co.uk/news/crime/revealed-london-s-best-and-worst-boroughs-for-bus-crime-a3708816.html

Westminster has topped the list as the worst London borough for bus crime, figures have revealed.

New analysis of stats found the number of sexual offences reported on the capital's buses rocketed this year, despite overall crime on London buses dropping by nearly seven per cent.

After Westminster, the boroughs of Hackney and Camden recorded the most crime on buses followed by Haringey, Lambeth and Islington.

The safest borough for bus crime was leafy Richmond, followed by Kingston, Sutton and Harrow.

The data, which covered all 32 London boroughs except the City of London, comes from the Office for National Statistics and Transport for London and was analysed by website Locksmith Service.

It revealed the total number of crimes committed on buses between January and June this year was 7,957, down by 6.9 per cent from 8,545 crimes in the same period last year.

The most common crime was theft, which accounted for nearly half of all offences committed on the capital's buses.

A close second was violent offences, with 3,034 such offences committed.

Despite most crimes dropping, the number of sexual offences committed on the buses rocketed by nearly 10 per cent, the data showed.

Ealing, which was rated eighth for highest number of bus crimes in 2016, appears to have been safer in 2017, dropping out of the top 10 list.

Lambeth, which was second worst for bus crime last year, also recorded fewer crimes in 2017, dropping to fifth place.

Steve Burton, TfL's director of enforcement and on-street operation, highlighted the fact crime on the bus network is falling.

He said: "Our top priority is the safety and security of passengers who make around 15 million journeys on our services each day. The transport network is a safe, low crime environment with very few people ever experiencing or witnessing crime."

"In contrast to national trends, crime on the bus network is falling, but we will continue to work closely with the police to ensure that offenders are dealt with robustly and that our staff and Metropolitan Police Officers are on hand to help customers who need assistance.

"This includes continuing work on our important 'Report It to Stop It' campaign, which is encouraging victims of sexual offences to come forward and report crimes."

London red bus crime rates (per London borough, January - June 2017)

1. Westminster :557
2. Hackney : 513
3. Camden : 461
4. Haringey : 459
5. Lambeth : 455
6. Islington : 453
7. Southwark : 412
8. Newham : 330
9. Lewisham : 272
10. Croydon : 266
11. Barnet : 253
12. Brent : 253
13. Ealing : 248
14. Hillingdon : 224
15. Enfield : 221
16. Hammersmith and Fulham : 217
17. Waltham Forest : 213
18. Greenwich : 211
19. Tower Hamlets : 203
20. Wandsworth : 194
21. Redbridge : 190
22. Hounslow : 180
23. Bromley : 156
24. Havering : 147
25. Kensington and Chelsea : 135
26. Barking and Dagenham : 128
27. Merton : 114
28. Bexley : 111
29. Harrow : 110
30. Sutton : 98
31. Kingston upon Thames : 87
32. Richmond upon Thames : 86

(10th December 2017)


BENEFIT FRAUD SURGES BY £200m IN A YEAR
(The Telegraph, dated 1st December 2017 author Gordon Rayner)

Full article [Option 1]: www.telegraph.co.uk/news/2017/12/01/benefit-fraud-200m-year/

Benefit fraud has reached record levels after it rose by £200?million in the space of a year, the Department of Work and Pensions has admitted.

Fraud swallowed up almost £2.1?billion of the department's total budget of £174?billion - the equivalent of £40?million per week.

It means that the DWP now loses almost twice as much money to fraud as the entire budget of the Foreign Office, which is £1.1?billion per year. MPs said David Gauke, the Work and Pensions Secretary, now had "questions to answer" over why the figures have gone up despite repeated assurances that they would be brought under control.

Figures released by the DWP show that in 2016/17 the total amount of money lost to "overpayments" - which counts both fraud and errors by staff - stood at £3.6?billion, up £300?million from the previous year.

Around £1.1?billion of that money was recovered, meaning net losses stood at £2.5?billion. Fraud accounted for 1.2 per cent of the entire DWP budget, compared with 1.1 per cent the previous year, largely because housing benefit fraud was at its highest ever level of 4.5 per cent.

The new Universal Credit system was also targeted by fraudsters, with £50?million lost. Another £40?million was lost to errors by staff and claimants. The DWP claimed part of the reason fraud had gone up was because of better methods of gathering information on it, but a spokesman admitted that did not explain the overall increase in overpayments.

Frank Field, the ?Labour MP and chairman of the work and pensions select committee, said: "David Gauke has got some questions to answer about this. After the Chancellor, the Secretary of State for Work and Pensions has arguably the most important job in Government because of the size of the department's budget.

"The Government is losing huge amounts of money at the same time as it is making a mess of the roll-out of Universal Credit."

A DWP spokesman said: "We have brought in reforms to improve detection, prevention and recovery and our fraud investigators work tirelessly to bring criminals to justice. Last year we prosecuted around 5,000 fraudsters and issued around 6,000 administrative penalties and recovered a record £1.1? billion in overpaid benefits.

"Meanwhile, Universal Credit will reduce fraud and error by £1.5?billion when it is fully rolled out."

In September, Judge Nicholas Dean QC criticised the DWP for failing to tackle benefits cheats and said that people should be forced to pay back money sooner.

(10th December 2017)


BAN ON RUSSIAN ANTI-VIRUS SOFTWARE IN GOVERNMENT
(The Times, dated 2nd December 2017 author Nadeem Badshah)
www.thetimes.co.uk [Option 1]

All government departments have been ordered to stop using Russian anti-virus software after GCHQ said that it was being used to steal national state secrets.

Theresa May said last month that Russia was attempting to "weaponise information" and threaten the international order.

The National Cyber Security Centre (NCSC), part of GCHQ, has written to all government departments alerting them to the risks of using the anti-virus products for systems related to national security. Ciaran Martin, the centre's chief executive, said: "The NCSC advises that Russia is a highly capable cyberthreat actor which uses cyber as a tool of statecraft. This includes espionage, disruption and influence operations. Russia has the intent to target UK central government and the critical national infrastructure."

He said that Russia had targeted British infrastructure, including power and telecoms, and that analysis showed that "Russian state intent is that it targets national security interests".

In the new government guidance, Ian Levy, the centre' technical director, says: "The Prime Minister set out very clearly in her Mansion House speech that the Russian state is acting against the UK's interest in cyber space. It follows that we need to do everything we can to reduce the risk of successful Russian attack, and this is much, much more complicated than just trying to take companies with Russian flags out of your supply chain.

"There's a comprehensive strategy to counter cyberattacks from all adversaries, and the National Cyber Security Strategy sets out the totality of the capabilities we use to protect the UK."

The security company Kaspersky Lab has denied allegations in the United States that it is used by the Russian state for espionage. The company which is used by some British government departments and an estimated 400 million people worldwide, was accused of downloading classified material from a home computer in the US.

Eugene Kapersky, the chief executive and co-founder, told the BBC: "We would never do that. It's simply not possible. It's not true that the Russian state has access to the data. There are no facts about that."

-----------------------
BARCLAYS BANK ENDS KASPERSKY ANTI-VIRUS PRODUCT OFFER TO ONLINE CUSTOMERS AS A "PRECAUTION"
(International Business Times, dated 2nd December 2017 author Gaurav Sharma)

Full article [Option 1]:

www.ibtimes.co.uk/barclays-stops-offering-kaspersky-anti-virus-products-online-banking-customers-1649908

Barclays bank has stopped offering free Kaspersky anti-virus products to new online banking customers following an official UK government warning about Russian software.

In an email to 290,000 online banking customers on Saturday (2 December), Barclays said: "The UK government has been advised to remove any Russian products from all highly sensitive systems classified as secret or above.

"We've made the precautionary decision to no longer offer Kaspersky software to new users. However, there's nothing to suggest that customers need to stop using Kaspersky."

Barclays said it treated the security of its customers "very seriously". The offer was available at the point of use to internet banking customers to boost their security via a free 12-month free trial.

A spokesman for Kaspersky told IBTimes UK the company was very "disappointed" that Barclays had discontinued its offer to its customers.

Earlier in the day, it was revealed that the UK National Cyber Security Centre - the country's authority on cyber security and part of GCHQ - is writing to all government departments telling them Russian security software could be exploited by Moscow.

Ciaran Martin, head of the National Cyber Security Centre, said: "Russia is acting against the UK's national interest in cyberspace."

"It seeks to target UK central government and the UK's critical national infrastructure." He advised that "a Russia-based provider should never be used" for systems that deal with issues related to national security.

However, the agency did note it is not advising the public at large against using Kaspersky's popular antivirus products.

(10th December 2017)



NOVEMBER 2017

UBER DATA BREACH - THE STORY SO FAR

-----------------------
UBER CUSTOMERS : BEWARE THIS SCAM
(INC, dated 29th November 2017 author Joseph Steinberg)

Full article [Option 1]: www.inc.com/joseph-steinberg/uber-customers-beware-this-scam.html

Criminals are exploiting the news that Uber suffered a serious data breach to inflict more harm on Uber customers. As if it the pilfering by hackers of the names, email addresses, and mobile-phone numbers of 57 million customers of the ride service as well as the driver's license numbers of 600,000 Uber drivers was not bad enough, criminals are now crafting sophisticated phishing emails that prey on the same group of people.

There are multiple variants of the scam -- and surely more to come.

Various realistic-looking phishing emails appear to come from Uber and apologize for the breach. Some request that the user reset his/her password so as to ensure that any passwords compromised in the breach cannot be used by criminals. This may appear to be sound advice - and it actually might be if it were not for the fact that the password reset link provided in the email directs clickers to a bogus Uber site run by criminals in order to collect passwords. Of course, the site asks you to enter your "old password" along with your desired new password.

Another variant of the phishing email contains a profound apology for the breach, and offers the customer a $50 credit towards rides on Lyft, Uber's main competitor in many markets. While anyone who spends a moment thinking about the offer should realize that it is likely bogus - why in the world would Uber be both providing its primary competitor with revenue and directing its already upset customers to that primary competitor - people have a tendency to act without thinking when offered "free money" which they think may no longer be available if they do not act quickly.

Other variants of the phishing scam already exist, and more will continue to appear in the upcoming weeks.

So, if you are an Uber customer -- or ever were an Uber customer -- stay vigilant and suspect that any emails that you receive either asking you to take action to protect your Uber account, or promising you compensation for the breach, are likely scams. Of course, it is a good idea to change your Uber password - but do so by using the app on your phone, not by clicking links in an email that was sent to you by someone of whose identity you simply cannot be certain.

-----------------------
UBER SAYS 2.7m BRITS HIT BY BREACH THAT WAS COVERED UP
(BBC News, dated 29th November 2017)

Full article : www.bbc.co.uk/news/technology-42169813

Uber has revealed that 2.7 million British riders and drivers were affected by a 2016 data breach that it covered up for more than a year.

A total of 57 million worldwide had data exposed in the breach, but the firm had not specified how many were UK-based before.

The stolen information includes names, email addresses and phone numbers and - for US drivers - licence numbers.

Uber should notify UK users who have been affected, the data regulator said.

According to Uber, the 2.7 million figure is "approximate rather than an accurate and definitive account" - this is because the information gathered by the firm's app does not always specify where users live.

A spokesman for Uber told the BBC the firm is not able to clarify how many UK drivers are included in the 2.7 million.

The firm has said it has a total of five million active users and 50,000 drivers in the UK.

The Information Commissioner's Office (ICO) had previously said it had "huge concerns" about the breach.

Responding to the latest news, a spokesman for the ICO said: "As part of our investigation we are still waiting for technical reports which should give full confirmation of the figures and the type of personal data that has been compromised."

"We would expect Uber to alert all those affected in the UK as soon as possible."

Similarly, the UK's Minister of State for Digital, Matt Hancock, said, "The Government expects Uber to respond fully to the incident with the urgency it demands and to provide the appropriate support to its customers and drivers in the UK."
'Shocking' development

The ICO believes the data could be used by scammers trying to target victims of the breach.

Both Uber and the ICO have directed users to advice from the UK's National Cyber Security Centre that was published following news of the breach.

The latest development was described as "shocking" by London Mayor Sadiq Khan.

"Uber needs to urgently confirm which of their customers are affected, what is being done to ensure these customers don't suffer adversely, and what action is being taken to prevent this happening again in the future," he said.

When news of the breach was revealed last week, chief executive Dara Khosrowshahi said, "None of this should have happened, and I will not make excuses for it."

The story was first broken by Bloomberg, which reported that Uber not only sought to cover up the incident but also paid hackers $100,000 (£75,000) to delete the data they had stolen

-----------------------
EU's DATA PROTECTION BODS JOIN THE PARTY TO INVESTIGATE UBER BREACH
(The Register, dated 24th November 2017 author Rebecca Hill)

Full article [Option 1]:

www.theregister.co.uk/2017/11/24/eu_data_protection_watchdogs_to_investigate_uber_data_breach/

The massive Uber data breach will be discussed by the European Union's data protection authorities next week.

The group, known as the Article 29 Working Party, is meeting on November 28-29 and has put the hack, which affected 57 million users, high on its agenda.

A spokeswoman for the group, which is chaired by Isabelle Falque-Pierrotin from France's data protection authority, said that the aim was to better coordinate national investigations.

This might include writing to Uber's CEO to push for full information to be released - as it did for the Yahoo data breach - or to launch a full taskforce.

The spokeswoman noted that the group had already formed taskforces for Google, Facebook and Microsoft in the past.

And one was recently set up to investigate WhatsApp's privacy policies, which it said are at odds with the EU's data protection laws.

Elsewhere in its meeting, the group will consider the first annual review of the Privacy Shield agreement that governs transatlantic data flows.

Uber has, as yet, failed to offer authorities any further information about those affected by the breach, which happened in October 2016 but was only revealed this week.

A spokeswoman for the biz said that this information would not be released until it completes the process of notifying regulators and government authorities, and "expect to have ongoing discussions with them".

Meanwhile, the breach was discussed in UK Parliament yesterday, where digital minister Matt Hancock confirmed that the first he heard of it was in media reports.

"As far as we are aware, the first notification to UK authorities - whether the Government, the [Information Commissioner's Office] or the [National Cyber Security Centre] - was through the media," Hancock told MPs.

Wes Streeting, Labour MP for Ilford North, said it was "outrageous" that Uber had hushed up the breach, and urged the government to sever ties with the ride-hailing firm.

***********************

I am pro-tech, pro-competition and pro-innovation, but given that Uber stands accused by the Metropolitan Police of failing to handle serious allegations of rape and sexual assault appropriately, given that Uber has to be dragged through the courts to provide its drivers with basic employment rights and to pay its fair share of VAT and given that we now know that Uber plays fast and loose with the personal data of its 57 million customers and drivers, is it not time that the Government stopped cosying up to this grubby, unethical company and started standing up for the public interest?

************************

Hancock didn't respond directly to that comment, instead noting that taxi licensing was an issue for local authorities, as well as taking the opportunity to plug the higher fines that would be available to the ICO under the government's proposed Data Protection Bill.

------------------------

UBER SCANDAL - BRITAINS SPY CHIEFS BEGIN INVESTIGATING COVER-UP OF 57 MILLION CUSTOMERS
(The Telegraph, dated 22nd November 2017 authors Robert Mendick and Margi Murphy)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/11/22/british-spy-chiefs-launch-investigation-uber-hacking-scandal/

Britain's spy agencies have begun an investigation into the cover-up of a data hack of 57 million Uber customers that undermines the firm's attempts to win back its London licence.

The National Cyber Security Centre (NCSC) announced the inquiry on Wednesday as further details emerged of the data hack that took place a year ago but which Uber kept secret.

The NCSC, which is part of the GCHQ intelligence agency, is investigating the extent of the breach and the failure of Uber to report it to authorities at the time.

The National Crime Agency (NCA), Britain's equivalent to the FBI, is also involved suggesting the hackers may even have been British-based while the Information Commissioner's Office (ICO) warned that Uber faced "higher fines" for its concealment.

Sadiq Khan, London's mayor, said the cover-up was "of real concern" ahead of a legal appeal by Uber against the loss of its London licence.

The taxi-hailing app firm continues to operate in the capital, pending the appeal which starts with a preliminary hearing in early December.

Uber was stripped of its private hire licence by Transport for London (TfL) in September after it concluded the US-based tech company was "not fit and proper" to have it renewed. The timing of the disclosure of the hack could not be worse.

Uber, which is valued at almost $70 billion, revealed on Tuesday that it had paid a $100,000 ransom (about £80,000) to two hackerswho stole data about the company's customers and drivers in October 2016.

Uber tracked down the hackers and requested they sign non-disclosure agreements to keep the breach secret, according to the New York Times. The firm is then accused of hiding the reason for the payment by claiming the hackers had been employed by Uber to look for weaknesses in its computer security.

The hackers stole the names, email addresses, and phone numbers of 57 million customers. Uber continued to refuse last night to disclose how many UK customers are affected.

The NCSC confirmed its was investigating and warned Uber over its conduct.

A spokesman said: "Companies should always report any cyber attacks to the NCSC immediately. The more information a company shares in a timely manner, the better able we are to support them and prevent others falling victim.

"We are working closely with other agencies including the NCA and ICO to investigate how this breach has affected people in the UK."

The ICO, the UK's information watchdog, said it had also begun an inquiry.

James Dipple-Johnstone, ICO's deputy commissioner, said: "Uber's announcement about a concealed data breach last October raises huge concerns around its data protection policies and ethics.

"If UK citizens were affected then we should have been notified so that we could assess and verify the impact on people whose data was exposed."

Mr Dipple-Johnstone added: "Deliberately concealing breaches from regulators and citizens could attract higher fines for companies."

Mr Khan said: "Today's news is of real concern... TfL are pressing Uber for the full details of what has happened."

Dara Khosrowshahi, Uber's new chief executive who only took charge in August, said the cover-up should never "have happened and I will not make excuses for it". The company's security officer Joe Sullivan was sacked as a result.

Uber, which has 65 million 'active riders' globally, has been beset by scandal in recent months including claims of sexual harassment. TfL had refused to renew its London licence after concluding Uber's conduct lacked 'corporate responsibility' in relation to reporting serious criminal offences committed by drivers.

-----------------------

(1st December 2017)


SHIPPING FIRM CLARKSONS BRACES FOR DATA LEAK AFTER REFUSING TO PAY HACKER
(The Guardian, dated 29th November 2017 author Rob Davies)

Full article [Option 1]:

www.theguardian.com/technology/2017/nov/29/shipping-charksons-data-hacker-cyber-attack

Shipping company Clarksons is bracing for a tranche of private data to be released, after refusing to pay a ransom to a hacker who staged a "criminal attack" on its computer systems.

In a statement to the stock market, the world's largest shipbroker said it was working with specialist police and contacting customers who may have been affected after a "cybersecurity incident".

"As soon as it was discovered, Clarksons took immediate steps to respond to and manage the incident," the company said.

"Our initial investigations have shown the unauthorised access was gained via a single and isolated user account which has now been disabled."

"Today, the person or persons behind the incident may release some data."

Shares in Clarksons fell by more than 2% after the announcement, despite the company's insistence that the hack would not affect its ability to do business.

The shipbroker arranges charter ships to transport goods, as well as helping shipping companies raise finance and providing services such as logistics and equipment.

Andi Case, the Clarksons chief executive, said: "Issues of cybersecurity are at the forefront of many business agendas in today's digital and commercial landscape, and despite our extensive efforts we have suffered this criminal attack.

"As you would rightly expect, we're working closely with specialist police teams and data security experts to do all we can to best understand the incident and what we can do to protect our clients now and in the future.

"We hope that, in time, we can share the lessons learned with our clients to help stop them from becoming victims themselves.

"In the meantime, I hope our clients understand that we would not be held to ransom by criminals, and I would like to sincerely apologise for any concern this incident may have understandably raised."

Clarksons is just the latest company to be hit a major cyber-attack, joining a list that includes Uber, Deloitte, Yahoo, Equifax and extramarital affairs website Ashley Madison.

"Clarksons would like to apologise to shareholders, clients and staff for any concerns this incident may raise," the company said.

Since being hacked, Clarksons said it has consulted data security experts and is investing "heavily" to shore up its defences, amid a broader cybersecurity review.

the cyber-attack comes a year after the company issued a profit warning, blaming a drop-off in global trade.

(1st December 2017)


SEX GANGS RUN "POP-UP" BROTHELS TO DODGE POLICE, EUROPOL BOSS WARNS
(London Evening Standard, dated 28th November 2017 author Martin Bentham)

Full article [Option 1]:

www.standard.co.uk/news/crime/sex-gangs-run-popup-brothels-to-avoid-police-detection-experts-warn-a3703611.html

Human traffickers are getting "smarter" at avoiding detection, Europe's leading law enforcement official said today.

Rob Wainwright, director of Europol, said organised criminals were using surveillance technology to monitor victims and running "pop-up brothels" to move women rapidly from place to place to make it harder to find them.

He told the Standard: "Some of the trends we are seeing indicate that the traffickers are getting smarter to avoid detection. The phenomenon of the pop-up brothel, where the victims are moved very frequently not just from premise to premise but from town to town around the UK. They are getting smarter, rotating the victims around.

"We are also seeing physical surveillance systems online, like the webcam to check up on them, using technology to make their business more efficient. There are trends which indicate the criminals are getting better."

Mr Wainwright, whose comments, which follow the conclusion of a special investigation by this newspaper, said the scale of trafficking was "huge".

Europol co-ordinates law enforcement activities in the European Union and has identified "just under 10,000 criminal suspects" during investigations into human trafficking since the start of last year. These included about 130 suspects arrested during a week-long "concentrated attack on labour exploitation" in May across 26 countries. There were also 71 arrests during a purge on child traffickers last month. Seventy-five child victims were rescued.

Mr Wainwright said trafficking was a widespread problem around Europe, adding: "Most are not willing victims, they are duped by false promises and then exploited on arrival. They have their passport removed, are subjected in the first 48 hours to violent assault and are kept in a very intimidating, violent environment and forced to work in the sex trade or labour trade."

On child victims, Mr Wainwright said: "Tens of thousands of children under the age of 16 have arrived unaccompanied, put up in reception centres in Italy for example, and in many cases they have gone missing. Clearly they are vulnerable to being exploited."

Mr Wainwright said a failure by Britain to retain participation in European systems for exchanging data and intelligence would harm it and EU states.

He said: "The nature of the threat that we face is much more transnational, much more a common threat in Europe, and requires a cohesive, integrated response. Now is not the time for that effort to be broken up. There's a real understanding of that in Brussels and London and because of that I'm positive."

(1st December 2017)


INDIA TOP CYBERCRIME HOTSPOTS IN ASIA PACIFIC
(Business World, dated 28th November 2017 author BW Online Bureau)

Full article [Option 1]:

http://businessworld.in/article/India-Top-Cybercrime-Hotspots-In-Asia-Pacific-ThreatMetrix-Report-/28-11-2017-133071/

India is amongst the top cybercrime hotspots in the Asia Pacific and is also suspects to the highest number of malware infections, says a study by US-based Global Security firm ThreatMetrix.

The study "Asia Pacific Cybercrime Report" says that "China, India, Japan, and Vietnam are some of the top cybercrime hotspots in the world". It further said that the Asia-Pacific region continues to demonstrate its susceptibility to malware, with Indonesia, India, and the Philippines among the top countries with the highest number of malware infections. Online banking is a key target as fraudsters attempt to monetize stolen and spoofed identity credentials resulting from numerous data breaches around the world said the study.

It said that online banking is a key target as fraudsters attempt to monetize stolen and spoofed identity credentials resulting from numerous data breaches around the world.

With the risk of cyber threats to Indian digital payment systems, ThreatMetrix recently announced its partnership with BSE-listed RS Software (India) to accelerate the adoption of secure digital payments in India. The joint solution provides a scalable, adaptive and cost-effective solution, with insights built from the Unified Payments Interface (UPI) and the Bharat Bill Payment System (BBPS), as well as from the ThreatMetrix Digital Identity Network, which analyses transactions from 1.4 billion anonymized users worldwide.

"With digital transactions soaring in India, the opportunity is huge. Banks are rolling up their sleeves to streamline their fragmented merchant acquiring business for Digital India and are adopting state-of-the-art technologies to facilitate this change," said Pascal Podvin, SVP of Field Operations for ThreatMetrix.

Raj Jain, Chairman and Managing Director, RS Software said with its mobile-first and API-driven approach, the combined solution can be plugged in seamlessly to enable secure payments, less chargebacks and more confidence among consumers and merchants.

ThreatMetrix report said that the emerging digital landscape has fueled strong pockets of fraud, as India emerges as both a fraud originator and a destination for attacks. "One in ten transactions in India is rejected. Cash on delivery fraud sometimes happens in collusion with a shipping company, which has prompted retailers to block transactions or shipping in certain regions. This contributes to the high IP spoofing rates, as fraudsters attempt to bypass location blocks".

India is a fast-growing digital economy with a strong growth in eCommerce, FinTech and online banking. While a large proportion of the population remains unbanked and underbanked, internet and mobile penetration is growing rapidly. As such, mobile is quickly becoming the bridge to drive financial inclusion where traditional forms of banking methods aren't accessible. This is evidenced by the fact that mobile transactions now makeup around half of all India's transactions and have doubled since 2015.

(1st December 2017)


EUROPOL OPERATION SEIZES 20,000 ROGUE WEBSITES PEDDLING COUNTERFEIT LUXURY GOODS AND DRUGS
(International Business Times, dated 28th November 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/europol-operation-seizes-20000-rogue-websites-peddling-counterfeit-luxury-goods-drugs-1649222

In a massive operation against online piracy, European police forces have seized more than 20,500 web domains used to peddle counterfeit goods.

The websites were selling luxury products, sportswear, electronics and pharmaceuticals across online marketplaces and social networks, according to law enforcement investigators.

The results were published as part of an operation dubbed "In Our Sites" (IOS), a global effort launched in 2014 which draws on expertise from 27 EU member states and is spearheaded by Europol's Intellectual Property Crime Coordinated Coalition (IPC³).

On Monday (27 November) Europol said that a total of 7,776 websites had been seized in previous swoops while this year's operation, codenamed IOS VIII, resulted in 20,520 seized domain names being scrubbed from the web after they were caught illegally selling counterfeit merchandise.

Rob Wainwright, director of Europol, said: "This excellent result shows how important and effective cooperation between law enforcement authorities and private-sector partners is, and how vital it is if we are to ultimately make the internet a safer place for consumers."

The European police agency said that counterfeiters running rogue websites were becoming more sophisticated and warned that the web continued to offer criminals increased anonymity.

On its website, Europol elaborated: "When shopping online, you are more likely to fall victim to counterfeiters. In a digital environment, without the physical product to look at and feel, it can be more difficult for you to spot the differences.

"Some illicit websites selling counterfeits are so sophisticated that it is hard to detect that they are scams. Infringers are also exploiting mobile app stores as an ideal shop front. Users are less likely to question the legitimacy of an app, especially if it appears in an official app store."

Nick Annan, acting director of the National Intellectual Property Rights Centre, said: "Targeting copyright-infringing websites that market dangerous counterfeit goods to consumers and engage in other forms of intellectual property theft will continue to be a priority.

"Strengthening our collaboration with police authorities around the world and leaders of industry will reinforce the crackdown on IP crimes, and demonstrate that there is no safe haven for criminals committing these illicit activities."

According to Europol, some of the most popular counterfeit goods sold online includes fake designer watches, dodgy electronics, cosmetics, clothing, drugs, children's toys and car parts. "You will receive product other than the one you ordered or even an empty box," it warned.

(1st December 2017)


SLAVERY LAWS WILL TACKLE UK CRIMINAL GANGS WHO GROOM CHILDREN AS YOUNG AS 12 TO BE DRUG MULES
(International Business Times, dated 27th November 2017 author Brendan Cole)

Full article [Option 1]:

www.ibtimes.co.uk/slavery-laws-will-tackle-uk-criminal-gangs-who-groom-children-young-12-be-drug-mules-1648980

Modern slavery laws will to be used to tackle British criminal gangs who exploit and groom children to be drug runners.

The National Crime Agency (NCA) says that gangs are grooming children as young as 12 to carry drugs between cities and rural areas in the UK with some 700 such operations, known as the "county lines" drug trade, being identified, the Times reported.

Two upcoming trials will see alleged drug dealers charged under human trafficking and modern slavery legislation, which would meant bigger sentences given if there is a conviction.

Also, having the stigma of grooming to the drug trade attached is hoped to curb the practice.

Joe Caluori who leads the work of 21 London councils tackling the practice of "county lines" said there are thousands of young people caught up in the networks.

County lines have spread London-style gang warfare to the provinces in a tactic used by gangs in Manchester, Birmingham and Liverpool.

Caluori told the Times: "The tactics used by gangs to enforce their power over young people and their families include kidnap, torture, severe physical attacks, threats to rape and kill - and the violence is increasing all the time as the amounts of money coming back down the lines increases".

Detective Superintendent Tim Champion, who is behind the test cases said: "We are looking to ensure that all the pressure is put on the organisers of drug trafficking, and not the young people running the drugs."

After the court cases are concluded, other forces may introduce similar measures and police officers are being trained to spot potential victims of exploitation and trafficking.

Kevin Hyland, the independent anti-slavery commissioner, said the Modern Slavery Act legislation would mean a different approach to tackling the drug trade because it "exists to bring people to justice who trade in and exploit others as a commodity and that is what is happening with county lines.

"Young people are being trafficked and enslaved by organised crime groups," he said.

(1st December 2017)


RECORD INCREASE IN "MONEY MULE" CASES AMONG UK YOUNG PEOPLE
(The Guardian, dated 27th November 2017 author Vikram Dodd)

Full article [Option 1]:

www.theguardian.com/uk-news/2017/nov/27/rmoney-mule-uk-young-people-bank-accounts

Record numbers of young people are letting their bank accounts be used by criminals engaged in terrorism and other serious offences, it has been claimed.

The past year saw a 105% increase in cases of "money muling" for those aged 21 years or under, to 6,484 cases, where seemingly innocent bank accounts are used to launder criminal proceeds.

Simon Dukes, chief executive of Cifas, the UK's fraud prevention service, said: "The criminals behind money mules often use the cash to fund major crime, like terrorism and people-trafficking. We want to educate young people about how serious this fraud is in the hope that they will think twice before getting involved."

Cifas says there were 8,652 cases of bank accounts belonging to 18- to 24-year-olds being misused in the first nine months of this year, a 75% increase in the last 12 months. That is double the number in 2013 when there were 4,315 cases.

Experts say one fraud asks people to reply to job adverts or social media posts that promise big sums of money way in excess of the work that will be needed.

Katy Worobec, head of fraud and financial crime prevention, at UK finance, which represents banking and financial companies, said: "Money muling is money laundering and criminals are using young people as mules in increasing numbers. We know that students are particularly vulnerable as they are often short of cash.

"When you're caught, your bank account will be closed, making it difficult to access cash and credit. You could even face up to 14 years in jail. We're urging people not to give their bank account details to anyone unless they know and trust them. If an offer of easy money sounds too good to be true, it probably is."

(1st December 2017)


RELAY CRIME - POLICE RELEASE FOOTAGE OF NEW TYPE OF VEHICLE ROBBERY
(Sky News, dated 26th November 2017)

Full article [Option 1]:

https://news.sky.com/story/relay-crime-police-release-footage-of-new-type-of-vehicle-robbery-11145015

Footage of one of the first "relay crimes" to be caught on camera has been released by police, in which thieves steal vehicles without needing the keys.

In the CCTV, two men in white suits and masks were seen pulling up outside a victim's house in the Elmdon area of Solihull carrying relay boxes.

They used one box to receive a signal from a car key inside the property and then transferred the signal to a second box next to the targeted Mercedes on a driveway.

The car's system was tricked into thinking the key was present and the thieves were able to unlock the vehicle.

The crime took less than a minute and the Mercedes which was stolen around 9pm on 24 September has not yet been recovered.

The devices can receive signals through walls, doors and windows, but not metal.

"To protect against this type of theft, owners can use an additional tested and Thatcham-approved steering lock to cover the entire steering wheel," said Mark Silvester from the West Midlands Police crime reduction team.

"We also recommend Thatcham-approved tracking solutions fitted to the vehicle," he added.

"It is always worth speaking to your main dealer, to ensure that your car has had all the latest software updates and talk through security concerns with them."

Sergeant Tim Evans of Solihull Police said: "It's important the public are reassured that we are taking proactive steps to tackle this type of crime in Solihull.

"We hope that knowledge of this type of crime will enable members of the public to take simple steps to secure their vehicle and assist us."

(1st December 2017)



SPEED WARNINGS FROM RADAR GUNS SLOW DOWN CYCLISTS

(The Times, dated 25th November 2017 author Graeme Paton)
www.thetimes.co.uk [Option 1]

Cyclists are being subjected to automatic speed checks for the first time as part of plans to encourage them to slow down.

A council in east London is believed to be the first in the country to introduce radar technology, similar to that used in roadside cameras, to cut speeds among cyclists.

Two speed indicator devices have been installed on a cycle lane through a popular park in Hackney after complaints from other users that some bikes are going too fast.

The system, which cost £13,328, uses radar to identify oncoming bikes and presents cyclists with a green "happy" face if they are travelling at less than 12mph, which is the limit set by park bylaws. Those travelling at more than 12mph are shown a red frown with the words "slow down".

Hackney, which has the highest number of residents cycling to work in the country, said that the measures were designed to raise awareness of excessive speed. The council said there were no plans to use the technology to penalise cyclists.

In some other parks hand-held radar guns have been used to stop speeding cyclists. Jeremy Vine, the BBC Radio 2 presenter, told how he was clocked by police using a mobile device in Hyde Park three years ago. A year later a cyclist was fined £400 for riding at 38mph through Richmond Park in sout-west London.

The Hackney signs have been installed in the past month at either end of the main north-south lane through London Fields, which is used by about 4,000 cyclists a day. The radar picks up objects moving above a certain speed, believed to be 6mph. The signs are accompanied by lines of granite stones set into the cycle path to act as rumble strips, alerting cyclists to pedestrian crossing points.

Westcotec, the Norfolk based traffic safety company that installed the system, said it was the first time that it had used the technology for cyclists.

It follows the conviction of Charlie Alliston, 20, who knocked over and killed a pedestrian, Kim Briggs, 44, as he sped through central London on a bike with no front brakes. He was jailed for 18 months in September.

Feryal Demirci, Hackney councils cabinet member for neighbourhoods, transport and parks, told The Times that London Fields was an "established route for communters".

"London Fields is not a road", she said. "Local residents walk, use wheelchairs, push buggies and exercise their dogs in the park every day.

"Green spaces are places to relax, breathe and take it easy, so we want people on bikes to drop their speed a little bit, look out for others and make sure everyone can enjoy the park."

A brain injury charity backed calls for compulsory cycle helmets yesterday after the government said it could consider the measure as part of a safety review. Headway said it strongly believed that all cyclists, particularly vulnerable road users such as children, should wear protection.

The comments we echoed by James Crackne, the Olympic rower, who suffered bruising to the brain after being hit by a lorry's wing mirror in the United States. He said he could have been killed if he had not been wearing a helmet.

Compulsory helmets are opposed by cycling groups who say that they actually deter many people from getting on a bike, with serious knock on health effects.

(1st December 2017)



SCOTLAND YARD FRAUD UNIT USING ROOKIE PC's DUE TO STAFF SHORTAGE, CLAIM FORMER OFFICERS
(London Evening Standard, dated 24th November 2017 author Justin Davenport)

Full article [Option 1]:

www.standard.co.uk/news/crime/scotland-yard-fraud-unit-using-rookie-pcs-due-to-staff-shortage-claim-former-officers-a3700966.html

Major fraudsters are escaping justice because of a shortage of detectives in Scotland Yard's specialist unit, it was claimed today.

Two former officers said the cyber and fraud investigation unit was so short of trained investigators they are recruiting constables straight from basic training to help in complex cases.

They claim that many detectives had either been transferred into counter-terrorism after the recent attacks in London or diverted to help the Grenfell Tower investigation, and others were being lost to the private sector.

One of the two former officers, Suzanne Raftery, described her role in the elite Falcon cyber crime and fraud unit as analysing crime reports to see which were suitable to close before they were even investigated.

Ms Raftery said: "Our primary goal was to try to reduce the amount of crime that was getting passed to the Met from Action Fraud (the national fraud and cyber crime reporting centre).

"We would speak to victims and say 'I am sorry, we do not have the resources' because a lot of our staff have been seconded to Grenfell Tower or terrorist investigations."

She added: "You have people investigating fraud without fraud training. It's like saying to someone walking down the street, 'Hey, do you want to come and investigate a million-pound fraud'."

Her fellow former fraud squad officer James Mills said: "Detectives are being held on boroughs such as Camden and Hackney and not being released to go to specialist units.

"So the specialist units, such as Falcon, are having to recruit from the larger pool, the majority of whom are police constables. There are constables just out of basic training."

Ms Raftery, 38, and Mr Mills, 47, have set up a business called Requite Solutions to help companies or individuals investigate frauds and recover funds.

"They also criticised banks for failing to properly monitor suspicious activity on accounts and transactions.

Detective Chief Superintendent Mick Gallagher, who oversees the Falcon unit, said: "We have got some incredibly experienced officers in our cyber command and their results have been excellent with a 20 per cent detection rate.

"They also provide expert guidance to the public and private sector. We have lost staff but we have enough officers in cyber to make sure that we are functioning better than we ever have done."

Police say there are now 250 investigators in the unit compared with 100 when it was launched in 2014.

(1st Decemeber 2017)



POLICE RELUCTANT TO MAKE ARRESTS DUE TO SHARP FALL IN NUMBER OF CUSTODY SUITES
(The Telegraph, dated 24th November 2017 authors Robert Mendick, Martin Evans and Nicola Harley)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/11/24/police-reluctant-make-arrests-due-sharp-fall-number-custody/

Police are reluctant to make arrests because the closure of custody suites has led to hour-long trips to the nearest cells. Officers are now letting suspects go "and hoping for the best", the chairman of the Police Federation told The Daily Telegraph.

Since 2010, the number of custody suites in England - where offenders are taken after arrest - has dropped by as much as 50 per cent to 200, it is estimated. Further cuts are in the pipeline.

The number of arrests also fell sharply from 1.5?million to just under 780,000 in the decade from March 2008 to March 2017 - although there are a number of factors behind the drop, including a change in policy.

One force - Gloucestershire - has just one suite of cells to cover the entire county while Nottinghamshire, Bedfordshire, Cambridgeshire, Northamptonshire and Wiltshire have just two each.

The Police Federation, which represents rank and file officers, said the distances now being travelled to bring in suspects, was deterring front-line officers from making arrests. It could take four hours - the equivalent of half a shift - to drive an offender to a custody suite, process the suspect and then drive back to the town where the arrest was made.

Steve White, chairman of the Police Federation, said: "There has been a change in the mindset of many officers not to arrest unless they absolutely have to. What is going through their mind is that 'this person needs arresting, but there is no one left on the ground, is there going to be something else more pressing that I might have to deal with?' So what they are doing is letting someone off with a warning and hoping for the best. Hoping for the best that person does not go on to do something terrible."

Lord Blunkett, the former Labour home secretary, questioned why Philip Hammond, the Chancellor, had not made an additional £200?million available in his Budget to keep custody suites open or upgrade existing ones.

A number have been closed on health and safety grounds. "Scrapping custody suites costs more in the long-term because you have to transport people around, while taking police off front line duties," he said. "Arrests are bound to tumble because police know that in making an arrest they are taking themselves out of action."

Yvette Cooper, chairman of the Home Affairs Committee and a Labour MP, said: "For some officers to end up spending half their shift driving those they do arrest to custody suites miles out of their area is crazy."

In Wiltshire, officers complained of having to make a two-hour round trip from Salisbury to the nearest custody suite in Melksham, 30 miles away. In Somerset, the police cells in Yeovil were shut earlier this year and offenders are now driven 25 miles to Bridgwater, a journey that takes at least an hour. According to the local Police Federation, Sussex Police is considering closing two custody suites at either end of the county, which would lead to journey times of more than an hour.

Essex Police closed a custody suite in Basildon but is now expected to reopen it after the three-month trial proved unpopular with officers and residents.

The two kinds of crime statistics

Crime levels in the United Kingdom are measured according to two rather different methods.

1. Police records data

Using the crimes actually recorded by the police each year allows us to see fast-moving changes in criminal trends. However, the data are strongly affected by changes in how crime is classified, how seriously the police pursue it and how willing the public is to report it. Better policing can make this crime rate appear to go up.
2. Crime Survey

In England and Wales (and, separately, in Scotland) a significant sample of the population is questioned about being the victim of crime in the past year. This survey cannot measure crimes where no named victim can be interviewed, such as corporate crimes or murder. However, it can flag crimes that frequently go unreported to the police, such as domestic abuse.

(1st December 2017)


WATCH OUT HACKED COMPANIES - FIREFOX IS GOING TO TELL THE WORLD ABOUT YOUR DATA LEAKS
(International Business Times, dated 23rd November 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/watch-out-hacked-companies-firefox-going-tell-world-about-your-data-leaks-1648669

Firefox, the internet browser developed and maintained by Mozilla, will soon have the ability to warn internet users if the website they are viewing has been hacked in the past.

Currently in the prototype phase - as detailed on the code repository GitHub - an engineer said it will tell users when "their credentials have possibly been involved in a data breach".

n its current build the add-on is "limited to showing a notification bar when you visit a site known by haveibeenpwned.com to have been breached," Mozilla's Nihanth Subramanya said.

HaveIBeenPwned is a data breach notification platform built and maintained by Australian cybersecurity researcher and speaker Troy Hunt.

The website lets internet users quickly check if their credentials appear in some of the biggest data breaches and has grown in recent years to hold 4.8 million credentials from 252 separate websites.

On Wednesday (22 November), Mozilla acknowledged development in an update, writing: "We've started working on integrating haveibeenpwned.com warnings into Firefox."

"I've been working with Mozilla on this," Hunt told Bleeping Computer, the technology and cybersecurity website that first reported news of the upcoming add-on.

"We're looking at a few different models for how this might work, the main takeaway at present is that there's an intent to surface data about one's exposure directly within the browser."

An image published by Bleeping Computer showed a FireFox banner pop-up warning a user that the website they were on - in this case LinkedIn - had previously been subject to a major data breach.

Reacting to the positive reaction to the news online, Hunt tweeted: "As many people have now worked out, yes, we're doing some awesome things with @mozilla and @haveibeenpwned."

He added: "Surprised at how much positive feedback this is garnering so quickly."

It remains unknown if the experts behind rival browsers, be it Chrome or Safari, plan to introduce similar features to their products. But with the amount of breaches occurring in recent years, the move will likely be viewed as a step in the right direction for web users.

Whether the hacked companies agree, that is another matter altogether.

(1st December 2017)


TURN OFF CAMERAS AND TRACKING DEVICS IN CHILDRENS CHRISTMAS PRESENTS TO PREVENT HACKING, INFORMATION COMMISSIONER TELLS PARENTS
(The Telegraph, dated 23rd November 2017 author Hayley Dixon)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/11/23/turn-cameras-tracking-devices-childrens-christmas-presents-prevent/

Parents should turn off the cameras and automatic tracking devices in their children's Christmas presents because of the risk of hacking, the Information Commissioners' Office has warned.

With a rise in the number of 'smart' toys and devices gracing the wish list this year, parents should consider the safety of them being connected directly to the internet before giving them as gifts, according to the data regulator.

When adults are not going to personally use cameras in toys to view what is happening remotely then they should consider turning the function off all together, Deputy Commissioner Steve Wood said.

The warning comes amid growing concerns about the ability of criminals to hack into toys containing sensors, microphones, cameras, data storage and other multi-media capabilities.

In a blog on the regulators website Mr Wood wrote: "You wouldn't knowingly give a child a dangerous toy, so why risk buying them something that could be easily hacked into by strangers?

"In the same way that safety standards are a primary consideration for shoppers buying toys, we want those buying connected items in the coming weeks to take a pause and think about both the child's online safety, and also the potential threat to their own personal data such as bank details, if a toy, device or a supporting app is hacked into.

"Unlike Santa, those looking to hack into your devices don't care whether you've been naughty or nice."

Parents are advised that they should ensure that they are buying products from a reputable source, that all passwords and usernames are changed from the default option and to use two-step identification where available.

Mr Wood continued: "Some toys and devices are fitted with web cameras. The ability to view footage remotely is both their biggest selling point and, if not set up correctly, potentially their biggest weakness, as the baby monitor hacking issue of a few years ago demonstrated.


"If you have no intention of viewing footage over the internet, then turn the remote viewing option off in the device's settings, or else use strong, non-default passwords."

He added: "One of the main selling points of children's smart watches is the ability for parents to know where their children are at all times. However, if this isn't done securely, then others might have access to this data as well. Immediately get rid of default location tracking and GPS settings and set strong, unique passwords."

Parents are also advised to turn off Bluetooth or set strong passwords to protect their child's data from hackers.

The Deputy Commissioner concluded: "If you aren't convinced a smart toy or connected/wearable device will keep your children or your personal information safe, then don't buy it. If consumers reject products that won't protect them, then developers and retailers should soon get the message."

(1st December 2017)

ENGLAND AND WALES POLICE RECORD HIGHEST NUMBER OF SEXUAL CRIMES IN EU
(The Guardian, dated 23rd November 2017 author Alan Travis)

Full article [Option 1]:

www.theguardian.com/uk-news/2017/nov/23/england-wales-police-record-highest-number-violent-sexual-crimes-eu

The highest number of violent sexual crimes, including rapes, in Europe are recorded by the police in England and Wales, according to new European Union official statistics.

The disclosure comes as official British figures show that 1.2 million women and 700,000 men in the year to March 2017 reported being the victims of some form of domestic abuse in England and Wales.

The Office for National Statistics (ONS) says the majority of victims did not report their abuse to the police. The police logged reports of 1.1m incidents of abuse - including repeat incidents for some victims - and recorded 488,000 of them as crimes but only half of these led to arrests. Domestic-abuse-related offences now account for one-third of the violent crime recorded by the police.

New Eurostat figures, published by the European commission, say that 64,500 of the 215,000 violent sexual crimes recorded by the police across the European Union in 2015 were in England and Wales. Some 35,800 or 55% of the 64,500 sex crimes in England and Wales were rapes.

The European figures show that in absolute terms the numbers in England and Wales were some distance ahead of the 34,300, including 7,000 rapes, recorded in Germany and the 32,900, including 13,000 rapes, in France.

Sweden recorded the highest number of violent sexual crimes relative to its population with 178 per 100,000 inhabitants, followed by Scotland at 163 per 100,000, Northern Ireland at 156 per 100,000 and England and Wales at 113 per 100,000. Eurostat stressed that the figures reflected the extent to which sex crimes were reported and recorded by the police and did not necessarily reflect the actual number of victims.

The British ONS figures published on Thursday based on the crime survey of England and Wales show little change in recent years in the extent of domestic abuse involving adults aged 16 to 59. The statisticians say that the prevalence rate for victims has fallen from 7 in 100 in 2012 to 5.9 in 100 in 2017, indicating a "gradual, longer-term downward trend".

The official figures show that there were 454 domestic homicides between 2013 and 2016, which account for a third of all homicides over that period. The majority of victims were women - 319 or 70% - but there were also 135 or 30% male domestic homicide victims. Two-thirds of male domestic homicide victims were killed by another man.

(1st December 2017)


DVLA STAFF REFUSE TO IDENTIFY FLY-TIPPER
(The Times, dated 23rd November 2017 author Jerome Starkey)
www.thetimes.co.uk [Option 1]

A fly-tipper who dumped rubbish on a farm in Devon has escaped punishment after the Driver and Vehicle Licensing Agency refused to reveal his details on data protection grounds.

The incident took place on the Ashcombe estate, in south Devon, which has suffered a spate of litter problems.

Staff from the local council have led prosecutions against a range of culprits but said that they had to close this case when the DVLA refused to help.

Ralph Rayner, who owns the Ashcombe estate, found a receipt from a fast food outlet that was less than an hour old when he was clearing up the rubbish strewn across a lay-by, near the peak of Luscombe Hill, which has views across Dartmoor and the sea.

He gave the receipt to staff from Teignbridge District Council who looked at security video from McDonald's in Newton Abbott. The footage identified a Vauxhall Corsa.

"We then contacted the DVLA but they would not provide any further details as "there was not a strong enough link between the vehicle and litter found", a council spokesman told The Times "Due to there being no chain of evidence, we have therefore been unable to pursue this case any further."

Details of the case emerged when Anne Marie Morris, the independent MP for Newton Abbott, warned that fly-tipping was blighting "all the beautiful parts of the countryside".

"It would certainly help if the DVLA were prepared to work with local authorities to identify the cars, drivers and owners," she told parliament.

"We cannot rely solely on catching the villians in the act, which is extraordinarily difficult, particularly in rural areas. Installing cameras everywhere would be prohibitively expensive."

There was a million incidents of fly-tipping in England in the last financial year and this cost councils £57.7 million to clear up.

Mr Rayner said that he had dug trenches on his estate to stop fly-tipping but still had to clear up at least one case a month.

A spokeswoman for the DVLA said: " We have to ensure the release of information is lawful. When there is sufficient evidence to tie fly-tipping to a vehicle, we can supply that information and in the vast majority of cases when a local authority requests information we are able to release it."

(1st December 2017)


LOAKE SHOES ADMITS - WE HAVE FALLEN VICTIM TO CYBERCRIMINALS
(The Register, dated 22nd November 2017 author Andrew Silver)

Full article [Option 1]:

www.theregister.co.uk/2017/11/22/loake_shoes_email_accounts_compromised/

Miscreants, hackers - call 'em what you will - have pilfered email addresses from an unknown number of Loake Shoes customers.

In a letter sent to punters on its database - seen by The Register - the premium footwear maker said it has been "the victim of a cyber attack".

"Despite having stringent security measures in place, this has resulted in our email server being compromised," the missive stated.

This is more than a little embarrassing for a business that supplies handmade leather goods to the British royal family. Founded in 1880 by brothers Thomas, John and William Loake, the firm has since sold more than 50 million pairs of Goodyear welted shoes in more than 50 countries.

Loake said in the correspondence: "We do not store credit or debit card details on our system" but warned that customers "may receive spam or phishing emails which, at first glance, may appear to be from Loake."

A spokeswoman for Loake has not responded to questions about when the breach took place, what the precise circumstances were, how many customer emails were accessed, whether all customers had been notified or about what the firm was doing to prevent a similar breach from occurring again.

Loake strangely described described the attack as "similar in nature to that which was suffered by the NHS a few months ago" - presumably the WannaCrypt ransomware worm that held systems across the world hostage through encryption.

"We are not aware of any other breach of security and we apologise for any inconvenience caused," Loake added in its letter.

A Loake customer told us he had expected an "established brand... could be trusted with my details".

"The fact that they have likened their data breach to the recent NHS ransomware attack - two completely different events - reduces my confidence in their ability to deal with the situation and it also makes me question their reassurance that my credit card details are safe," the customer added.

Etienne Greef, managing director of integrator Secure Data, told The Register it was "unlikely" that the breach was similar to the NHS attack as WannaCry does not access email servers, but rather encrypts information.

He said drawing comparisons with the NHS attack implied that Loake was running old, vulnerable versions of an operating system.

Greef suspected it was most likely to be a case where an administrator password to an email server was compromised, letting hackers access customer email lists.

Firms should "understand what happened before communication," he added. "Confused communication does more damage than good."

(1st December 2017)


YOUR EVERY KEYSTOKE IS RECORDED BY OVER 480 OF THE MOST POPULAR WEBSITES IN THE WORLD
(International Business Times, dated 21st November 2017 author India Ashok)

Full article [Option 1]:

www.ibtimes.co.uk/your-every-keystroke-recorded-by-over-480-most-popular-websites-world-1648169

Researchers at Princeton University have found that over 480 globally popular websites are keylogging data and sending it to third-party servers. Some of the most popular and heavy-trafficked websites in the world were found running third-party scripts called "session replay" scripts, that can track users' every letter typed and every click and more which in turn were sent to third-party servers across the globe.

The researchers' revelations indicate the invasive extent to which users' online activities are tracked. In the first instalment of a series titled "No Boundaries", researchers from Princeton's Center for Information Technology Policy (CITP), said even in instances where users have visited a site to fill an online form, but left it incomplete and abandoned it, every single letter typed is recorded.

The researchers studied seven of the most popular session replay firms - FullStory, SessionCam, Clicktale, Smartlook, UserReplay, Hotjar, and the highly popular Russian search engine Yandex. The study's findings revealed that at least one of the firms' scripts is being used by 482 of the world's top 50,000 sites, according to Alexa's ranking.

Click here to check out the list of websites using session replay scripts :

https://webtransparency.cs.princeton.edu/no_boundaries/session_replay_sites.html

What is session replay?


According to the researchers, "session replay" scripts are commonly used by companies to help them understand how their customers are using the firms' sites. However, instead of recording general statistics about users' behaviour, the scripts record and can also replay entire individual browsing sessions. The researchers say the scripts are often found on pages where users input their sensitive information, including passwords, credit card data and medical condition.

"These scripts record your keystrokes, mouse movements, and scrolling behavior, along with the entire contents of the pages you visit, and send them to third-party servers," the researchers said in a blog.

Motherboard reported that firms like Fullstory that provide such user-tracking software, also design tracking scripts that allow companies to connect a user's real identity with the data collected. This means, by using such software, companies can see a user linked to a specific name and/or email.

"Collection of page content by third-party replay scripts may cause sensitive information such as medical conditions, credit card details and other personal information displayed on a page to leak to the third-party as part of the recording," the researchers added. "This may expose users to identity theft, online scams, and other unwanted behavior. The same is true for the collection of user inputs during checkout and registration processes."

Companies using session scripts could be at risk of hacking attacks

Motherboard reported that the researchers are concerned about companies using session scripts being vulnerable to targeted hacks, especially given how hackers would likely consider them high- value targets. In case of Yandex, Smartlook and Hotjar, which run HTTP instead of the more secure and encrypted HTTPS pages, researchers believe hackers could launch a man-in-the-middle attack to "extract all of the recording data".

Fortunately, users can block session replay scripts using the popular ad-blocking tool AdBlock Plus. As a result of the revelations brought to light by the Princeton University researchers, AdBlock Plus issued an update to block all session replay scripts.

(1st December 2017)


POLICE REVIEW 10,000 CASES IN FORENSICS DATA "MANIPULATION" INQUIRY
(The Guardian, dated 21st November 2017 authors Hannah Devlin and Vikram Dodd)

Full article [Option 1]:

www.theguardian.com/uk-news/2017/nov/21/forensics-data-manipulation-may-have-affected-10000-cases

Ten thousand criminal cases in England and Wales are being reviewed after it emerged that data at a forensic laboratory in Manchester may have been manipulated, causing the biggest recall of samples in British criminal justice history.

A minister said the alleged data manipulation was discovered in 2017 at a lab run by Randox Testing, but the Guardian can reveal that warnings about the lab run by a predecessor company date back to 2012.

Nick Hurd was forced to issue a statement acknowleding "the potential impact on public confidence" in forensic science of the revelations, while police said two cases involving road deaths had been referred to the court of appeal and about 50 prosecutions of drug-driving had been discontinued.

Those alleged to be involved in the scientific work under scrutiny had previously worked at a different firm, Trimega, which was criticised for the quality of its work in court judgments dating back to 2012. It was bought by Randox, and two senior Trimega employees were taken on in influential positions.

In 2012, an open judgment criticised Trimega for wrongly informing a court that the mother of a three- and four-year-old had been using increasing amounts of cocaine and opiates as as she fought to keep her children.

The court was told that following its error, Trimega had withheld an apology to the mother because it feared rivals would exploit it for commercial advantage.

"In this respect, Trimega's attitude does no credit to an organisation entrusted with the responsibility of providing independent expert advice to the court on matters that will affect the lives of children and families," the judgement states.

Mr Justice Jonathan Baker told the high court the children would have gone into care had the sample not been checked by another lab. He warned at the time: "Erroneous expert evidence may lead to the gravest miscarriage of justice imaginable - the wrongful removal of ­children from their families."

In 2013, Trimega was criticised for incorrectly reporting that a mother's blood -alcohol test was consistent with "heavy drinking"; in fact, it had been consistent with abstinence. The company only identified the mistake once it learned that the result had caused the local authority to withdraw its support for a plan to return the mother's one-year-old child to her care.

Concerns emerged about Randox in January this year and a criminal investigation was launched that led to Tuesday's announcements. The investigation then spread to encompass the former Trimega lab, which focused on child protection and family court cases.

Police said two people had been arrested and five more had been interviewed under caution. All worked at Randox and some had previously worked at Trimega, according to James Vaughan, of the National Police Chiefs' Council, who is overseeing the police response.

Julia Mulligan, who leads on transparency and integrity for the Association of Police and Crime Commissioners, which oversees police forces in England and Wales, said: "Understandably, confidence in the criminal justice system will be rocked, but I am confident that chief constables and the CPS [Crown Prosecution Service] in particular are doing everything they can to deal with this unforeseeable challenge, affecting both live and historic cases."

Three-quarters of the cases being reviewed were traffic offences, such as drug-driving, in an exercise that may take three years to complete. The rest include violent crime, sexual offences and unexplained deaths, with no impact found so far in the most serious cases.

Gillian Tully, the forensic services regulator, said: "In terms of the number of cases, it is certainly the biggest thing I am aware of in this country."

She said extra checks on other forensic providers had not highlighted concerns elsewhere.

The current government abolished the main forensic provider, the Forensic Science Service, in late 2010, with the intention of creating a market where independent companies competed for business. It ceased to operate in 2012.

Louise Haigh, Labour's shadow policing minister: "It is clear the chaotic reorganisation of the forensics system, including the closure of the Forensic Science Service, has left providers who were simply not fit for purpose to fill the gap. This has had devastating consequences."

She said she was concerned that Hurd did not appear to know there had been issues about one of Randox's predecessor companies from previous years.

"It is deeply concerning that the Minister would issue a statement that didn't appear to include the full facts. Those affected and the public at large have a right to know the truth about this scandal."

(1st December 2017)



NATIONAL CYBER SECURITY CENTRE BOSS ADVISES THE USE OF TWO FACTOR AUTHENTICATION ON EMAILS
(The Register, dated 21st November 2017 author Kat Hall)

Full article [Option 1]:

www.theregister.co.uk/2017/11/21/national_cyber_security_centre_says_put_2fa_on_your_emails/

The chief exec of the National Cyber Security Centre - a branch of the UK's spy nerve-centre GCHQ - has called on everyone to enable two-factor authentication for their emails. This follows revelations that almost the entire population's details are available for sale on the dark web.

Speaking at the Parliament and Internet Conference, Ciaran Martin said nearly everyone's email addresses are available on the dark web, but added that more personal data sets, including national insurance numbers, were much less commonly available.

"We recommend that everyone puts 2FA on their emails," he said. "That will hopefully continue to be significant improvement [in combating] that sort of stolen data."

Martin last week revealed that hackers acting on behalf of Russia had targeted the UK's telecommunications, media and energy sectors.

Speaking at The Times Tech Summit in London, he said: "I can't get into too much of the details of intelligence matters, but I can confirm that Russian interference, seen by the NCSC, has included attacks on the UK media, telecommunications and energy sectors. That is clearly a cause for concern - Russia is seeking to undermine the international system."

But he told delegates today that while GCHQ will need to continue to build up its cybersecurity capability against Russia, Iran, China and North Korea - "that really sophisticated stuff hard to do at scale."

He said most cyber criminals relied on targeting organisations via phishing campaigns and have created management information traffic light dashboards to assess how easy they would be to target.

"Some cybercriminals would pass a Harvard MBA test, if it wasn't for the rampant criminality," he said. Unsurprisingly, he called on organisations to do more to prevent such attacks by improving their infosec.

"My goal is that our best people can spend more time on these threats [of state adversaries] and the UK as whole can become better equipped for the digital age."

On the subject of smart meters, he said: "That is a controversial system, but it was an opportunity for us to get past legacy systems to build security in from start." Smart meters have been criticised for not being adequately secure prior to GCHQ stepping in.

"It would need to be three simultaneous state-level attacks to do national harm [to smart meters]," he said.

(1st December 2017)


MET SHOULD CONSIDER BANS ON PILLION PASSENGERS TO FIGHT MOPED CRIME

(London Evening Standard, dated 21st November 2017 author Justin Davenport)

Full article [Option 1]:

www.standard.co.uk/news/crime/met-police-should-consider-temporary-ban-on-pillion-passengers-to-fight-moped-crime-a3697051.html

Temporary bans on moped riders carrying pillion passengers have been suggested as a strategy to curb crime.

London Assembly Green member Sian Berry said police should consider the idea in parts of the capital badly hit by moped robberies.

She added: "A very small number of people are causing large amounts of fear on our streets. I live in a huge hotspot in Camden and resident concern and debate on how to deal with this is running very high.

"A local safer neighbourhood panel chair pointed out a tactic used in some other countries: to temporarily ban the carrying of pillion passengers across whole cities.

"I'd like to know what people think as I'm really not sure this is right for London. But it's possible that temporary bans on moped passengers in particular areas would help to identify and better target police action, as anyone defying a ban would know they might be spoken to."

Ms Berry, deputy chairwoman of the assembly's police and crime committee, said she had raised the idea of the bans with senior Met officers.

Adie Kitachi, of the Motorcycle Action Group and the Motorcycle Crime Prevention Community, said: "It's a good idea. I pillion my partner sometimes but it is not that popular, so I don't think too many people would be aggrieved. What you do get are criminals using high-powered mopeds with a pillion passenger tooled up with weapons."

In 2011, Honduras banned motorcycle passengers after a series of drive-by killings and a similar ban was imposed in Medellin, Colombia, at the height of drugs cartel violence.

Commander Julian Bennett, of Territorial Policing, said: "We would consider any suggestion or proposals from anyone that might make this type of offence even more difficult to commit. However, any initiative adopted must be proportionate, practical and within current law."

Officers are now using a DNA-type tagging spray on moped thieves while they carry out crimes, so they can be identified without a pursuit, and are also deploying portable stinger traps.

In the past Scotland Yard has used "super-Asbos" banning convicted robbers from riding pillion on bikes.

(1st December 2017)


CISCO AND INTERPOL TEAM UP TO SHARE CYBERCRIMINAL THREAT DATA
(ZDNET, dated 21st November 2017 author Charlie Osborne)

Full article [Option 1]:

www.zdnet.com/article/cisco-europol-team-up-to-share-cybercriminal-threat-data/

Cisco and Interpol have announced a new agreement to share threat data on cybercriminal activities.

On Tuesday, the tech giant and international law enforcement agency said that sharing threat intelligence between the parties will be the "first step" in jointly tackling today's cybercrime.

Modern consumers and businesses are facing more and more digital threats every day.

Hardly a week goes by that we do not hear of a severe data breach resulting in the loss of consumer data, highly sophisticated phishing schemes designed to infiltrate corporate networks or ransomware campaigns that encrypt individual systems and demand blackmail payments in return for lost information.

The situation is getting no better, and there is arguably a skills gap in the cybersecurity industry. To make as much of a dent, government and law enforcement agencies should work with cybersecurity specialists to at least attempt to get on top of the problem and shut down major criminal enterprises.

Such a concept is no stranger to Europol, for example, which operates in Europe together with law enforcement to eradicate ATM fraud, black box schemes, and the takedown of Dark web websites used to buy illegal drugs, weaponry, and more.

Interpol is also on the scene, training police in different countries to identify cybercriminal schemes across the Dark web, as well as working with banks and financial institutions to detect fraud and criminal schemes worldwide.

Now, working together with Cisco under the agreement, signed in Singapore at Interpol's headquarters, the agency's global cybercrime center will work with Cisco to create a coordinated approach to data sharing in order to improve threat detection and lay the groundwork for future projects.

Cisco says the agreement supports the "organization's programs targeting both 'pure cybercrime' and cyber-enabled crimes," and also assists European countries with identifying cybercriminal schemes and the threat actors behind them.

"As cybercrime continues to escalate around the world, defenders from both the public and private sectors must meet the threat with equal force," said John Stewart, SVP and Chief Security and Trust Officer at Cisco. "Visibility and comprehensive threat intelligence across the cyber domain are critical to enable detection, analysis, and protection against emerging threats."

"We are pleased to collaborate with Interpol to exchange threat intelligence and find other knowledge-sharing opportunities to fight cybercrime globally," the executive added.

This is not the first time Interpol has reached out to a cybersecurity firm for help in tracking down cybercriminals.

In 2014, the agency inked a three-year deal with Trend Micro. Under the terms of the deal, Trend Micro gave Interpol access to its Threat Intelligence Service, alongside additional resources and tactical information. Trend Micro also agreed to assist in a cybercrime investigation training program.

In June, Europol and European law enforcement swept across six countries to take down the leaders of a cybercriminal ring which specialized in selling remote access Trojans (RATs), hacking tools, and software designed to circumvent traditional antivirus solutions.

(1st December 2017)

DVLA COULD EASILY SELL 6 MILLION DRIVER RECORDS TO PRIVATE FIRMS THIS YEAR
(The Register, dated 20th November 2017 author Rebecca Hill)

Full article [Option 1]:

www.theregister.co.uk/2017/11/20/ukgov_could_easily_sell_6m_driver_records_to_private_firms_this_year_report/

The UK government is driving towards a sale of up to 6 million vehicle records to private parking firms, according to a transport lobby group.

The RAC Foundation monitors the number of vehicle-keeper records that the Driver and Vehicle Licensing Agency sells to firms, which use them to issue car owners with fines for parking violations on private land.

The DVLA charges companies £2.50 for each request, in which they can ask for the name and address of the registered keeper at a specific date and time.

It means the body could bring in as much as £15m with this year's batch, which might come in useful considering reports that government is looking at multimillion losses after scrapping the paper tax disc.

According to the foundation, the DVLA sold 1.5 million records in the second quarter of 2017-18.

Capita-owned ParkingEye reportedly made 466,668 requests, most for the months of July, August and September this year.

The RAC Foundation estimated that the DVLA was on track to sell "at least 5.6 million" records and could be "easily more than 6 million".

It said that last year the body sold 4.71 million records, while in 2007-08 the figure was less than half a million.

The RAC Foundation put the increase in requests partly down to rules that banned clamping on private land in England and Wales in October 2012.

MP Greg Knight has entered a private members bill into the House of Commons that aims to curb fines from private parking firms, which is due for debate on February 2.

The DVLA said that its data release charges "are set to recover the cost of providing the information. Fees from all vehicle fee paying enquiries equate to only 0.2% of the total amount DVLA collects from Licence fees and taxes".

(1st December 2017)


FOR GOODNESS SAKE - STOP THE MET USING FACIAL RECOGNITION
(The Register, dated 17th November 2017 author Rebecca Hill)

Full article [Option 1]:

www.theregister.co.uk/2017/11/17/put_police_use_facial_recog_on_ice_london_mayor_told/

London's Metropolitan Police force's use of "intrusive" technologies "without proper regulation" could put a fundamental principle of policing at risk, the London mayor has been told.

In a letter (PDF) to Sadiq Khan, the Greater London Assembly - the group elected to hold the mayor to account - expressed "significant concerns" about facial recognition technology.

The Met has used it at the two most recent Notting Hill Carnivals, but while it claims this is a trial, it is keeping schtum on the details - even in the face of reports it led to 35 false matches and one wrongful arrest this year.

"This is a hugely controversial topic and it is extremely disappointing that trials have been conducted at the Notting Hill Carnival with so little public engagement," said GLA oversight committee chairman Len Duval in the letter.

Khan and the Mayor's Office for Policing And Crime (MOPAC) have a responsibility to push the Met to improve engagement and transparency, he said.

Duvall added that it was particularly concerning that the trial was going ahead despite the lack of a national strategy on biometrics, which was originally promised by the government in 2012 but has been repeatedly delayed.

"The Met is trialling this technology in the absence of a legislative framework and proper regulation or oversight," Duvall said.

"The concept of policing by consent is potentially at risk if the Met deploys such intrusive technology without proper debate and in the absence of any clear legal guidelines."

He said the committee felt there was "a strong case" for Khan to "instruct the Met to stop trials" until either MOPAC establishes an internal framework or a national one is developed and consulted on.

The GLA also gave short shrift to the Met's attempts to alert the public to its work, saying there was "no indication" it planned to publish any results.

It added: "Simply putting out press releases is not enough: the Met must engage with the public and with stakeholders in a much more meaningful way before going any further."

The group's calls echo those made by the UK Biometrics Commissioner Paul Wiles, who has also called into question the police's use and retention of biometric images.

The GLA referred to this in its letter, criticising the fact there is "no simple way" for people to find out how long their personal data is held by organisations in the capital.

For instance, the Met keeps automatic number plate recognition data for two years, but Transport for London keeps the same data for 28 days. And images from the force's body-worn cameras are kept for 31 days, while TfL retains Oyster journey data for eight weeks.

"This is a very confusing picture and we ask you to consider how the GLA Group can make it easier for the public to find out how long their personal data is retained," Duvall said.

Elsewhere in his letter, Duvall warned the mayor that TfL's plans to use Wi-Fi connection data to sell advertising risks leaving customers feeling like they "have been taken advantage of".

He said TfL should have made this clearer, and urged it to address it when the data collection is rolled out across the Tube network.

The Home Office didn't respond on the record.

(1st December 2017)


LLOYDS AVIOS REWARD CREDIT CARDHOLDERS REPORT FRAUDULENT ACTIVITY
(The Register, dated 17th November 2017 author Kat Hall)

Full article [Option 1]:

www.theregister.co.uk/2017/11/17/lloyds_customers_affected_by_data_breach/

Thousands of Lloyds Avios Rewards American Express credit card customers have been targeted by fraudsters, the bank has admitted.

Reports first emerged on air miles site Head for Points, where readers asked if the credit card had suffered a major data breach.

One said: "About a week ago my wife's Lloyds Avios Amex card was used fraudulently by someone over in New York for a few different things so we called Lloyds to talk about this and get the card cancelled and a replacement sent out."

After contacting Lloyds, he said the bank informed him it was getting thousands of calls a day and was seeing a lot of fraud on Amex cards.

Another said: "Same for me - queued for 45 mins on Saturday afternoon to speak to the fraud team after my card was declined - there was an attempted US transaction on there. And spoke to a colleague this week with the Lloyds Avios Amex whose card had also stopped working. There's clearly been a massive leak somewhere..."

A Lloyds spokeswoman said: "A very small number of Lloyds Bank Avios Rewards American Express credit card customers have been affected by recent fraudulent activity. This has affected less than one percent of customers who hold these cards and we have introduced additional controls to provide further protection.

"These controls have been successful in ensuring that fraudulent transactions are identified and declined. We apologise to customers for any inconvenience caused. Impacted customers will receive a full refund of monies that have been taken fraudulently."

Earlier this week, customers of Lloyds Banking Group and TSB were shut out of their online banking - for the second time this month.

At the start of the year, the UK-based group fell victim to a DDoS that led to a two-day outage. Several more glitches followed throughout the year.

(1st December 2017)


CAR TAX EVASION HAS SOARED SINCE PAPER DISCS SCRAPPED
(The Register, dated 17th November 2017 author Kat Hall)

Full article [Option 1]:

www.theregister.co.uk/2017/11/17/car_tax_evasion_continues_to_soar_after_abolition_of_paper_tax_discs/

The abolition of the paper tax disc is costing the UK government £107m due to an increase in car tax evasion.

According to statistics from the the Department for Transport (DfT), 1.8 per cent of vehicles on UK roads in 2017 were unlicensed, compared to 1.4 per cent in 2015. This equates to around 755,000 vehicles and could lead to up to £107m of revenue loss over the course of a year.

Paper discs were replaced with an online direct debit system for payments in 2014. It has been held up as an example of successful digital government.

Back in June 2013, losses associated with car tax evasion were just £35m.

Since the introduction of the digital system, evasion has soared. According to the DVLA's 2015/16 accounts, unlicensed traffic rose from 0.8 per the previous year, costing the Exchequer £80m.

The Royal Automobile Club said this is "extremely concerning".

RAC public affairs manager Nicholas Lyes suggested that abolishing the tax disc in 2014 could be behind the rise.

"It appears that having a visual reminder was an effective way to prompt drivers into renewing their car tax - arguably more drivers are now prepared to try their luck and see if they can get away with not paying any vehicle tax at all, or are simply forgetting to tax their vehicle when they are due to," he said.

He added that the fact a third of untaxed vehicles were those that changed hands is a strong indication that many drivers are still not aware that tax does not carry over when ownership changes.

A DfT spokesman said that the vast majority of motorists paid tax on their vehicles correctly.

(1st December 2017)


THESE ARE MOST DANGEROUS COUNTRIES IN THE WORLD RIGHT NOW
(International Business Times, dated 16th November 2017 author Charlotte Tobitt)

Full article [Option 1]:

www.ibtimes.co.uk/these-are-most-dangerous-countries-world-right-now-1647668

Did you realise you may be in a high security risk zone if you went on holiday in parts of India? Or that Denmark is one of the eight safest countries in the world? Or even that Iran is considered low risk, despite its proximity to Afghanistan and Iraq?

An updated interactive travel risk map for 2018, created by travel security firm International SOS, makes it easy to see a fairly localised level of risk around the world, ranking regions as insignificant, low, medium, high or extreme.

The eight safest places in the world right now are Greenland, Iceland, Denmark, Finland, Slovenia, Switzerland, Norway and Luxembourg, which have an insignificant travel security risk. This takes into account the current threat posed to travellers by political violence, social unrest, and crime.

At the other end of the spectrum, there is an extreme security risk in all or parts of Mali, Libya, South Sudan, Central African Republic, Somalia, Yemen, Syria, Iraq, Ukraine, Afghanistan, Guinea-Bissau and Pakistan.

There is also a high security risk in large swathes of Africa, Papau New Guinea, Venezuela, Mexico, Mozambique, north east India and Myanmar's borders.

A new survey undertaken by Ipsos Mori found that 63% of businesspeople perceived travel risks to have increased in the past year - this is actually a softening in attitudes after 72% thought the same in 2016.

The new travel risk map can also categorise countries by medical and road safety. Taking these into account, the most dangerous countries overall, with the highest risk categories in all three categories, are all in Africa - Libya, Somalia, Guinea-Bissau and Central African Republic.

See also

BUSINESS TRAVEL RISKS ON THE RISE DUE TO SECURITY THREATS
(International Business Times, dated 14th November 2017 author Karthick Arvinth)

Full article [Option 1]:

www.ibtimes.co.uk/business-travel-risks-rise-due-security-threats-1646680

Further Information (uaware)


Foreign Office travel advice website :

https://www.gov.uk/foreign-travel-advice

(1st December 2017)


ITALIAN JOURNALISTS SAY THEY COULD REGISTER COMPANY AT 10 DOWNING STREET IN NAME OF MAFIA BOSS
(Independent, dated 16th November 2017 author Jon Stone)

Full article [Option 1]:

www.independent.co.uk/news/uk/politics/paradise-papers-italian-journalists-register-company-a8058201.html

Italian journalists have gone through the motions to set up a company in the name of a notorious mafia boss headquartered at 10 Downing Street - to illustrate weaknesses in British law they say helps people set up shell companies to launder money across the globe.

Reporters at Il Sole 24 Ore say they were moments away from spending £12 to register the company at the Prime Minister's address with Companies House under a false name with no real proof of who they were.

Describing the stunt as a "provocation", the newspaper said "there is nothing easier than creating ghost companies that can hide illegal activities or recycle money" under Britain's liberalised corporate registration system.

But Companies House, which is responsible for the registration of companies, says that had the reporters completed the registration process - which was not carried out in full to avoid breaking the law - the authority's automatic systems would have stopped the registration from going through.

"Had the application been submitted our systems would have picked up the false information and the incorporation would have been denied," a spokesperson said.

The journalists initiated the investigation after British overseas territories dominated the map of tax havens in the Paradise Papers leaks, with some MEPs accusing the UK of holding up EU efforts to crack down on tax dodging.

The British government says it supports EU efforts to set up a tax haven blacklist, but behind the scenes UK officials are reportedly arguing against the inclusion of UK jurisdictions like the Cayman Islands and Bermuda, as well as against strict enforceable sanctions against countries on the list.

A registration form for the company was filled out in the name of Matteo Messina Denaro, a Sicilian Mafia boss who has been on the run since 1993.

"London and Britain are the realm of ghost-related recycling companies," the newspaper says.

"Shield companies registered in the country are involved in at least 52 major money laundering cases where at least £80 billion has been cleansed over the past 14 years."

Though Britain has rules on the registration of beneficial ownership of companies, a lack of resources and controls on the list means that obviously fake companies face few obstacles.

The journalists say they stopped the process before paying £12 so as not to break laws that could have seen them sentence to two years in jail.

The paper argued: "Companies House, the body that manages and supervises the company's register, has neither the men nor the means to verify the reliability of the information that is entered at the time of the registration of a new entity."

The European Commission is backing three EU-wide policies aimed at stopping tax avoidance: a blacklist of global tax havens backed by sanctions; new transparency rules for tax intermediaries, bankers, and lawyers; and mandatory country-by-country reporting for profits.

In October the EU also announced it was launching an investigation into whether loopholes in UK tax rules, introduced in 2013, allowed multinational companies to unfairly avoid tax by shifting profits around.

The Paradise Papers consisted of over 13 million confidential documents regarding offshore investments by wealthy people around the world that were leaked to German newspaper Süddeutsche Zeitung.

The documents contain the names of more than 120,000 people and companies and shed more light on the tax practices of the very wealthy, following on from the Panama Papers leak released in 2016.

***This story has been updated to reflect Companies House's response to the original investigation

(1st December 2017)


CASH CONVERTERS HACKED - BREACH OF UK DATABASE LEAKS CUSTOMER PASSWORDS AND ADDRESSES
(International Business Times, dated 16th November 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/cash-converters-hacked-breach-uk-database-leaks-customer-passwords-addresses-1647586

Cash Converters, an electronics retailer, pawnbroker and money lender, has launched an investigation after discovering a data breach impacting UK customer records.

According to a breach notification email sent to impacted customers - and shared with IBTimes UK - the company said that its "webshop" service had been hacked. The stolen information, it admitted Thursday (16 November), was taken from a recently decommissioned website.

It confirmed that webshop account names, passwords and delivery addresses were compromised by the hackers. It claimed "full" card numbers were not taken - which left open the possibility partial data was stolen.

According to one Australian media report, the culprits are currently holding the data to ransom.

"Please be reassured that - alongside the relevant authorities - we are investigating this as a matter of urgency and priority," the breach notification reads.

"We are also actively implementing measures to ensure that this cannot happen again," it added.

Cash Converters said it was working with law enforcement in Australia and the UK to investigate the data leak incident, and has now forced a password reset for all UK webshop users.

The statement continued: "Although some details relating to the cybersecurity breach remain confidential while Cash Converters works with the relevant authorities, we will continue to provide as much detail as possible as it becomes available.

"The current webshop site was independently and thoroughly security tested as part of its development process. We have no reason to believe it has any vulnerability, however additional testing is being completed to get assurance of this.

"Our customers truly are at the heart of everything we do and we are both disappointed and saddened that you have been affected. We apologise for this situation."

It did not reveal how many customers were impacted in the hack, or when it occurred.

The previous website was decommissioned in September 2017, the company said. The notification email advised customers to change passwords and ensure they are unique to the website.

A spokesperson for Cash Converters did not immediately respond to request for comment and the company has not yet publicly acknowledged the incident on its social media channels. A PR contact sent IBTimes UK a statement, however the wording was taken from the breach email.

(1st December 2017)


McAFEE'S OWN ANTI-HACKING SERVICE EXPOSED USERS TO BANKING MALWARE
(ZDNET, dated 15th November 2017 author Zack Whittaker)

Full article [Option 1]:

www.zdnet.com/article/mcafees-own-anti-hacking-service-exposed-users-to-banking-malware/

Security firm McAfee has blocked access to malware that appeared to be sent from the company's own network.

The malware was hosted on a third-party website but was shared via a domain associated with McAfee ClickProtect, an email protection service that the company touts as able to "protect your business from hacking." The service is meant to protect against phishing attacks, malware from links in emails, and prevent users from visiting sites that are known to be high risk.

But the malicious link was only found when a Paris-based security researcher, who uses the pseudonymous handle Benkow, found and tweeted a malware analysis report that included the link.

The link redirected users through the "cp.mcafee.com" domain and on to the malicious Word document.

Anyone who downloaded and opened the malicious Word document would've been exposed to the Emotet banking malware.

"Emotet has been widely distributed via malspam campaigns containing links to hacked sites that host a decoy Word document," said Jerome Segura, lead malware intelligence analyst at security firm Malwarebytes, in an email.

"Upon opening it and allowing macros, the user unknowingly triggers the download of the Emotet malware binary, also retrieved from a compromised site," he said.

The malware uses a traditional macro-enabled Word document, often delivered by a direct link or in an email, which, when opened and activated, will download additional files using a PowerShell script, including the Emotet malware binary. After it installs, the malware phones home to its command and control server where it would siphon off sensitive data, like browser and mail passwords, which could be used to hack into accounts and transfer funds. Security researcher Marcus Hutchins said in a recent write-up that the malware connects to the command and control server using hard-coded IP addresses, but it uses proxies to evade detection.

For its part, McAfee said it was investigating the matter, but it also said the service "performed as designed."

"In the early hours of Nov. 13, the web destination in question had not yet been identified as a source of malware propagation," said a spokesperson.

"Later that day, however, McAfee's Global Threat Intelligence service had indeed identified the web property as a threat, changed the site's reputation ranking from 'low risk' to 'high risk,' and thereafter blocked McAfee customers from being able to reach the site," the spokesperson said.

The spokesperson said that by the time McAfee's research team became aware of the site's status from an email sent by ZDNet, the site had "already been blocked for some time."

But that doesn't line up with our version of events. Shortly up until McAfee said the site was blocked, the link was still active and pointing to the malicious Word document. It's also not clear about why the service would flag the site as high risk but would still allow malware to download.

McAfee was "still working to establish the exact timeline" of events, a spokesperson said.

It's not known exactly how the link came to be -- such as if the link was created by hackers to trick unsuspecting victims into downloading the malware, or if it was by mistake.

A McAfee spokesperson said it was not as a result of "deliberate abuse" of the system.

But hackers have ramped up their use of the Emotet malware in recent months, and they're increasingly resorting to sending carefully crafted emails and employing social engineering techniques. The hackers behind the malware often masquerade as phone, cell, and internet providers, and they would focus on targets predominantly in the US, UK, and Canada, according to a recent Trend Micro report.

But why the malware has resurfaced remains a mystery. Microsoft recently appealed to enterprise customers to help stamp out the malware, which is increasingly in the hackers' crosshairs.

Segura warned that even users with email protection systems in place, like enterprises, can still be duped.

"Users should beware of shortened or converted links and perhaps even more so when there might be assumptions that they are safe," he said.

"The same goes for signatures appended at the bottom of an email, saying 'this email is guaranteed virus-free' or similar," he added. "Not only does it give users a false sense of security, but criminals often also add such messages for social engineering purposes."

(1st December 2017)



ADVERTISING WATCHDOG BANS ROYAL MAIL IDENTITY THEFT AD FEATURING BALACLAVA-CLAD GANG AFTER VIEWERS FOUND IT "TOO DISTRESSING"
(Mirror, dated 15th November 2017 author Josie Clarke annd Aidan Barlow)

Warning : the webpage shows the Royal Mail advertisement

Full article [Option 1]:

www.mirror.co.uk/news/advertising-watchdog-bans-royal-mail-11523747

A watchdog has banned an advert showing balaclava-clad thugs brandishing baseball bats demanding victims to give up their identity details - after viewers found it too distressing.

The Royal Mail ad was intended to raise awareness of identity theft and fraud by likening it to a bank robbery , and was shown on Twitter and ITV Player earlier this summer.

In the video the gang are seen marauding through a bank and shouting: "This is a robbery."

But it prompted a review by the Advertising Standards Authority (ASA) who deemed it could cause unjustifiable fear and distress to viewers, after a number of complaints.

It shows a woman working in the bank being grabbed by the shoulder and wrists before being asked her full name and date of birth, while other bank customers were quizzed about their personal identity, passwords, and log-in details.

During the scene the apparent assailants yell at the public, including a child, some of whom appear scared and tearful.

At the end of the ad the slogan states: "Let's beat identity fraud." It is accompanied by the Royal Mail logo and the text: "The future in safe hands."

The ASA confirmed it had received seven complaints about the ads causing fear and distress without a justifiable reason, particularly for those who have been victims of violence.

Royal Mail said the ad was created to alert customers to the seriousness of identity theft by likening it to that of a bank robbery.

It said the level of violence in the ad was proportionate in light of its purpose and was not excessive.

The ASA said it understood Royal Mail and ITV's view that the ad served to highlight a serious and growing crime, and assisted customers to find information to protect themselves.

But in a statement the authority said: "We considered that the overall presentation of the ads, as seen by the complainants, was excessively threatening and distressing to the extent that it overshadowed the message the ad intended to convey.

"We concluded the ad was likely to cause fear and distress to viewers, in particular to victims of violence, without a justifiable reason."

A Royal Mail spokesperson said: "Royal Mail apologises for any offence that this advertisement may have caused.

"We accept the decision and will continue to work with the ASA in future. The advertisement appeared on social media and Video On Demand over a number of weeks in the summer, before the campaign concluded."

(1st December 2017)

JEWSON CONFESSES TO DATA BREACH
(The Register, dated 14th November 2017 author Paul Kunert)

Full article [Option 1]: www.theregister.co.uk/2017/11/14/jewson_suffers_data_breach/

Builders merchant Jewson has confirmed in writing to customers that their privates could have been exposed in a cyber break-in that occurred late this summer.

In a letter sent to customers - seen by The Reg - Jewson stated: "As a Jewson Direct customers, we regrettably are writing to inform you that our website (www.jewsondirect.co.uk) has suffered a security breach and, as a result, your personal data including your credit/ debit card details may have been compromised."

The digital burglary is "likely" to have taken place on 23 August but was only discovered on 3 November. The website was temporarily shuttered on learning of the breach and remains closed. The ICO was then informed of the hack on 10 November. The hackers were seemingly left undetected for weeks, plenty of scope to do all sorts of mischief.

"We are commissioning a detailed and thorough forensic investigation into the breach. The investigations of the breach are ongoing," the missive added.

Based on the information to hand, Jewson warned that customers' names, location, billing address, password, email, phone number, payments details, card expiry dates and CVV numbers "may" have fallen into the hands of an "unauthorised person". Oddly, despite this, when we asked the firm, a spokeswoman told us that "no card data is stored by Jewson".

It is not known how the information was encrypted. Although we asked the organisation to clarify, a spokeswoman sent us this odd statement:

----------------------

At this stage we are aware that a foreign piece of code was encrypted into the Jewson Direct (formerly Jewson Tools Direct) website. The code has been identified and removed, and we are investigating the breach of security and any related potential loss of information/personal data. No card data is stored by Jewson, however, until the investigation has been completed, customers have been informed of a potential breach of card data as an advisory measure.

We follow the Payment Card Industry Data Security Standard (PCI DSS). The Jewson Direct website has been taken offline and will not be turned back on until we are informed by independent third parties that any security issues have been corrected.

----------------------

In a bid to "mitigate possible adverse effects of the breach", customers are advised to monitor their accounts. In further no-shit-Sherlook guidance, punters that spy any unusual activity or transactions they do not recognise should contact their credit or debit card provider.

The letter sent to customers vowed: "To help you monitor your personal information for certain signs of potential theft, we are offering you a complimentary 12 month memberships to Experian ProtectMyID. This service helps detect possible misuse of your personal data and provides you with identity monitoring support, focused on the [identification] and resolution of identity theft."

Reassuring indeed. Or maybe not.

In addition to the question about how the data they had held was encrypted, The Reg also asked Jewson how many customers details were likely compromised, how the miscreant accessed the data and what subsequent steps were taken to improve security.

Concerned customers can contact Jewson's customer services help desk on 024 7660 8235.

A representative of the Information Commissioner's Office told us, "We are aware of an incident involving Jewson, and will be making enquiries."

(1st December 2017)


NETFLIX USERS WARNED ABOUT PHISHING SCAM SWEEPING ACROSS THE WORLD
(Independent, dated 13th November 2017 author Andrew Griffin)

Full article [Option 1]:

www.independent.co.uk/life-style/gadgets-and-tech/news/netflix-scam-phishing-scam-login-account-safety-security-privacy-how-to-avoid-a8052226.html

Netflix users across the world have been warned about a new scam that's spreading across the site.

Users are being sent emails that appear to be from Netflix, but are in fact from scammers. And once they're opened, the damage spreads quickly.

The emails are a classic example of phishing attacks: messages that look official and encourage people to enter personal information and other useful details. But since the links and the sites are fake, those details are actually sent to scammers who want to use them for malicious purposes.

This time around, they claim that accounts are being deactivated and that people need to go back on the website and hand over their payment and account details. But the accounts are fine, and those details will be stolen and used for more scams.

"Phishers will go to great lengths to try to take over your account or steal your personal information," Netflix's site warns. "They may create fake websites that look like Netflix, or send emails that imitate us and ask you for personal information."

It makes clear that it will never ask for payment details, identification numbers or passwords over email. It makes clear that it might sometimes email its users to tell them to update that information on the website - if it is hacked and people need to change their passwords, for instance, or if your credit card goes out of date - but that you should check that the link is actually to a Netflix.com address if it does.

Such scams tend to focus on highly used services - like Netflix, along with iCloud or Facebook - and send emails that appear to have come from the company itself. But in fact in all cases the link will be fake, and clicking through will lead to an identical but malicious version of the website.

Netflix is especially concerning because the logins are valuable not just as ways of getting people's information. Since Netflix logins can be used by a number of people, they're often traded online - and stolen Netflix accounts, as well as those for other subscription services, are one of the most easily available and valuable things sold on the dark web.

In all cases, the advice is the same: if you are sent an email by a service you use that wants you to enter some information, make sure you do it by heading to the website yourself. And if you've any concerns that you're being tricked, get in touch with the company - using contact details listed on its website - and ask.

If you think you've already been tricked by such scams, then there's a range of ways to make yourself safer. Change your passwords, for instance, and keep an eye on any activity on your accounts. It might also be helpful to let the company itself know, so they can provide advice and stop it from happening in the future.

You can see if anyone is using your Netflix account by heading to the viewing activity page. That will show you everything anyone has watched on your account, and on what profile, and you can also use Netflix's settings to see every time someone has logged in and where they did so.

(1st December 2017)



 

FOR THE FALLEN


By Robert Laurence Binyon (1869 - 1943)

With proud thanksgiving, a mother for her children,
England mourns for her dead across the sea.
Flesh of her flesh they were, spirit of her spirit,
Fallen in the cause of the free.

Solemn the drums thrill; Death august and royal
Sings sorrow up into immortal spheres,
There is music in the midst of desolation
And a glory that shines upon our tears.

They went with songs to the battle, they were young,
Straight of limb, true of eye, steady and aglow.
They were staunch to the end against odds uncounted;
They fell with their faces to the foe.

They shall grow not old, as we that are left grow old:
Age shall not weary them, nor the years condemn.
At the going down of the sun and in the morning
We will remember them.

They mingle not with their laughing comrades again;
They sit no more at familiar tables of home;
They have no lot in our labour of the day-time;
They sleep beyond England's foam.

But where our desires are and our hopes profound,
Felt as a well-spring that is hidden from sight,
To the innermost heart of their own land they are known
As the stars are known to the Night;

As the stars that shall be bright when we are dust,
Moving in marches upon the heavenly plain;
As the stars that are starry in the time of our darkness,
To the end, to the end, they remain.

(12th November 2017)



"DO YOU DO A BINGO NIGHT ?" THE NEW ZEALAND CHATBOTS DESIGNED TO SCAM THE SCAMMERS
(The Guardian, dated 10th November 2017 author Eleanor Ainge Roy)

Full article [Option 1]:

www.theguardian.com/world/2017/nov/10/new-zealand-chatbots-artificial-intelligence-scam-conversations

Thousands of online scammers around the globe are being fooled by artificial intelligence bots posing as New Zealanders and created by the country's internet watchdog to protect it from "phishing" scams.

Chatbots that use distinct New Zealand slang such as "aye" have been deployed by Netsafe in a bid to engage scammers in protracted email exchanges that waste their time, gather intelligence and lure them away from actual victims.

Cyber crime costs New Zealanders around NZ$250m annually. Computer programmers at Netsafe spent more than a year designing the bots as part of their Re:scam initiative, which went live on Wednesday.

Within 24 hours 6,000 scam emails had been sent to the Re:scam email address and there were 1000 active conversations taking place between scammers and chatbots.

So far, the longest exchange between a scammer and a chatbot pretending to be a New Zealander was 20 emails long.

The bots use humour, grammatical errors and local slang to make their "personas" believable, said Netsafe CEO Martin Cocker. As the programme engages in more fake conversations with scammers overseas, its vocabulary, intelligence and personality traits will grow.

Cocker says if the scammers aren't astute or paying attention, the exchanges could go on for a "very very long time".

"We are really concerned about the growth of predatory email phishing, while victims remain essentially powerless," said Cocker.

"Everyone is susceptible to online phishing schemes and no matter how tech savvy you are, scammers are becoming increasingly sophisticated. Re:scam will adapt as the scammers adapt their techniques, collecting data that will help us to keep up and protect more people across New Zealand."

Cocker said Netsafe had designed a bot that was as convincing and long-winded as possible, asking scammers a seemingly never-ending series of benign questions.

"Dear Illuminati, what a wonderful surprise," wrote a Re:scam chatbot responding to a scammer offering $5m.

"I'd love to join your secret club. Do you do a bingo night?"

"There is not bingo night," replied the scammer.

"Please complete attached form with bank details for your recieve full payments of 5 million."

"Terrific!" replied the Re:scam chatbot.

"But to avoid detection I am going to send my bank details through one number at a time. Ready? 4..."

"That is not nessasary," replied the scammer.

"7" said the bot.

Cocker says the bot works particularly well because New Zealand isn't targeted by any home-grown scammers - only those targeting the country from overseas.

"The bot does a pretty good job of impersonating how many New Zealanders would engage with scammers, it is fairly well-developed in terms of its phrasing and language and approach, so it is quite realistic," said Cocker.

Netsafe website : www.netsafe.org.nz/

-----------------------
EMAIL SCAMMERS TARGETED BY NEW BOT THAT INUNDATES THEM WITH ENDLESS ANNOYING QUESTIONS
(The Independent, dated 9th November 2017 author Aatif Sulleyman)

Full article [Option 1]:

www.independent.co.uk/life-style/gadgets-and-tech/news/re-scam-bot-email-scammers-questions-fraudsters-a8046731.html

An artificially intelligent bot that inundates email scammers with a never-ending stream of questions has been created.

Re:scam is designed to waste the time of the people behind email scams, and annoy them until they give up.

It's been developed by Netsafe, which says it's time regular web users "fought back".

At the time of writing, Re:scam has sent over 16,000 emails to scammers which, according to Netsafe's calculations, have collectively wasted more than 25 days of scammers' time.

"I adopt one of my many personalities to continue the conversations of any would-be victim," the bot, which also describes itself as "super-interested" and "a bit naive", says.

"I waste their time with a never-ending series of questions and anecdotes so that they have less time to pursue real people. Just like you, I mqke typos, and jokes that no one appreciates.

"They won't know when they're scamming, or getting scammed out of their own time. It's bad for business."

According to Netsafe, $12 billion is lost globally each year because of phishing scams.

The organisation is inviting anyone who thinks they've been targeted by a scam email to forward it to Re:scam, which will verify if it is a scam or not.

It will then use its own email address to target any scammers it manages to detect.

"Deleting a scam email protects you, but forwarding to me@rescam.org protects others," says Re:scam. "It's also kinda funny."

The chat bot "service", for bogus mail to : me@rescam.org

-----------------------

(10th November 2017)


TOP FRAUD RISK AREA IS NOT CYBER CRIME OR MONEY LAUNDERING, BUT MISSPENDING GOVERNMENT MONEY
(City AM, dated 9th November 2017 author Lucy White)

Full articl [Option 1]:

www.cityam.com/275448/top-fraud-risk-area-not-cyber-crime-money-laundering-but

Misspending government funding tops the list of current fraud risk areas, ahead of cyber crime and money laundering, according to accountancy firm Moore Stephens and the Chartered Institute of Public Finance and Accountancy (CIPFA).

Almost half of accountants surveyed by Moore Stephens and CIPFA said grant fraud - where an individual, business or charity applies for money it is not eligible for, or spends it on activities not included in the conditions - poses a high or very high risk.

In one recent case, a Cambridge historian claimed £223,000 from the Heritage Lottery fund for a fictional archaeological scheme. He instead spent it on mortgage repayments and a new car, and was jailed for six years.

"It may seem surprising to find government grants eclipsing more 'fashionable' areas like cyber crime when it comes to fraud risk," said John Baker, a director at Moore Stephens.

"It may be the case that areas such as cyber and bribery have been addressed more recently due to the high profiles, leaving more traditional areas unattended."

Grant fraud can include cases where the funding came from the EU or the United Nations, for activities such as research or humanitarian projects, and Moore Stephens has warned that there could be an increase in fraudulent applications for EU grants as Brexit threatens to close the door.

Money laundering was seen as the second highest risk internationally, with 42 per cent of respondents saying it was a high or very high risk, followed by payroll fraud. In the UK, payroll fraud ranked second.

The top 10 fraud risks worldwide

Type of fraud / Percentage of respondents scoring high or very high risk

Grants : 48 %

Money laundering : 42%

Payroll fraud : 41%

False representation : 40%

Bribery : 40%

Bank mandate : 39%
(when a direct debit is changed send money to a fraudster disguised as a regular payee)

Cyber crime : 38%

Misreporting results : 37%

"Whale fraud" : 37%
(where finance staff receive a message asking to rush through a payment to a supplier)

Procurement fraud (receipt, evaluation and award fraud) : 32%

(10th November 2017)


SOME POLICE FORCES FAILING TO RESPOND TO THEFT, ASSAULT AND VIOLENT CRIMES
(The Telegraph, dated 9th November 2017 author Martin Evans)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/11/09/police-forces-failing-respond-theft-assault-violent-crimes-watchdog/

Some police forces are failing to respond to "low priority crimes" - including theft, assault and violence, a report from Her Majesty's Inspectorate has found.

In its third annual review of how forces manage their resources, the police watchdog, found that not all crime victims were receiving the quality of service they deserved from the police.

Her Majesty's Inspectorate of Constabulary and Fire & Rescue Services (HMICFRS) acknowledged that forces were facing "significant" financial pressure, but said there were still efficiencies to be made in the service and shrinking budgets should not be used as an excuse to ignore some victims.

Mike Cunningham, the inspector who led the review, said his team had found numerous examples where police were leaving low priority crimes unresolved for long periods of time, and in some cases were not responding at all.

He said while decisions were often based on whether a victim was deemed vulnerable, it included offences such as theft, assault and even violence against the person.

Presenting the findings, Mr Cunningham, said police forces were under huge pressure to reduce demand on their shrinking resources.

But he added: "In reducing demand, it is important that forces do not simply suppress it, by which we mean fail to identify, acknowledge or deal with certain kinds of demand.

"HMICFRS is beginning to see examples of forces taking action to prioritise their demand in such a way that low priority and less urgent incidents can be left unresolved for long periods.

"While the prioritisation of tasks is important, forces need to ensure that victims receive the quality of service that meets their needs."

Inspectors found that many force control rooms where 999 and 101 calls are received, were struggling to meet demand.

Mr Cunningham said in Devon and Cornwall some low priority 999 callers were being left waiting on the line for so long that they eventually hung up.

The report comes at a time of intense debate over the future of police funding with many Chief Constables arguing that cuts are eroding the ability to tackle serious crime.

Last week the Home Secretary Amber Rudd issued a rebuke to forces asking for more cash urging police leaders to focus on cutting crime instead of lobbying for more money.

But the HMICFRS report acknowledged the financial pressure facing forces saying: "While most forces throughout England and Wales have risen impressively to the challenges they face, policing remains under significant stress."

Earlier this week, Met Commissioner, Cressida Dick told MPs that while further efficiencies could be made, proposed cuts would leave Scotland Yard struggling to bear down on offences such as gun and knife crime and even terrorism.

The two kinds of crime statistics

Crime levels in the United Kingdom are measured according to two rather different methods.

1. Police records data

Using the crimes actually recorded by the police each year allows us to see fast-moving changes in criminal trends. However, the data are strongly affected by changes in how crime is classified, how seriously the police pursue it and how willing the public is to report it. Better policing can make this crime rate appear to go up.

2. Crime Survey

In England and Wales (and, separately, in Scotland) a significant sample of the population is questioned about being the victim of crime in the past year. This survey cannot measure crimes where no named victim can be interviewed, such as corporate crimes or murder. However, it can flag crimes that frequently go unreported to the police, such as domestic abuse.

Which high-volume crimes are least likely to be solved?


Proportion of crimes ending with no suspect identified, year to June 2017 (Source : Home Office)

Theft from vehicle : 95%
Burglary in a non-dwelling : 87%
Other theft : 84%
Criminal damage to a vehicle : 79%
Burglary in a dwelling : 79%
Shoplifting : 46%
Public fear, alarm or distress : 33%
Harassment : 17%
Assault with Injury : 15%
Assault without injury : 14%

uaware comment : figures shown above are interpretation of graph within article.

(10th November 2017)



RUSH HOUR ROWS ON THE TUBE FUEL SHOCK SURGE IN VIOLENT INCIDENTS

(London Evening Standard, dated 9th November 2017)

Full article [Option 1]:

www.standard.co.uk/news/transport/fight-tube-anger-crimes-soar-on-london-underground-a3686006.html

A dramatic surge in crime on the Tube, with serious public order incidents up 230 per cent, is revealed today in official documents.

Total notifiable offences have risen by 22 per cent in the second quarter of this year, June 25 to September 19, compared with the same period 12 months ago. Sexual offences are up seven per cent on the Tube and 44 per cent on London Overground.

A report paints a picture of increasing low-level violence, pushing and shoving, verbal disputes and threatening behaviour during morning and afternoon peak times and later in the evenings, particularly on Friday and Saturday nights.

Transport for London said the rise "part reflects national trends in crime, with the latest figures for England and Wales showing an increase in all policerecorded offences of 13 per cent in the 12 months to June, with even greater rises for violent offences".

All forms of transport, with the exception of the bus network, "experienced an increase in the volume of reported crime and a higher rate of crime per million passenger journeys".

The TfL statistics come just 48 hours after it announced it was cutting up to 1,434 jobs and £ 3 billion from the health and safety budget to reduce overall spending. The documents reveal:

- Serious public order offences: rose from 233 to 768 - up 230 per cent

- Robberies: 17 to 42 - up 147%

- Theft of passenger property: 1,125 to 1,387 - up 23 per cent;

- Sexual offences: 343 to 367 - up 7%

- Sexual offences on London Overground: 18 to 26 - up 44%

- Total notifiable offences on the Tube : 3,318 to 4,053 - up 22%

Reported drug offences are down 46 per cent, violence against the person down 14 per cent and serious fraud down 51 per cent.

The details are in TfL's customer and operation performance report, dated today and revealed by Mick Cash, leader of the RMT union.

He said: "These are truly shocking figures. RMT has warned for years that cuts to staff would turn London Underground (LU) into a thugs and criminals paradise and our warnings have now come home to roost with a vengeance.

"Rather than TfL planning for a further 1,400 job cuts in the next tranche of planned reductions passengers need more staff acting as a deterrent and to be on hand to help co-ordinate our response to crime on London's transport network. The job cuts on LU must be halted and reversed."

TfL said: "We are addressing these incidents but it remains challenging given the sporadic nature of offences.

"The reporting of sexual offences of the transport system has continued to rise on LU and London Overground.

"This reflects the continuing efforts to tackle unwanted sexual behaviour on public transport."

It continued: "Increases in recorded crime on LU, Docklands Light Railway and London Overground are primarily driven by rises in reported sexual offences, low-level violence and public order offences and criminal damage."

(10th November 2017)


POLICE URGE PEOPLE TO REPORT CRIME ONLINE AS 999 SERVICES STRUGGLE WITH DEMAND
(The Telegraph, dated 9th November 2017 author Martin Evans)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/11/09/police-urge-people-report-crime-online-999-services-struggle/

Britain's biggest police force is urging people to report crimes online and even collect their own evidence, after figures revealed that thousands of people were abandoning 999 calls before they get a response.

The Metropolitan Police is rolling out a new service which will let people report even serious offences using their mobile phone, tablet or computer rather than having to speak directly to a control centre.

The system is intended to speed things up and make reporting a crime more convenient.

But it comes at a time when there is mounting evidence to suggest the current 999 and 101 non emergency services are failing to cope with the volume of calls.

It has emerged that police call handlers are so stretched that many people simply hang up before their issue has been dealt with.

New figures reveal that last year more than 42,000 people who dialled 999 to ask for a police response, failed to complete the call.

The numbers were even worse for 101 non emergency calls, with almost 860,000 people giving up before they got a response.

Data released under the Freedom of Information Act, showed that more than 30,000 calls had taken more than 16 minutes to answer.

While Scotland Yard said there were a number of reasons why a call might be abandoned, including a loss of mobile signal, it will lead to concern that many people are simply giving when attempting to report low level crimes.

Earlier this week a report by her Majesty's Inspectorate of Constabulary and Fire & Rescue Services (HMICFRS) identified problems with a number of 999 services and urged police forces to find new and innovative ways to interact with the public.

The Met's new online reporting service will allow people to report low priority crimes with call handlers assessing each case within 45 minutes.

Scotland Yard already has an online facility available for minor crimes, but the new system will allow more serious offences to be reported via the internet.

Deputy Assistant Commissioner Mark Simmons said: "It is important the Met moves with the times and we know more and more people want the ability to report crime online in a place and at a time that suits them.

"The process has been made as simple and easy as possible. The public are taken through a series of online steps to make their report and the very first question asks them if this is in fact an emergency.

"He do not want people to report emergencies online; they should continue to call 999 in the normal way and police officers will respond.

"However, online reporting is a very easy alternative to calling our non-emergency number 101 and quicker than waiting in a telephone queue at busy times."

He said it was not an automated service and each report would be dealt with by an experienced 999 call handler.

He added: "We will respond within 48 hours. However, if those call handlers think that the crime needs a more urgent response they can divert the report to a police officer to attend.

"Where needed, we will continue to visit victims of crime face-to-face but online reports for less serious offences mean an officer does not need to visit an address to take details. This frees them up to attend the calls where they are needed most."

(10th November 2017)


LONDONERS ABANDON 860,000 CALLS TO MET'S NON-EMERGENCY 101 NUMBER IN JUST 12 MONTHS
(London Evening Standard, dated 9th November 2017 author Justin Davenport)

Full article [Option 1]:

www.standard.co.uk/news/crime/londoners-abandon-860000-calls-to-mets-nonemergency-101-number-in-just-12-months-a3686196.html

Nearly 860,000 calls to Scotland Yard's non-emergency 101 number were "abandoned" in the past 12 months, figures revealed today.

They also show that more than 42,000 people dialling the emergency 999 number and asking for a police response failed to complete the call.

The number of uncompleted 101 calls in September was 78,008 - a rise of more than a third on the 57,734 for October last year. The figures were revealed to Labour London Assembly Member Andrew Dismore after a question to the Mayor.

It raises fears that Londoners trying to report "low-level" crimes could be giving up in frustration. Separate figures obtained after a Freedom of Information request show the number of 101 calls taking longer than 16 minutes to answer rose from 435 in January to 30,746 in June. The number answered within 30 seconds fell from 142,322 in January to 60,197 in June.

The worst month for uncompleted 101 calls was also June, with 151,147 - more than half the total of 284,704 calls received. There were also 7,908 uncompleted 999 calls that month, though this was only 3.5 per cent of the total 205,382 received that month.

Police point out that June was the month of the London Bridge terror attack and the Grenfell Tower fire, which put emergency services under huge pressure.

Scotland Yard also said there were many reasons why callers hang up. One is that people dialling 101 decide to report crimes online after hearing a recorded message about this service. An "abandoned call" can also be due to a mobile phone losing its signal.

However, senior officers admit that the Met's call handling centre has been short-staffed. In August, the force advertised for 190 new call handlers.

The figures come as the Met faces £400 million of cuts. The force plans to close more than half its 73 police stations and sell the buildings to raise £165 million.

Mr Dismore said he had received numerous complaints about long waits on the 101 service. "People are hanging on for half an hour and then giving up. I think the Met are trying to sort it out but people do not expect to call police and be kept waiting for 20 minutes or half an hour," he said.

"There is a real concern about what happens to the reporting of some so-called 'low-level' crimes if Londoners inevitably give up and abandon efforts to get through to an operator due to delays in call-answering."

He added: "With plans to close stations across London, there's a risk that some people who would use 101 as an alternative, as suggested by the police, will struggle to report crimes and other problems. Until the 101 number is operating as it should, plans to close stations should be deferred."

He said Londoners such as pensioners who might not use online services and those on low incomes without computer access would struggle most.

Chief Superintendent David Jackson, head of the Met's Command and Control department, said there had been a 12 per cent rise in the number of calls to the Met in the past year, which had had an impact on services, particularly for 101 calls as 999 calls are given priority at times of high demand. He added that June was the Met's busiest month for 999 and 101 calls in two years.

He said: "I know that our staff and officers really appreciate the support that all emergency services have received from the public following some awful events, and the public can help us by only using 999 in an emergency.

"If you need to contact police in a non-emergency, then visit our website to see if your matter can be dealt with on there, or if you call us on 101, then please bear with us at this time."

###Londoners turn to the internet to report crime

Thousands of Londoners are reporting crimes online as Scotland Yard says that fewer people are choosing to go to police stations over minor offences.

The Met released figures today showing that 9,000 crimes were reported online in June compared with 900 in February when this internet service was launched.

In total there have been 51,000 crimes or incidents reported online in London in the past six months. The Met said about eight per cent of crime reports were now done using a computer or smartphone.

Deputy Assistant Commissioner Mark Simmons said: "Research shows that while most people want to contact us by phone, the second preference is to contact us online."

Since February, officers have dealt with 85 crimes reported online which needed officers to attend. These included reports of burglaries, sex offences, domestic abuse and a historical rape.

Mr Simmons said: "I want to reassure people that this is not an automated service - each report will be handled by one of our experienced call handlers, the same ones who take 999 and 101 calls, within 45 minutes of a report being submitted."

Police say most crimes can be reported online unless there is a suspect on scene and a risk to life or property. They still want people to call to report a missing person or antisocial behaviour.

(10th November 2017)


RUTH DAVIDSON - HUNDREDS OF EMERGENCY POLICE CALLS GO UNHEEDED
(The Telegraph, dated 9th November 2017 author Auslan Cramb)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/11/09/ruth-davidson-hundreds-emergency-police-calls-go-unheeded/

Two hundred emergency calls to Police Scotland have "gone unheeded" in the past year, with officers not being deployed to incidents or being sent to the wrong town, according to Ruth Davidson.

The Scottish Conservative leader said the mishandled cases included a suicidal caller who was told to "hang up", and a 999 call from a couple saying their front door was "being kicked in".

She challenged Nicola Sturgeon on the issue at First Minister's Questions after a damning police watchdog report found a number of failings in the way police dealt with an emergency call from a vulnerable, domestic abuse victim.

Elizabeth Bowe, 50, rang the police on September 17 last year, but a member of staff at the Bilston Glen area control centre downgraded the status of her call and left a voice message saying the 999 service was "for emergencies only".

Her brother Charles Gordon, 52, called police later to say he had just killed Ms Bowe, and when officers reached her home in St Andrews - one hour and 24 minutes after her original emergency call - she was suffering from injuries that would prove fatal.

Ms Davidson said it was not an isolated incident and people wanted to know how many more times a call for help would go unheeded "before the situation in our emergency control rooms is sorted out".

She added that the Conservatives had uncovered 200 incidents in the last year "where police had failed to respond appropriately".

"In one case a suicidal man was told to hang up. In another two separate call handlers failed to record a report of a dead body in a house," she said.

"In another, a couple rang 999 to report their front door was being kicked in, they didn't get any help because firstly the wrong address was written down and secondly police officers weren't even dispatched. That is the reality of what is happening right now."

The Bilston Glen centre was also widely criticised in 2015 following the deaths of John Yuill and Lamara Bell after the couple lay undiscovered for days after a crash on the M9 near Stirling, despite their wrecked car being reported.

Ms Davidson said MSPs had been "promised" the reduction in the number of police control rooms would not result in a loss of local knowledge.

She added: "So let me read some more cases from this year. A woman threatened by her ex-partner who didn't get a response from police because they were sent to the wrong address.

"A man threatened with a knife where police were sent to the right flat in the right street but in the wrong town.

"A caller who rang as their mother and their niece were being assaulted and again police were sent to the wrong location."

Ms Sturgeon expressed her "heartfelt thoughts and sympathies" to the family of Ms Bowe, and said each of the cases cited was "serious and unacceptable".

But she also claimed Police Scotland had made "significant improvements" in call handling, adding: "I do think it is important also to put the situation into context. Ruth Davidson cites 200 incidents - as I say completely unacceptable - but Police Scotland handle 2.6 million calls every year.

"I am very clear that one of the incidents of the type Ruth Davidson has cited here today is one too many and lessons must be learned from all of these incidents."

The First Minister said that following the murder of Ms Bowe "the police have rolled out risk and vulnerability training to more than 800 staff, further guidance has been issued to all control room staff in regards to the regrading and closing of incidents, a national quality assurance unit for police call handling has also been established".

(10th November 2017)


GOOGLE SAYS HACKERS STEAL ALMOST 250,000 WEB LOGINS EACH WEEK
(CNN Tech, dated 9th November 2017 author Selena Larson)

Full article [Option 1]:

http://money.cnn.com/2017/11/09/technology/google-hackers-research/index.html

Looking at cybercriminal black markets and public forums, the company found millions of usernames and passwords stolen directly through hacking. It also uncovered billions usernames and passwords indirectly exposed in third-party data breaches.

For one year, Google researchers investigated the different ways hackers steal personal information and take over Google (GOOG) accounts. Google published its research, conducted between March 2016 and March 2017, on Thursday.

Focusing exclusively on Google accounts and in partnership with the University of California, Berkeley, researchers created an automated system to scan public websites and criminal forums for stolen credentials. The group also investigated over 25,000 criminal hacking tools, which it received from undisclosed sources.

Google said it is the first study taking a long term and comprehensive look at how criminals steal your data, and what tools are most popular.

"One of the interesting things [we found] was the sheer scale of information on individuals that's out there and accessible to hijackers," Kurt Thomas, security researcher at Google told CNN Tech.

Even if someone has no malicious hacking experience, he or she could find all the tools they need on criminal hacker forums.

Data breaches, such as the recent Equifax hack, are the most common ways hackers can get your data. In one year, researchers found 1.9 billion usernames and passwords exposed by breaches. The company continued to study this through September 2017 and found a total of 3.3 billion credentials.

But digital criminals can be much more proactive in stealing your information. Two popular methods are phishing, which is posing as a trustworthy person or entity to trick you into giving up your information; and keylogging, or recording what you type on your computer.

Google researchers identified 788,000 potential victims of keylogging and 12.4 million potential victims of phishing. These types of attacks happen all the time. For example on average, the phishing tools Google studied collect 234,887 potentially valid login credentials, and the keylogging tools collected 14,879 credentials, each week.

Because passwords are not often enough to access online accounts, cyber criminals are trying to collect other data, too. Researchers found that some phishers try and siphon location, phone numbers, or other sensitive data while stealing login credentials. Mark Risher, director of product management at Google, said this was one of the study's key findings.

Google can automatically recognize when you're logging in from somewhere unusual -- if the company sees you attempting to login from Russia when you usually login from California, Google will ask to verify it's you. As a result, Google has tightened the location radius around what it considers to be usual login areas.

Google has also implemented additional layers of email security on its official Gmail app. The company said that applying the research insights to its security protections prevented 67 million Google accounts from being abused.

Last month, the company launched a handful of tools for people to further protect themselves, including a personalized account security checkup, new phishing warnings, and the Advanced Protection Program for Google's most at-risk users.

Although experts have suggested using multi-factor authentication (a layer of security in addition to your password) for a long time, public adoption lags behind. According to recent data from Duo Security, most Americans don't implement the extra layer of protection.

But that might be changing. Risher said Google is seeing more people adopt less convenient options in order to keep themselves safe. For example, Google said Amazon sold out of the Advanced Protection Program kits soon after they launched. The kit contains two physical security keys a person would be required to have in order to access to their account.

Google said it is sharing its latest findings so other companies can also implement better protections to guard against account hijacking.

"We talk a lot about how airlines don't compete over which one crashes more frequently," Risher said. "Likewise, we don't think security is something to keep to ourselves."

(10th November 2017)


SCAM VICTIMS WHO "FAIL TO TAKE REASONABLE CARE" WILL NOT GET A PENNY IN COMPENSATION
(The Telegraph, dated 8th November 2017 author Katie Morley)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/11/08/scam-victims-fail-take-reasonable-care-will-not-get-penny-ofcompensation/

Scam victims who fail to take "reasonable care" to protect themselves against criminals will not get their money back under a formal compensation scheme being designed by watchdogs.

From next year, an anti-fraud revolution will see consumers who have been conned into transferring money to fraudsters reimbursed by their bank - but only if they can prove that they did not act recklessly.

Victims who have lost life-changing amounts could be denied a single penny of compensation if they did not conduct "common sense" checks, such as spotting bogus email addresses or account details and names that do not correspond.

The plans are being drawn up by the Payment Systems Regulator (PSR) to curb a growing fraud epidemic in which criminals posing as legitimate organisations are extracting £200million from 40,000 victims every year.

Consumer groups said bank customers who fall for scams should not be blamed and called for banks to take the responsibility.

The fraud usually involves email interception or some form of trickery, whereby the victim unknowingly sends money to a criminal's account, meaning they are often unaware of the scam until it is too late.

Gareth Shaw, the Which? Money Expert, said: "These scams have become so complex and believable that many consumers couldn't be expected to spot them. Banks should consider introducing additional checks - such as delayed payments or third party signatures - with extra focus on protecting vulnerable customers."

James Daley, director at Fairer Finance, a consumer group, said: "The test should be how far did the bank go to stop the scam, not how far did the consumer go.

"It is perfectly possible for banks to install enough checks to fully put an end to this and the test should be how far have they gone - not how far have consumers gone. Losing their life savings is far too high a penalty for customers who have been negligent and this should not happen."

At present, just one in four victims are reimbursed, but this figure is set to rise considerably. The action follows a "super-complaint" by Which? over concerns people were being conned out of huge sums of money with no hope of compensation.

The PSR said it was considering changing the law to allow criminal funds frozen in bank accounts to be used to compensate victims.

The Telegraph has previously called for regulators to act to stop consumers being tricked as we have heard from dozens of consumers swindled by tricksters posing as solicitors, investment professionals, government departments and salesmen.

In one shocking case, a woman lost £130,000 in a sophisticated solicitor scam and reported it to First Direct, her bank, only to be told the fraud team had finished for the night.


Bank transfer fraud - How you can be targeted

Consumers have to be on guard every time they are asked to make a bank transfer as fraudsters grow evermore sophisticated and target their victims in a number of ways.

Conveyancing fraud:

Property buyers and sellers are at risk of losing life-changing sums should they become victims of "conveyancing fraud".

Criminals are able to hack into online systems and intercept emails between clients and solicitors just before completion.

They replace the details of the account where the payment is due with their own so the unsuspecting victims often pay hundreds of thousands of pounds into the fraudster's account. In the numerous cases reported by Telegraph Money this money is never reimbursed.

Rental fraud:

Potential tenants are tricked into transferring an upfront fee by bank transfer to a fake landlord or rental firm ahead of a property viewing. The fraudster then disappears.

Overpayment fraud:


Landlords have also been targeted by fraudsters. One bed and breakfast owner was sent a bank draft by a "customer" which amounted to more than the cost of the room. She transferred the excess £1,400 back to the fraudster. She later discovered the bank draft was fraudulent. Her bank refused to reimburse her.

Online marketplace fraud:


Countless readers have reported paying fake sellers on eBay, Gumtree, Amazon for items that fail to arrive.

Some of the largest losses are related to vehicle purchases where the fraudster asks for an upfront payment by bank transfer and promises to deliver the car on an agreed day. Victims only realise the ruse when the car does not show up and the seller disappears.

Those who buy vehicles on eBay are not eligible for its Money Back Guarantee which applies to most items paid for through the platform using PayPal. Motors should be viewed in person before the money is handed over directly to the seller.

Telegraph Money readers have also reported similar scams on Airbnb, the accommodation booking site. Fraudsters posing as hosts trick users into making bank transfers outside of the site for properties that don't exist.

Airbnb said hosts and guests are protected by making payments through its site.

BANK TRANSFER FRAUD - THE NUMBERS January - June 2017 (Source : UK Finance)

n = Personal (n) = non-personal

Total Cases : 17,064 (2,306)
Total Victims : 16,993 (2,244)
Total Lost : £51.7m (£49.5m)
Total returned to victim : £9.8m (£15.4m)

(10th November 2017)


FAST GROWING CYBER CRIME THREATENS FINANCIAL SECTOR : EUROPOL
(Reuters, dated 8th November 2017 author Axel Bugge)

Full article [Option 1]:

https://uk.reuters.com/article/us-portugal-websummit-europol/fast-growing-cyber-crime-threatens-financial-sector-europol-idUKKBN1D82QS

The "remorseless" growth of cyber crime is leading to 4,000 ransom attacks a day and gangs' technological capability now threatens critical parts of the financial sector, the head of Europol said on Wednesday.

Online criminals have become so sophisticated that gangs have created "conglomerations" with company structures that specialize in different criminal activities to carry out the attacks, Rob Wainwright, who leads the EU law enforcement agency, said.

"What really concerns me is the sophistication of the capability, which is becoming good enough to really threaten parts of our critical infrastructure, certainly in the financial, banking sector," he told Reuters.

And while not all those 4,000 ransom attacks - which demand money to restore access to files that have been frozen or encrypted - are on banks, the financial services sector is seen as a key target because of the potential profits for the criminals.

Even bank payment systems and ATM cash machines fall prey, Wainwright said.

The launch of ransomware attacks such as Wannacry, which struck firms around the world in May and June, has changed the dynamic of such attacks, by propagating them more widely through companies' computer systems, Wainwright said.

The rapidly spreading extortion campaigns underscored concerns that businesses have failed to secure their networks from increasingly aggressive hackers, who have shown they are capable of shutting down critical infrastructure and crippling corporate and government networks.

"The real threat comes from a sort of exponential, remorseless increase in the scale and significance of cyber criminal capability," Wainwright said on the sidelines of the Web Summit technology conference in Lisbon.

He said every year there now "seems to be a doubling, or tripling, of one kind of threat or another, in terms of scale".

He said the challenge of fighting cyber criminals is that they can be based "in their bedrooms", making it difficult to find them. A majority of cyber criminals "we are working against are Russian speaking, not just Russian", he said. Russia denies it is involved in hacking.

Last year, police authorities in several countries smashed 20 criminal groups that had created a "service-based economy" for the rest of the criminal market, such as providing ways to launder money or sell drugs online.

Such criminals gangs operate on the so-called dark web, which can only be accessed with special software.

It is used by criminals doing everything from selling drugs to guns, but also attacking payments systems and other parts of the financial system.

"There is this sort of cyber criminal underworld that's a lot bigger and smarter and adept than most people think," Wainwright said. "And, against it, we still have generally low cyber security standards."

(10th November 2017)


ESSEX POLICE SHOWS INJURIES SUFFERED BY POLICE OFFICERS AS IT ASKS FOR MORE PROTECTION
(Telegraph, dated 8th November 2017 author Helena Horton)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/11/08/essex-police-shows-injuries-suffered-police-officers-asks-protections/

###uaware note : this article includes photographs of the injuries sustained by Essex Police Officers

Essex Police Federation has asked for more protections for its officers as it shares photographs of injuries they have suffered.

The Federation has asked for protection for the police, as well as better equipment and is welcoming stricter punishments for those who assault emergency workers.

The Chief Constable of Essex Police, Steven Kavanagh, said: "Appalling. Too many Essex Police officers assaulted this weekend keeping the county safe. More needs to be done."

The Assistant Chief Constable, Andy Prophet, revealed that 12 police officers in Essex were injured over the weekend while on the job.

Steve Taylor, Federation Chairman, has said that more Tasers and better equipment, as well as a better resourced police service, would further protect Essex Police officers from injury and attack.

He said: "I'm encouraged by the cross-party support that the 'Protect the Protectors' bill has received around protection for emergency service workers."

"It's encouraging that all of our MPs here in Essex seem to be behind it, and we've had MPs speaking about the matter in Parliament, which is good and demonstrates that the efforts we've made locally to lobby our MPs is paying off to some degree.

"Let's not forget that 'Protect the Protectors' is a wider collection of issues, not just this one, and we're very keen that the success we've had in the emergency services workers protection bill can be replicated in protection for police drivers.

"The nature of police hasn't changed. There are fewer of us trying to do more, which will increase the risk.

"We're trying to keep our officers as safe as we can, we're trying to equip them with the very best that we can equip them with, and will continue to make those arguments and put those reasons to the Chief Officer team and the force."

The Emergency Workers (Offences) Bill passed the second reading stage in October.

It would introduce a new triable either way offence of assault or battery against an emergency worker, with a maximum penalty of a 12 month prison sentence; introduce a statutory aggravating factor for the courts to consider when sentencing certain assaults; and enable samples to be taken from people who spit at officers.

(10th November 2017)



BIKE THEFT IS NOT INEVITABLE

(The Guardian, dated 7th November 2017 author Tom Babin)

Full article [Option 1]:

www.theguardian.com/cities/2017/nov/07/theft-bike-app-vancouver-project-529-j-allard-xbox

The bicycle was nothing impressive - an ageing mountain bike worth only a couple of hundred dollars - but Vancouver police officer Rob Brunt remembers it clearly. The owner, clad head-to-toe in cheap green waterproofs, on her way to work at the market on Granville Island, stopped Brunt to express worry about her bike. It was locked to a nearby rack, behind a car park and out of sight of passersby - a perfect place for thieves. It was her primary mode of transport and she couldn't afford to lose it.

The next time Brunt saw the woman, she was crestfallen. The bike had indeed been stolen, forcing her to miss a few days of work and get around on a borrowed ride. She was scraping together the money for a new lock.

The woman's story stuck with Brunt. "I learned from that the price of a bike is not indicative of the value to the owner," he says.

That was two years ago. Today, a remarkable turnaround has taken place on Granville Island, which was at the time the worst spot in Canada's worst city for bike theft. Since then, bike thefts have declined by more than 70%, an incredible improvement in a problem that is pervasive in nearly every major city in the world. Similar reductions across Vancouver are offering hope that something can be done to combat a phenomenon that stymies the growth of bike culture.

And the turnaround might never had happened if somebody hadn't stolen J Allard's bike.

Allard has become a bit of a folk hero in Vancouver's cycle community for his tireless work to stop theft - but he doesn't even live in the city. He makes his home across the US border in Seattle, where he's a giant in the tech industry - a former Microsoft executive who led the team that invented the Xbox. He was adjusting to life in Seattle after a high-profile departure from Microsoft several years ago when he woke one morning to find his beloved mountain bike gone.

The experience rattled him. Not only did he feel victimised, he was bothered by the lacklustre police response. He started to look into why bike theft had come to seem like a problem without a solution, accepted by so many as an unavoidable part of urban life.

Allard found a litany of barriers that have prevented meaningful action against bike theft: police are often burdened with other priorities, while stolen bikes can be sold online with impunity. The fragmented bike industry hasn't agreed on a standardised serial number, and riders themselves don't always properly lock their bikes. Allard says he couldn't find a single person in North America working full-time to stop bike theft.

"I just couldn't accept the answers to the questions I was asking after my bike was stolen," he says over a beer at a Vancouver pub. "I reject the notion that getting a bike stolen is just part of riding a bike."

But bike theft is rampant in cities all over the world. In London, about 20,000 bikes are reported stolen every year; 72 went missing from Milton Keyes station alone last year. Theft costs Portland $2m (£1.5m) a year, and that's just the bikes which are reported stolen. A 2015 report by the Netherlands' Central Bureau of Statistics stated that the 630,000 thefts reported to police constituted only about 30% of the total that went missing.

Allard decided to do something about it. What emerged was Project 529, an ambitious scheme aimed at stopping bike theft. The first phase was a global app-based database of bikes geared to riders and police forces, intended to both discourage theft and aid the return of recovered bikes. While online databases have existed for years, none had truly caught on with North Americans, nor was there one shared by police forces across state or international borders.

He quickly learned, however, that the problem went much deeper than encouraging riders to register bikes. A turning point came when he was introduced to Brunt, the veteran Vancouver beat cop who was working on bike theft after being posted to light duty following an injury.

Brunt gave Allard a new perspective on the problem, and access to a police force that was willing to try something new. Allard gave Brunt tech-industry ambition and almost limitless energy to combat the problem.

Together, the pair have turned Vancouver into a test case for a more comprehensive approach to stopping bike theft. They have personally visited every bike shop in Vancouver to discuss the problem, and to encourage owners to register each bike they sell (Allard personally upgraded the sales software for some shops himself to make that easier). They've visited community centres and set up booths at festivals to educate people and invite them to register. At Granville Island, which receives 10 million visits a year, Allard and Brunt worked with owners to relocate bike racks to safer locations, organised bike lock loans to customers, and plastered the Project 529 logo on as many bikes as they could to deter would-be thieves.

"I don't know if anybody else could do this but J," Brunt says. "He's so smart and so good at so many things that it's unbelievable. He's always presenting different perspectives and analysing things in different ways. He just thinks differently."

Across Vancouver, the number of bike thefts fell 20% in the first year the pair worked together. The next year, they fell another 30%. On Granville Island in June 2015, before the project started, 33 bikes were stolen. In June 2017, that number had fallen to seven.

Their work is getting noticed. Laura Jane of Vancouver bike-advocacy organisation Hub Cycling says theft was so bad in the city that she heard of people who had given up riding out of fear of their rides being pilfered. She's been heartened by the turnaround, which she credits to Allard's work and renewed focus by the Vancouver police.

"Cycling needs to be convenient, and there will always be some risk of theft, but what's encouraging is they have demonstrated some very clear steps in reducing bike thefts," Jane says. "This shows that theft is not inevitable in a bike-friendly city."

Still, Allard's business is hardly a runaway success. He has funded it so far using proceeds earned from the sale of his vacation home. Without more city police forces on board, and more cash - registration to 529 Garage is free, but he also sells upgrades - the project's future is uncertain.

"For everything else, we have the magic formula, but not the money side of it," Brunt says. "J is doing this out of his own pocket. He's spent thousands of his own dollars here, and he's not even Canadian. That's kind of heartbreaking to me."

Like any good tech-industry big-thinker, Allard has plowed ahead so far without much thought to funding. "If I had a business plan, I wouldn't be here," he says with a laugh. He acknowledges that Project 529 isn't as "scalable" as he might like, but he hopes Vancouver's results will inspire more cities to take an interest.

He's already signed up police forces in some commuter towns around Vancouver and is looking for more, but is eyeing something bigger: Seattle, a city where a bike is stolen every hour, on average. If Allard can inspire his hometown police force to take the problem as seriously as Vancouver does, he thinks he can put a dent in the cross-border sales that fuel bike thefts in both cities.

"Do I want to cut bike theft by 50%? Yes, of course, but that may not be achievable," he says. "But we can made a difference."

As for that young woman at Granville Island, Brunt remembers her story for another reason. After first meeting her, he and Allard convinced her to register her bike on the 529 Garage app. She did so, and uploaded some photos of herself in her green waterproofs alongside the bike. Eventually, her bike appeared on Craigslist, and with the help of the police and the information in the app, it was recovered and returned to her. It's a story with a happy ending.

(10th November 2017)

BANKS PLAN TO STOP FRAUDSTERS VANISHING INTO THE ETHER WITH YOUR CASH
(Daily Mail / This is money, dated 7th November 2017 author Victoria Bischoff)

Full article [Option 1]:

www.thisismoney.co.uk/money/beatthescammers/article-5060237/Banks-plan-stop-fraudsters-vanishing-cash.html

Banks are working on plans to track down stolen money and return it to fraud victims within days.

They are setting up a new system that allows them find out where a payment has ended up - regardless of how many bank accounts the money has been moved through.

It means fraud victims will stand a far greater chance of getting back the cash they've lost.

Yesterday, new industry figures revealed for the first time the scale of bank transfer scams where con artists trick victims into handing over money.

In the first six months of this year 19,000 people were hit by this type of fraud, losing £101million. Just £25million, a quarter of the stolen money, was returned to customers.

Most victims are left permanently out of pocket because banks struggle to trace the stolen funds.

When a fraudster tricks someone into handing over cash, it is typically moved out of the receiving account and into another one within minutes.

From there it will be moved again and again through different accounts - known as mule accounts - with different banks.

It may be mixed with other money, some of which may be completely unrelated to crime, until it is almost impossible to work out where it originally came from.

The criminal will then withdraw the funds in cash, transfer the money overseas or use it to make a purchase.

At that point, your cash is usually gone for good - and banks won't offer a refund - which is why it is vital to track it down before it leaves the banking system.

A new digital tracing tool, which banks are calling the 'funds repatriation initiative', will make this possible.

Brian Dilley, group director of fraud & financial crime prevention at Lloyds Banking Group, says: 'The banking industry has been working together to develop a central system that enables us to trace and track the proceeds of fraud through the banking system.

'Money stolen by fraudsters often exits the banking system and is long gone before people know they've been conned, but an infrastructure allowing banks to identify money quicker as fraudsters try to move it down the line will make it harder for them to get away with stolen cash and help victims get their money back.'

At present, when a victim of fraud contacts their bank for help getting their money back the bank can only see the first account the money was moved into.

If the bank that received this money says it has already been moved out of the account there is little, if anything, they can do.

But under the new system the victim's bank will be able to enter the payment details into a central computer that will show almost instantaneously every account the money has moved through since it was stolen - and crucially, where it ended up.

Once they know what bank has the money they can call and ask for it to be frozen so fraudsters can't touch it again.

If the case is simple and does not involve foreign bank accounts, the money could be transferred back to the victim within days.

In more complicated scenarios the bank may need longer to investigate to ensure the money is going back to the right owner.

Experts say this new system could protect significant numbers of customers and prevent millions falling into fraudsters' hands.

As Money Mail has highlighted over the past two weeks, around £130million has been frozen in accounts opened by criminals.

Often, this money has been abandoned by fraudsters after banks have become suspicious and flagged the account for investigation.

In many cases banks are then unable to return the cash to the victim either because they can't trace where the money came from or are prevented from touching it by onerous rules and laws.

Money Mail is campaigning for a tweak to the law so this cash can be used to pay back fraud victims who've been left out of pocket.

If the original victims can't be found, banks should be allowed to use it as a compensation fund for other victims.

Barclays, HSBC, Santander, Nationwide and TSB have backed our campaign.

And over the past week Money Mail has convinced Lloyds bank to throw its full weight behind our proposals.

Initially, it had suggested the money might go towards general efforts to tackle fraud rather than as compensation.

But now it says: 'Lloyds fully supports Money Mail's campaign to change the law and unlock all the £130million in the frozen funds to compensate victims of fraud.'

If it was easier for banks to trace money through the system this money wouldn't amass in the first place.

Writing for Money Mail today, Stephen Jones, chief executive of banking trade body UK Finance, says: 'We need changes to the law to help stop the criminals in the first place, as well as helping victims get their money back.

'That is why the UK banking industry welcomes Money Mail's campaign.'

Banks have already begun piloting this new technology and are aiming to move into a second phase of testing early next year.

They say that realistically the new system will not be fully up and running for another two years.

There are also questions around who will fund the system, how people's data will be protected and if it will be mandatory for all banks and building societies to sign up.

There are also legal and data protection issues to consider.

For example, banks say that there needs to be protection in place in the event that they take money out of someone's account to return to a victim and the owner of that account turns out to be innocent.

For example, the criminal could have used the money to pay their rent. In this instance the bank can't just take back the money from the landlord, who may be completely unaware they have been paid in criminal money.

There will also need to be a framework in place to deal with disputes when things go wrong.

Despite being a giant leap forward, the new system will not protect all victims, as it cannot stop fraudsters taking money out of the banking system altogether.

Yesterday, the Payment Systems Regulator announced plans to force banks to reimburse people where firms 'have not met the required standards' in protecting customers.

It also wants to make it harder for criminals to set up bank accounts and is asking banks to share data so it's easier to spot scammers.

(10th November 2017)


POLICE USE UNMARKED LORRY TO CATCH DANGEROUS DRIVERS
(The Telegraph, dated 6th November 2017 author Martin Evans)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/11/06/police-use-unmarked-lorry-catch-dangerous-drivers/

Police are using an unmarked HGV lorry to scour Britain's motorways and catch drivers doing dangerous things being the wheel.

The elevated position of the cab allows police officers to see into the other motorists' cabs and record any illegal activity.

More than 4,000 drivers have been caught over the past two years including a lorry driver who was filmed checking his mobile phone and resting his foot on the dashboard while driving on the M18 motorway in Humberside.

Another motorist was spotted in the East Midlands steering with his knees while he ate his lunch and used his phone at the same time.

And in Surrey one driver was spotted by police trying to put toothpaste onto a toothbrush.

After spotting the offending driver and gathering evidence, officers in the HGV then radio a following police car which pulls the vehicle over.

Twenty-eight police forces have taken part in the initiative since it began in April 2015, catching 4,176 drivers in relation to 5,039 offences.

Nearly two-thirds of those pulled over were using a mobile phone. Other offences include not wearing a seat belt, not being in proper control of the vehicle and speeding.

Highways England's head of road safety Richard Leonard said: "The footage of the driver with his foot up on the dashboard is particularly alarming, and I dread to think what would have happened if he had needed to brake suddenly.

"We will continue to use the cab to tackle deaths and serious injuries and to encourage people to improve how they drive."

Chief Constable Anthony Bangham, National Police Chiefs' Council lead for roads policing, said the HGV cab is "an important element of our intelligence-led operations against dangerous driving".

He added: "People have to think about the consequences of their actions. A moment's distraction can change innocent lives. It is never a risk worth taking."

(1st December 2017)


A SCAM ON TOP OF A SCAM ? EQUIFAX LETTERS SPARK CONCERN AMONG VICTIMS
(Which?, dated 4th November 2017 author Faye Lipson)

Full article [Option 1]:

www.which.co.uk/news/2017/11/a-scam-on-top-of-a-scam-equifax-letters-spark-concern-among-victims/

UK victims of May's Equifax data breach have been left confused and panicked by a letter from the firm which says their personal information has been compromised - but doesn't say what Equifax is or why it holds their data.

Which? has heard from dozens of people who received the letter and were confused by it - with some fearing it to be a scam - because they have never heard of or directly dealt with Equifax before.

Equifax has now confirmed that only 27,000 of the nearly 700,000 people it has written to were its direct customers - and the rest may previously have had no inkling they were affected by the breach.

Equifax data breach: 15.2m Brits affected

In May this year, Equifax announced its data had been access by hackers in a cyber-attack. Some 15.2 million UK client records were compromised and more than 690,000 UK consumers are likely to have had sensitive details stolen.

These include email addresses, passwords, driving license numbers, phone numbers and partial credit card details.

Equifax is now writing to those worst-affected UK individuals to offer a choice of free ID-monitoring services.

Why does Equifax hold data for non-customers?


Equifax has confirmed that just 3% of the worst-hit victims were its direct customers.

How is this possible? As a credit reference agency, Equifax receives personal data from banks and financial institutions whenever someone applies for a bank account, mortgage or credit card. Consent for this is usually included in the application terms and conditions.

This means Equifax may hold data on you even if you've never dealt with it directly. Others will have transacted with Equifax by purchasing a credit report or identity monitoring services from it.

Victims express confusion, fear of further scams


Which? has seen evidence the letters are causing widespread confusion among the victims. One person who'd had their name, date of birth and telephone number compromised emailed us:


As far as I am aware I have never used this organisation, they now advise me to use their "free" services to help protect myself. If they are so incompetent in the first place to have been the subject of a cyberattack why should I trust any of the services they recommend.

Is this a scam on top of a scam?

In addition, the Which? Money helpline has fielded more than 25 calls so far this week from people concerned by the letter.

Technical expert and Trading Standards 'Scambassador' Scott McGready took to Twitter to blast the way Equifax has handled informing the public, branding it 'Like herding cats,' and insisting that 'more needs to be done'.

Which? asked Equifax to comment on the apparent confusion its letter had caused, but it declined to do so.

------------- See orginal article to view the Equifax letter --------------

How to verify your letter?

If you receive a letter regarding the Equifax data breach, and you're not sure if it's genuine, look up Equifax's number independently via a search engine or directory enquiries. Then give them a call to confirm the letter is genuinely from them.

Should I accept the free identity monitoring services?

If your data has been breached, you may be at heightened risk of identity fraud. To combat this, Equifax is offering its worst-affected UK customers free services which monitor how your identity is being used online - some of them run by Equifax itself, and one run by anti-fraud body Cifas.

If you are concerned about the security of Equifax's own products, you can opt to be enrolled in Cifas's Protective Registration scheme - however you will still have to give some personal information to Equifax so it can enrol you for free.

It is possible to enrol directly through Cifas, though this will attract a £20 charge (for two years' cover).

Which? tips for surviving a data breach


If you believe you've been a victim of a data breach, take the following steps to protect yourself:
- Contact your mortgage, current account and credit card providers to make them aware of the potential breach.

- Change your passwords on any online accounts holding sensitive information.

- Check your credit card statements and credit reports for unusual or unauthorised activity. Report any discrepancies to the provider immediately.

- Apply for protective registration from CIFAS - the Fraud Prevention Service. This will trigger additional checks any time someone tries to open a financial product in your name.

- Be extra-vigilant against phishing messages.

- Our (Which?) consumer rights guide explains how to spot a scam message.

(10th November 2017)



WATCH OUT FOR THIS FAKE VERSION OF WHATSAPP FOUND LURKING ON GOOGLE PLAY STORE

(International Business Times, dated 2nd November 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/watch-out-this-fake-version-whatsapp-found-lurking-google-play-store-1645642

A fake and potentially malicious application has been discovered on the official Google Play Store posing as WhatsApp Business - and has been downloaded up to 5,000 times.

The existence of the dodgy software was first highlighted by the popular WhatsApp change tracking website WABetaInfo, via Twitter user @MujtabaMHaq.

The suspicious Android app was published by a developer called Whasp. Business Inc., which has three other pieces of software uploaded to the Play Store.

These are versions of Kodi and the popular mobile game Temple Run 2, which appears under the name "HASAZKGIUSAZ." All three of the apps were uploaded in October 2017.

The software posing as WhatsApp Business later changed its name to Update Whatsapp (sic) and has already attracted numerous user complaints revolving around pop-up ads.

Several users have also vented in the comment section after being unable to log in to their accounts.

"DON'T DOWNLOAD THIS APP! IT'S FAKE! WhatsApp Business is not officially available yet for all," the WABetaInfo social media account tweeted to its 30,000 followers. It added: "Check only official channels to download WhatsApp Business in future."

Unfortunately for unwitting Android users, this was an official channel.

The application asks for a slew of invasive mobile permissions. If granted, according to the app's Google Play page, it will be able to receive data from internet, view network connections, have full network access, control vibration and prevent the device from sleeping.

Statistics say it was updated on 16 October and has had between 1,000 and 5,000 installs. At the time of writing, the software is still available for download.

As previously noted, WhatsApp Business is yet to launch as a standalone service.

According to the company it will enable users to "have a business presence on WhatsApp, communicate more efficiently with your customers, and help you grow your business."

Users will be able to create business profiles and use messaging and call features to stay in closer contact with potential customers, ultimately exanding the service's social network features.

(10th November 2017)


VERSO GROUP DATA HOARDER FINED BY UK WATCHDOG
(BBC News, dated 2nd November 2017)

Full article : www.bbc.co.uk/news/technology-41844033

A company that specialises in asking the public to take part in "surveys" in which the answers are then used to target respondents with unsolicited marketing calls has been fined.

An investigation found Verso Group had not been clear about what it was doing.

The Hertfordshire-based company came to regulators' attention after it was involved in one campaign that resulted in 46 million "nuisance calls" about payment protection insurance (PPI).

It has been ordered to pay £80,000.

The Information Commissioner's Office said it was the first such penalty following a wider investigation into the so-called data broking industry.

"This type of unlawful data directly fuels the nuisance call and spam text industry and creates misery for millions of UK citizens," said the ICO's deputy commissioner, James Dipple-Johnstone.

"Businesses need to understand they don't own personal data - people do."

Although the ICO has the power to issue fines of up to £500,000, the sum is still likely to be significant to Verso.

According to accounts filed in May, the Hertfordshire-based company's net assets totalled just £12,386.

A spokesman for Verso declined to comment.
Personal details

Verso has been in business since 2011 and describes itself as the "largest lead-generation business in the UK by some distance".

According to its website, it uses call centres in India, the Philippines and North America to carry out surveys with the public, with the stated aim of helping consumers cut their utility bills.

These are branded as being carried out by the UK Savers Club and I Love My Offers among other names. Verso says it carries out more than 115,000 such surveys each month.

The business then offers other companies the ability to target consumers via email, phone, postal mail and text, based on the lifestyle, financial and demographic information gathered from respondents.

In addition to PPI insurance, Verso says its clients have used the information to sell loans, legal advice about accidents, extended warranties and beauty products.

Two of the companies Verso has sold data to - Pro Dial and Emacs - have previously been fined by the ICO over the way they had conducted their cold-call businesses.

A follow-up investigation into Verso concluded it was not providing survey respondents with specific enough information about to whom it planned to pass their data, and thus had failed to obtain the necessary consent to sell it on.

Moreover, the ICO said it had found Verso to be "unhelpful and obstructive" when it had tried to look into the matter.

"Verso's contraventions were systemic - they were not isolated, one-off or occasional errors," the report said, "[and] were of a kind likely to cause substantial damage or substantial distress."

The watchdog has ordered Verso to pay the fine by mid-November, although it could also try to appeal against the ruling.

Citizens' rights over their personal information are set to be strengthened next year under the UK's Data Protection Bill.

The law - which implements the EU's General Data Protection Regulation - makes it possible for a person to oblige a company to delete information held about them.

It also raises the cap on the size of penalties the ICO can demand.

(10th November 2017)


POLICE USE VIRTUAL CAGE TO CORRAL MALWARE AND PROBE CYBERCRIME EVIDENCE
(Sky News, dated 2nd November 2017 author Alexander J Martin)

Full article [Option 1]:

https://news.sky.com/story/police-use-virtual-cage-to-corral-malware-and-probe-cybercrime-evidence-11109509

As law enforcement faces limited resources to investigate growing levels of cybercrime, the Metropolitan Police has brought in specialist technology to support its digital investigations.

The UK has 12 regional units which tackle organised cybercrime and many forces have their own trained specialists but cybercriminal activity is so common it is challenging to investigate before the offenders get away.

"Like biological evidence, cyber evidence degrades over time - websites are taken down and the trail goes cold," said Detective Superintendent Neil Ballard from the cybercrime unit.

To address this issue, the Met's cybercrime unit, Falcon, has started using technology first developed at the University of Cambridge and now developed by a company called Bromium.

Speaking to Sky News, Bromium's co-founder and president, Ian Pratt, said: "Our approach to cybersecurity is quite different from all the other companies that are out there.

"For every task that you're performing on a machine, for every document you open, every website you go to, we're actually going to create a virtual machine to run that particular task so that if anything bad happens, it's contained within that virtual machine."

As an academic, Mr Pratt led the systems research group at Cambridge for the best part of a decade and started the group's work on the Xen hypervisor, a technology which allows the hardware of a computer to support several operating systems at the same time.

Xen, which Bromium is based on, is used to virtualise computing environments so that if the user accidentally lets any malicious processes execute they can't spread and infect other parts of their machine.

Analysing malware can take months in a computer laboratory but, by using Bromium, the police specialists are able to let it execute in an isolated environment and follow how it behaves in real-time.

The Office for National Statistics estimates more than 3.7 million instances of cybercrime occurred in the UK in 2016, and 46% of British companies admitted they had been attacked by hackers that year.

A technical demonstration of Bromium shows how police can use its real-time forensics capabilities to identify key information about the criminal software infecting victims.

(10th November 2017)



MY MONEY, MY INFO - I DON'T THINK SO !

(Women and Home, dated December 2017)
www.womanandhome.com [Option 1]

Don't fall prey to a scam this Christmas. Here's how to beat the online fraudsters and stay in control

The Christmas countdown is in full swing. You've work deadlines to meet, end of term concerts to attend, a house to decorate and an avalanche of presents to buy. You're in full on multitasking mode, shopping onlin when you can find the time, losing track of what you've bought and how much you have spent.

And in the midst of all this, an email pings into your mailbox from PayPal informing you that your account has been locked (Arghhh ! "Follow the link to unlock it"). Or perhaps its from Amazon asking for some added security information (didn't you just buy a present on Amazon, so it could be legit...?) Maybe you're distracted by a pop-up ad that seems to be offering the kind of clothes your teenage son lives in but at knock down prices.

When you're stressed and time pressed (and in December, who isn't ?), it's easy to fall for a scam - to quickly click on a link, to enter personal details as instructed or to make an impulse purchase from a site you've never heard of. Just one moment when your guard is down can result in a ruined Christmas - and New Year.

We all think we're safe, that we'd never fall for a scam but the sheer volume of fraudsters puts everyone at risk. Also, with just one email or text, they can target lots of people in one go. Each yar, hundreds of millions of pounds are lost to financial fraud.

Online Fraud


When you're Christmas shopping online, don't put yourself at risk. These are the ways to protect yourself and stay safe.

Be wary of finding sites by clicking on links in unsolicited emails or pop-up ads. Always access a website by typing the address into your browser.

If tempted to buy from a website, check for a padlock symbol on th company's address bar which is a good indication that it's reputable.

********************************

Check delivery timescales and keep records - print out your order and keep copies of the retailers terms and conditions, returns policy, delivery conditions, postal address (not a post office box) and phone number (not a mobile number).

Always protect yourself with a strong password, and keep your phone, tablet and PC protected by installing the latest software and app updates - they contain vital security updates that can help protect your devices.

********************************

If buying in an onlin auction, avoid sellers who do not display their contact details - and always contact the seller with more questions about the items and asking for more photos. You can also check the photo hasn't been lifted from another site by cutting and pasting it into your browser.

Don't be fooled by "postive feedback" below a sellers name. Fraudsters often earn these through buying many small items. If the feedback is all from sellers (not people who have bought things from this person), be wary.

How to spot a scam email

1. WATCH FOR EMBEDDED LINKS - In many cases, scam emails will contain embedded hyperlinks to a bogus site. Roll you mouse over any links to reveal their true destination.

2. CONSIDER WHAT IT'S ASKING - However convincing the reason, any email asking for personal details, to confirm financial information, to "reset your password" (when you haven't requested one), is likely to be bogus. A genuine bank or organisation will never ask for these in an email, on the phone or in writing.

3. NOTE THE SUBJECT - Subject lines in scam emails are often vague or general - for example, "info", "payment declined" or "important information about your account".

4. IF IN DOUBT, CHECK IT OUT - If still unsure, check with the company the email claims to be from. Contact them on a number you can trust and verify (Thats the number on their correct, or if its your bank use the number on your bank card).

5. LOOK FOR YOUR NAME - Emails addressing you in generic terms like "Dear Customer" rather than by name are the ones to watch.

6. SCRUTINISE THE SENDER'S ADDRESS - The display name may look authentic - from your bank, PayPal, Amazon or whoever it claims to be from. Roll your mouse over the sender's name and check it matches the correct email address of the company.

7. READ IT CAREFULLY, SEVERAL TIMES - Never respond on impulse. Many scams contain an urgency in the message to lower your guard and rush a response. For example, telling you your account will be frozen if you don't react instantly, or the window for collecting your refund closes in 24 hours. Research shows that one in four victims of fraud knew instantly that they'd made a mistake. If you're feeling flustered, slow down and take time to think.

8. THINK LIKE AN ENGLISH TEACHER - is it well written ? Scam emails quite often include messy layout, bad spelling and grammatical errors.

How can we protect ourselves

Vishing, smishing and number spoofing could you fall prey ?

Your phone rings and the warm well spoken caller claims to be from your bank (she knows your name, she knows your bank). She explains that your account is in danger and she will help you move your money to a new "safe" account. Or you receive a text message that appears on an existing thread of genuine messages from your bank. This time though, its informing you of fraudulent activity. You're advised to call a number or visit a website on a link provided.

Many of us may b wary of scam emails - so fraudsters are turning their attention to our phons too, mastering the art of "vishing" (calling and pretending to be from a bank or trusted organisation), "smishing" (approaching via text), and "number spoofing" (which makes texts and calls appear on existing threads or recognised numbers).

Rules to remember


1. DON'T give out personal or financial details. A genuine bank or organisation will never contact you asking for your PIN, full password or to move money to a safe account.

2. DON'T be tricked into giving a fraudster access to your personal or financial details. Never automatically click on an unexpected email or text.

3. ALWAYS question uninvited approaches and never give out personal or financial details, in case its a scam. Instead, contact the company directly using a known emil or phone number.

Take Five

This is a national campaign devised by Financial Fraud Action UK (FFA UK) and UK Government to help fight fraud. For more information and to see Carol Vorderman and Donna Air learning how to spot a scam, visit takefive-stopfraud.org.uk


(10th November 2017)

"DESPICABLE" FRAUD COSTS NHS IN ENGLAND £1bn A YEAR
(BBC News, dated 1st November 2017 author Nick Triggle)

Full article : www.bbc.co.uk/news/health-41824180

More will be done to protect the NHS in England from "despicable" acts of fraud, the head of the health service's new anti-fraud body has said.

Sue Frith promised a crackdown as she released figures suggesting the yearly bill for fraud in the NHS topped £1bn.

Cases include patients falsely claiming for exemptions on dental and prescription fees, and dentists charging for work they had not done.

Ms Frith said the fraud takes vital funds from front line care.

Ms Frith, the chief executive of the NHS Counter Fraud Authority, said it would be looking at new ways to fight the crime.

The analysis by her team estimated that £1.25bn of fraud is being committed each year by patients, staff and contractors - the first time the health service has put a figure on total fraud committed itself.

The sum represents about 1% of the NHS budget.

The most common frauds

The two biggest single areas of fraud were related to patients and procurement of good and services, both of which was likely to cost the NHS in excess of £200m a year each, according to Ms Frith.

She said patient fraud included cases where people wrongly claimed for exemptions for the cost of things like prescriptions and dental fees.

Meanwhile, payroll fraud was thought to be costing £90m a year, while dentists were said to be claiming around £70m in work on NHS patients that has not been done.

Ms Frith said: "People may think it is just a small amount, but in large volumes it adds up and has an impact. It is criminal behaviour.

"It is despicable people would even claim things they are not entitled to. This is money that should be spent on front line patient care."

She acknowledged the NHS must do better at detecting and preventing fraud.

Last year investigators successfully pursued cases worth £9.6m, although another £30m of cases are pending.

But this is only a small fraction of what she suspects is out there.

Ms Frith said the £1.25bn was probably on the conservative side - previous estimates by experts have put it even higher.

She believes the new organisation, which is officially formed on Wednesday, will be able to improve on this detection rate.

It has been given independent status and allowed to focus solely on fraud.

Its predecessor organisation, NHS Protect, also covered security.

Responsibility for security has now been devolved down to local NHS trusts and the budget for tackling fraud increased by over 10%.

This will also mean more field officers to be appointed to gather evidence, as well as a greater effort on fraud prevention by reviewing contracts and systems put in place to safeguard against fraud, she said.

(1st November 2017)


HILTON HOTELS FINED FOR CREDIT CARD DATA BREACHES
(BBC News, dated 1st November 2017)

Full article : www.bbc.co.uk/news/technology-41834679

The company behind Hilton Hotels is paying a $700,000 (£525,000) fine after being accused of mishandling two separate credit card data breaches.

The attacks were in 2014 and 2015.

More than 363,000 accounts were put at risk, although it remains unclear whether the perpetrators managed to extract any details.

US government investigators said the firm had taken too long to warn customers and had lacked adequate security measures.

The penalty will be divided between the states of New York and Vermont. Their attorney generals agreed the settlement with the company, which operates properties under the Waldorf Astoria, Conrad Hotels and DoubleTree brands in addition to Hilton.
Malware alerts

The first of the two cases was discovered in February 2015, when Hilton learned that one of its UK-based systems was communicating with a suspicious computer outside its network.

Checks revealed that credit-card targeting malware had infected its cash register computers, potentially exposing customers' card details between 18 November and 5 December 2014.

In the second incident, an intrusion detection system alerted Hilton to another problem in July 2015. A subsequent probe revealed that payment card data had again been targeted by malware since April of the same year.

Hilton only notified the public about the breaches in November 2015, which was more than nine months after the first discovery and more than three months after the second.

By this point, there had already been media reports that several banks suspected card details had been stolen from payment systems used in Hilton gift shops and restaurants.

Although the Virginia-headquartered firm still maintains it found no proof that any data had been stolen in either case, the attorney generals noted that the intruders had used anti-forensic tools that had made it impossible to determine exactly what had been done.

As part of the settlement, Hilton has promised to disclose future breaches more quickly and to perform regular security tests, among other enhanced safety efforts.

"Hilton is strongly committed to protecting our customers' payment card information and maintaining the integrity of our systems," the company said in a statement.

(1st November 2017)


POLICE AND STATISTICIANS IN UK DEBATE WHETHER CRIME IS RISING OR FALLING
(The Guardian, dated 1st November 2017 author Alan Travis)

Full article [Option 1]:

www.theguardian.com/uk-news/2017/nov/01/police-and-statisticians-in-uk-debate-whether-is-rising-or-falling

Britain's most senior police officers have clashed with national statisticians over whether the long-term decline in crime in England and Wales is coming to an end.

The clash has been fuelled by the latest set of official figures, which showed a 13% increase in police-recorded crime in the 12 months to June, including 20% rises in gun, knife and other serious violence.

Home secretary says police forces are sitting on £1.6bn reserves and shouldn't be asking for more money from government

The crime survey of England and Wales, which measures people's experience of crime, estimated that overall crime had fallen by 9% over the same period.

The debate matters because it is widely expected that the chancellor, Philip Hammond, will order a fresh public spending squeeze in his budget later this month, while police and opposition politicians say it would be irresponsible not to boost police budgets at a time of rising crime and an unprecedented terrorist threat.

Sara Thornton, the chair of the national police chiefs' council, was clear on Wednesday that the 13% rise in police-recorded crime should be seen as a major shift and not a blip.

"I have been a chief constable for 10 years, and for all that time the crime survey of England and Wales has shown reductions from its peak in 1995. And the crime survey is still showing a 9% reduction this year if, and only if, we exclude 5m online crimes," she told a joint summit of chief constables and crime commissioners.

"Recorded crime has increased by 13% in the past year," she said. "And I think that most would agree that some of that is due to the requirement to record more lower level crimes such as harassment and assault without injury, but there are also very worrying signs about the increase nationally in violent crime. Knife crime, gun crime and serious violence have all increased significantly."

Thornton said she didn't know whether this was "the beginning of the end of the great crime decline", but argued that the police couldn't take any risks. "I don't know that answer," she said. "But I do not think that we can risk viewing the rise in recorded crime as a blip. In the way that experts say there has been a shift rather than a spike in the terrorist threat, I think that we are seeing a shift rather than a blip in crime."

Her view was disputed in a special Office of National Statistics blogpost by Iain Bell, the deputy national statistician, who argued that while there have been genuine increases in crimes such as knife crime, burglary and vehicle theft, much of the 13% rise in police-recorded crime reflected greater recording by the police.

He agreed that when estimates of online crime are added to the official survey data shortly it was likely the existing headline figure would double.

"It is likely, then, that some of the fall in crime as measured through the survey is due to a switch in types of criminal activity to online, but even allowing for this the headline measure from the survey peaked in 1995, 8.4m above the estimate which now includes online fraud," he said. "This peak was long before internet use became widespread. So taking the long view, crime is clearly falling."

Indicative ONS data shows that the current crime survey headline estimate of 5.8m offences in England and Wales would rise to 10.7m when online crime is included. This would wipe out all the falls seen in the crime survey since 2004 and reinforces Thornton's decision to question whether crime has stopped falling.

Bell's argument appears to imply that the crime survey figures may show a rise year on year when the estimates of online crime are finally included, but the long-term trend will still amount to a fall in crime until the moment when they match the 1995 peak of 18m offences.

When online crime is included in the survey's figures it will certainly wipe out the 38% drop in the crime survey's figures since 2010, referenced by the home secretary, Amber Rudd, to justify her rebuke to the police over their lobbying for extra funding when there is an uptick in the crime stats.

Rudd was careful to acknowledge, however, that there had been genuine increases in homicides, knife crime and gun offences, the kind of high-harm but low-volume crimes that cause the public the most alarm.

(1st November 2017)



OCTOBER 2017

IT SECURITY REVIEW - OCTOBER 2017

-----------------------
A FLAW IN GOOGLE'S BUG DATABASE EXPOSED PRIVATE SECURITY VULNERABILITY REPORTS
(ZDNET, dated 30th October 2017 author Zack Whittaker)

Full article [Option 1]:

www.zdnet.com/article/google-bug-tracker-flaw-exposed-sensitive-security-vulnerability-reports/

A series of flaws in Google's internal bug tracker let a security researcher gain access to some of the company's most critical and dangerous vulnerabilities.

The company's internal bug reporting system, known as the Issue Tracker (or the "Buganizer"), is used by security researchers and bug finders to submit issues, problems, and security vulnerabilities with Google's software, services and products.

Most ordinary users have very little access to the bug tracker. But a security researcher found that by spoofing a Google corporate email address, he was able to gain access to the back-end of the system, and to thousands of bug reports -- some of them marked as "priority zero," the most severe and dangerous vulnerabilities, with which a hacker could do untold damage.

Alex Birsan, who discovered the flaws, told ZDNet that an attacker could have discovered and exploited submitted vulnerabilities to target and potentially compromise Google accounts.
-----------------------
DAMNING REPORT FINDS BASIC IT SECURITY COULD HAVE STOPPED NHS WANNACRY CYBERATTACK
(International Business Times, dated 27th October 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/damning-report-finds-basic-it-security-could-have-stopped-nhs-wannacry-cyberattack-1644804

The UK's National Health Service (NHS) could have prevented the unprecedented 'WannaCry' malware outbreak earlier this year if it had applied basic IT procedures and heeded warnings from security experts to apply software upgrades, a government report stated Friday (27 October).

The National Audit Office (NAO) spearheaded an investigation into NHS response to the cyberattack, the most widespread to hit the healthcare service.

The report said at least 81 out of 236 trusts across England were affected. A further 603 primary care and NHS organisations were infected, including 595 GP practices.

But the probe found that the Department of Health had warned the NHS about the risks of cyberattacks a year before the incident took place.

It also said that in March and April this year, regional NHS health Trusts failed to patch their computer systems with the fixes that would have stopped WannaCry from spreading - despite being informed of the updates by NHS Digital.

See also :

NHS COULD HAVE FENDED OFF WANNACRY
(The Register, dated 27th October 2017 author Kat Hall)

Full article [Option 1]:

www.theregister.co.uk/2017/10/27/nhs_could_have_fended_off_wannacry_says_nao_report/

-----------------------
BAD RABBIT - FRESH RANSOMWARE SPREADS ACROSS EUROPE
(The Independent, dated 24th October 2017 author Aatif Sulleyman)

Full article [Option 1]:

www.independent.co.uk/life-style/gadgets-and-tech/news/bad-rabbit-latest-ransomware-wannacry-petya-europe-russia-ukraine-turkey-germany-outbreak-a8017911.html

A new cyber attack is affecting computer systems around Europe.

A strain of ransomware known as "Bad Rabbit" is believed to be behind the trouble, and has spread to Russia, Ukraine, Turkey and Germany.

Cyber security firm Kaspersky Lab, which is monitoring the malware, has compared it to the WannaCry and Petya attacks that caused so much chaos earlier this year.

-----------------------
THIS NEW BOTNET COULD TAKE DOWN THE INTERNET
(International Business Times, dated 20th October 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/this-new-botnet-could-take-down-entire-internet-its-rapidly-spreading-across-world-1643919

Up to a million organisations around the world have already been infected by a new computer bot network that has the potential to "take down the internet", researchers warn.

According to cybersecurity company Check Point, a new botnet has been spotted which is enslaving internet-of-things (IoT) devices - mainly internet routers and remote cameras. "The next cyber-hurricane is about to come," the firm claimed in a report this week (19 October).

Research suggested that the new botnet is evolving at a rapid pace, and could soon be weaponised to launch cyberattacks in the same fashion as "Mirai" last year.

-----------------------
WIFI SECURITY FLAW "PUTS DEVICES AT RISK OF HACKS"
(BBC News, dated 16th October 2017 author Jane Wakefield)

Full article : www.bbc.co.uk/news/technology-41635516

The wi-fi connections of businesses and homes around the world are at risk, according to researchers who have revealed a major flaw dubbed Krack.

It concerns an authentication system which is widely used to secure wireless connections.

Experts said it could leave "the majority" of connections at risk until they are patched.

The researchers added the attack method was "exceptionally devastating" for Android 6.0 or above and Linux.

-----------------------
TRICKBOT MALWARE HITS MORE THAN 40 COUNTRIES
(International Business Times, dated 12th October 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/trickbot-malware-hits-more-40-countries-your-bank-account-risk-1642919

A notorious computer Trojan which can be used by cybercriminals to drain bank accounts is now active in more than 40 countries across the world, researchers have found.

The malicious software - known as "Trickbot" - was most recently spotted infecting machines across Latin America including Argentina, Chile, Colombia and Peru, according to Limor Kessem, a security expert at IBM's X-Force division, in an analysis this week (11 October).

The number of infections in Latin America remains small, but IBM researchers believe that such a strategy is run-of-the-mill for the cybercrime gang responsible, which is known to "test the waters" before adding local banks to its list of official targets.

Trickbot first came to light in October 2016 after it hit financial institutions across Asia and Australia, later evolving to target the UK, Germany and Canada.

-----------------------
SHOPPERS URGED TO CHECK CARD STATEMENTS AFTER CYBER ATTACK ATTEMPT
(Irish Times, dated 10th October 2017 author Conor Pope)

Full article [Option 1]:

www.irishtimes.com/news/consumer/shoppers-urged-to-check-card-statements-after-cyber-attack-attempt-1.3250702

Tens of thousands of people who have shopped in Supervalu, Centra and Daybreak stores in recent days have been warned to watch their next credit and debit card statements as a precautionary measure after an attempted cyber attack on the stores.

The supermarkets and convenience stores, as well as their parent company Musgrave, were targeted by criminals who tried to steal numbers and expiry dates of customers' cards.

Musgrave, which confirmed the attack on Tuesday, said it was engaged in an ongoing investigation with the Garda. It did not provide details of when the attack took place or how many of its customers were potentially involved.

The company said it had notified the Office of the Data Protection Commissioner of the incident. Its spokesman said it had committed to keeping the commissioner updated as its investigation progressed.

-----------------------
HACKERS IN ARAB WOLD COLLABORATE MORE THAT HOODIE-CLAD WESTERNERS
(The Register, dated 10th October 2017 author John Leyden)

Full article [Option 1]:

www.theregister.co.uk/2017/10/10/middle_east_cybercrime_markets/

Cybercriminals in the Arab states are some of the most cooperative in the world, according to Trend Micro this week.

The infosec biz's latest study, Digital Souks: A glimpse into the Middle Eastern and North African underground, identifies the most popular kinds of hacking tools and commodities, and the most active countries in the region.

Hacktivism, DDoS attacks and website defacements are a staple in the Middle East. These tactics are often carried out by actors who harbour ideological mistrust towards the West as well as local governments. Major primary product categories are malware (27 per cent), fake documents (27 per cent), stolen data (20 per cent), crimeware (13 per cent), weapons (10 per cent), and narcotics (3 per cent).

-----------------------
FORRESTER DATA BREACH - HACKERS STOLE SENSITIVE REPORTS FROM LEADING MARKET RESEARCH COMPANY
(International Business Review, dated 9th October 2017 author India Ashok)

Full article [Option 1]:

www.ibtimes.co.uk/forrester-data-breach-hackers-stole-sensitive-reports-leading-market-research-company-1642370

One of the world's leading market research and investment advisory firms, Forrester, announced that it was hit by a cyberattack last week. According to the company, hackers stole sensitive research reports from the company.

The company offers customers trends, statistics and other market research, which is employed by businesses prior to launching their specific products and/or services. Forrester's clients use its website to log in and download specific research, which hackers accessed.

Forrester said that there is no evidence to suggest that confidential client and employee data, as well as financial information, were accessed by the hackers.

-----------------------
CISCO SENDS ITS EMPLOYEE'S FAKE PHISHING EMAILS TO TRAIN THEM NOT TO CLICK MALICIOUS LINKS
(Business Insider - Australia, dated 7th October 2017 author Becky Peterson)

Full article [Option 1]:

www.businessinsider.com.au/cisco-chief-information-security-officer-strategy-for-fighting-cyber-attacks-2017-9#/#kill-your-click-throughs-1

No one wants to be the next Equifax and it's a safe bet that at this very moment big and small businesses across the country are scrambling to bolster their cyber fortifications.

It's not an easy feat. But Steve Martino, chief information security officer at Cisco, has developed some clever techniques through years of fighting the bad guys.

Cisco employees are constantly kept on their toes as Martino probes them for weak spots and drills a defensive mindset into them.

In online business, big click-through rates are great: it means customers are clicking on links and web pages to buy stuff.

Inside a company though, high click-through rates can be deadly as a daily barrage of phishing emails and other nefarious tricks try to entice susceptible employees into clicking a dangerous link.

Martino sends out fake phishing emails to Cisco's entire staff every quarter. Anyone who clicks on the phishing link is brought to an employee training video to teach them how to avoid engaging with suspicious emails in the future. The method works because it helps every employee understand their role in protecting their company against attacks.

-----------------------
INTERPOL AND BT JOIN FORCES ON CYBERCRIME
(City AM, dated 4th October 2017 author Catherine Neilan)

Full article [Option 1]:

www.cityam.com/273229/interpol-and-bt-join-forces-cybercrime

BT has agreed to share "threat intelligence data" with global policing body Interpol, in a bid to combat cybercrime.

The two organisations today signed an accord in which BT will hand over data "relating to criminal trends in cyber-space, emerging and known cyber-threats and malicious attacks", as well as offering insight from BT's own threat intelligence experts.

BT is the first telecommunications provider to sign this kind of agreement with Interpol, although earlier this year it was one of seven private sector companies which supported an Interpol operation targeting cybercrime across the ASEAN region.

BT's threat intelligence and investigation team, based at the company's security operations centre in Singapore, has already provided information on regional threats, including data relating to local hactivist groups and phishing sites.

-----------------------
EUROPOL AND INTERPOL REAFFIRM FIGHT AGAINST CYBER CRIME
(Computer Weekly, dated 2nd October 2017 author Warwick Ashford)

Full article [Option 1]:

www.computerweekly.com/news/450427305/Europol-and-Interpol-reaffirm-fight-against-cyber-crime

Europol-Interpol Cybercrime Conference sees No More Ransom anti-ransomware initiative highlighted as successful example of law enforcement agencies' collaboration.

Europol and Interpol have reconfirmed their strong commitment to continue their collaboration in the fight against cyber crime.

At the fifth annual Europol-Interpol Cybercrime Conference in The Hague, the two law enforcement organisations committed to building on successful examples of their cooperation.

These include No More Ransom, an anti-ransomware cross-industry initiative aimed at helping victims of ransomware to recover their data without having to pay a ransom.
-----------------------

(1st November 2017)


MODERN DAY SLAVERY

The Evening Standard is supporting charities against this horrendous crime and is highlighting its occurence by producing a series of articles.

-----------------------

£3m TO HALT TRAFFICKING OF GIRLS FOR BROTHELS, NAIL BARS AND CANNABIS FACTORIES
(London Evening Standard, dated 18th October 2017 author Martin Bentham)

Full article [Option 1]:

Britain is to spend £3 million to stop women being trafficked from Vietnam to work here in brothels, nail bars and cannabis factories, the Government announced today.

The money will help catch criminals organising the trade, as well as supporting victims and preventing others being lured into modern slavery.

It follows evidence that Vietnam, along with countries such as Albania and Nigeria, is one of the top sources of overseas trafficking victims forced into slavery in this country. The spending was announced as the Home Office published a new report which identifies 17 different types of modern slavery in the UK, with disturbing details of how individual victims suffer.

They include one case in which a 13-year-old Romanian girl was trafficked into Britain by criminals, including her father, to carry out forced begging.

She spent seven hours a day on the streets and was then beaten and forced to hand over the money she raised, while also being used as a domestic slave by her abusers. In another case involving a trafficking victim, a London man arranged for a 14-year-old girl from a Lincolnshire care home to be driven to the capital to be sexually abused by him.

Other children trafficked for sexual exploitation were under 13. Trafficking from Vietnam, which accounted for 451 of the 3,805 slavery victims identified in the UK last year, remains a prime concern and prompted the decision to spend taxpayers' money there.

Home Office minister Sarah Newton said: "No matter what we do to eradicate the sickening and inhuman crimes associated with modern slavery here in the UK, true success can only be achieved by taking the fight onto the global stage.

"We will be investing £3 million to tackle the issue in Vietnam, where so many victims are trafficked with the promise of a better life, only to find themselves enslaved." The UK is spending a total of £33.5 million fighting slavery in "high-risk" overseas nations. Other countries where slavery victims come from include China, Ghana, Nepal and Pakistan.

-----------------------
ANTI-SLAVERY ENFORCERS LAUNCH CAR WASH CHECKS
(London Evening Standard, dated 12th October 2017 author Eleanor Rose)

Full article [Option 1]:

www.standard.co.uk/news/modern-slavery/antislavery-enforcers-launch-car-wash-checks-a3656991.html

A squad of anti-slavery enforcers visited London car washes in a major response to the Evening Standard's special investigation into slavery.

The Standard yesterday exposed the horrors of Britain's car washes, where young men report being tricked and trapped, sleeping four to a room and subjected to injury and even death.

It was reported that Sandu Laurentiu-Sava, a 40-year-old Romanian, died by electrocution while showering in squalid quarters attached to the car wash where he worked in Bethnal Green. Others told of "leprosy-like" damage to their hands from using chemicals without gloves.

Officers from the Met police's Modern Slavery and Kidnap Unit, Gangmasters and Labour Abuse Authority (GLAA), and the HMRC launched a series of joint car-wash welfare visits after this newspaper urged authorities to act.

The Standard accompanied officials on visits to four hand car washes in east London. Staff told how they worked 12-hour days for as little as £3 an hour, revealing to officers that they "just work, eat and sleep".

They were seen washing cars in trainers and jeans, some of them not wearing gloves - often a cause for alarm, according to UK slavery experts. One Romanian, who asked not to be named, said he worked gruelling hours in cold weather, and was constantly soaked. "I work 12 hours a day, six days a week, for £40 a day. It's very difficult," he said, adding that he did not have a passport or bank account.

"You stay with your feet in water all day. Even in winter, I am not wearing boots." During the visits, officers also found a 17-year-old who said he had fled slavery in his native Albania hoping for a better life in the UK.

He told officers how he then ended up working 10 to 12 hour days in a car wash for low pay.

Chris Flint, investigator for the GLAA, said the multi-agency inspections were crucial to identifying labour abuses, from minimum wage infractions to the extremes of coercion, threat and injury.

Although the men did not identify themselves as victims of slavery during the visits, officers saw "clear hidden-economy exploitation", he said, adding: "It's all about protecting those exploited workers - and this is a fantastic example of that. We should be doing this day in, day out. Joint working works." More welfare visits are planned as the Metropolitan police seek to tackle "vulnerable premises" such as car washes.

A new monthly meeting at Scotland Yard has also been launched between agencies that deal with modern slavery to share intelligence and combine efforts.

Help end slavery by visiting the Evening Standard's digital action platform :

www.freedomunited.org/evening-standard-modern-slavery/

-----------------------

(1st November 2017)


MET POLICE TO CHASE DOWN MOPED GANGS ON SCRAMBLER BIKES AND USE STINGER SPIKES
(London Evening Standard, dated 31st October 2017 author Justin Davenport)

Full article [Option 1]:

www.standard.co.uk/news/crime/scotland-yard-unveil-new-tactics-in-crackdown-on-moped-gangs-including-new-scrambler-bikes-to-chase-a3672366.html

Scotland Yard today unveiled new tactics in the battle against moped thugs rampaging across London, including deploying officers on scrambler motorbikes to chase down suspects.

Police are using the four specialist BMW scrambler bikes to go after moped riders who use alleyways and rat runs to evade more conventional pursuits.

Scotland Yard said it was using DNA sprays and mobile stinger devices to deflate tyres in the fightback against the moped gangs behind an epidemic of violence and crime.

Met Commissioner Cressida Dick announced the new tactics today, saying they were already making a difference with police recording a fall in the number of moped offences since July.

She also urged London's communities to "mobilise" and "channel their outrage" against the moped thugs to make the streets safer.

She said: "I have been clear that tackling violence is my priority. I was angered by the apparent perception amongst some criminals that they could operate with near impunity, committing strings of offences using scooters.

"We have brought all our tactics and specialists together to use every ethical option to put a stop to the rise; arrest those responsible; disrupt offenders; dismantle the criminal markets that make these offences lucrative and change the public's behaviour to make them a part of our effort."

Police have already used the DNA spray at least four times in London with at least one arrest.

The substance is sprayed on suspects, who cannot be chased for safety reasons, and it can be picked up under UV light if they are later arrested. The spray can link suspects to moped crimes committed weeks earlier.

Police say the scrambler bikes will be ridden by highly trained motorcycle officers and will be involved more in setting up ambushes for moped thieves than chasing them through the streets.

One source said: "They will be able to get ahead of moped gangs and set up traps using the mobile stingers or the DNA spray. It gives us much greater flexibility and movement."

The action comes as the Met has been battling a surge in the number of moped or scooter linked offences with around 16,000 thefts involving mopeds each year.

Victims have included Martin Lewis, founder of MoneySavingExpert.com, while Daniel Radcliffe, the Harry Potter actor, helped a tourist whose face was slashed by muggers stealing his bag.

Last month charity worker Abdul Samad, 28, was stabbed to death after two moped muggers snatched his iPhone outside his front door in Paddington.

Today the Met said the latest statistics showed a 25 per cent reduction in the number of powered two wheel bikes stolen in the last six months to the end of September.

There was also a 24 per cent fall in the number of moped related crimes over the same period and rising arrest rates and convictions of prolific offenders.

The Met revealed it was using tactics successfully deployed by the Trident gangs team to respond to scooter offences, targeting moped thugs for other offences if possible.

Officers are also manning a 24/7 police control room to watch for scooter offences anywhere in London and co-ordinate an immediate response to tackle them.

Ms Dick said: "We know that our criminal cohort committing crime on scooters also carry knives, have links to networks who handle stolen property and who deal drugs. So if you are a persistent phone thief - using a scooter to commit your crimes - and we can prove your involvement in other offences, such as drug dealing, you will be arrested.

"This is where the public can help us. I want to mobilise communities, to channel their outrage as part of a joint effort to make our streets safer. Look after your belongings, follow our security advice and tell us about the people who are responsible for crime in your communities and help us tackle them."

(1st November 2017)


RACIAL STEREOTYPING MAY BE "SIGNIFICANT CONTRIBUTORY FACTOR" IN DEATHS IN POLICE CUSTODY, OFFICIAL REPORT FINDS
(Independent, dated 30th October 2017 author May Bulman)

Full article [Option 1]:

www.independent.co.uk/news/uk/home-news/racial-stereotyping-significant-contributory-factor-deaths-in-police-custody-report-home-office-a8027351.html

Racial stereotyping may be a "significant contributory factor" in deaths that occur in custody across England and Wales, yet authorities are failing to investigate whether discrimination has taken place, a major report has found.

The Government-commissioned review, which has been published today after a 15-month delay, also raises concerns that the Independent Police Complaints Commissions (IPCC) fails to act independently of the police when investigating deaths in custody.

Since the review was commissioned by the then Home Secretary Theresa May in July 2015, there have been a number of deaths following police contact - such as those of Rashan Charles and Edson Da Costa, both young black men - reigniting widespread public concern.

Since January, there have also been at least eight deaths involving restraint or taser and other uses of force; and five deaths of people who "became unwell" or were found unresponsive while in custody.

Dame Elish Angiolini QC, who authored the review, said the disproportionately high number of deaths of black men in restraint-related deaths, often in contentious circumstances, was a "serious issue" because it connects so vividly with the perception many in BAME communities have of the police service.

"Where there is evidence of racist or discriminatory treatment or other criminality or misconduct, police officers must be held to account through the legal system," the report states.

"Racial stereotyping may or may not be a significant contributory factor in some deaths in custody. However, unless investigatory bodies operate transparently and are seen to give all due consideration to the possibility that stereotyping may have occurred or that discrimination took place in any given case, families and communities will continue to feel that the system is stacked against them."

The report also recommends that to ensure it can achieve independence from the influence and culture of those it investigates, ex-police officers should be phased out as lead investigators within the IPCC.

It highlights concerns over the fact that police officers have the opportunity to confer with each other during a formal meeting that occurs before the IPCC becomes involved, stating that this can "seriously undermine" public confidence in the subsequent evidence of police officers.

"The longer those officers who are critical witnesses to the event remain together following the death, the greater the anxiety and suspicions by families and others that the evidence of individual officers has been inadvertently or deliberately fine-tuned to accord with the evidence of their colleagues," it states.

The review also found that recognition must be given to the wider dangers posed by restraining someone in a heightened physical and mental state, where the individual's system can become rapidly and fatally overwhelmed.

t states that the use of force and restraint against anyone in mental health crisis or suffering from some form of drug or substance induced psychosis poses a life-threatening risk.

Labour MP Dianne Abbott, who recently expressed concern about the investigation into Mr Charles's death, accused the Government of continuing to ply communities with "broken promises and delay tactics," urging that "enough is enough."

"I welcome the recommendations of the review but cannot understand why we have waited two and a half years for its publication. More families have lost loved ones while this Tory government continues to ply communities with warm words, broken promises and delay tactics," she told The Independent.

"These findings will come as no surprise to BAME communities and campaigners like those in the United Friends & Families Campaign. The Government must not drag their feet to bring about urgently needed reforms. Enough is enough."

In light of the findings, the Equality and Human Rights Commission (EHCR) said the Government was "failing those in need of protection", adding that there is a "long way to go" before people in police custody are adequately protected and full confidence is gained in the public system.

Rebecca Hilsenrath, chief executive of the EHCR, said: "The police have a duty to protect the lives of people in detention, the public deserves full confidence in our justice system, and the state must investigate any death for which it might be responsible.

"Sadly the long-awaited Angiolini Review, which reiterates the findings in our own report on non-natural deaths in detention, proves we've got a long way to go before we achieve any of these.

"The Government must use today's findings to improve the ability of public authorities to serve the needs of people with mental health conditions, to eradicate unavoidable deaths in detention, and to ensure that the families of the deceased are able to access justice effectively. Without this, we are failing those in need of protection."

The Government has responded to the findings saying it commits to review existing guidance so that the starting presumption is that legal aid should be awarded for representation of the bereaved at an inquest following a suspicious death or suicide in police custody or in prison.

It also makes clear that from December, police cells will not be used as places of safety for those under the age of 18 detained under the Mental Health Act and that transparency and accountability in the use of force by police has been improved through better data collection.

Home Secretary Amber Rudd said: "This simply isn't right, and is why the Government is taking steps to ensure that families bereaved in this way in future get the support and answers they need".

"The Government is committed to tackling this issue and that when tragically deaths in police custody do occur, we are clear that they must be investigated thoroughly and action taken to support families better in future".

Lord Chancellor and Secretary of State for Justice, David Lidington said: "We recognise that the route to legal aid in inquests relating to deaths in police custody and prison can be complex and intrusive for families.

"That is why I am taking immediate steps to make it the starting presumption that legal aid should be awarded in such cases. I want to prevent the distress for families of having to fill out complex forms on means-testing, and to make sure the bereaved are fully aware of their rights."

(1st November 2017)


MAJOR INQUIRY AMID FEARS MILLIONS ARE BEING RIPPED OFF BY HOTEL BOOKING SITES
(London Evening Standard, dated 27th October 2017 author Nicholas Cecil)

Full article [Option 1]:

www.standard.co.uk/news/uk/major-probe-over-fears-millions-are-being-ripped-off-by-hotel-sites-a3669596.html

A major investigation was launched today into whether millions of holidaymakers are being ripped off by hotel booking websites.

The inquiry by the Competition and Markets Authority will investigate how hotels are ranked in online searches, including whether results are influenced by the amount of commission a destination pays to the website.

It will also examine "pressure selling" and whether websites can create a false impression of the number of rooms available or rush customers into making a decision with warnings such as "six other people looking at this now" and "last booked three hours ago".

The competition watchdog also wants to establish if discounts advertised for a hotel are accurate, or are comparing a higher weekend room rate with the weekday rate for which the customer has searched.

The inquiry will also seek to unearth whether charges such as taxes or booking fees are hidden and may not be included in the advertised price.

About 70 per cent of people who shopped around for hotels last year used hotel booking websites such as Booking.com, Trivago, Expedia, laterooms.com or lastminute.com.

There is no evidence that any of them are engaging in bad practices but the CMA wants to ensure that consumers are not being ripped off.

"They should all be confident they have chosen the best accommodation for their needs and are getting a good deal," said chief executive Andrea Coscelli. "In today's increasingly busy world, sites like this offer real potential to help holiday-makers save time and money.

"To do this, sites need to give their customers information that is clear, accurate and presented in a way that enables people to choose the best deal for them.

"But we are concerned that this is not happening and that the information on sites may in fact be making it difficult for people to make the right choice."

The CMA has written to firms across the sector requiring them to give information about their activities.

Victoria Bacon, of the Association of British Travel Agents, said: "We have all experienced it when you go onto a hotel booking site and it says there are six rooms available at that price ... that's OK as long as it's true.

"If it is not true, or if it is misleading then it's against the law."

She added that the hotel website booking sector "lacked scrutiny".

"Travel agents, tour operators, ABTA members come under ABTA's code of conduct so they are scrutinised for these sort of things. Airlines come under the scrutiny of the CAA.

"This is a sector of the market, these hotel booking sites, which does not have that same level of scrutiny."

(1st November 2017)


GANG DUPED HUNDREDS OF STUDENTS IN MASSIVE £2m MOBILE PHONE FRAUD
(Metro, dated 30th October 2017 author Adam Smith)

Full article [Option 1]:

http://metro.co.uk/2017/10/30/gang-duped-hundreds-of-students-in-massive-2000000-mobile-phone-fraud-7039014/

A gang who used the bank details of hundreds of students to carry out a sophisticated £2 million mobile phone fraud have been jailed.

Detectives from the Met's Cyber Crime Unit began an investigation in March 2014 after two University of Sheffield students complained their bank accounts were being used fraudulently.

The investigation uncovered a long-running and sophisticated fraud which was fleecing mobile phone companies EE, Vodafone, O2, T-Mobile, Three and Virgin.

Seven people were setting up phone contracts in the names of people who were not genuine subscribers.

The gang paid over 300 students, who would subsequently be saddled with debts and a poor credit rating, £50 for a phone contract to be taken out in their name and asked to post the new phones to an office in Fulham.

The fraudsters then would cancel the contract and they would send back cheap, counterfeit handsets and sell the original phones abroad.

Another way the gang would make money was to sell the SIM card to a text marketing company.

Detective Inspector Louise Shea, of the Met's Cyber Crime Unit, said: 'This was a meticulously planned fraud that was carried out on an industrial scale. The defendants used the personal details of students from across the country to obtain mobile phone contracts which they used to make a profit.

'The motive for this crime was pure greed and the fraudsters showed a complete disregard for the trust placed in them by the students who handed over their details, many of whom have been left with large debts.

In some cases, the students gave their parents' home address and this has subsequently affected their ability to apply for credit.'

She added: 'This case should act as a warning for any student who is offered a cash incentive to hand over their personal details.

'It may be tempting to earn some short-term cash in this way, but in the long-term you could be left with a large debt and a poor credit rating, which will affect your ability to get a mortgage or bank loan in the future.'

The mastermind of the fraud, which was run via three companies JBi Systems Ltd, JBi Capital Ltd and Netlink Services UK Ltd between August 2013 and August 2014, was Jonathan Boorman from Bath.

The 32-year-old was described as 'Big Boss' within a directory spreadsheet seized by Met detectives and eventually pleaded guilty to one count of conspiracy to commit fraud and one count of money laundering.

He was jailed for six years and four months, and banned for 10 years from being the director of any company.

His second in command was Alex Karonias, 32, of East Sheen, who pleaded guilty to one count of conspiracy to commit fraud and one count of money laundering and was jailed for five years and banned for 10 years from being a director.

Laura Kane, 28, from Kidderminster, was found guilty of two counts of conspiracy to commit fraud and one count of money laundering, and was jailed for five years and six months.

Charlie Shelton, 31, from London, pleaded guilty to one count of conspiracy to commit fraud and was jailed for three years and three months.

Rob Morrison, 31, also from London, pleaded guilty to one count of conspiracy to commit fraud and was sentenced to two years and three months.

Tom Maynard, 26, also from London, pleaded guilty to two counts of conspiracy to commit fraud and was sentenced to two years, suspended for two years, and 160 hours community service.

Reiss Rawson, 31, from Chelsea in London, was found guilty of one count of conspiracy to commit fraud and one count of money laundering. He was sentenced to two years, suspended for two years, and 160 hours of community service.

(1st November 2017)


ONE ONLINE CRIME COMMITTED EVERY 10 MINUTES AS SHOCKING FIGURES RECORD LEAP IN CYBER OFFENCES
(London Evening Standard, dated 29th October 2017 author Francesca Gillett)

Full article [Option 1]:

www.standard.co.uk/news/crime/one-online-crime-committed-every-10-minutes-as-shocking-figures-record-leap-in-cyber-offences-a3670781.html

An online crime is committed every 10 minutes in England and Wales, shocking new figures show.

Official stats revealing the dangers of cyber space show police logged more than 55,000 internet-related offences in the space of a year, working out to an average of 150 a day.

The crimes recorded include child sex abuse allegations, harassment and blackmail. Fraud and computer misuse are not included in the statistics.

In April 2015, it became mandatory for police to return quarterly information on the number of crimes flagged as being either fully or partially committed online.

According to the latest findings, logged between July 2016 and June 2017, the number of web crimes rose by nearly 20,000 compared to the previous 12 months. However the data sources were not identical for both periods.

Statisticians from the Office for National Statistics, which published the data, said the amount of cyber crime is only set to rise as identifying these sorts of offences improves.

Harassment and stalking made up the largest chunk of the online-flagged crimes, with 33,148 in the year to June. Around one in seven of all the offences recorded as harassment involved the internet.

Online-flagged offences account for only a small proportion of the total number of crimes registered by forces, which stood at around 4.5 million in the year to June, excluding fraud.

A report from the probation watchdog on Thursday detailed how social media is being used by young offenders to plan and incite serious offences.

There have been questions over how well equipped police are to confront the shift, with the HM Chief Inspector of Constabulary Sir Thomas Winsor warning forces are "all too often overwhelmed".

Richard Garside, director of the Centre for Crime and Justice Studies, said: "Online-enabled offences make up only a small portion of all offences recorded by the police.

"Looking ahead, the challenge of preventing them and responding to them is only likely to grow. The police are only ever going to be able to play a small part in an effective response."

(1st November 2017)



MORE POLICE OFFICERS PER HEAD NOW THAN FIFTY YEARS AGO, FIGURES SHOW
(The Telegraph, dated 23rd October 2017 author Telegrah Reporters)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/10/23/police-officers-per-head-now-fifty-years-ago-figures-show/

The police have more officers per capita than in the 1960s, challenging claims that they are understaffed, figures show.

Despite claims that forces are struggling to cope, analysis of Home Office data shows that in 1961 there were 807 people for every police officer in England and Wales, whereas the most recent figures, released earlier this month in a House of Commons briefing paper, show that there are now 462 people for every officer.

Several police forces, as well as the police watchdog Her Majesty's Inspectorate of Constabulary, have said that recent cuts have left forces struggling to function properly.

The police were criticised for poor performance last week as the Daily Telegraph's data analysis showed that nine in ten burglaries were left unsolved.

The Metropolitan Police has also said that it would no longer look into lower-level crime as a result of spending cuts.

Meanwhile they have come under fire for awareness-raising stunts such as officers painting their nails to highlight modern slavery.

The figures, which appeared in the Mail on Sunday, suggest that police numbers compare favourably with previous decades.

Police numbers rose during the 1980s and early 1990s, before falling to a 10-year low at the end of the 1990s and rising sharply in the early 2000s.

They have been dropping again since 2009, when they had reached a high of 141,647.

The crime levels of 1961 and today are markedly different. In 1961, 806,900 crimes were committed whereas ONS data shows that 5.2 million crimes were recorded this year, a 13 per cent rise from the year before.

A briefing paper published ahead of the London 2012 Olympics shows that crime per 100,000 people rose sharply during the 1960s.

An average of one million crimes per year were recorded during that decade, rising to two million during the 1970s and 3.5m in the 1980s.

More recently, according to the crime survey for England and Wales, crime peaked in 1995 and has been falling since, though police recorded crime has risen in recent years.

Previous analysis of rising crime data has suggested that it can be partly attributed to changes in the way it is recorded, as well as the criminalisation of drug use and the rising value of people's property.

The National Police Chief's Council highlighted that the policeare dealing with different crimes now than 50 years ago.

A spokesman said: "Policing in 2017 is very different to in the 1960s. We are dealing with an unprecedented terror threat, police recorded crime is up 13 per cent and forces are dealing with more complex, resource-intensive crime like modern slavery, child sexual exploitation, cybercrime and online fraud.

"Our mission is also wider, acting as the service of last resort for people who have fallen through the gaps of other services as well as providing effective local policing. We are meeting these challenges with officer numbers at same level as they were in 1985."

Minister for Policing and the Fire Service, Nick Hurd, said: "We are clear that all crimes reported to the police should be taken seriously, investigated and, where appropriate, taken through the courts and met with tough sentences.

"This Government protected overall police funding in real terms since the 2015 Spending Review and maintained that protection in a fair funding deal this year.

"The independent Crime Survey for England and Wales - acknowledged by the ONS as our best measure of long term crime trends experienced by individuals and families, shows a substantial fall of 9 per cent, in the year ending June 2017 and 38 per cent since June 2010."

Figures also show that since 2010, the proportion of officers working at the frontline has increased and is currently at more than 93 per cent.

The Home Office has previously said that according to Her Majesty's Inspectorate of Constabulary there is "considerable scope to improve efficiency"

(1st November 2017)


MI5 AND POLICE TO UNDERGO BIGGEST TERROR SHAKE-UP SINCE 9/11
(London Evening Standard, dated 23rd October 2017 author Martin Bentham)

Full article [Option 1]:

www.standard.co.uk/news/crime/mi5-and-police-to-undergo-biggest-terror-shakeup-since-911-a3665336.html

MI5 and police are to carry out the biggest shake-up of their counter-terrorism operations since the 7/7 London bombings in a new attempt to protect the public from further terror attacks.

The main aim of the overhaul will be to find better ways of identifying when known extremists classed as "former subjects of interest" - because they are thought to pose no imminent threat - suddenly decide to carry out attacks.

These will include changes to improve the detection of "trigger" activities - such as financial transactions, meetings or social media exchanges, and purchases of items that could be used in an attack - which could indicate a switch to murderous intent.

Measures to improve the way that police and Security Service officers work together to assess the risks posed by Islamist radicals are also expected, as well as a strengthened focus on Right-wing extremists.

The changes follow reviews by both police and MI5 of what they knew about those who carried out this year's terror attacks in London and Manchester.

They are understood to have concluded that there was extensive intelligence available before both the Manchester and London Bridge attacks and that potential misjudgments were made in relation to both incidents.

Some of the findings are expected to be published by the Government later this year, although some of the conclusions will remain confidential because they relate to techniques, intelligence, and working methods that remain vital for future counter-terrorism efforts.

The reviews were first announced by Theresa May following the London Bridge murders in June, when she said she "recognised people's concerns" that opportunities to stop those killings and the earlier attacks might have been missed.

Foreign Secretary Boris Johnson had earlier said that MI5 had questions to answer over its failure to stop Khuram Butt, one of the three London Bridge attackers, a known extremist who appeared in a Channel 4 documentary The Jihadis Next Door.

There were also claims that the Italian authorities had tipped off Britain about another of the London Bridge killers, Youssef Zaghba, a Moroccan whom they had stopped at Bologna airport last year over fears that he was trying to fly to Syria.

Similar concerns were raised about the failure to identify the risk posed by Manchester bomber Salman Abedi, despite evidence that he had taken part in fighting in his family's Libyan homeland and his father's alleged extremist connections.

Whitehall sources emphasise that there remains strong confidence in the ability of MI5 and police and that their existing methods have foiled a large number of attacks.

The changes resulting from the reviews were foreshadowed by Andrew Parker, the Security Service's director general, in a speech last week. He told security journalists that MI5 would be using "the harsh light of hindsight, to squeeze out every last drop of learning" from the attacks and would "look at new ways of doing things".

There are 20,000 "former subjects of interest" who have been assessed by MI5 but are judged not to pose an active threat. Both Butt and Abedi were in this group and were not identified when they switched to becoming extremists determined to carry out murder.

(1st November 2017)

POLICE - UNSOLVED CASES VICTIMS FAULT
(The Times, dated 22nd October 2017 authors Tom Harper and Leila Haddou)
www.thetimes.co.uk [Option 1]

Police have blamed victims' failure to support prosecutions for a growing number of unsolved crimes, amid fears of a criminal justice system in crisis.

The number of unsolved crimes attributed by police forces to victims' unwillingness to co-operate with their investigations has jumped by 224,000 over the past year. The figures, from the Home Office, include 127,000 violent offences.

Amid a surge in overall crime, sources said victims are increasingly "giving up" after they alert police, because budget cuts mean officers struggle to attend crime scenes, take witness statements and collect evidence.

The news echoes warnings earlier this year from HM Inspectorate of Constabulary, a police watchdog, that officers were allowing perpetrators of domestic violence to escape justice by "pushing responsibility" for prosecutions onto victims rather than building cases themselves.

Baroness Newlove, the victims commissioner, was "shocked" that officers had blamed so many failed cases on victims and said it was "vulnerable" people themselves who were in desperate need of support from the police.

"When I meet victims, many express concern that they will not be protected if the perpetrators are apprehended. Hence their reluctance to support the police," said Newlove, whose husband, Garry, was murdered by a gang in 2007.

"If vulnerable victims are to receive justice, they must have confidence that they will always be supported when they report a crime. These figures suggest we have a long way to go."

Last week the Home Office revealed an annual rise of more than 500,000 crimes in the year to June, bringing the total to just over 4.5m offences. The statistics which do not cover fraud offences, included an 8% rise in the murder rate - an increase of 46 victims - a 27% rise in gun crime, a 26% increase in knife crime and sexual offences up by 19%.

This weekend it was threatening to develop into a political crisis for the Government, which had cut police budget by 18% under Theresa May when she was Home Secretary.

"The cuts are making it more difficult for police to engage with victims, which is crucial to allow investigations to proceed.

"Neighbourhood police teams, family liaison officers, specially trained officers to deal with catastrophic violent crime - it's all disappeared. The government has continued to pretend they are there, but everyone knows they are not."

(1st November 2017)


THIS NEW BOTNET COULD TAKE DOWN THE INTERNET
(International Business Times, dated 20th October 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/this-new-botnet-could-take-down-entire-internet-its-rapidly-spreading-across-world-1643919

Up to a million organisations around the world have already been infected by a new computer bot network that has the potential to "take down the internet", researchers warn.

According to cybersecurity company Check Point, a new botnet has been spotted which is enslaving internet-of-things (IoT) devices - mainly internet routers and remote cameras. "The next cyber-hurricane is about to come," the firm claimed in a report this week (19 October).

Research suggested that the new botnet is evolving at a rapid pace, and could soon be weaponised to launch cyberattacks in the same fashion as "Mirai" last year.

Check Point said: "While some technical aspects lead us to suspect a possible connection to Mirai, this is an entirely new and far more sophisticated campaign that is rapidly spreading worldwide."

"It is too early to guess the intentions of the threat actors behind it, but with previous botnet DDoS attacks essentially taking down the internet, it is vital that organisations make proper preparations," the team noted.

When the Mirai botnet hit a year ago, in October 2016, the computing power was exploited to take a slew of US websites offline - including Twitter, Reddit and Netflix - using denial of service attacks.

A few months later, in November, a variant of the Mirai botnet was deployed to take approximately 900,000 Deutsche Telekom routers offline, leaving customers without internet.

Essentially, IoT botnets are made up of web-connected smart devices that are infected with malicious software. With the popularity of the IoT, many products are being rushed to market without proper security - leaving them open to attack.

In the last few days of September, Check Point noticed an "increasing number of attempts" by unknown hackers to exploit several existing vulnerabilities in IoT devices.

It found that malware was being used against wireless IP cameras such as "GoAhead, D-Link, TP-Link, AvTech, Netgear, MikroTik, Linksys, Synology" and others.

The attempted infiltrations were coming from different sources, suggesting a botnet was at work.

"So far we estimate over a million organisations have already been affected worldwide, including the US, Australia and everywhere in between," Check Point warned.

The company's research started at the end of September 2017, and the team said it "soon realised" that it had stumbled upon the "recruitment stages of a vast IoT botnet".

In the last few days, the team said, the botnet has been evolving. "It is vital to have the proper preparations and defence mechanisms in place before an attack strikes," experts said.

In July, a 29-year-old man admitted to launching the Deutsche Telekom hack and was convicted in a German court. Known only as Daniel K., a court in Cologne handed him a suspended sentence of a year and eight months for "attempted commercial computer sabotage".

The culprits behind the latest wave of botnet activity remain unknown at the time of writing.

(1st November 2017)


LONDON NOW MORE DANGEROUS THAN NEW YORK CITY, CRIME STATS SUGGEST
(The Telegraph, dated 20th October 2017 author Martin Evans)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/10/20/london-now-dangerous-new-york-crime-stats-suggest/

London is now more crime ridden and dangerous than New York City, with rape, robbery and violent offences far higher on this side of the Atlantic.

The latest statistics, published earlier this week, revealed that crime across the UK was up by 13 per cent, with a surge in violence in the capital blamed for much of the increase.

Seizing on the figures, US President, Donald Trump, claimed the rise could be linked to the "spread of radical Islam", adding that it demonstrated the need to "keep America safe".

But critics dismissed his comments as "ignorant" and "divisive", with former Labour leader Ed Miliband calling him an "absolute moron".

Criminal justice experts insisted rising crime in the UK, and particularly London, was more to do with the way the city was policed and blamed the reduction in neighbourhood patrols across the capital.

While both London and New York have populations of around 8 million, figures suggest you are almost six times more likely to be burgled in the British capital than in the US city, and one and a half times more likely to fall victim to a robbery.

London has almost three times the number of reported rapes and while the murder rate in New York remains higher, the gap is narrowing dramatically.

The change in fortunes of the two global cities has been put down largely to the difference in tactics adopted by the two police forces.

Both Scotland Yard and the New York City Police Department (NYPD) have just over 30,000 officers each and budgets of around £3 billion a year.

But in the mid-1990s spiralling crime rates in New York - sparked by the crack cocaine epidemic - resulted in radical a new approach being adopted by the city's police department.

Under the leadership of Mayor Rudy Giuliani, and police commissioner, Bill Bratton, the NYPD introduced a zero tolerance approach to low level crime and flooded problem areas with patrols.

The force also put a huge amount of emphasis on community policing in order to build bridges between the police and members of the public.

As a result the murder plummeted from a high in 1990 of over 2,000 to a record low of 335 last year.

That figure is expected to fall even lower this year, and is currently in line to dip below 240.

But the last decade has seen the Metropolitan Police move away from the neighbourhood policing model and low level in favour of pursuing more serious offences.

Last week it emerged that Scotland Yard would not even bother investigating a large number of low level offences as part of a major cost cutting drive.

In addition a huge amount of police resources have been poured into high profile and politically sensitive cases, such as a the flawed VIP child abuse inquiry and the phone hacking inquiry.

At the same time crime rates in London have been creeping up and the latest statistics are likely to increase pressure of Met bosses to reassess their policing priorities.

Last year there were almost 70,000 burglaries in Greater London with more than 43,000 taking place in people's homes.

Robberies have also increased in London dramatically, largely as a result of people having mobile phones stolen.

Rory Geoghegan, head of criminal justice at the Centre for Social Justice, said neighbourhood policing had a wide range of benefits.

He said: "By embedding proactive community policing, the NYPD is helping tackle crime, improving the quality of life and building better relationships with the community.

"It's an approach and argument that London - and the country as a whole - is struggling to maintain never mind bolster, with too many preferring to talk excitedly about investing in crime hubs to hunt online trolls."

"The latest crime figures paint a depressing picture for London that reinforces the need for the sort of political and policing leadership that enabled the initial turnaround of the NYPD in the 1990s under Bill Bratton and enables the no less seismic shift being seen in New York City under Jimmy O'Neill today."

David Green of the think tank Civitas, also said there was urgent need to put bobbies back on the beat.

He said: "It has been suggested by academics that bobbies on the beat do not reduce crime, but it is quite clear that a uniformed presence on the streets will act as an effective deterrent.

"The police in this country remain too influenced by the intelligence led investigations focused on serious crime.

"That is exactly the opposite of the model that has proved so effective in New York City over the past 20-years."

(1st November 2017)



ROBBERS ON MOPED SWIPE LAPTOP FROM INSIDE A BUSY CAFE
(Metro, dated 19th October 2017 author Dominic Yeatman)

Full article [Option 1]:

www.metro.news/robbers-on-moped-swipe-laptop-from-inside-a-busy-cafe/787296/

A MOPED robber brazenly walked into a busy café to snatch a laptop from a woman's hands.

CCTV footage shows the thief in a crash helmet stroll in and dart towards a woman working on her computer. He grabs it then flees on a moped with a getaway rider.

The snatch took less than five seconds. The café owner said it was the second time in three weeks that raiders have targeted her customers.

It's awful. The last time, it was another woman sitting in the same spot,' said Bona Sadiku. 'We thought that was a one-off, but clearly not.'

The raider struck on Tuesday, as crime figures from the London Assembly showed robberies in the capital rocketed 30 per cent over the last 12 months. It follows a spate of street robberies by criminal gangs on mopeds.

But the raid at the Bread and Bean Café in Archway, north London, shows thieves are moving on to stealing from people inside shops and businesses.

It's unbelievable moped gangs will now actually enter people's property,' said Ms Sadiku. 'It's gone to another level. It's horrific.'

Police plan to 'put up signage' to make people aware of the robbers' new tactic - but that response has angered locals.

Graham Parks tweeted: 'Thieves now so brazen they take laptop from woman in coffee shop. All police offer is putting up some signs.'

Officers replied: 'We are doing the best we can with the three officers we have for this large area.'

On Monday, charity worker Abdul Samad, 28, was stabbed to death outside his home in Paddington, west London, by moped thieves who are believed to have targeted him for his iPhone 7. Two youths, aged 16 and 17, have been arrested on suspicion of murder.

(1st November 2017)


RING 555 IF YOU ARE A VICTIM OF BANK FRAUD - NEW HOTLINE SUGGESTED TO TACKLE SCAMS
(The Telegraph, dated 19th October 2017 author Telegraph Reporters)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/10/19/ring-555-victim-bank-fraud-new-hotline-suggested-tackle-scams/

A new 555 emergency hotline may be set up for bank fraud victims under plans to tackle the growing number of crimes.

The emergency number specifically for bank fraud has been suggested in order to crack down on rising scams and alert banks to illegal money transfers.

The idea is reportedly being discussed by ministers, police and financial officials. Current advice states that victims should contact Action Fraud rather than 999 as police rarely investigate individual instances of bank fraud.

More than 900,000 cases of fraud were recorded in the first half of 2017 alone, equating to more than 5,000 a day.

The idea for a hotline was put forward at a meeting of the Joint Fraud Taskforce in September attended by Home Secretary Amber Rudd and senior staff from a number of UK banks.

Minutes published by the Home Office reveal that Brian Dilley, of Lloyds Banking Group, told the meeting about an "early stage idea" of having a single number - such as 555 - for the reporting of scams and fraud.

Currently victims of fraud are advised to call Action Fraud on 0300 123 2040. Details about how any hotline would operate are not clear as the suggestion is in its infancy.

The minutes say: "Brian Dilley (BD)... commented on the issue of communicating to customers who have been told not to trust unsolicited contact from their bank.

"BD outlined an early stage idea... for a central reporting telephone number e.g. 555 that victims of fraud/scams could contact.

"At its simplest the number could be a triaging facility directing victims to the appropriate agency and at its most ambitious it could sit in front of enhanced data sharing/analytics which would take in all reporting and provide standardised reporting and a collective intelligence picture across fraud and money laundering."

James Freedman, fraud ambassador for City of London Police, told the Daily Mail: "The problem is that people may liken the number to 999 and expect an emergency response. In reality fraud can take time to investigate.

"However, it is vital to encourage more people to report scams, even in instances where they have got their money back or not fallen for them at all, as this is the only way the body of information available to the police will grow."

A Home Office spokeswoman said: "Through the Joint Task Force we are in discussions with banks and UK Finance over a number of initiatives to enable the public to better protect themselves more effectively from fraud."

Cyber crime - most common UK online offences (Source : Office for National Statistics)

These are the ten most common cyber-crimes in the UK, with number of cases reported in the year to June 2016

1. Bank account fraud - 2,356,000

Criminals trick their way to get account details. For example: "Phishing" emails contain links or attachments that either take you to a website that looks like your bank's, or install malware on your system. A 2015 report by Verizon into data breach investigations has shown that 23pc of people open phishing emails.

2. Non-investment fraud - 1,028,000

AKA Ponzi schemes. Examples include penny stocks, pension liberation, and investment in commodities, such as wine or art, that later prove worthless

3. Computer virus - 1,340,000

Unauthorised software damages or takes control of your machine. For example: "Ransomware" encrypts your files and pictures then demands a payment to restore your access to it

4. Hacking - 681,000

Criminals exploit security weaknesses to illegally access other machines or networks. They steal sensitive data or subvert machines for their own purposes, such as sending spam or launching other cyber attacks

5. Advance fee fraud - 117,000

The victim is promised access to a great deal of money in return for a smaller upfront payment. For example, the classic "Nigerian Prince" email scam

6. Other fraud - 116,000

One example is "solicitor scams", where a solicitor's website is hacked, then clients asked to divert large payments into the criminals' bank accounts.

7. Harassment and stalking - 18,826

Threats, abuse and online bullying - what's commonly been termed "trolling" on social media

8. Obscene publications - 6,292

Pornography that meets the definition of the Obscene Publications Act, thus generally involving some form of physical abuse

9. Child sexual offences - 4,184

Assault, grooming, indecent communication, coercing a child to witness a sex act. These crimes may be being under-reported

10. Blackmail - 2,028

This includes threats to publish intimate photographs online

(1st November 2017)


NINE IN 10 HOME BURGLARIES NOW GO UNSOLVED - HOW EFFECTIVE IS YOUR POLICE FORCE ?
(The Telegraph, dated 19th October 2017 authors Patrick Scott and Jack Kempster)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/10/19/nine-10-home-burglaries-now-go-unsolved-effective-police-force/

Nine out of 10 home burglary investigations are closed without a suspect being identified, according to figures from the Home Office.

Of the 44,363 residential burglary cases recorded by police forces across England and Wales between April and June this year, 89.7 per cent ended without a suspect being identified.

[ Note : As part of the actual article this position provides access interactive crime by county database]

In cases like this police deem the crime to have been investigated "as far as reasonably possible" based on the evidence available with the case then closed "pending further investigative opportunities becoming available".

This is the first time that forces have published residential burglary crimes, with the previous crime category for this offence - burglary in a dwelling - not including outer buildings such as sheds and outhouses.

Prior to the new category being introduced, the proportion of dwelling burglaries ending without a suspect being identified had been rising - up to 79.8 per cent in the year to June 2016 from 75.8 per cent in the previous 12-month period.

However, with the category now having been broadened out to include crimes carried out on outer buildings, we now have a better idea of just how unlikely it is the police will be able to catch a burglar who takes something from people's properties.

Which forces are least likely to find home burglars


Proportion of residential burglaries ending in no suspect being identified, April to June 2017

Hertfordshire : 96.2%
Hampshire : 94.9%
Bedfordshire : 93.8%
Leicestershire : 93.6%
Surrey : 93.6%
Derbyshire : 93.1%
Merseyside : 93%
Northamptonshire : 93%
Metropolitan Police : 92.7%
Suffolk : 92.5%

POLICE INTEND TO "PRIOITISE" WHICH INVESTIGATIONS THEY CONCENTRATE ON

Earlier this week a senior Metropolitan Police officer said it was not practical for the force to spend time attempting to catch the perpetrators of some petty crimes due to the demands on the force.

Deputy Assistant Commissioner Mark Simmons said the force had to work with fewer officers and less money, with the Crime Assessment Policy introduced to help prioritise resources.

"Clearly this is not about letting criminals get away with crime, or not investigating the cases we are solving at the moment, if we thought it was, we simply would not do this.

"With the pressure on our resources it is not practical for our officers to spend a considerable amount of time looking into something where for example, the value of damage or the item stolen is under £50, or the victim is not willing to support a prosecution.

"We need our officers to be focused on serious crime and cases where there is a realistic chance that we will be able to solve it."

In response to this, ex-Met detective chief inspector Mick Neville told The Sun: "This is justice dreamed up by bean counters in shiny suit land.

"No consideration is being given to victims. The new principles will focus police attention on easy crimes where there is a known suspect.

"Few professional criminals target people who know them, so the worst villains will evade justice. Not investigating high volume crimes like shoplifting with a loss of under £50 will give junkies a green light to thieve."

The figures from the ONS already show that there has been a large increase in the number of instances in which police have failed to identify shoplifters.

In the year to June 2015 one in three cases ended without a suspect being identified, but in the year to June 2017 this figure had risen to 45.6 per cent of the 375,105 settled cases.

###Which crimes are police forces least likely to solve ?

There are a number of other high volume crimes with extremely low probabilities for suspects being identified.

Of crimes with more than 40,000 recorded resolutions in the year to June 2017, police were least likely to catch the perpetrators of theft from vehicle crimes.

As many as 94.3 per cent of these crimes reached a dead end in the 12-months to June.

Interfering with a motor vehicle (91.8 per cent) and bicycle thefts (89.8 per cent) made up the rest of the top three, with residential burglaries coming in a fourth.

Police forces are far more likely to catch criminals when it comes to violent crimes such as assault and harassment, with cases of these crimes among the fastest risers nationwide.

Which high-volume crimes are least likely to be solved ?


Proportion of crimes ending with no suspect identified, year to June 2017

Theft from vehicle : 95%
Burglary in a non-dwelling : 89%
Other theft : 85%
Criminal damage to a vehicle : 79.5%
Burglary in a dwelling : 78%
Shoplifting : 45%
Public fear, alarm or distress : 32%
Harassment : 18%
Assault with injury : 16%
Assault without injury : 15%

(uaware note : shown figures are estimates from graph in article)

(1st November 2017)



CRIME RISES BY 13% IN ENGLAND AND WALES, ONS STATISTICS SAY

(BBC News, dated 19th October 2017)

Full article : www.bbc.co.uk/news/uk-41677046

The number of crimes recorded annually in England and Wales has passed the five million mark for the first time in 10 years, rising by 13%, figures show.

The Office for National Statistics said crimes in the 12 months to June were up from 4.6 million the previous year.

www.ons.gov.uk/peoplepopulationandcommunity/crimeandjustice/bulletins/crimeinenglandandwales/june2017#latest-violent-crime-figures-continue-to-present-a-complex-picture

It said crime categorised as "violent" rose by 19%, with rises in offences including stalking and harassment.

The Crime Survey for England and Wales, based on people's experiences, suggests there were 10.8 million offences.

The survey, published on the same day as the official crime statistics, includes crimes that people do not report to police. When comparing like-for-like crimes, the survey reported a 9% reduction compared with the previous year.

The rise in the ONS statistics, which cover the 12 months to the end of June, is the largest annual rise in a decade and continues a recent trend of crime increases.

John Flatley, from the ONS, said: "While improvements made by police forces in recording crime are still a factor in the increase, we judge that there have been genuine increases in crime - particularly in some of the low incidence but more harmful categories."

But he said police figures alone cannot provide "a good measure of all crime in society".

"The recent increases in recorded crime need to be seen in the context of the overall decline in crime indicated by the Crime Survey for England and Wales," he said.

The ONS report said:

- Knife crime was up 26% year-on-year
- Nearly half of the increase in knife crime was attributed to London
- Sexual offences were up 19%
- The number of homicides (cases of murder and manslaughter) increased by 46 to 629, excluding the terror attacks in London and Manchester
- There were 1.2 million crimes of violence against the person

The 19% increase in "violence against the person" offences dealt with by police was "driven largely" by increases in the sub-categories of "violence without injury" (21%) and "stalking and harassment" (36%) and "violence with injury" (10%), the ONS said.

Crime minister Sarah Newton said "much" of the rise in violent offences was down to better crime recording.

However, she added: "We know that some of this increase is likely to be genuine. Which is why have taken urgent action to stop these crimes and keep our communities safe.

"This week we began consulting on tough new laws to crack down on acid attacks and knife offences. Our Domestic Abuse Bill will help to bring this heinous crime out of the shadows and ensure victims receive both support and justice, as we invest £100m to prevent and confront violence against women and girls."

She said the government was also investing £1.9 billion to counter the cyber-threats.

(1st November 2017)

TRAFFIC JAMS ON MAJOR UK ROADS COST ECONOMY AROUND £9bn
(The Guardian, dated 18th October 2017 author Nicola Slawson)

Full article [Option 1]:

www.theguardian.com/world/2017/oct/18/traffic-jams-on-major-uk-roads-cost-economy-around-9bn

The government has told highway chiefs to reduce motorway closure times following accidents after new figures showed that traffic jams on the UK's major roads cost the economy £9bn a year.

Analysis by transport data company Inrix found that drivers faced 1.35m traffic jams in the past year, which is almost 3,700 per day.

The jams - mostly on roads in England, rather than Scotland or Wales - were calculated to cost £9bn in wasted time, fuel and unnecessary carbon emissions, based on assumptions about drivers commuting to work and fuel prices.

Highway chiefs have reportedly been told by the government to improve the system used in order to shorten the time it takes to clear motorways following accidents and incidents.

Jesse Norman, transport minister, has written to Highways England, which manages motorways and major A roads in England, to suggest improvements including using slip roads as contraflows in order to clear motorways of vehicles after closures.

A spokesman for the Department for Transport confirmed the letter had been sent but declined to comment further.

Mel Clarke, customer service director at Highways England, defended its record. She said: "In our first two years, we met our target to clear 85% of all incidents on our network within an hour and last year exceeded our target to keep 97% of lanes available to road users to help smooth the flow of traffic. We will continue to ensure roads are reopened safely but as quickly as possible."

The worst queue of the year occurred on the M5 northbound near Junction 20 in Somerset on 4 August. Traffic tailed back 36 miles at the peak of the 15-hour jam, caused when an accident involving two lorries created a fuel spill and led to the closure of two lanes.

In September the M1 was closed in both directions for nine hours after a suspicious object was found under a motorway bridge during the morning rush hour.

"Fuel spillages, emergency repairs and broken-down lorries contributed to the biggest pile-ups this year," Inrix chief economist Dr Graham Cookson said.

Next month could see a peak in traffic jams. Analysis of queues during the 12 months to August found that November 2016 was the worst, with almost 170,000 hold-ups - 50% above average.

Cookson said: "There are so many factors that influence congestion levels, it's hard to be certain why November was the worst month. We do know November 2016 was significantly colder than usual, in fact, the coldest month of the calendar year.

"The risk of ice on the road can lead to slower moving traffic and people are more inclined to take shelter in vehicles over cycling or walking in cold snaps."

(1st November 2017)



LACK OF POLICE HELICOPTERS COULD PUT LIVES AT RISK IN TERROR ATTACKS
(London Evening Standard, dated 18th October 2017 author Jim Armitage)

Full article [Option 1]:

www.standard.co.uk/news/crime/lack-of-police-helicopters-could-put-lives-at-risk-in-terror-attacks-officers-warn-a3661606.html

Police helicopter shortages pose a major risk to public safety during incidents such as the London terror attacks and the Grenfell Tower fire, senior officers have warned.

Helicopters carried personnel and did reconnaissance for up to 13 hours during the Westminster Bridge and Borough Market attacks.

But they can only fly for two to three hours at a time, so each major incident takes up five or six of the UK fleet of 19. That meant other calls for police air support had to go unanswered, officers warned.

The concerns are revealed in minutes for a meeting of the National Police Air Service (NPAS). It cited the attacks in London and Manchester, the Grenfell fire, and the "Justice for Edson" protest march in Stratford in June.

Details of how many requests for air support had to be turned down during the London attacks were redacted from the minutes, but sources said services were restricted both during the incidents and for some time afterwards.

NPAS raised the threshold for "Threat, Harm and Risk" used to gauge whether or not to dispatch helicopters.

The annual spend on helicopters has been slashed from £53.5 million in 2012 to £38.5 million now with eight out of 23 police airfields shut and the service centralised.

Phil Matthews, a former helicopter air observer seconded to the Police Federation, said: "It is frustrating; there's a lack of resources, and when you get a major incident, service to other incidents inevitably suffers."

The aircraft can save lives during car chases and rescues but often only make a big difference if they arrive quickly, he said. Shortages were worsened because of an ageing fleet. Six helicopters were retired last year but four new reconnaissance planes were yet to arrive.

The minutes say NPAS wrote to Home Secretary Amber Rudd in March and June "highlighting concerns around future fleet strategy and financing" but received no response.

NPAS chief Mark Burns-Williamson called that "unacceptable" at the meeting in June. The Home Office has since asked for fully costed proposals to renew the fleet. Chief Constable Dee Collings of West Yorkshire Police, which runs NPAS, said: "We've had some challenges but nothing I would not expect as the first 'pathfinder' national policing capability."

(1st November 2017)


REMEMBER THAT PATIENT RECORDS THAT WERE NOT DELIVERED ? WELL THEY FOUND ANOTHER 162,000

(The Register, dated 17th October 2017 author Rebecca Hill)

Full article [Option 1]:

www.theregister.co.uk/2017/10/17/nhs_finds_another_162000_unprocessed_patient_records/

NHS leaders have admitted that the biggest ever loss of patient documents is worse than initially thought, as another 162,000 undelivered documents have been discovered.

The scandal was first revealed back in February, when the UK's national health service was forced to admit that 709,000 items of correspondence - which includes details of patients' test results, change-of-address forms and other personal information - had gone undelivered.

The error by NHS Shared Business Services (SBS) - a joint venture between Steria and the NHS - meant that between 2011 and 2016, these documents were left gathering dust in a warehouse.

A team was tasked with investigating the incident, which included assessing whether the information had adversely affected patients' health, and it was thought that the situation was under control.

However, NHS England chief executive Simon Stevens on Monday told the Public Accounts Committee that some more undelivered records had turned up in the course of the investigation.

He said that, as part of the work, the team had looked at whether clinicians had stuck to processes introduced in 2015 that intended to improve the transfer of NHS documents - and discovered that there were about 5 per cent of cases "where that hasn't been happening".

Pressed on what this was in real numbers, Stevens said it meant there were about 150,000 more records that needed to be "repatriated" to the relevant GP practices.

On top of this, the team dealing with the incident investigated local offices across the country and found a further 12,000 SBS items languishing undelivered.

Karen Williams, the former director of transformation and corporate operations at NHS England (she now works at HMRC), said that this was because these boxes "had been assumed to be records for filing and therefore hadn't been processed".

Committee members were clearly exasperated by the latest admission, with chairman Meg Hillier saying that they had expected to "be beginning to wrap this up".

"We're very disappointed to still be discovering more problems," she added.

Geoffrey Clifton-Brown, meanwhile, expressed dismay that the execs had "started this hearing very confidently" when discussing progress on the initial tranche.

"Then you tell us this bombshell... what's the situation today for dealing with the backlog?"

In response, Stevens said that the team was applying the same triaging processes to the new records, which involved first making sure the relevant GPs received the records, and then having them vetted for clinically important information.

He said the NHS expected to have all the records back with GPs by the end of December for initial assessment, and that the end of March was "feasible" for finishing the whole project.

Of course, this extra work is going to cost. The government stumped up £2.5m to deal with the initial portion of documents, which is being used partly to fund GP practices that have to search through the medical records.

When pushed on the extra resources needed to deal with this final stage, Stevens said that he couldn't give a further number on it, but "would say in the zone of a million, rather than £2.5m".

Stevens also detailed progress on the original 709,000 items, saying that 5,562 cases had been sent for a full clinical review, and of these 4,565 had been completed.

Some 3,624 have been clearly shown not to have caused harm, with the remaining 941 awaiting a final clinical review.

(1st November 2017)

WIFI SECURITY FLAW "PUTS DEVICES AT RISK OF HACKS"
(BBC News, dated 16th October 2017 author Jane Wakefield)

Full article : www.bbc.co.uk/news/technology-41635516

The wi-fi connections of businesses and homes around the world are at risk, according to researchers who have revealed a major flaw dubbed Krack.

It concerns an authentication system which is widely used to secure wireless connections.

Experts said it could leave "the majority" of connections at risk until they are patched.

The researchers added the attack method was "exceptionally devastating" for Android 6.0 or above and Linux.

A Google spokesperson said: "We're aware of the issue, and we will be patching any affected devices in the coming weeks."

The US Computer Emergency Readiness Team (Cert) has issued a warning on the flaw.

"US-Cert has become aware of several key management vulnerabilities in the four-way handshake of wi-fi protected access II (WPA2) security protocol," it said.

"Most or all correct implementations of the standard will be affected."

Computer security expert from the University of Surrey Prof Alan Woodward said: "This is a flaw in the standard, so potentially there is a high risk to every single wi-fi connection out there, corporate and domestic.

"The risk will depend on a number of factors including the time it takes to launch an attack and whether you need to be connected to the network to launch one, but the paper suggests that an attack is relatively easy to launch.

"It will leave the majority of wi-fi connections at risk until vendors of routers can issue patches."

Industry body the Wi-Fi Alliance said that it was working with providers to issue software updates to patch the flaw.

"This issue can be resolved through straightforward software updates and the wi-fi industry, including major platform providers, has already started deploying patches to wi-fi users.

"Users can expect all their wi-fi devices, whether patched or unpatched, to continue working well together."

It added that there was "no evidence" that the vulnerability had been exploited maliciously.

Tech giant Microsoft said that it had already released a security update.

Security handshake

The vulnerability was discovered by researchers led by Mathy Vanhoef, from Belgian university, KU Leuven.

According to his paper, the issue centres around a system of random number generation known as nonce (a number that can only be used once), which can in fact be reused to allow an attacker to enter a network and snoop on the data being sent in it.

"All protected wi-fi networks use the four-way handshake to generate a fresh session key and so far this 14-year-old handshake has remained free from attacks, he writes in the paper describing Krack (key reinstallation attacks).

"Every wi-fi device is vulnerable to some variants of our attacks. Our attack is exceptionally devastating against Android 6.0: it forces the client into using a predictable all-zero encryption key."

Dr Steven Murdoch from University College, London said there were two mitigating factors to what he agreed was a "huge vulnerability".

"The attacker has to be physically nearby and if there is encryption on the web browser, it is harder to exploit."

Krack explained

Prof Alan Woodward explained the issue to the BBC.

When any device uses wi-fi to connect to, say, a router it does what is known as a "handshake": it goes through a four-step dialogue, whereby the two devices agree a key to use to secure the data being passed (a "session key").

This attack begins by tricking a victim into reinstalling the live key by replaying a modified version of the original handshake. In doing this a number of important set-up values can be reset which can, for example, render certain elements of the encryption much weaker.

This attacks appears to work on all wi-fis tested - prior to the patches currently being issued.

In some it is possible to decrypt and inject data, enabling an attacker to hijack a connection. In others it is even worse as it is possible to forge a connection, which, as the researchers note, is "catastrophic".

Not all routers will be affected but the people this could be most problematic for are the internet service providers who have millions of routers in customers' homes. How will they make sure all of them are secure?

(1st November 2017)


THE COLD CALLING CONVICTS
(Daily Mail, dated 16th October 2017 author Ian Drury)

Full article [Option 1]:

www.dailymail.co.uk/news/article-4983048/Cold-call-convicts-inmates-sell-insurance-jail.html

Convicts are being paid for 'cold-calling' householders from jail.

The inmates of some of the country's toughest prisons are being trusted to harvest sensitive information - sometimes involving financial affairs.

They are picking up £3.40 a day to call potential customers for insurance policies. They also carry out marketing surveys.

One of the cold-callers was a conman who ran a £5.7million telemarketing scam with thousands of victims.

Antoni Muldoon, 71, who was jailed for seven years for fraud, said: 'You try to find out as much information as you can.'

The personal details include names, ages, marital status and number of children. Householders can be asked whether they own or rent their home and whether they have life insurance.

Unaware they are talking to a convict, they are quizzed on their home contents, shopping habits and broadband and utility suppliers.

Concerns were raised about the scheme last night and over the prospect of the elderly and vulnerable being coerced into buying services or policies they don't need.

'You really could not make this up: a conman convicted of a telemarketing scam being the chance to make cold calls while in prison,' said Tory MP Andrew Bridgen.

'I'm all for the rehabilitation of prisoners and getting them ready for work but you would have thought fraudsters are the least suitable people for this.'

Until recently, convicts at Category B High Down prison in Surrey (pictured) - considered too much of an escape risk to be placed in lower security jails - were helping sell life insurance to the public

David Green, a former Home Office adviser and director of the think-tank Civitas, described the scheme as risky. 'On the surface this does not sound like a good way of rehabilitating offenders,' he said.

The £5.7m cold-calling fraudster


Antoni Muldoon was jailed in 2013 for masterminding a £5.7million internet fraud.

The 71-year-old led a gang of seven crooks who duped more than 17,000 victims into paying for bogus offers of escort agency work and debt elimination services.

Around 14,000 people, mostly women, paid up to £450 each to join websites with names such as Beautiful Adults.

The women were promised £600-a-day for going on non-sexual dates. The gang also cold-called people offering to write off their debts for fees of up to £2,000. The scam was rumbled by trading standards officers in Suffolk. Muldoon was arrested in Spain in 2012 and extradited.

He had used cash from the fraud to buy himself boats and a ten-bedroom villa.

Muldoon was jailed for seven years and five months for fraud at Ipswich Crown Court. In prison he took part in the cold-calling insurance policy scheme.

'Everyone is in favour of putting prisoners onto the straight and narrow but there is an inherent risk of giving people personal details, including possible financial information, when they are known to be dishonest.'

A Whitehall source said: 'It's bad enough getting unwanted cold calls from a normal salesman but it is terrifying to think that the person on the line asking for information is a prisoner. It's unnerving.

'Imagine if you were a rape victim and then you get a sex offender on the line asking all about your life.'

Until recently, convicts at Category B High Down prison in Surrey - considered too much of an escape risk to be placed in lower security jails - were helping sell life insurance to the public.

Yesterday the Ministry of Justice confirmed that inmates continue to work at 'call centres' set up in other prisons across England and Wales.

The centres are staffed by prisoners working for telesurvey firms, including Census Data Group.

They rent rooms inside jails where prisoners have headsets and screens and access to customers' names and email addresses.

Numbers are dialled off-site by the company's computer and transferred to the prisoners only when somebody picks up.

Inmates then follow a script and chat to the potential customer to try to persuade them to buy insurance. If that person shows an interest, the call is transferred to registered brokers outside the prison.

'You really could not make this up: a conman convicted of a telemarketing scam being the chance to make cold calls while in prison,' said Tory MP Andrew Bridgen ( pictured)

Convicted fraudster Muldoon, of Lowestoft, Suffolk, who was released from High Down in August, said: 'You talk to people and try and find out if they've got insurance and if you can persuade them to talk to a broker.

'Every other call you are told to get lost or to stop ringing them. But sometimes you can get them talking. You say, "You might be interested in life insurance?" and they'll say, "No, I'm 65" and you say, "I'm 71 and I'm still working". Obviously, you don't tell them where you're calling from.

'Then by the time they are talking to me about their family, you know, they might have a wife and children, have you thought about what happens if you die, they've become a friend.

'You say to them, "You talk to this broker, he'll sort you out" and you transfer the call on.'

Muldoon, who masterminded an escort agency and debt collection scam from his luxury properties in Spain, complained prisoners were being used as 'cheap labour'.

He said it was 'disgusting' that the wage, which is paid by the MoJ, was £3.40 a day rather than the £7.50 an hour minimum wage. Money earned can be used to buy items from the prison shop or spend on phone calls.

Census Data, located in Portishead near Bristol, is the largest, UK-based, consumer telesurvey company.

The firm's website says its technology makes approximately 100,000 calls each day and telephone advisers speak with over 5,000 UK consumers daily.

The inmates of some of the country's toughest prisons are being trusted to harvest sensitive information - sometimes involving financial affairs.

The company says it is 'committed to reducing reoffending by providing meaningful work experience and education to both serving and ex-offenders alike'. Marketing surveys using inmates at lower security jails began in 2013.

Reoffending rates for adult offenders released from custody was 43.4 per cent, according to MoJ figures released in July. The annual cost of those who commit another crime within a year of release cost society £15billion annual.

Rules on live marketing calls state that firms must not make unsolicited live calls to anyone who has said they don't want them or opted to block them by registering with the Telephone Preference Service (TPS).

There is no suggestion that Census Data has behaved unlawfully or unscrupulously. The firm could not be contacted to comment.

The Prison Service said that making inmates work was essential to helping them sort out their lives and 'develop vital skills'.

It said: 'Where prisoners do work as call centre operatives, they have absolutely no access to personal or financial details and do not make sales.

'Offenders are rigorously risk-assessed for suitability for the role and all calls are supervised and monitored.

'Prisoners are not able to make outgoing calls - they are connected to customers through an automated system.

Prisoners have no access to the internet and no means of recording any details.'

A Prison Service spokesman added: 'This work scheme stopped running at HMP High Down six months ago.'

Under the heading 'Social Responsibility' on its website, Census Data says: 'Approximately 10 million people in the UK have a criminal record. Census Data, as a responsible employer, is committed to reducing reoffending by providing meaningful work experience and education to both serving and ex-offenders alike.'

One of the cold-callers was a conman who ran a £5.7million telemarketing scam with thousands of victims.

It adds that its 'mission' is 'To reduce reoffending and create sustainable social impact by providing offenders with the skills and work experience to gain employment'.

Under the subtitile 'Our Vision', it says: 'Through the operation of a sustainable and innovative business model we will become the leading Global employer of serving and ex-offenders.

'By providing offenders with meaningful education we will enable them to develop relevant skills and experience that will be highly valued by employers. We will build open and transparent relationships with our customers that are focused on continuous improvement.'

(1st November 2017)



CRIME WAIVE

(The Sun, dated 16th October 2017 author Mike Sullivan)

Full article [Option 1]:

www.thesun.co.uk/news/4690869/cops-to-stop-probing-hundreds-of-thousands-of-crimes-to-400m/

NOTE : The actual SUN article includes a flowchart describing "How the Police assess crimes"

Top cops' decision to stop probing thousands of crimes in bid to save £400million has been branded a crooks' charter.

It is expected that 150,000 fewer offences will be investigated as critics say that the Met is failing taxpayers and could force the public to become vigilantes.

HUNDREDS of thousands of crimes will no longer be probed by Britain's biggest police force.
Burglaries, thefts and some assaults are being ignored unless a victim report identifies a suspect.

It was revealed to the Met's 30,000 officers last month in a £400million cost-cutting move.
A former police chief said: "No consideration is being given to victims."
Critics say the Met is failing taxpayers by refusing to detect a range of offences.
They fear the worst criminals will evade justice - and force the public to turn vigilante.

Changes to the way victims' reports of a crime are assessed are expected to see 150,000 fewer offences being investigated each year. The new guidelines say:

- BURGLARIES should only be probed if culprits have used violence or tricked their way in;

- CRIMES involving a loss of under £50 should not be investigated unless there is an identified suspect;

- OFFICERS need not probe low-level incidents of grievous bodily harm or car crime unless there is an identifiable suspect;

- CCTV should only be analysed if the crime occurs in a 20-minute time frame and sharp images showing a suspect can be collected immediately.

The Met aims to save £400million by 2020. That comes on top of £600million it has already lost from its £3.7billion annual budget due to Government curbs on public spending.

Ex-Met Det Chief Insp Mick Neville said: "This is justice dreamed up by bean counters in shiny suit land.

"No consideration is being given to victims. The new principles will focus police attention on easy crimes where there is a known suspect.

"Few professional criminals target people who know them, so the worst villains will evade justice. Not investigating high volume crimes like shoplifting with a loss of under £50 will give junkies a green light to thieve."

Ken Marsh, of the Met Police Federation, added: "The public are getting a raw deal. And officers will be under immense pressure if a criminal who should have been caught goes on to commit a serious crime.
"I see people taking the law into their own hands."

Met chiefs believe they will reduce the overall number of investigations by a third without affecting detection figures, which are currently at 16.72 per cent.

A list of serious crimes including murder, sex offences and terrorism will still receive mandatory investigations.

By the end of 2018 officer numbers will have fallen to 28,000 from 32,000 12 months ago, says Mr Marsh.

Recorded crime in the capital rose by 5.7 per cent to 774,737 offences in the year to April 1. Gun crime was up 42 per cent and knife crime by a quarter.

Earlier this year The Sun revealed the Met solved eight per cent of 493,257 recorded burglaries from 2011-16.

It failed to identify a suspect in 85 per cent of those cases.

Deputy Assistant Commissioner Mark Simmons said: "Serious crime and calls are up while officer numbers are down. The only solution is to prioritise things.

"We want officers focused on the more serious crimes where there is a realistic chance we can solve it."

----------------------
SHOPLIFTERS AND VANDALS WILL EVADE JUSTICE AFTER POLICE SAY INVESTIGATIONS ARE NOT PRACTICAL
(The Telegraph, dated 16th October 2017 author Telegraph Reporters)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/10/16/shoplifters-vandals-will-evade-justice-afterpolice-say-investigations/

A senior police officer has said it is "not practical" for officers to investigate crimes such as shoplifting and criminal damage as his force bids to save £400 million.

The Metropolitan Police said new guidelines would mean officers could "determine very quickly if it is proportionate" to investigate "lower level, higher volume offences" further.

Deputy Assistant Commissioner Mark Simmons said the force had to work with fewer officers and less money, with the Crime Assessment Policy introduced to help prioritise resources.

He said: "Clearly this is not about letting criminals get away with crime, or not investigating the cases we are solving at the moment, if we thought it was, we simply would not do this.

"With the pressure on our resources it is not practical for our officers to spend a considerable amount of time looking into something where for example, the value of damage or the item stolen is under £50, or the victim is not willing to support a prosecution.

"We need our officers to be focused on serious crime and cases where there is a realistic chance that we will be able to solve it."

Serious offences will continue to be investigated as before, Mr Simmons said.

He added: "Of course we are not talking about things like homicide, kidnap, sexual offences, hate crime or domestic violence, but the lower level, higher volume offences such as shoplifting, car crime and criminal damage.

"This is not to say these cases will not be investigated further, however by applying the assessment policy we will be able to determine very quickly if it is proportionate to do so."

Under the new policy, 150,000 fewer offences will be investigated every year, according to reports.

Ex-Met detective chief inspector Mick Neville told The Sun: "This is justice dreamed up by bean counters in shiny suit land.

"No consideration is being given to victims. The new principles will focus police attention on easy crimes where there is a known suspect.

"Few professional criminals target people who know them, so the worst villains will evade justice. Not investigating high volume crimes like shoplifting with a loss of under £50 will give junkies a green light to thieve."

(1st November 2017)

CUSTOMERS CHEESED OFF AFTER CARD DETAILS NICKED IN PIZZA HUT DATA BREACH
(The Register, dated 16th October 2017 author Kat Hall)

Full article [Option 1]: www.theregister.co.uk/2017/10/16/pizza_hut_data_breach/

Miscreants have made off with payment card details of "a small number of clients" following a data breach at Pizza Hut (US).

In an email to affected customers seen by Bleeping Computer, the fast-food chain wrote: "Pizza Hut has recently identified a temporary security intrusion that occurred on our website.

"We have learned that the information of some customers who visited our website or mobile application during an approximately 28-hour period (from the morning of October 1, 2017, through midday on October 2, 2017) and subsequently placed an order may have been compromised.

"The security intrusion at issue impacted a small percentage of our customers and we estimate that less than one per cent of the visits to our website over the course of the relevant week were affected."

However, some criticised the company for failing to inform customers immediately after the attack.

One wrote on Twitter: "Hey @pizzahut, thanks for telling me you got hacked 2 weeks after you lost my cc number. And a week after someone started using it. #timely"

Nicola Fulford, head of data protection and privacy at tech specialist law firm Kemp Little, noted that the Information Commissioner's Office advises organisations to report personal data breaches that may cause "serious harm" to individuals affected by data breaches.

Under the current law there is no obligation to notify, she said. "However, when the General Data Protection Regulation applies from May 25, 2018, it will be mandatory for organisations to notify data breaches that risk harm to individuals. Failure to do so means companies could face significant fines, €10m (£7.5m) or up to 2 per cent of worldwide turnover."

A Pizza Hut spokesman said the breach has only affected customers in the US and immediately took steps to halt it and remediate the security issue.

He said: "Pizza Hut takes the information security of our customers very seriously and invests in resources to protect the customer information in our care. We value the trust our customers place in us, regret that this happened, and apologise for any inconvenience this may have caused."

(1st November 2017)



THUGS CAUGHT CARRYING ACID TWICE COULD GO STRAIGHT TO JAIL UNDER NEW "TWO STRIKES AND OUT" PLAN

(London Evening Standard, dated 14th October 2017 author Francesca Gillett)

Full article [Option 1]:

www.standard.co.uk/news/uk/thugs-caught-carrying-acid-twice-could-go-straight-to-jail-under-new-two-strikes-and-out-government-a3658596.html

Acid-carrying thugs who are caught with corrosive substances twice will automatically be jailed for at least six months, under new Government proposals.

The new "two strikes and you're out" rule has been put forward as part of a crackdown on acid attacks, after a spike in the number of incidents in the capital.

It follows the same two chance rule for criminals caught carrying knives.

Online retailers could also face criminal proceedings if they deliver knives to a buyer's home, in a measure aimed at clamping down on the sale of blades to children and teenagers. The steps following a surge in violent offences recorded by police.

Home Secretary Amber Rudd said: "All forms of violent crime are totally unacceptable, which is why we are taking action to restrict access to offensive weapons and crack down on those who carry acids with the intent to do harm."

But shadow home secretary Diane Abbott warned: "Unless there are sufficient officers to enforce the law, new legislation will have a limited effect."

After a flurry of high-profile incidents, the Government announced plans earlier this month to create a new offence of possession of a corrosive substance in public without a good or lawful reason.

The full Home Office consultation document published on Saturday reveals the proposed crackdown will also see those convicted for a second time face a mandatory minimum sentence.

The approach will be modelled on a system rolled out in 2015 for offenders repeatedly caught with knives.

Minimum sentences were introduced for those aged 16 and over who are convicted of a second or subsequent offence of possession of a knife or offensive weapon.

The punishment is at least six months' imprisonment, which can be suspended, for adults. Young offenders face a minimum four-month detention and training order.

Judges must impose the minimum sentence unless there are particular circumstances relating to the latest offence, the previous offence or the offender which would "make it unjust to do so in all the circumstances".

The consultation document says it is not intended that "corrosive substance" will be defined in legislation as the offence "must be flexible enough to cover a range of possible situations: from someone possessing a corrosive substance in a public place that if used as a weapon can leave life-changing injuries; through to someone using a less harmful corrosive substance which if used as a weapon can still be very unpleasant to the victim but the effect is not lasting".

A new offence to stop the sale of acids and the most harmful corrosive substances to under-18s is also being weighed up.

Police figures show there were 408 attacks using corrosive substances between November 2016 and April this year.

"The use of corrosive substances as a weapon is centuries old, but whilst the number of offences is relatively small, we are concerned about its increasing use as a weapon," the document says.

It also sets out plans unveiled earlier this year to tighten the regime covering online sales of knives following concerns that age-verification checks can be sidestepped.

Where a knife is sold on the internet, it will be an offence to deliver the item to a private residential address.

The buyer would have to collect the knife in person at a location where their age can be checked.

The new offence "will provide additional safeguards to the current legislation", the consultation document says, flagging up concerns that "too many online sales break the law that knives must not be sold to under 18s".

The proposals relating to online sales of knives and possession and sales of corrosive substances apply to England, Wales and Scotland.

(1st November 2017)

SIXTEEN RAPISTS AMONG HUNDREDS OF LONDON SEX OFFENDERS LET OFF WITH A CAUTION
(London Evening Standard, dated 13th October 2017 author David Churchill)

Full article [Option 1]:

www.standard.co.uk/news/crime/16-rapists-among-hundreds-of-london-sex-offenders-let-off-with-a-caution-a3657781.html

Hundreds of sex offenders, including rapists, are escaping with "a slap on the wrist" by simply being cautioned for their crimes, the Standard has learned.

Figures obtained by the Standard reveal more than 1,100 cautions were given to sex offenders in London, meaning they dodged court and potentially lengthy prison spells. The tally includes 16 cautions for rape, which carries a maximum life imprisonment sentence if convicted in court.

Cautions, described as "warnings", require offenders to accept guilt and are mostly issued to deter first-time offenders or bypass court proceedings for lower-level offences. They are not recorded as convictions but can show on Disclosure and Barring Service checks, formerly CRB checks.

But the Scotland Yard figures show thousands more cautions were handed out for other violent and serious crimes as their use in London surged 25 per cent over the past five years.

Police and the Crown Prosecution Service insisted it was "rare" for offences as serious as rape to result in a caution. They said it could happen when victims cannot face the trauma of testifying in court. A caution ensures the offender is placed on the sex offenders' register and monitored.

However, campaigners called for a "wholesale review" as the Standard's findings revealed 183,043 cautions were issued from 2012 until last year, with 1,115 given for sexual offences, including 16 for rape.

The circumstances of the rape cautions in the figures are unknown. But previous cases in which cautions have been given for rape have involved child offenders, including siblings, and people suffering mental health problems. There have also been cases where crimes logged as rape by police have resulted in a caution for a lesser sex offence.

The figures were released following Freedom of Information requests submitted by the Standard. City Hall pledged to question the Government over the use of cautions.

Dianne Whitfield, of charity Rape Crisis, said issuing cautions for sexual offences was in most cases "wholly inappropriate" as "they don't in any way reflect the seriousness of the crime or the long-lasting and often devastating impacts that sexual violence has".

London's deputy mayor for policing and crime, Sophie Linden, said handing out cautions for serious sexual offences "means justice is not always being done".

She said: "We will be raising this issue with the Government." Scotland Yard said cautions for rape are "not a police decision" but are "authorised" by the CPS, along with other "indictable only" crimes which can only be tried in a crown court.

The CPS said it "carefully considers" the circumstances in each case and has only advised police in London to caution 2,500 offenders in the past five years, which includes minor offences and those dealt with by City of London Police as well as by Scotland Yard.

Mary Mason, of charity Solace Women's Aid, said there was a danger cautioning attackers might make them think they can escape with "a slap on the wrist". She said: "It's always in the public interest to bring a charge."

Richard Scorer, a specialist abuse lawyer from Slater and Gordon, said: "We are very concerned that perpetrators of serious crimes like sex offences are being given little more than a slap on the wrist."

The figures show 28,872 cautions were issued for London in 2012, which soared to 36,115 last year - a 25 per cent increase.

Crimes by numbers

The 183,043 cautions issued by the Met from 2012 - 2016 include :

- 138 for arson
- 1,115 for sexual offences, including 16 for rape
- 1,171 for burglary
- 1,269 for drug trafficking
- 1,646 for fraud or forgery
- 2,461 for "offensive weapon" crimes
- 5,220 for wounding / GBH
- 9,731 for harrassment
- 74,079 for possession of drugs

(1st November 2017)



POLICE WARNING AFTER GANGS TARGET LUXURY CARS IN SPATE OF KEYLESS THEFTS
(London Evening Standard, dated 13th October 2017 authors David Churchill, Barney Davis and Justin Davenport)

Full article [Option 1]:

www.standard.co.uk/news/crime/gone-in-60-seconds-police-warning-after-gangs-target-luxury-cars-in-spate-of-keyless-thefts-a3657951.html

This is the moment thieves use a high-tech gadget to override a £50,000 BMW's keyless security system and steal it in less than a minute.

Detectives are investigating a spate of thefts in London in which criminals have driven cars away from homes without taking the owners' keys.

Experts say gangs are finding new ways to exploit weaknesses in technology that allows cars to be opened without touching a key and started simply by pushing a button.

Thieves use gadgets, available online, which amplify signals between the car and new-generation keyfobs to trick the vehicle into thinking the owner is nearby.

When the car receives the signal, it unlocks, even though the keyfob may be some distance away inside the owner's home. Thefts involving these "relay attacks" are said to be increasing.

Scotland Yard's Organised Vehicle Crime Unit said today it was aware of the tactic and urged motorists to take simple precautions. Victims have shared CCTV footage of the thefts online.

The Standard has established that at least four people in north London have had high-value cars stolen in recent weeks by thieves using relay attacks.

One victim's BMW was stolen from his driveway in Southgate on Tuesday. Within half an hour, the same thieves drove off with his friend's car a couple of streets away.

Another victim, gym owner Graham Sinclair, 44, had his £85,000 BMW X5 stolen from his Enfield drive in the early hours of Friday morning.

He said: "I was actually awake until 4am and never heard a thing and the car was less than 20 metres away from me.

"There were no signs of forced entry and no break-in at the house.

"I reported it to BMW to see if they could immobilise but they couldn't... it's so frustrating to know someone got off with your car with that signal enhancer. These thieves are evolving fast and manufacturers need to match them."

Steve Launchbury, head of research at vehicle security experts Thatcham Research, said more cases of relay attacks were coming to light as technology developed.

Devices to boost the keyfob signals were available on the Dark Web for thousands of pounds and were more likely to be bought by organised criminals who could quickly recoup the cost.

However, Mr Launchbury said Thatcham had been able to build devices at relatively little cost.

Detective Sergeant Pete Ellis said: "This technology used to be confined to more high-end vehicles but it is becoming more widespread and therefore there is a potential for 'relay attacks' to become more common."

He said that anecdotally there were more cases when CCTV had recorded thieves using the technique.

He said a simple countermeasure was to keep keyfobs in so-called Faraday wallets, which jam signals.

Experts say gangs are stealing cars to order and often breaking them up into parts. One issue for criminals stealing cars through relay attacks is that once the vehicles are out of range of the keyfob it is difficult to restart the engines.

So, often cars are driven straight into containers and shipped out of the country. Another expert said anyone with the technical knowledge can assemble the gadgets for less than £100.

BMW said it was constantly working with the police and other authorities to "respond to the latest threats and anticipate new ones".

It added: "We are aware that BMW vehicles, along with those of many other manufacturers, have been targeted by organised criminal operations using highly sophisticated equipment to steal vehicles."

(1st November 2017)

BRITAIN'S BIGGEST CRASH FOR CASH SCAM FOILED AS "VICTIMS" GRAB THEIR NECKS AT EXACTLY THE SAME TIME AFTER SLO-MO SMASH
(Mirror, dated 16th October 2017 author Merrick Williams)

Full article [Option 1]:

www.mirror.co.uk/news/uk-news/cash-crash-scam-bus-insurance-11350046

The biggest " crash for cash " insurance plot in Britain was foiled when conmen grabbed their necks in pain after a slow-motion bus crash.

Seven fraudsters pretended to have neck and hip injuries when a car driven by ringleader Merrick Williams crashed into the bus they were in on May 21, 2014.

The seven fakers were seen on CCTV holding their "injured" necks after the crash - which could have netted them £50,000 in an insurance pay out.

CCTV from the bus shows the car, driven by Williams, pass the bus on two occasions before hitting into the back of it at low speed.

One passenger appeared to be thrown to the floor by the smash but none of the others moved.

But a court heard insurance investigators also became suspicious due to multiple injury claims from the same bus.

Road experts ruled the crash was minimal and would have only caused a minor vibration.

Investigators soon discovered at least two of the claimants who were on the bus were friends with the driver Williams.

The eight were hauled to court in the biggest single case investigated by the Insurance Fraud Enforcement Department.

Cardiff Crown Court was told that innocent passengers were put in danger at the "farcical attempt" to sting insurers.

Prosecutor Suzanne Thomas told the court the men were filmed holding their necks and hips after the crash.

She said: "But when the bus driver of the bus called the police and paramedics not a single passenger stepped up to report an injury at the time.

"One of the fraudsters did go to hospital but he did not stay for long enough to be diagnosed or treated."

Insurance company AIG later received personal injury claims forms from the seven men who were on the bus.

Car driver Williams, 30, of Barry Island, south Wales, was jailed for 12 months and banned from driving for two years after admitting conspiracy to commit fraud.

City of London Police detective constable Aman Taylor, who led the investigation, said afterwards: "The attempted fraud was in a league of its own as this is the largest number of claimants ever tried together in an IFED case.

"By planning the bus crash, the men deliberately put the safety of innocent people, including children, at risk in a bid to make money and take advantage of the personal injury claims system."

AIG fraud manager David Halstead said: "Insurance fraud impacts all customers.

"We are extremely grateful to investigators for their hard work in bringing the perpetrators to justice in this particularly devious case."

Insurance Fraud Bureau Head of Investigations Jason Potter said: "Crash for cash scams like this might seem to some to be a harmless way to beat the system and get an easy pay out.

"But in reality those who commit crimes of this nature now stand a very good chance of getting caught and facing serious consequences.

"These incredibly dangerous and reckless incidents present a real risk of injury and potentially even death."

The other seven were handed suspended sentences and ordered to undertake community service after admitting the same offence.

They were Kassim Mukbill, 31, Nigel Iti, 24, Hamada Shuyeb, 24, Kieran Murphy, 29, Fami Haddad, 25, Aaron Ryan, 25, and Matthew Saunders, 33, all from Cardiff.

(1st November 2017)



KASPERSKY SOFTWARE USED BY RUSSIAN STATE HACKERS TO TRAWL FOR US SECRETS

(The Telegraph, dated 11th October 2017 authors Ben Farmer and Alec Luhn)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/10/11/kaspersky-software-used-russian-state-hackers-trawl-us-secrets/

Popular anti-virus software used by hundreds of thousands of people and businesses in Britain was reportedly hijacked by Russian government hackers to trawl for American secrets.
Cyber spies allegedly used software from the Russian firm Kaspersky Lab which is installed on computers around the world to improvise a search tool and look for the codenames of secret US programs.

Discovery of the operation led the American government to last month order the removal of the software from its computers, the New York Times reported.
The software is used by 400 million people worldwide and is one of the most widely used anti-virus tools in Britain, installed by hundreds of thousands to protect their computers from cyber crime.

The National Cyber Security Centre, the offshoot of GCHQ responsible for securing online life in Britain, said it did not give guidance on whether the software was safe to use.

Computer users must give their anti-virus software widespread access to files so they can be scoured for viruses. But such access potentially makes the software a perfect "backdoor" for hackers, according to computer experts.
Kaspersky Lab has repeatedly denied accusations it is complicit in Russian state cyber operations. Technical experts said hackers may have gained access to its software without the firm knowing.

The firm on Wednesday said it had "never helped, nor will help, for any government in the world with its cyberespionage efforts" and said its software "does not contain any undeclared capabilities such as backdoors as that would be illegal and unethical".

The scale of the intrusion was reportedly discovered more than two years ago when Israeli officials who had hacked into Kaspersky networks themselves saw evidence of Russian activity.

The Israelis warned America's National Security Agency (NSA) that they had witnessed Russian hackers using Kaspersky's access to search for US secret programs and send any findings back to Russian intelligence systems.

The Russian operation stole classified documents from one NSA employee who had stored them on his home computer which was installed with Kaspersky software.

Computer users must give their anti-virus software widespread access to files so they can be scoured for viruses. But such access potentially makes the software a perfect "backdoor" for hackers, according to computer experts.
Kaspersky Lab has repeatedly denied accusations it is complicit in Russian state cyber operations. Technical experts said hackers may have gained access to its software without the firm knowing.

The firm on Wednesday said it had "never helped, nor will help, for any government in the world with its cyberespionage efforts" and said its software "does not contain any undeclared capabilities such as backdoors as that would be illegal and unethical".

The scale of the intrusion was reportedly discovered more than two years ago when Israeli officials who had hacked into Kaspersky networks themselves saw evidence of Russian activity.

The Israelis warned America's National Security Agency (NSA) that they had witnessed Russian hackers using Kaspersky's access to search for US secret programs and send any findings back to Russian intelligence systems.

The Russian operation stole classified documents from one NSA employee who had stored them on his home computer which was installed with Kaspersky software.

The NSA said in September it was ordering the software off its computers because of the "risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products".

Kaspersky Lab estimates it has 400million users worldwide, but would not say how many people or which firms used its software in Britain. UK consumer research from Mintel last year showed it was used by seven per cent of people using anti-virus software.

A statement said: "Kaspersky Lab was not involved in and does not possess any knowledge of the situation in question.
"As the integrity of our products is fundamental to our business, Kaspersky Lab patches any vulnerabilities it identifies or that are reported to the company."

The firm said it wanted to work alongside the US authorities "to address any concerns they may have about its products as well as its systems".

Eugene Kaspersky, founder of the firm, has for years strongly denied accusations his company provides intelligence to the Kremlin and called suspicions of its ties there "total BS".

He was trained at a KGB cryptography institute and later served as an intelligence officer in the Soviet army. Although he left to start his company, Mr Kaspersky has kept up ties with the state. He has said he has friends in the interior ministry and the FSB, the KGB's successor agency, and told WIRED magazine that it was thanks to "very good relations" with the security service and police that he was able to quickly recover his son when he was kidnapped.

Russia is known for its high level of online surveillance: The FSB is able to monitor all telephone and Internet communications through surveillance boxes installed at all telecom providers, a system known as SORM.

(1st November 2017)


MIGRANT SMUGGLING TOPS EU CRIME PRIORITIES
(EU Observer, dated 10th October 2017 author Nikolaj Nielsen)

Full article [Option 1]:

https://euobserver.com/justice/139365

Preventing the arrival of immigrants with no legal rights to the EU is more important, in terms of EU policy priorities among member states, than fighting terrorism and online child pornography.

Erkki Koort, who chairs an internal security group at the European Council, representing member states, told MEPs on Tuesday (10 October) that fighting "the facilitation of illegal migration" involves more EU states than any other crime.

"For the upcoming [EU policy] cycle, the areas with the biggest number of member states participating are first [against] the facilitation of illegal migration," he said.

Human trafficking ranked second, followed by synthetic drugs and then more conventional narcotics like cannabis and cocaine. Koort then listed weapons trafficking and child sexual exploitation as near the bottom of the priorities. Other big ticket issues included value-added tax fraud, which followed child sexual exploitation.

While he noted the importance of fighting terrorism, he said it shouldn't act as a distraction against "extremely important aspects of security, notably organised crime."

The EU Council had in May outlined the same policy priorities when it comes to combatting organised crime but did not rank them in terms of importance.

Koort was discussing the same priorities but in the wider context of the upcoming so-called 'EU policy cycle' that stretches from 2018 until 2021.

Part of that assessment stems from a report by the EU police agency, Europol, which in March declared the existence of more than 5,000 international organised crime groups currently under investigation in the EU.

(1st November 2017)

EQUIFAX : ABOUT THOSE 400,000 UK RECORDS WE LOST - ITS NOW 15.2m
(The Register, dated 10th October 2017 author Iain Thomson)

Full article [Option 1]:

www.theregister.co.uk/2017/10/10/equifax_uk_records_update/

Updated

Last month, US credit score agency Equifax admitted the personal data for just under 400,000 UK accounts was slurped by hackers raiding its database. On Tuesday this week, it upped that number ever-so-slightly to 15.2 million.

In true buck-passing fashion, at the time of writing, Equifax hadn't even released a public statement on the matter. Instead it fell to Blighty's National Cyber Security Centre to reveal the bad news that a blundering American firm had put them at risk of phishing attacks.

"We are aware that Equifax was the victim of a criminal cyber attack in May 2017," the NCSC said in a statement today.

"Equifax have today updated their guidance to confirm that a file containing 15.2m UK records dating from between 2011 and 2016 was attacked in this incident. NCSC advises that passwords are not re-used on any accounts if you have been told by Equifax that any portion of your membership details have been accessed."

Any answers to security questions - such as your mother's maiden name - given to Equifax during an account signup should now be considered compromised, the NCSC warned, and should be changed for other websites, if possible. Names, home and email addresses, telephone numbers, and account recovery question and answers were swiped by the hackers, and will be a boon to phishers obtaining the records, the centre warned.

UK folks should be on the look out for phishing emails asking for their financial information or luring them to fake websites using their Equifax records to make the messages look legit. Recipients will likely get an email quoting their home address and some digits of their phone number to prove its authenticity.

Hackers got into Equifax's servers in May this year by exploiting an flaw in Apache Struts for which it had neglected to apply a patch. It took until July, though, for the biz to find out it had been infiltrated, and it stayed quiet until early September when it admitted 143 million US citizens had their info exposed to miscreants. Some senior executives sold off their stock days before the world learned of the hack, conveniently. A week later, the biz said about 400,000 Brits had also been hit in the IT break-in.

Disaster

You'd have thought that with that amount of time to play with, and the nature of the information involved, Equifax would have given a bravura performance in how to deal with a database security breach. Instead, to describe the company's response as a car crash is unfair to automakers. Its website detailing the hack, equifaxsecurity2017.com, looked so unofficial and rushed together that many initially feared it was a phishing site itself, and the credit agency later had to stress that signing up for free credit monitoring as a result of the attack would not waive your rights to sue.

Next, Equifax's chief security officer and chief information officer left the outfit - not fired but instead allowed to retire with their golden parachutes. Shortly before trying to blaming a single lowly IT staffer on the cockup, CEO Rick Smith also jumped ship, taking his $90m retirement pot with him.

In the meantime, outside investigators were checking up on Equifax's servers. Last week they upped the number of affected US citizens to 145.5 million, and that a probe into the UK side of things was still ongoing. The UK investigation ended on October 2, according to Equifax. Eight days later, the bad news comes out and hundreds of thousands of British peeps are now on high alert.

While it has lost three senior executives in well-compensated disgrace, it looks unlikely Equifax will face any further sanctions. After all, we're not customers of Equifax who can refuse to provide data for its servers - it just collects it all, one way or another, and sell it on to others.

The US government certainly doesn't seem interested in causing Equifax grief. Instead, its Internal Revenue Service awarded the biz a $7.5m no-bid contract last week to provide - you guessed it - identity verification services. With tough action like that, things will obviously get better. ®

Stop press


Just as we were hitting the publish button, Equifax emitted the following clarification, saying the actual number of people in the UK seriously affected is about 700,000 due to duplicated data:



Today Equifax can confirm that a file containing 15.2m UK records dating from between 2011 and 2016 was attacked in this incident. Regrettably this file contained data relating to actual consumers as well as sizeable test datasets, duplicates and spurious fields. Equifax has brought every analytical tool, technique and data asset it has available to bear in order to 'fill in the blanks' and establish actual consumer identities and attribute a current home address to them. This complete, we have been able to place consumers into specific risk categories and define the services to offer them in order to protect against those risks and send letters to offer them Equifax and third-party safeguards with instructions on how to get started. This work has enabled us to confirm that we will need to contact 693,665 consumers by post.

The balance of the 14.5m records potentially compromised may contain the name and date of birth of certain UK consumers. Whilst this does not introduce any significant risk to these people Equifax is sorry that this data may have been accessed.

(1st November 2017)


UK TOUGH NEW POLICE UNIT TO COMBAT ONLINE HATE CRIME WILL BE OPERATIONAL BY END OF 2017
(International Business Times, dated 9th October 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/uks-tough-new-police-unit-combat-online-hate-crime-will-be-operational-by-end-2017-1642441

A new national crime hub designed to help investigate and prosecute online hate crime will be operational by the end of the year, the Home Office has revealed.

The scheme, managed by officers from the National Police Chiefs Council (NPCC), will spearhead Internet-based hate crime cases and ensure they are managed effectively.

The plans were touted by UK home secretary Amber Rudd a week after announcing tough new jail terms for those caught viewing terrorist content online.

According to the government, the new hate crime hub will assess whether reports could be considered criminal acts and will also liaison with online platforms - such as social media companies like Facebook and Twitter - hosting any hateful material on the web.

It will seek to identify the culprits of online hate and feed the intelligence it collects into the wider National Intelligence Model - a police database which gathers case information on a wide range of crimes to "help guide policing strategies."

While the Home Office said that the hub is expected to be up-and-running by the end of 2017, an exact timescale or funding model was not published by the British government.

The primary aim will be to "improve the police response" to hate crime online, it said.

"Online hate crime is completely unacceptable," Rudd said. "What is illegal offline is illegal online, and those who commit these cowardly crimes should be met with the full force of the law.

"The national online hate crime hub that we are funding is an important step to ensure more victims have the confidence to come forward and report the vile abuse to which they are being subjected.

"The hub will also improve our understanding of the scale and nature of this despicable form of abuse. With the police, we will use this new intelligence to adapt our response so that even more victims are safeguarded and perpetrators punished."

The news comes after Alison Saunders, the director of public prosecutions at the UK's Crown Prosecution Service (CPS), pledged to bulk up the response to internet-based attacks. She made the strong-worded comments in an August op-ed for The Guardian newspaper.

"Whether shouted in their face on the street, daubed on a wall or tweeted into their living room, hateful abuse can have a devastating impact on victims," she wrote.

"My message to victims is that the CPS, police and others in the criminal justice system are ready to listen and, where we have the evidence, to hold those committing hate crimes to account."

Worried about a child? You can contact the NSCPCC's trained helpline counsellors for 24/7 help, advice and support: help@nspcc.org.uk Telephone : 0808 800 5000.

(1st November 2017)



TWO AREAS OF GREATER MANCHESTER ARE IN THE UK TOP TEN FOR "CRASH FOR CASH" SCAMS
(Manchester Evening News, dated 9th October 2017 author Rebecca Day)

Full article [Option 1]:

www.manchestereveningnews.co.uk/news/greater-manchester-news/crash-for-cash-scam-manchester-13733704

Greater Manchester has TWO of the top ten 'crash for cash' scam areas in the country.

Cheetham Hill, in north Manchester, is the sixth worst area in the UK for the scam.

And the OL8 postcode of Hollinwood, in the southwest of Oldham, was ranked ninth in the list of hotspots for the insurance claim racket.

The illegal scheme involves fraudsters deliberately staging a car crash or damaging their vehicle, in order to make a false personal injury claim.

The data was revealed by the Insurance Fraud Bureau (IFB), which calculated how many claims have been made nationally.

In 2015, the M.E.N reported how a gang of 16 fraudsters were locked up for their part in an illegal crash for cash plot stretching from Chorlton to Failsworth, Salford and Newcastle.

The gang swindled a total of £225,000.

The majority of the top 30 hotspots are in the north west and Midlands, with Birmingham being the most high-risk area. The number of victims in each area have not been given.

It's a dangerous and costly scam - the total cost of payouts by the car insurance industry is around £336 million a year.

Ben Fletcher, director of the IFB, also warns the scam 'endangers lives'.

He said: "These scams may seem to some to be a harmless way to beat the system and get an easy pay out with minimal risk. The reality is that not only do those people now stand a very good chance of getting caught and facing the consequences, but these scams put other motorist's lives at risk.

"Fraudsters are taking vehicles out on public roads and forcing innocent people into needless collisions.

"Not only does that present a real risk of injury, but sadly we know of at least one fatality that has occurred as a result of these incredibly dangerous and reckless incidents.

"These hotspots may be the worst affected areas for these types of scams, but crash for cash collisions can happen anywhere, so it's imperative that road users are aware of them, exercise appropriate caution and if they believe they've been a victim, report it as soon as they can."

Anyone who thinks they may be the victim of a Crash for Cash scam is urged to contact police on 101 or report it to the IFB's free phone number 0800 422 0421.

Here are the UK's top ten hotspots, according to the Insurance Fraud Bureau


1. Birmingham B8

2. Birmingham B6

3. Birmingham B10 and Bradford BD9

5. Bradford BD8

6. Cheetham Hill, Manchester M8

7. Bradford BD3

8. Birmingham B25

9. Hollinwood, Oldham OL8

10. Birmingham B11

-----------------------

Insurance Fraud Bureau website : www.insurancefraudbureau.org/

(1st November 2017)

FENDING OFF CYBER ATTACKS AS IMPORTANT AS COMBATTING TERRORISM, SAYS NEW GCHQ CHIEF
(The Register, dated 9th October 2017 author John Leyden)

Full article [Option 1]: www.theregister.co.uk/2017/10/09/gchq_cyber_priority/

Keeping the UK safe from cyber attacks is now as important as fighting terrorism, the new GCHQ boss has said.

Jeremy Fleming, director of the signals intelligence service, said increased funding for GCHQ was being spent on making it a "cyber-organisation" as much as an intelligence and counter-terrorism unit.

Fleming, who joined GCHQ from the security service (MI5) earlier this year, told The Telegraph: "If GCHQ is to continue to help keep the country safe as we prepare for our second century, then protecting the digital homeland - keeping our citizens safe and free online - must become and remain as much part of our mission as our global intelligence reach and our round-the-clock efforts against terrorism."

The UK's National Cyber Security Centre said last week that there had been 590 "significant" cyber attacks needing a national response in the last year, as previously reported. This included the WannaCry ransomware outbreak that disrupted the operations of several NHS trusts back in May and attacks on parliamentary email systems in June, among others.

Fleming's take on the importance of cybersecurity are the most extensive public comments he has made since leaving MI5 to head up GCHQ, but they shouldn't be confused as a significant shift in priorities or policies by the UK government. For example, the government reaffirmed cyber as a tier-one threat in its 2015 National Security Strategy (PDF, page 13) and has committed to spending £1.9bn between 2016 and 2021 on updating this. Cyber has been treated as a tier-one threat since the 2010 defence review.

(1st November 2017)


SCAM BAITER - WHY I RISK DEATH THREATS TO EXPOSE ONLINE CONS
(BBC News, dated 7th October 2017 author Zoe Kleinman)

Full article : www.bbc.co.uk/news/technology-41518352

In the flesh, Wayne May (not his real name) is an affable gentleman in his late 40s, softly spoken with a lilting Welsh accent.

When we meet he's casually dressed in jeans and a Batman T-shirt. He works full-time as a carer.
On the net, he's a tireless defender of scam victims and a fearless scam baiter - a person who deliberately contacts scammers, engages with them and then publishes as much information about them as possible in order to warn others.

He regularly receives death threats, and his website, Scam Survivors, is often subjected to attempted DDoS attacks - where a site is maliciously hit with lots of web traffic to try to knock it offline.
But Mr May is determined to continue helping scamming victims in his spare time, and has a team of volunteers in the US, Canada and Europe doing the same.

Scam Survivors is not an official platform - in the UK victims are encouraged to contact Action Fraud - but the team has dealt with 20,000 cases in the past 12 years, he claims.

According to the Office for National Statistics there were 1.9 million reports of "cyber-related" fraud in the year ending March 2017 in England and Wales. But the report also says that many incidents go unreported.

The Australian Competition and Consumer Commission website says nearly AUS$13m (£8m, $10m) has been lost this year to romance fraud alone.

Scamming may be an old trick but it's still an effective one.

Mr May, who does not charge but invites donations on his website, says his website gets up to 10,000 hits a day and the group also receives up to two dozen messages a day from people who are victims of sextortion - when a person is blackmailed after being persuaded to carry out a sex act on webcam, which is then recorded.
"A lot of people, when they come to us are already so far deep into it, they have nowhere to turn," he says.

"They're not stupid, they're just unaware of the scam."

"It's not obvious [that it's a scam] if they've never experienced it before."

He discovered he was "rather good" at baiting romance scammers and found relatives of victims were approaching him to help loved-ones.

"I started dealing more with the victims of the scams rather than the scammers themselves, so my priorities changed then from just having fun to actually helping people."

Many scams are not a particularly sophisticated form of fraud.

"There are constantly new scams coming out, and we need to be aware of those," says Mr May.
"But a lot of the scams aren't high-tech, they simply write messages to people and that's it.
"You might think, 'I'm not going to fall for this scam' but then you'll fall for another one. The scammers will find a chink in your armour."

The first thing Mr May has to explain to those who get in touch is that Scam Survivors cannot recover any money the victim has been persuaded to hand it over.

In his experience, the average victim will end up around £1,000 out of pocket, but some will go a lot further - one man who recently made contact with the support group had given more than £500,000 to a male Russian scammer he thought he was in a relationship with.

"We say upfront, we can't get your money back. We can't offer you emotional support. We're not psychiatrists. We're just people who know how scams work and how to deal with them," he says.

To prevent being a victim, his advice is simple: "Google everything."
Search the images you are sent, the messages you receive - often scammers use the same material and the more widely shared it is, the more likely it is to end up on a website dedicated to exposing scams.

If you fear blackmail, Mr May suggests setting up an alert so that you are notified if your name is mentioned online. If, in the case of sextortion, a video is published on the net, you will then know straight away and can report it, as you are likely to be tagged in it.

"Be aware and learn how to search everything," he says.
"If someone sends you a picture or text, search it, try to find out as much as you can. If you're unsure don't send them money."

Action Fraud, the UK's national fraud and cyber-crime reporting service, said all scams reported to it are passed on to the National Fraud Intelligence Bureau, which is part of City of London Police.
However, a spokeswoman told the BBC that only around 30% of all fraud cases had "viable lines of inquiry".
"We know that at these levels it is difficult for law enforcement agencies to investigate all these crimes," said a spokeswoman.
"We have to maximise our resources where there is the best chance of a successful investigative outcome."

Professor Alan Woodward, cyber-security expert from Surrey University, said it was still important to keep reporting scams to the national body even if individual justice was not always possible.
"For those contacting Action Fraud UK to report a crime it may appear that little happens, but your information is vital in constructing an accurate picture of where, when and how online scams are occurring," he said.
"It may be that the police are unable to solve your individual crime but by studying the big picture they are able to zero in on the scammers.
"Your report could be vital in completing the overall picture and enable law enforcement to prevent others suffering as you have."

No sympathy

Some people argue that the scammers themselves are also in desperate situations - many of them operate in some of the poorest parts of the world, such as West Africa and the Philippines.
Wayne May has no sympathy.
"These people aren't Robin Hood types," he says.
"If you go online and scam people you have the money to go online, if you can't afford food you can't spend hours in an internet cafe."
He is, however, haunted by one occasion when a woman from the Philippines he was scam-baiting offered to perform on webcam for him. When he declined she then asked if she should involve her sister.
"She called this girl over and she couldn't have been more than nine or 10," he recalls.
"That horrified me. I said, 'Don't do this, not for me, not for anybody. You shouldn't do this'. I couldn't talk to her again after that. I had to completely walk away."
He says he has no idea what happened to her.
"I can't let it affect me too much, otherwise I wouldn't be able to do what I do," he said.
"I've been doing it for almost 12 years now, and if I let every case affect me I'd be a gibbering wreck in the corner."

Common Scams


Romance - when a scammer builds an intense online relationship with someone, then asks for money
Sextortion - when a victim is persuaded to carry out a sex act on webcam which is then videoed and the scammer demands a ransom in return for not publishing the content on the net
Pets - a pet is advertised for sale, and then fees are demanded in order to get the pet to its new owner. The pet does not exist.
Hitman - Someone claims to be a hitman and says that they have been paid to kill you. They then say that if you are prepared to pay more, they will not carry out the threat.
419 - named after section 419 of the Nigerian criminal code - claiming money from another person under false pretence: such as needing assistance to release a large sum of fictional inheritance.

Advice for victims

- Drop all contact with the scammer.
- Don't try to track them down - remember, the scammer has your real details and possibly compromising information about you. It's not worth the risk to continue talking to them, and especially not worth confronting them.
- If you sent cash, there's no realistic way to get it back - beware the "recovery scam" where the scammer then claims to be an agency able to get the money back, for a fee.
- Contact the police.
- Share as many details about the scam as you can to warn others.

(1st November 2017)



RUSSIAN HACKERS STOLE NSA DATA BY USING KASPERSKY SOFTWARE
(Consumerist, dated 6th October 2017 author Kate Cox)

Full article [Option 1]:

https://consumerist.com/2017/10/06/report-russian-hackers-stole-nsa-data-by-using-kaspersky-software/

For months, government agencies have been warning that popular antivirus software could be giving Russian intelligence agencies a back door into American computers and secrets. Now a new report says not only that it could happen, but that it already has, at least once.

The Wall Street Journal reports that hackers working for the Russian government were able to access "highly classified" National Security Agency documents after a worker for the agency opened them on a computer using Kaspersky products.

The theft actually happened in 2015 but wasn't discovered until 2016, sources told the WSJ. The contractor opened work files - which included detailed data about how the NSA accesses and penetrates foreign computer networks - on his home PC, at which point the hackers were able to access them.

Kaspersky products have never been authorized inside of the NSA, the Journal notes. Employees and contractors were "advised" not to use them at home, but were not prohibited from doing so at the time of the 2015 incident. However, many other security-related agencies, including including the Army, Navy and Air Force and the departments of Defense, State, Homeland Security, Energy, Veterans Affairs, Justice, and Treasury all used Kaspersky software at some point, the WSJ adds.
Reputable goods

Until earlier this year, Kaspersky Lab for the most part largely enjoyed a very positive reputation in the United States.

The company, named for founder Eugene Kaspersky, began operations in Russia in 1997 and expanded its offerings to the U.S. in the years immediately after.

Its antivirus and security products have been consistently well-regarded since the early 2000s. Just last month, for example, PC Mag gave Kaspersky one of its "editors' choice" stamps in its annual antivirus rankings roundup.

The company offers a full security suite of products for home, small business, and enterprise users, and also now offers mobile products as well. At this point, Kaspersky Lab is one of the largest cybersecurity and antivirus companies in the world, boasting about 400 million users.

And that was all well and good, for a while… and then 2017 happened.
Russia whatnow?

Bloomberg actually reported on Kaspersky's ties to Russian intelligence back in 2015. While those reports gained some attention among national security officials, they went by and large unremarked in the wider world.

Security expert Brian Krebs told NPR in 2015 that he personally used Kaspersky products, and thought the concerns about them were largely overblown.

"If Kaspersky Labs wanted to do something bad, there's absolutely no question that they could," he told NPR - perhaps prophetically - at the time.

But, he added, "if Kaspersky was somehow found to be acting at the behest of the Russian government to spy on its customers, I think they'd pretty much be out of business overnight."

Here in 2017, however, concerns about Russian interference in American politics, intelligence, and affairs have been spiraling up in D.C. for months - and that includes Kaspersky.

This breach, the WSJ notes, is the first known instance of Russian entities actually using Kaspersky software to conduct espionage against the U.S. government. The suspicion that they could do so, however, has been slowly brewing for years and accelerating rapidly this year.

The company's reputational downfall in the U.S. has been swift:

- May: The heads of several intelligence agencies tell the Senate Intelligence Committee that they have concerns about Kaspersky software.

- July: Bloomberg again reports that Kaspersky not only has loose ties to Russian intelligence, but in fact has been working with the FSB (Russia's main intelligence agency).

On the same day, the federal government removes Kaspersky Lab from the list of approved vendors that U.S. agencies are allowed to do business with.

- August: The FBI reportedly approaches companies in the private sector and asks them to phase out any use of Kaspersky products.

- September: Best Buy stops selling any Kaspersky products either in stores or online.

A few days later, the Department of Homeland Security formally orders any federal agencies using Kaspersky software to stop, providing 30-, 60-, and 90-day windows for identifying what products are in use and figuring out how to replace them.

A spokesperson for the NSA declined to comment on the security breach to the WSJ, saying, "Whether the information is credible or not, NSA's policy is never to comment on affiliate or personnel matters."

(1st November 2017)

FAKE MODELS SCOUTS TRICKING UK GIRLS INTO SHARING EXPLICIT PHOTOS
(The Guardian, dated 6th October 2017 author Sarah Marsh)

Full article [Option 1]:

www.theguardian.com/society/2017/oct/06/fake-model-scouts-tricking-uk-girls-into-sharing-explicit-photos

A growing number of teenage girls are being approached online by fake model recruiters who lure them into sending indecent images of themselves, which are later used to extort money.

Facebook and Instagram accounts are being set up in the names of leading model agencies such as Storm Model Management, which discovered Kate Moss and represents Cindy Crawford.
Girls receive messages from someone who claims to be recruiting for the agency; they are encouraged to send topless photos or conduct a Skype interview in which they are asked to remove their clothes or wear lingerie.

Sarah Doukas, the managing director of Storm, said that in the past two years the number of calls the agency had received about scam agents had risen from one a week to almost daily messages.
"The rise of social media has impacted greatly on why modelling agency scams are increasing," Doukas said. "Firstly, a lot of young people's Instagram accounts are not private, and consequently they are easy to approach. Secondly, fraudsters are becoming more sophisticated because of social media generally.

"We are getting more scammers posing as 'friends' of the model agency and offering an introduction to us, and this is not legitimate. There was one example recently, which went on for several months, where a vulnerable girl was invited to a shoot and she ended up taking her clothes off. She had been approached by a fraudster claiming to know me."

In the UK last year there were 327 reported cases of scam model recruiters. DI Chris Felton, crime manager at the National Fraud Intelligence Bureau, said a "significant" number involved scammers operating on social media.

"Social media means [scammers] can now reach a larger audience than previously, and if you are after a younger demographic then it's an easy way to reach them," he said. "[The number of cases of scam model recruiters] may have gone up slightly, but if you look back, social media will have played a bigger role because it's how people communicate now."

In other instances, girls are asked to pay extortionate amounts of money to get portfolios or "comp cards" (essentially a business card). A legitimate agency would offer these for free.

Doukas said: "Young people and their parents or guardians must be vigilant and defensive - do not trust anyone until you have established they are legitimate, and do your research."

Alex Haddad, the director of BMA Models, said his agency was receiving 10 phone calls and 20 emails a week about scam agents - nearly twice as many as last year.

"[Scammers] use names from our agency, a booker or agent. They have used different people in the past - our website has a history of who works here on it. They then contact people from Snapchat, Instagram and Facebook and pretend to be a headhunter or recruiter," he said. "They will say they are scouting for models and ask for pictures, sometimes they ask for naked shots ... We are getting phone calls from concerned parents saying, 'Is this a scam? What is happening?'

"Some of them do Skype calls which are so-called interviews, and they ask things like, 'Would you shave your head or go topless?' It's always young girls who get targeted."

Jessica Barker, co-founder of the cyber security consultancy Redacted Firm, said she had heard cases of girls being lured into sending sexually explicit images and told the photos would be posted online unless the scammers were paid.
"Teenage girls using Instagram and sharing pictures get approached by someone who has a profile looking like a modelling scout or talent scout for TV and film, often in the US," she said.

"They say the girls look great and have the right look for film or whatever modelling campaign they are supposedly doing. Then they ask, 'Can we see some more pictures?' They flatter the girls a lot and give them hope in terms of what they are looking for. They encourage the girls to then share explicit pictures, and when they do they try to extort them of money."

Barker added: "Awareness is key. This form of attack is very unknown and people are not talking about it much in media. If you're in this situation, approached by someone asking you for explicit images, don't send them. A reputable model agency, for example, would never ask for someone to send naked images of themselves. If you have sent the images and are worried about being scammed, or you have received threats, tell a trusted adult."

(1st November 2017)


UK CYBERCOPS REACTED TO 590 "SIGNIFICANT ATTACKS" OVER PAST YEAR
(The Register, dated 5th October 2017 author Kat Hall)

Full article [Option 1]:

www.theregister.co.uk/2017/10/05/ncsc_responded_to_590_significant_attacks_last_year/

The National Cyber Security Centre responded to 590 "significant attacks" over the last year including WannaCry, MPs' email addresses being targeted due to weak passwords and various threats to other large organisations.

The body was created in October last year, bringing together previously separate parts of government, MI5 and GCHQ. Its aim is to support and advise the public and private sectors on how to avoid computer security threats.

Over that time the body said it has also managed to reduce the time phishing sites are hosted for in the UK from 27 hours to less than an hour.

Other measures introduced include getting government departments to adopt the Domain-based Message Authentication Reporting and Conformance protocol (DMARC) to combat fake emails by validating whether the communications come from the said organisation.

Something we hope Home Sec Amber Rudd has set up.

DMARC has already prevented a huge number of potential attacks - for example, blocking at 120,000 emails from a spoof @gov.uk address.

Other measures include setting up a filtering service to stop government systems verging onto malicious websites by using data gathered from commercial partners and GCHQ.

Undoubtedly WannaCry was the biggest threat the unit responded to over the last 12 months. The outbreak led to "the first ministerial COBRA meeting following a cyber attack," said the report.

WannaCry affected more than 100 countries, including Spanish telecoms and German rail networks. In total, 47 NHS trusts were affected in the UK. More than 230,000 computers were hit globally.

Ciaran Martin, CEO of the NCSC, said: "The UK faces threats from across the globe on a daily basis and while we have brought together unprecedented expertise to defend the UK, it's not a question of 'if' cyber attacks will happen, it's a matter of when.

"The NCSC's first duty is to manage and mitigate against attacks. Our anniversary report shows the progress we have made working with government, industry and individuals to create a truly lasting national asset.

Public sector bods including police, the NHS and local authorities have named the growing threat of ransomware one of their biggest areas of concern next year.

(1st November 2017)



TOP TRAUMA SURGEON REVEALS SHOCKING EXTENT OF LONDON'S GUN CRIME
(London Evening Standard, dated 5th October 2017 author Hatty Collier)

Full article [Option 1]:

www.standard.co.uk/news/crime/leading-trauma-surgeon-reveals-shocking-extent-of-london-s-gun-crime-a3651761.html

A leading trauma surgeon has told how the number of patients treated for gunshot injuries at a major London hospital has doubled in the last five years.

Martin Griffiths, a consultant vascular and trauma surgeon, said medics at the Royal London Hospital in Whitechapel where he works were expecting to treat 50 to 60 victims of gun crime this year alone.

He said the hospital's major trauma centre had seen a bigger rise in gunshot injuries compared to knife wounds and that the average age of victims was getting younger.

Dr Griffiths, who works with at-risk teenagers to prevent them from becoming involved in gangs and violent crime, made the remarks at a meeting held by the London Assembly Police and Crime Committee on Thursday.

Last year, gun crime offences in London increased for a third year running and by 42 per cent, from 1,793 offences in 2015/16 to 2,544 offences in 2016/17. Police have seized 635 guns off the streets so far this year.

Dr Griffiths, who also teaches medical students, said: "Our numbers of victims of gun injury have doubled [since 2012]. Gunshot injuries represent about 2.5 per cent of our penetrating trauma.

"Year on year, we have seen a 20 to 30 per cent rise in the past two or three years. We will admit 50 to 60 patients this year with gunshot injuries.

"We'll also seen a dozen or so under the care of our pre-hospital team who will die at the scene of injury."

Dr Griffiths said the average age of gun crime victims needing treatment at the hospital had decreased from 25 to the mid to late teens since 2012.

He added that medics at the Barts Health hospital's major trauma centre in Whitechapel had seen a bigger rise in patients with gun injuries rather than knife wounds and that most were caused by pistols or shotguns.

Met Police commander Jim Stokley, who was also invited to speak at the meeting, said that handguns and shotguns were the weapons of choice and that 46 per cent of London's gun crime discharges were gang-related.

He said: "We believe that a lot of it is associated with the drugs trade, and by that I mean people dealing drugs at street level and disagreements between different gangs."

Detective Chief Superintendent Kevin Southworth, head of the Met's Trident and Area Crime Command, said: "Seventy per cent of crimes we recover a cache of class A drugs with the weapon."

Dr Griffiths said he believed that introducing at-risk young people to a victim of gun crime who has been left disabled could be a useful prevention technique.

"When you talk to people about knife and gun injury, they think they're going to either be alive and fine or dead but they are very concerned about cosmetic injuries about colostomy bags about smelling bad, about being disfigured and about being disabled and those are much more horrific than being alive or dead. I think that's where the real leverage comes from when we're talking about gun injury," he said.

"I think meeting a gun victim who has been disabled is much more of a powerful stimulus for change."

He added that most victims of violence often want to retaliate and that investing in supporting families and building communities could help to prevent that.

"We need to fund initiatives properly and deliver into the community; that way we will have success. We need long-term planning and delivery. It's about planning from birth through to death and helping to support and build communities.

"It's not about sticking plasters, it's not about sewing up patients, it's about preventing injuries, understanding communities, supporting communities, and investing in youth."

(1st November 2017)

PUBLIC TRANSPORT INITIATIVE TO PROTECT CHILDREN AT RISK (Extract)
(Railway Magazine, dated 4th October 2017 author N Devereux)
www.railwaymagazine.co.uk [Option 1]

The initiative was launched in 2015 by Railway Children - a charity that supports children who run away from home or are forced to leave because of poverty, violence or neglect - in close partnership with British Transport Police (BTP) and the rail industry to make the UK railway network a safer place for vulnerable children.

According to Railway Children, a child runs away from home every five minutes in the UK, and it is estimated 16,500 children are at risk of sexual exploitation every year.

Latest figures from BTP show its officers handled nearly 5,000 child safeguarding incidents in 2016, of which 1,620 (or 33%) were children who had run away or gone missing.

The individual railway stations to record the highest number of runaway or missing incidents last year were Manchester Piccadilly, Glasgow Central, Leeds, Birmingham New Street, and London Victoria.

A report published in 2014 by Parliament's Transport Select Committee also added momentum to the initiative, after recommending BTP should be brought in line with other police forces, which set targets to assess how well they support vulnerable children.

Since then, Railway Children has been working with BTP, operating companies and other charities to ensure incidents are reported and the right support is made available at the right time for 16 and 17 year olds.

Public Transport a hot spot for vulnerable children

A part of the programme (Safeguarding on Transport - ST), railway station staff have been given training on how to spot vulnerable children following warnings public transport is a hotspot for young people who have run away from home and are at risk of exploitation.

On September 14th, 2007, 14 year old Andrew Goosden walked out of the family home in Doncaster, boarded a train to London with a one way ticket, and then simply vanished. A short sequenceof CCTV stills captured that morning at Kings Cross station represents the last positive sightings of the schoolboy. Ten years later, Andrew is the face of the Missing People charity's FIND EVERY CHILD campaign.

Gaynor Little, Railway Children's Head of UK Programme - Safeguarding on Transport, said :" Often the perception can be that a young person seen loitering, for example is a source of trouble when in reality they could be overwhelmingly vulnerable and in need of help. The training we have developed with BTP will help railway station staff, including retail workers, identify children who before might have gone unnoticed.
"About 100,000 under 16s run away each year, with many becoming vulnerable to grooming and sexual exploitation, and areas surrounding major stations are a particular concern," added Gaynor.
"Our long term aim is to create a national safety network throughout the UK transport system, with improved staff awareness and confidence in how to respond when suspecting a young person is at risk."

New safeguarding project for Manchester transport hub

In June this year, Railway Children also launched its first project in Manchester as part of the ST programme. Since the launch, a significant number of children have already been referred to the new project by BTP's safeguarding unit after being identified as being at risk, and to prevent the slipping through the net in terms of professional support to ensure their safety and emotional well-being.

In these first few months, Railway Children's Manchester project has dealt with missing children and runaways, with complex issues including mental health problems, self harm, sexual exploitation, violence and conflict. All these young people and their families have then received follow-up support, either with a visit, by phone or letter. The project workers also liaise with local care homes, social workers and childrens services departments to help ensure appropriate support is put in place and to try and prevent repeat referrals. Nationally, there are plans to expand the Manchester project, with five more schemes planned over the next five years. These will be at locations identified by BTP and Railway Children as having most safeguarding incidents.

A real impact on the lives of young people

One young person who was found intoxicated at a North West station, has agreed to one-to-one work after feeling very depressed and suicidal. She had wante to step in front of a train and felt there was no-one helping with her mental health needs. Project workers have met with her and her family and further support has been provided.

Similar support is also being offered to a family after a young man witnessed his father assaulting a member of staff on a train while he was heavily intoxicated. Project workers are liaising with childrens service's to make sure this family have support for any issues at home with alcohol and domestic violence. They are also ensuring thee young person has a safe adult to talk to and get advice from.

Gaynor said: " Our project workers take referrals directly from BTP and provide ongoing support to children and families in whatever way best suits the individual case.

"During the first three months of this project we have been able to make some vey positive interventions. By sharing information and pooling our expertise, we can make aa real impact on the lives of young people who might otherwise be overlooked.

"The success of the programme also depends on the continued support from key partners such as the Railway Magazine and BTP. Railway Children is also delighted to be able to play a part in celebrating The Railway Magazine 120th anniversary and greatly appreciates the support from the publication and its readers in helping to improve the protection of vulnerable children in the UK."

Keeping children safe is everyone's responsibility

According to Railway Children's ST Programme partner British Transport Police, making the rail network a safer place for children is not just the responsibility for professionals from the voluntary and public sector.

Superintendent Richard Mann says: " We all have a responsibility to protect vulnerable children in our community. We are asking passengers and rail staff to be aware of young people who might need help.
"They may be travelling on their own, appear upset or with someone older than them who does not appear to be a relative. Even if the report turns out to be nothing, thats ok. We would rather look into all reports than not be told because someone is worried that they have been mistaken."

He added: " And if you are a young person who thinks you, or someone you know, might need help - or you'd just like to ask us a question, we're here for you. Whatever you need to tell us, you won't be judged or blamed, and we have specially trained people at railway stations who can help".

(1st November 2017)



AMERICA'S GUN CULTURE IN 10 CHARTS

(BBC News, dated 4th October 2017)

Full article : www.bbc.co.uk/news/world-us-canada-41488081

uaware note : figures displayed in original article graphs

The worst mass shooting in the United States in modern times has once again raised questions about gun ownership and whether there should be tougher controls.

How does the US compare with other countries?

About 40% of Americans say they own a gun or live in a household with one, according to a 2017 survey, and the rate of murder or manslaughter by firearm is the highest in the developed world. There were more than 11,000 deaths as a result of murder or manslaughter involving a firearm in 2016.

An international comparison of gun-related killings as a % of all homocides

US (2016) : 64%
England and Wales (2015/16) : 4.5%
Canada (2015) : 30.5%
Australia (2013/14) : 13%

Homicides are taken here to include murder and manslaughter. The FBI separates statistics for what it calls justifiable homicide, which includes the killing of a criminal by a peace officer or private citizen in certain circumstances, which are not included.
Who owns the world's guns?

While it is difficult to know exactly how many guns civilians own around the world, by every estimate the US with around 270 million is far out in front.

Top 10 civilian gun-owning countries

(Firearms per 100 residents) - Source : Small Arms Survey (2011)

United States : 99
Yemen : 55
Switzerland : 45
Finland : 44
Cyprus : 36
Saudi Arabia : 35
Iraq : 34
Uruguay : 32
Canada : 31
Austria : 30

Switzerland and Finland are the European countries with the most guns per person - they both have compulsory military service for all men over the age of 18. Cyprus, Austria and Yemen also have military service.

How do US gun deaths break down?

There have been more than 90 mass shootings in the US since 1982, according to investigative magazine Mother Jones.

Up until 2012, a mass shooting was defined as when an attacker had killed four or more victims in an indiscriminate rampage - and since 2013 the figures include attacks with three or more victims. The shootings do not include killings related to other crimes such as armed robbery or gang violence.

The overall number of people killed in mass shootings each year represents only a tiny percentage of the total number.

Mass shootings account for a tiny proportion of all gun deaths

Off the total 33,594 who died in 2014 there were :

- 21,386 Suicides
- 11,008 Homocides (of which 14 died in mass shootings)
- 1,200 Other ( includes accidental deaths and war casualties)

There were nearly twice as many suicides involving firearms in 2015 as there were murders involving guns, and the rate has been increasing in recent years. Suicide by firearm accounts for almost half of all suicides in the US, according to the Centers for Disease Control and Prevention.

A 2016 study published in the American Journal of Public Health found there was a strong relationship between higher levels of gun ownership in a state and higher firearm suicide rates for both men and women.

How old are the killers?

The average age of attackers in 91 recorded US mass shootings is 34.

Paddock is one of three killers aged over 60. The others are: William D Baker, 66, who killed five people in Illinois in 2001; and Kurt Myers, 64, who killed five people in New York state in 2013.

The youngest killer is Andrew Douglas Golden, 11, who ambushed students and teachers as they left Westside Middle School in Arkansas, 1998. He was jointly responsible with Mitchell Scott Johnson, 13, for five deaths and 10 injured.

Attacks in US become deadlier - mass shootings since 1991

The Las Vegas attack was the worst in recent US history - and the three shootings with the highest number of casualties have all happened within the past 10 years.

Las Vegas, Nevada (2017): 58
Orlando, Florida (2016) : 49
Virginia Tech, Virginia (2007) : 32
Sandy Hook, Connecticut (2012) : 27
Killeen, Texas (1991) : 23
San Bernardino, California (2015) : 14
Fort Hood, Texas (2009) : 13
Columbine, Colorado (1999) : 13

(1st November 2017)

HP ENTERPRISE LET RUSSIA SCRUTINIZE CYBERDEFENSE SYSTEM USED BY PENTAGON
(Reuters, dated 2nd October 2017 authors Joel Schectman, Dustin Volz, Jack Stubbs)

Full article [Option 1]:

www.reuters.com/article/us-usa-cyber-russia-hpe-specialreport/special-report-hp-enterprise-let-russia-scrutinize-cyberdefense-system-used-by-pentagon-idUSKCN1C716M

Hewlett Packard Enterprise allowed a Russian defense agency to review the inner workings of cyber defense software used by the Pentagon to guard its computer networks, according to Russian regulatory records and interviews with people with direct knowledge of the issue.

The HPE system, called ArcSight, serves as a cybersecurity nerve center for much of the U.S. military, alerting analysts when it detects that computer systems may have come under attack. ArcSight is also widely used in the private sector.

The Russian review of ArcSight's source code, the closely guarded internal instructions of the software, was part of HPE's effort to win the certification required to sell the product to Russia's public sector, according to the regulatory records seen by Reuters and confirmed by a company spokeswoman.

Six former U.S. intelligence officials, as well as former ArcSight employees and independent security experts, said the source code review could help Moscow discover weaknesses in the software, potentially helping attackers to blind the U.S. military to a cyber attack.

"It's a huge security vulnerability," said Greg Martin, a former security architect for ArcSight. "You are definitely giving inner access and potential exploits to an adversary."

Despite the potential risks to the Pentagon, no one Reuters spoke with was aware of any hacks or cyber espionage that were made possible by the review process.

The ArcSight review took place last year, at a time when Washington was accusing Moscow of an increasing number of cyber attacks against American companies, U.S. politicians and government agencies, including the Pentagon. Russia has repeatedly denied the allegations.

The case highlights a growing tension for U.S. technology companies that must weigh their role as protectors of U.S. cybersecurity while continuing to pursue business with Washington's adversaries such as Russia and China, say security experts.

'BACKDOOR VULNERABILITIES'

The review was conducted by Echelon, a company with close ties to the Russian military, on behalf of Russia's Federal Service for Technical and Export Control (FSTEC), a defense agency tasked with countering cyber espionage.

Echelon president and majority owner Alexey Markov said in an email to Reuters that he is required to report any vulnerabilities his team discovers to the Russian government.

But he said he does so only after alerting the software developer of the problem and getting its permission to disclose the vulnerability. Echelon did not provide details about HPE's source code review, citing a non-disclosure agreement with the company.

FSTEC confirmed Markov's account, saying in a statement that Russian testing laboratories immediately inform foreign developers if they discover vulnerabilities, before submitting a report to a government "database of information security threats."

One reason Russia requests the reviews before allowing sales to government agencies and state-run companies is to ensure that U.S. intelligence services have not placed spy tools in the software.

HPE said no "backdoor vulnerabilities" were discovered in the Russian review. It declined to provide further details.

HPE said it allows Russian government-accredited testing companies to review source code in order to win the Russian defense certifications it needs to sell products to Russia's public sector.

An HPE spokeswoman said source code reviews are conducted by the Russian testing company at an HPE research and development center outside of Russia, where the software maker closely supervises the process. No code is allowed to leave the premises, and HPE has allowed such reviews in Russia for years, she said.

Those measures ensure "our source code and products are in no way compromised," she said.

Some security experts say that studying the source code of a product would make it far easier for a reviewer to spot vulnerabilities in the code, even if they did not leave the site with a copy of the code.

In a 2014 research paper, Echelon directors said the company discovered vulnerabilities in 50 percent of the foreign and Russian software it reviewed.

Still, security analysts said the source code review alone, even if it yielded information about vulnerabilities, would not give hackers easy entry into the military systems. To infiltrate military networks, hackers would need to first overcome a number of other security measures, such as firewalls, said Alan Paller, founder of the SANS Institute, which trains cybersecurity analysts

Paller also said HPE's decision to allow the review was not surprising. If tech companies like HPE want to do business in Russia, "they don't really have any choice," he said.

HPE declined to disclose the size of its business in Russia, but Russian government tender records show ArcSight is now used by a number of state firms and companies close to the Kremlin, including VTB Bank and the Rossiya Segodnya media group.

Whether the customer is Russia or the United States, overlooked errors in software code can allow foreign governments and hackers to penetrate a user's computer.

Exploiting vulnerabilities found in ArcSight's source code could render it incapable of detecting that the military's network was under attack, said Allen Pomeroy, a former ArcSight employee who helped customers build their cyber defense systems.

"A response to the attack would then be frankly impossible," Pomeroy said.

The HPE spokeswoman said Reuters' questions about the potential vulnerabilities were "hypothetical and speculative in nature."

HPE declined to say whether it told the Pentagon of the Russian review, but said the company "always ensures our clients are kept informed of any developments that may affect them."

A spokeswoman for the Pentagon's Defense Information Systems Agency, which maintains the military's networks, said HPE did not disclose the review to the U.S. agency. Military contracts do not specifically require vendors to divulge whether foreign nations have reviewed source code, the spokeswoman said.

The U.S. military agency itself did not require a source code review before purchasing ArcSight and generally does not place such requirements on tech companies for off-the-shelf software like ArcSight, the Pentagon spokeswoman said. Instead, DISA evaluates the security standards used by the vendors, she said.

'EVERYONE IS HAPPY'


Echelon operates as an official laboratory and software tester of FSTEC and Russia's FSB spy agency, according to Russian government registries of testing laboratories and software certifications reviewed by Reuters. U.S. intelligence has accused the FSB of helping mount cyber attacks against the United States and interfering in the 2016 presidential election.

Markov, Echelon's president, defended the reviews, saying that "if a vulnerability is found, everyone is happy" because the detected flaw means laboratory experts are "able to demonstrate their qualifications" and "the developer is happy that a mistake was detected, since by fixing it the product will become better."

Russia in recent years has stepped up demands for source code reviews as a requirement for doing business in the country, Reuters reported in June.

A number of international companies, including Cisco Systems Inc, the world's largest networking gear maker, and German software giant SAP, have agreed to the reviews, though others, including cybersecurity firm Symantec, have refused because of security concerns.

CYBERDEFENSE BULWARK

U.S. government procurement records show ArcSight is used as a key cyberdefense bulwark across much of the U.S. military including the Army, Air Force and Navy. For example, ArcSight is used to guard the Pentagon's Secret Internet Protocol Router Network (SIPRNet), which is used to exchange classified information, according to military procurement records.

The Pentagon spokeswoman declined to comment on risks posed by specific products to its network but said all software used by DISA is "extensively evaluated for security risks," and continually monitored once deployed.

Created in 2000 as an independent company, ArcSight broke new ground by allowing large organizations to receive real-time alerts about potential cyber intrusions.

The software draws activity records from servers, firewalls, and individual computers across a network - up to hundreds of thousands per second. The system then searches for suspicious patterns, such as a high number of failed login attempts within a few seconds, and alerts analysts.

A decade later, ArcSight had become "the core" cyber network defense tool the Pentagon's analysts "rely on to defend DoD networks," DISA said in a 2011 ArcSight procurement request.

Today ArcSight is a virtually irreplaceable tool for many parts of the U.S. military, at least for the immediate future, Pentagon records show.

"HP ArcSight software and hardware are so embedded," the Pentagon's logistics agency wrote in April, that it could not consider other competitors "absent an overhaul of the current IT infrastructure."

HPE agreed last year to sell ArcSight and other security products to British tech company Micro Focus International Plc in a transaction that was completed in September.

Jason Schmitt, the current head of the ArcSight division, said the product makes up a little less than half of the $800 million in annual revenue Micro Focus expects to get from the security software business purchased from HPE.

Schmitt said he could not comment on any source code review that took place before this year, when he took the job, but stressed such reviews do not currently take place. Micro Focus did not respond to requests for comment on whether it would allow Russia to do similar source code reviews in the future or whether Micro Focus executives knew of the review prior to the acquisition.

(1st November 2017)


SUPERMARKET CHICKEN SUPPLIER 2 SISTERS INVESTIGATED
(BBC News, dated 29th September 2017)

Full article : www.bbc.co.uk/news/uk-41440020

The Food Standards Agency is investigating after reports of safety breaches at a factory owned by one of the UK's largest chicken suppliers.

The Guardian and ITV News said workers at a 2 Sisters Food Group site in the West Midlands had changed slaughter dates to extend the shelf life of meat.

Marks & Spencer, Aldi, Lidl and The Co-op have stopped taking chickens from the site while investigations continue.

2 Sisters said it viewed the allegations "extremely seriously".

The FSA said its inspectors found "no evidence" of breaches at the West Bromwich factory on Thursday but they were continuing to review the evidence.

The company also supplies Tesco and Sainsbury's, which are investigating the allegations.

An undercover reporter claimed to have witnessed workers changing the "kill dates" on chickens and allegedly saw meat of different ages being mixed together and codes on crates of meat altered.

Repackaging claim

The Guardian and ITV News said in a statement that more than 20 workers had confirmed the unhygienic practices took place, while some said they would no longer eat chicken from supermarkets.

Some workers also claimed the chicken that supermarkets reject is sometimes repackaged at the factory and sent out again.

The FSA said it took any allegations of inaccurate labelling and breaches in hygiene regulations "very seriously".

It urged the Guardian and ITV News to share the full details with the FSA, such as the footage taken and witness interview transcripts, so that it could investigate thoroughly and promptly.

FSA chairman Heather Hancock said: "Should we find any evidence of any risk to public health, any products on the market which we believe to be a cause of concern will be urgently removed from sale."

She reminded consumers to follow FSA guidelines for chicken:

- Cover and chill raw chicken
- Never wash raw chicken
- Only use clean hands, utensils and chopping boards when handling raw chicken
- Cook chicken thoroughly until there is no pink meat and the juices run clear

Tesco said it carried out its own regular audits of all its suppliers, adding that it took the allegations "extremely seriously" and would be carrying out a "rigorous investigation".

Aldi, Lidl, Sainsbury's and Marks & Spencer all issued statements announcing the launch of independent investigations.

'No stone unturned'

The 2 Sisters company was founded in 1993 by Ranjit Singh Boparan and now employs 23,000 staff. Although it has diversified, the bulk of the group's income still comes from processing poultry.

The company said it had been made aware of the allegations on Thursday but had "not been given the time or the detailed evidence to conduct any thorough investigations to establish the facts, which makes a fulsome response very difficult".

It said hygiene and safety remained at the "core" of its business, which was subject to frequent unannounced audits from the FSA and Red Tractor - the food industry's assurance scheme - among others.

It said the West Midlands site in question had received nine audits - five unannounced - during July and August this year alone.

It added in a statement: "If, on presentation of further evidence, it comes to light any verifiable transgressions have been made at any of our sites, we will leave no stone unturned in investigating and remedying the situation immediately."

-----------------------
CHICKEN SUPPLIER 2 SISTERS SUSPENDS OPERATIONS
(BBC News, dated 1st October 2017)

Full article : www.bbc.co.uk/news/uk-41462549

One of the UK's largest supermarket chicken suppliers has suspended operations after an investigation allegedly exposed food safety breaches.

The 2 Sisters Food Group said staff at its site in the West Midlands will need to be "appropriately retrained" before it starts resupplying customers.

It comes after allegations that workers had changed slaughter dates to extend the shelf life of meat.

The Food Standards Agency (FSA) has also been investigating the claims.

The Guardian and ITV News claimed an undercover reporter witnessed workers changing the "kill dates" on chickens.

They also allegedly saw meat of different ages being mixed together and codes on crates of meat altered.

In a statement, the company said an internal investigation had shown "some isolated instances of non-compliance" at its plant in West Bromwich.

"We have therefore decided to temporarily suspend operations at the site to allow us the time to retrain all colleagues, including management, in all food safety and quality management systems."

All staff will remain on full pay and take part in training on site, it added.

"We will only recommence supply once we are satisfied that our colleagues have been appropriately retrained."

Marks & Spencer, Aldi, Lidl and The Co-op have stopped taking chickens from the site while investigations take place.

The company also supplies Tesco and Sainsbury's, which are looking into the allegations.

2 Sisters said the FSA had visited the site every day since the allegations came to light and had "not identified any breaches".

It went on: "We continue to work closely with the FSA and our customers throughout this period."

(1st November 2017)


DON'T BE SCARED....BUT STAY SAFE
(Good Housekeeping, dated November 2017)

It might feel like every day there is new of yet another terror attack somewhere in the world. The temptation is to stop doing the things we love in case it puts us in danger - but who wants to live like that ? The very last thing we ever want to do at Good Housekeping is to frighten our readers but we wanted to know, should the worst happen, what's the best way to stay safe ?

"We're living in turbulent times", says SAS hero Chris Ryan.

"But we've always had terrorism in Europe and, to me, it feels like the 70's and 80's when the IRA was active. The difference now is that there is constant footage for everyone to see on TV and people feel very uneasy. Actually, terror attacks are still rare and I don't want people to feel scared, but there are things I've learnt from my time in the SAS that can empower people, which is why I've written my new book, Safe.

For the record


During the first Gulf War in 1991, Chris Ryan was part of the SAS patrol known as Bravo Two Zero, which was trapped behind enemy lines in Iraq. He was the only member of the patrol to evade capture and made history by trekking 180 miles to safety in Syria.

Read on for Chris Ryan's advice....


How can I make myself more streetwise

These days, most people walk around chatting on phones, looking down at screens or wearing headphones. It means you're cutting off your two most important senses and won't be aware of any potential threat or be able to react in time.

Walk with your head up and stick to busy, well-lit areas. Act confidently but don't wear obviously expensive clothes and jewellery. Most people who catch your eye in the street look away again. If they continue to stare at you, it's a sign they're targeting you and may want to do you harm.

If you feel threatened, dial 999 on your phone. If you are unsure, dial the number but don't press send. Keep your finger over the button in case things escalate. If you're trapped, use whatever you can to get away - a can of hairspray sprayed in the face, for example.

The worst thing you can do in a knife attack is to curl into a ball as you won't be able to defend yourself. Protect your vital organs and inner arms as stab wounds here can be fatal.

Vehicle ramming incidents are on the rise. Walk along pavements with the traffic facing youso you have some warning and time to get out of the way. If you're on a bridge, the impact of jumping into the water could kill you. If there's no other option, concentrate on keeping your mouth closed, your arms by your side and legs bent, to lessen the impact.

I love travelling but don't want to be a target

Before you book anything, research your destination. Which countries does your destination border ? Are they unstable ? Always check gov.uk/foreign-travel-advice.

Put the number for emergency services of the country you're visiting into your phone.

When you get to your hotel or apartment, check fire escapes, entrance and exits so you'll know where to head if there's a fire or attack. Walk around outside to familiarise yourself with the layout.

If there is a hotel shooting, it may be saferto barricade yourself into a room. Use a wardrobe across the door first, then a bed and mattresses. If shots are fired, it will help slow down the bullets. Take cover and well away from the door.

In the Tunisian beach attack, when 38 people died, witnesses said they thought the gunfire was fireworks. Gunfire sounds like a whip being cracked.

If you are on a beach and hear gunfire, get away as quickly as you can. Don't go into the sea - you'll be a slow moving target. Avoid the hotel; use the route you've already identified to move away from the area.

Is there anything I can do in a terrorist attack ?


Your chances of being caught up in one of these are small, but you can't discount it. The police advise for a firearms attack is to run if you can, hide if you can't and tell the authorities what's going on. I agree. If there is a crowd heading in one direction, they're probably running away.

(1st November 2017)



SEPTEMBER 2017

SEPSIS - WHAT EVERY PARENT NEEDS TO KNOW
(The UK Sepsis Trust)

If your child is unwell with a bug or infection, is rapidly geeting worse and you ae worried that their illness seems different to any previous illness, it could be sepsis.

Sepsis is rare but serious complication of an infection.

IF YOUR CHILD HAS ANY OF THESE SYMPTOMS YOU SHOULD TAKE IMMEDIATE ACTION

- Looks mottled, bluish or pale

- Is very lethargic or difficult to wake

- Feels abnormally cold to touch

- Is breathing very fast

- Has a rash that does not fade when you press it

- Has a fit or convulsion

---------- GO TO A&E IMMEDIATELY OR CALL 999 ----------

 DETAILED SYMPTOMS

Sepis is rare in children, but if your child is unwell with a bug or infection, watch your child closely.

These symptoms may be the signs of sepsis :

Temperature

- Temperature over 38 degree's C in babies under three months
- Temperature over 39 degree's C in babies aged three to six months
- Any high temperature in a child who cannot be encouraged to show interest in anything
- Low temperature (below 36 degree's C, check three times in a 10 minute period)

Breathing

- Finding it much harder to breathe than normal - looks like hard work
- Making 'grunting' noises with every breath
- Can't say more than a few words at once (for older children who normally talk)
- Breathing that obviously 'pauses'

Toilet /Nappies

- Not had a wee or wet nappy for 12 hours

Eating and Drinking

- New baby under one month old with no interest in feeding
- Not drinking for more than eight hours (when awake)
- Bile stained (green), bloody or black vomit / sick

Activity and Body

- Soft spot on baby's head is bulging
- Eyes look sunken
- Child cannot be encouraged to show interest in anything
- Baby is floppy
- Weak, 'whining' or continuous crying in a younger child
- Older child who's confused
- Not responding or very irritable
- Stiff neck, especially when trying to look up and down

If your child has any of these symptoms, is geting worse, or is sicker than you would expect (even if their temperature falls), trust your instincts and seek medical advice urgently from NHS111 (telephone 111).

FOR MORE INFORMATION

Visit : nhs.uk/sepsis or sepsistrust.org

uaware note

This information was copied from a Sepsis Trust leaflet picked up from Boots during September 2017.

(1st October 2017)


THE BOTNET ARMY - TRACKER REVEALS THE EUROPEAN 'BOTSPOTS' POWERING GLOBAL CYBERATTACKS
(International Business Times, dated 27th September 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/botnet-army-tracker-reveals-european-botspots-powering-global-cyberattacks-1641063

Swarms of internet-connected devices infected with malware have become a popular tool for hackers as their collective power can be used to launch cyberattacks.

Known as bot networks - or botnets - they typically include hijacked computers, smartphones or internet of things (IoT) devices which can be deployed at will to spread malware, generate spam and conduct distributed denial of service (DDoS) attacks.

This week (27 September), Symantec released an updated botnet tracker, sharing insight into where bots are lurking in the Europe, the Middle East and Africa (EMEA) region.

According to the firm, 6.7m bots joined the global botnet in 2016, and Europe made up nearly one-fifth (18.7%) of the world's total bot population.

The UK, Symantec said, was Europe's 11th highest source of bot infections, falling from 7th place in 2015.

The City of London boasted the majority of the UK's bot infected devices with 34.4% of all British bots located there at the time of writing.

"More than 13.8m people in the UK were victims of online crime in the past year, and bots and botnets are a key tool in the cyber-attacker's arsenal," said researcher Candid Wueest.

"It's not just computers that are providing criminals with their robot army; in 2016, we saw cyber criminals making increasing use of smartphones and Internet of Things (IoT) devices. In fact, IoT devices may be part of the uptick in global bot infections in 2016.

"Nearly a third (31%) of attacks originated from devices in Europe alone."

Indeed, the cities of Madrid, Istanbul and Moscow had more bots in their cities than the vast majority of nations had in their entire countries, Symantec said.

But Russia was home to the largest number of bots in all of Europe, with 13.6% of Europe's bot-infected devices residing there. However, with the largest internet-connected population in Europe, Russia's 'bot density' is comparatively low, experts revealed.

'Bot density' or 'bots per connected capita' is a comparison between a country's number of internet users and the volume of bot infections.

It aims to make it clear which countries have a true higher rate of infection.

With one bot for every 41 internet users, Russia was 31st in Europe and 94th in the world for 'bot density'. This comparatively low infection rate may be influenced to some degree by the codes of conduct of Russia's hacking community, researchers said.

"Russians infecting Russians is considered a hacking faux pas," Wueest noted.

"There have been instances in the past of hackers being 'doxxed' or outed to police by the hacking community for the sin of infecting local computers.

"The number of bot infections isn't typically representative of where cybercriminals live. Infection rates are typically lower in countries where users have better cyber-hygiene and hackers are often the most 'hygienic' or paranoid when it comes to their devices."

In comparison, Rome's Holy See, the world's smallest country, had the highest bot density not only in Europe, but globally. Its significantly smaller internet-connected populace meant Vatican users had approximately "a one in five chance of using a 'zombie' device."

In most cases, victims caught up in these networks are unwitting participants in crime.

For example, bot networks played a key role in the alleged Russian influence campaign during the 2016 US presidential election when they were used to amplify divisive messages, circulate conspiracy theories and share pro-Donald Trump talking points.

In another case from last year, swarms of IoT devices were enslaved into the so-called Mirai botnet and used to takedown websites including Reddit, Twitter and Netflix.

Concerned that your device may be enslaved in a bot army?

Symantec said that some key warning signs includes if your device starts drastically slowing down, displaying mysterious messages or crashing for no apparent reason. It advised users to keep up-to-date with security updateds and never to click suspicious links.

(1st October 2017)


SIXTEEN WAYS TO AVOID BEING HACKED WHEN SHOPPING ONLINE DURING BLACK FRIDAY
(The Telegraph, dated 27th September 2017 author Telegraph Reporters)

Full article [Option 1]:

www.telegraph.co.uk/technology/0/black-friday-ways-avoid-hacked-online/

Black Friday, the sales bonanza when millions of shoppers scour the internet for deals and discounts, is inching closer and closer.

Many shoppers will make their purchases by logging into online accounts with high-street retailers - accounts which contain sensitive details including credit card numbers, addresses and phone numbers and are often created in haste to bag the latest online deal.

But the Black Friday sales are also a great time for hackers: bargain-hunting consumers are often at risk of scam websites and fake marketing emails. Even on legitimate websites, poor security practices can land you in trouble.

Here are some simple tips from the Telegraph Technology team to keep you safe when shopping online this holiday season.

1. Never use a password more than once

Many of us are guilty of having had the same password for every account for years and, even worse than that, the most common 25 passwords include "123456", "password", and "abc123". The best way to keep your online accounts - from your internet banking to social media - secure is to never use the same password more than once.

Create a different password for each online account that you have and store them in a password manager, such as DashLane, 1Password or LastPass. These services store passwords securely, save time from endlessly typing them out when you log in, and can randomly generate keys for you.

Once you've set up a secure set of account logins make sure you don't share your passwords with anyone.

2. Check if you've already been hacked

If you're worried that you might have been hacked or had any of your personal details compromised, it would be wise to change your usernames and passwords immediately. Before coming up with a string of new keys, though, you can use a service such as have i been pwned to find out if you have an account that has been compromised in a data breach.

Enter an email address or username into the search bar and it will tell you if you've been a victim.

https://haveibeenpwned.com/

3. Update with the latest patches

Downloading software updates as and when they're available is a good way to protect yourself. Software updates for computers, phones, tablets, and other devices generally include improved security settings and patches that fix vulnerabilities. This is also true of updates to any apps or programs that you have installed on those devices.

To make sure you receive the updates as soon as they're available you can enable automatic updates on your devices, often by looking in Settings.

4. Check before you download


Before downloading apps onto your phone or software on your computer do some research - check what it's asking for access to (look for apps permissions in Settings), check an app's rating in the iOS or Google Play story, read reviews online, and make sure you're downloading the official version.

5. Use the latest anti-virus software


If you use a Windows computer you should protect it using anti-virus software, such as AVG or Sophos. Make sure you regularly install the updates and scan for malware.

6. Look for the padlock

When using secure online services, such as email, online shopping or banking, and social media, always check there is a padlock symbol in front of the URL, and that the web address begins "https://" before you log in or register. Websites must pass certain security tests to be accredited with the padlock, and the 's' stands for 'secure'.

7. Watch what Wi-Fi you connect to

Make sure your home WiFi is protected with a strong password that only you and your family know. When out and about never use a hotspot that may be unsecured, especially when what you're doing is personal or private.

8. Keep your settings private


Check the privacy settings on all of your social media accounts so that only the people you want to share your information with can see it. You can restrict what others see about you in the Setting sections of your account.

For example, you can make your posts private on Facebook, and restrict what Google can know about you. Use a site like Ghostery to find out what websites are tracking you and easily block them.

9. Beware of public mobile charging points

It's possible to hack into a smartphone that is charging via USB in a public place, such as an airport, cafe or on public transport. To avoid being a victim, only plug your phone into trusted computers when using a USB cable.

10. Stick to encrypted messaging apps


End-to-end encrypted messaging apps such as WhatsApp, iMessage and Telegram protect your privacy by masking the contents of your messages from would-be eavesdroppers.

11. Always be careful of suspicious messages

Never open or forward a suspicious looking email, or respond to a social media message from someone you don't know. Watch out for phishing emails and text messages that ask you to log in or provide bank details.

Companies, such as Apple and WhatsApp, and government services will never email or text you to ask you to log into your account, provide bank details or download a program.

12. Type out web addresses


It's good practice to be suspicious of hyperlinks (particularly shortened links) that come from outside sources, such as unknown senders in an email. If you're asked to log into an account or provide payment details, type out the URL yourself and go directly to the legitimate site to make sure that you're not on a fake site that's designed to look like the official one.

13. Post in haste, repent at leisure


What goes online stays online so never say anything that could hurt, anger or endanger yourself or someone else.

14. Log off, log out

Always make sure you log out of your accounts when you've finished with them and log off a computer when you've finished using it.

15. Be a clever dater

With hundreds of thousands of us turning to dating apps every day in the quest to meet potential partners, there are a few ways to make sure you don't put yourself in a compromised position.

Try to avoid disclosing private information when using online dating sites, and take every precaution that profiles you are looking at are genuine. Never be tempted to send or transfer money to people you meet online, however unfortunate their story.

###How to avoid dating scams

- If you're suspicious about a profile report it to the dating website or app so they can investigate it.

- Try doing your own detective work - ask them for their full name and look them up on Google and social media.

- Don't be afraid to question their authenticity - if they are genuine they won't mind you trying to verify them.

- Remember, they may spend months building a relationship with you and will only ask for money once you're emotionally involved.

- Ask a friend for advice as they are not as emotionally involved as you, they may be able to see something you can't.

- Look out for fake or stolen photographs. You can use sites like TinEye.com to check the authenticity of a photo and you can try doing a reverse image search on Google (by clicking on the camera logo in the search bar and uploading an image) to see if they are using a fake picture.

- Never give out too much personal information, such as your home address, phone number or email.

- Consider setting up a new email address to use for online dating and perhaps even get a cheap Pay As You Go phone to use for making phone calls.

(Source: James Preece - dating expert)

16. Use your common sense

If an email offer looks too good to be true, the prices on a website are abnormally low or you receive an unsolicited telephone call offering computer support, it's probably a scam.

(1st October 2017)


RANSOMWARE SURGES AGAIN
(ZDNET, dated 27th September 2017 author Danny Palmer)

Full article [Option 1]:

www.zdnet.com/article/ransomware-surges-again-as-cyber-crime-as-a-service-becomes-mainstream-for-crooks/

Purchasing cybercrime-as-a-service tools such as malware and DDoS for hire services is no longer just something for low level or aspiring hackers, organised criminal gangs are taking advantage of these services as the underground criminal landscape continues to become more professionalised and mature.

But that doesn't mean the likes of ransomware attacks or phishing campaigns are going away, they're also more prolific than ever.

Europol's newly released 2017 Internet Organised Crime Threat Assessment analyses a number of the key trends in cyber crime - with the likes of WannaCry ransomware emphasising the global nature of attacks - and warns how the increasing willingness of professional cybercriminals to turn to crime-as-a-service schemes is set to create further risks.

Non-technical criminal groups can buy the likes of ransomware, or phishing tools to help carry out or cover traditional crimes from investigation by law enforcement.

"Crime-as-a-service is becoming more mature; it's now serious, organised crime that are using these services, this is no longer script-kiddies or youngsters sitting in their basements," said Philip Amman, Head of Strategy of the European Cyber Crime Centre, speaking at the launch of the report.

Put simply, no single cyber criminal organisation can specialise in every form of attack or nefarious activity, so there's an increasing market for the hiring of skills or the purchase of toolsets to help facilitate criminal activity - be they online, physical or both.

"When they require something outside their own area of competency, they need only to find someone offering the appropriate tool or service in the digital underground; they can simply buy access to what they need," says the report.

Nonetheless, while cyber criminal activity continues to professionalise and diversify, Europol notes that many attackers continue to stick to what they know - and for many, that's ransomware, which the report says has "eclipsed" most other global cybercriminal threats.

Indeed, the first half of 2017 saw ransomware attacks on a scale never seen before, with the spread the WannaCry ransomware-worm in May, followed by the outbreak of the self-spreading Petya in June.

Europol warns how these attacks have highlighted how reliance on internet connectivity, combined with poor digital hygiene standards and practices can enable such attacks to spread far and wide - and that many organisations need to do more to protect themselves.

"The global impact of huge cyber security events such as the WannaCry ransomware epidemic has taken the threat from cybercrime to another level," said Europol Executive Director Rob Wainright.

Banks and other major businesses are now targeted on a scale not seen before and, while police have enjoyed success in disrupting major criminal syndicates operating online, the collective response is still not good enough.

However, despite the damage caused by the global ransomware attacks, the 2017 Internet Organised Crime Threat Assessment offers some silver-linings.

The report notes how one "unintended positive" of the global ransomware outbreaks is that it has raised awareness about the need for proper information security practices. Indeed, some in the criminal fraternity are already worried that this is the case.

But in order to combat the threat of cyber crime, Europol states that law enforcement must continue to focus on those developing and providing cyber crime and attack tools - particularly for the likes of ransomware, malware, and DDoS attack tools.

The idea is that by taking away the ability for criminal groups to simply buy the services they need, law enforcement will be able to focus on tracking down and stopping the kingpins.

"If we can do something to prevent cyber crime from happening in the first place, that's a win. Then law enforcement can focus on the top actors that provide key services and tools - DDoS for hire, botnets, counter-anti-virus. If we can counter that, law enforcement can focus on the main actors" said Amman.

The report identifies the No More Ransom initiative as successful example of this strategy, having provided free decryption tools to 29,000 victims and depriving criminals of an estimated EUR 8 million in ransoms. If law enforcement can make these attacks not-profitable, they will become unappealing to criminals.

Europol's newly released 2017 Internet Organised Crime Threat Assessment :

www.europol.europa.eu/activities-services/main-reports/internet-organised-crime-threat-assessment-iocta-2017

(1st October 2017)


CAR THEFT SOARS AS CRIMINALS LEARN HOW TO BEAT SECURITY DEVICES
(The Telegraph, dated 27th September 2017 author Martin Evans)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/09/27/car-theft-soars-criminals-learn-beat-security-devices/

The number of cars being stolen has soared by 30 per cent in the last three years as criminals work out ways to override sophisticated security measures, new figures have revealed.

The development of engine immobilisers and keyless technology had seen car theft fall to a record low four years ago.

But since then thieves have successfully developed techniques and technology that allows them to bypass modern anti-theft measures.

Organised crime gangs have been stealing many prestigious vehicles to order, before shipping them overseas.

As a result motorists are increasingly resorting to traditional security devices such as mechanical steering locks which fit over the wheel and were popular in the 1980s and 1990s.

Retailers report that the sale of such products has soared by almost 60 per cent in recent months as drivers seek to protect their vehicles.

Three years ago car theft reached fell to its lowest point in almost half a century, as manufacturers perfected technology that boasted of making many vehicles virtually theft proof.

Data from the Office for National Statistics (ONS) suggested that less than 70,000 cars were reported in 2014.

But the latest figures, released under the Freedom of Information Act, showed that since then, there has been a rapid increase in car theft, peaking at 85,688 in 2016 - a rise of almost 30 per cent.

Experts believe the rise is largely down to criminals catching up with the technology.

Mark Godfrey a director with RAC Insurance, which compiled the FOI data, said: "Unfortunately, these figures show a very unwelcome rise in the theft of vehicles from much lower numbers in 2013.

"Technology advances in immobilisers, keys and car alarms had caused the number of vehicle thefts to decrease significantly from more than 300,000 in 2002, but sadly they have now increased after bottoming out in 2013 and 2014.

"We fear thieves are now becoming more and more well equipped with technology capable of defeating car manufacturers' anti-theft systems."

Mr Godfrey said this was bad news for motorists because it caused car insurance premiums to rise, but said motorists could take steps to protect themselves by parking in well lit areas and never leaving the keys in the ignition.

But he added: "In addition, anti-theft devices such as steering wheel locks which were popular in the 1980s and early 1990s are starting to make a comeback as they are still a very effective visible deterrent.

"This is quite ironic as they were replaced a number of years ago by alarms and immobilisers, which until now, offered better theft prevention."

A spokesman for Halfords said they had seen a sharp rise in the sale of traditional security devices in recent months, following a spike in car crime.

David Hammond, car security expert at Halfords said: "Organised gangs have mastered how to get around high-tech security devices, leading to a significant rise in car thefts across the UK.

"To guard against falling victim to these car thieves, police are advising drivers to invest in a physical deterrent like a classic steel steering lock.

"These first became popular in the 1980s and '90s but remain an extremely effective - and visual - way of deterring thieves, and we've recently seen an increase in sales as car owners turn to old school solutions."

Deputy Assistant Commissioner Graham McNulty, the National Police Chiefs' Council Lead for Vehicle Crime said: "In recent years vehicle theft has started to increase across the country following many years of reductions.

"We are seeing more sophisticated operations by organised crime gangs exporting cars for profit as well as increasing scooter and motorcycle and keyless car theft.

"Police forces are working with the Home Office, the National Crime Agency, the National Vehicle Crime Intelligence Service, Europol and car manufacturers to design-out crime and disrupt these networks."

(1st October 2017)


HACKERS WANT TO CRACK BANK ATM NETWORKS
(ZDNET, dated 26th September 2017 author Danny Palmer)

Full article [Option 1]:

http://www.zdnet.com/article/hackers-want-to-crack-bank-atm-networks-and-your-nearest-cash-machine-is-probably-running-windows-xp/

Cyberattacks against ATMs aren't new, but until now they've mostly required the attackers to have physical access to the target machine in order to compromise it.

However, a joint report by Europol and Trend Micro warns how hackers are increasingly targeting banks' corporate networks in an effort to move across to ATMs and infect them with malware.

The fact the machines are basically moneyboxes attached to a Windows PC makes them an appealing target for attackers, but the icing on the cake for criminals is how large swathes of ATMs are running on obsolete or unsupported operating systems.

"A majority of ATMs installed worldwide still run either Windows XP or Windows XP Embedded. Some of the older ATMs run Windows NT, Windows CE, or Windows 2000. Microsoft," said the report.

According to the Cashing in on ATM Malware report, that means there are hundreds of thousands of cash machines which no longer receive support.

The WannaCry ransomware outbreak demonstrated how at risk unsupported and unpatched systems can be to cyberattacks, meaning that with the correct technical expertise, a criminal operation could exploit the vulnerabilities in an ATM to make off with a fortune via a network-based attack -- or even shutting down machines.

"Should a worm like WannaCry or NonPetya ever manage to breach these networks, then the effect could be devastating, knocking out the whole network," Simon Edwards, cybersecurity solution architect at Trend Micro told ZDNet.

It isn't theoretical; hackers have already demonstrated how they can remotely attack ATMs without physical access to the device on a number of occasions -- like many other forms of cyberattack, the infiltration begins with phishing emails sent to bank employees. If one of these is successful, the hackers can access the rest of the network.

One example is ATMitch, which saw hackers remotely infect banks -- one in Khazakstan and one in Russia -- with malware. The infection allowed the attackers to issue remote commands to the machine, allowing it to distribute money to people working alongside the hackers.

Another incident saw hackers able to access 41 ATMs in Taiwan, stealing a total of $2.5 million from 22 branches of First Commercial Bank without using cash cards or even touching the PIN pads. Some of the perpetrators were eventually tracked down and sentenced for their involvement, but not all of the funds were recovered.

Trend Micro and Europol have dubbed the rapid developments in network-based ATM malware attacks as "unnerving" because "the criminals have realized that not only can ATMs be physically attacked, but it is also very possible for these machines to be accessed through the network".

While this type of attack has mostly only been seen in regions such as South America and Asia, the report warns that it won't be long before North America and Europe see this type of attack as "we believe this to be a new tendency that is probably going to consolidate in 2017 and beyond".

As a result, the report warns, law enforcement agencies must be aware that cybercriminal groups are looking to target ATMs in this way -- and financial organisations must take more steps to secure their ATM installations by installing more security layers, such as keeping the machines on a separate part of the network.

(1st October 2017)


BLOOD TEST TO SPOT KILLER SEPSIS IN HOURS
(London Evening Standard, dated 26th September 2017 author Ross Lydall)

Full article [Option 1]:

www.standard.co.uk/news/health/blood-test-to-spot-killer-sepsis-in-hours-a3643851.html

A device that could transform the treatment of sepsis worldwide by diagnosing potentially deadly infections within hours was unveiled today by London scientists.

Its inventors at Imperial College hope to have it available on NHS wards by next summer and say it could make the difference between "life and death" for critically ill patients.

There are about 123,000 cases of sepsis each year in England, and an estimated 30 million worldwide, with almost a third proving fatal.

Sepsis can be difficult to diagnose and very young and very old patients are most at risk.

Professor Chris Toumazou was due to tell a Royal Institution conference today about the LiDia test for blood infections that lead to sepsis.

It uses a semiconductor to analyse a 10ml blood sample, searching for evidence of about 20 of the most common bugs that cause sepsis, which leads to major organ failure.

The device - a disposable cartridge and main instrument box - gives results within two to three hours, compared to the several days that patients have to wait for their blood cultures to be analysed in the laboratory.

"By that time, the patient could almost be in rigor mortis," Professor Toumazou said.

The regius professor of engineering at Imperial said the "eureka moment" happened when he and a PhD student put saliva on a semiconductor and saw it spark into life.

He told the Standard: "The core of the technology is a semiconductor and microchips. As a result, it has been configured almost as a mini-computer.

"A blood sample is inserted at the front end. Within two to three hours, out comes the result. The result may be what the right antibiotic is, or should be, for that pathogen.

"This is one of the first technologies where we have focused on the genes of the bug… if you look at the DNA of the bug you can check whether or not it responds to antibiotics, or which antibiotics it is resistant to."

The device can be used by GPs or hospital doctors and cuts out the need to send samples to a lab.

Last year Professor Toumazou's spin-off firm, DNAe, won £38.5 million from the US government to expand its work into infectious diseases.

Alison Holmes, professor of infectious diseases at Imperial College London, said today's summit would highlight the work of UK experts.

"The potential for infectious diseases to spread rapidly is a live threat at a global level," she said.

(1st October 2017)


UK CYBER DEFENCES AMONG THE BEST IN EUROPE
(Computer Weekly, dated 25th September 2017 author Warwick Ashford)

Full article [Option 1]:

www.computerweekly.com/news/450426871/UK-cyber-defences-among-the-best-in-Europe

Topping the list of most prepared European Union (EU) nations is the Netherlands, with an overall cyber attack preparedness rating of 60%, according to a report by Website Builder Expert (WBE).

Following the Netherlands is Estonia (58%), France and Italy (57%) and the UK (56%). Conversely, the least prepared nations are Slovakia and Malta (34%), Greece (35%), Spain (38%) and Lithuania (40%).

The overall scores are an average of the cyber security commitment rating and pecentage of protected internet connections for each country.

Estonia has the highest commitment rating of 85%, compared with the UK's 78%, while Italy has the highest percentage of protected internet connections (51%) compared with the UK's (33%).

Although being rated at the most prepared, the Netherlands is second only to Romania in terms of its cyber crime "victimhood" rating of 21%, compared with Romania's 23%. The Netherlands is followed by Portugal (20%), Poland (20%) and Italy (19%).

Countries with the lowest cyber crime "victimhood" ratings are Finland (12%) and Slovakia (14%), along with Germany, Ireland and Austria, which all have a rating of 15%.

Taking into account a range of factors including previous encounters with cyber crime, malware encounter rates, commitment to cyber security initiatives, and how exposed each country's internet connections are, the study shows that Malta is the EU nation most at risk of cyber crime, with a vulnerability score of 42%.

Despite ranking in the middle of the pack for malware and cyber crime encounters, it was Malta's high percentage of exposed internet connection ports (73% of all ports), lack of cybersecurity legislation and poor international co-operation that pushed it to the top of the vulnerability index.

This means that Malta's population, despite encountering a lower incidence of cyber crime than their European neighbours, are actually at far more risk in the long run with few protective or preventative measures in place.

Malta is followed by Romania and Slovakia, which both have a vulnerability rating of 41%, Spain (40%), and Portugal, Lithuania, Cyprus and Hungry with a rating of 39%.

On the opposite end of the scale, Finland was deemed the most cyber-secure country with a vulnerability rating of just 29%, which the report ascribed to the fact that Finland has one of the lowest cyber crime encounter rates in Europe and is one of the most prepared nations too, second only to the UK.

The UK's vulnerability rating is 31%, along with France and Italy, and second only to Estonia, Germany and the Netherlands, all with a vulnerability rating of 30%.

James Kiernan, director of WBE, said that with the threat of cyber crime becoming more evident each day, cyber security on an international level is more important than ever if countries want to protect their interests and residents.

"While it is reassuring to see countries such as the UK and Germany among the safer nations, the level of cyber vulnerability across Europe is still cause for alarm, especially in the wake of June's massive [NotPetya] cyber attack," he said.

The NotPetya attack appears to have targeted mainly organisations in Ukraine, including the central bank, the Ukrenego electricity supplier, the Chernobyl nuclear power plant, and airport and metro services throughout the country.

However, companies outside the Ukraine were also affected, including London-headquartered WPP, US-based pharmaceutical company Merck, multinational law firm DLA Piper, Russian oil company Rosneft, Netherlands-based shipping company TNT and French construction materials company Saint-Gobain.

Danish transport and shipping giant AP Moller-Maersk is believed to have been one of the hardest hit, with the financial impact of the attack estimated at $200m to $300m (£222m), while the UK's WPP estimates the cost at between £10m and £15m before insurance.

UK National Cyber Security Centre (NCSC) technical director Ian Levy recently warned that the UK risks a C1-level national cyber security incident if organisations do not change their approach to cyber security.

He said the NCSC wants to publish data and evidence to ensure that people really understand how to do risk management properly. "Cyber security is just risk management, which is not fundamentally different to HR, legal or financial risk management," he said.

Levy also believes that the way technology tends to be designed currently makes impossible security demands on people.

As a result, he said security professionals have spent the past 25 years saying people are the weakest link. "But this is stupid," he said. "People cannot be the weakest link [because] they are people who do jobs, and they are people who create value in their organisations.

"What this tells us is that the technical systems are not built for people. Techies build systems for techies, not normal people," said Levy.

(1st October 2017)


DELOITTE HIT BY CYBER-ATTACK REVEALING CLIENTS SECRET EMAILS
(The Guardian, dated 25th September 2017 author Nick Hopkins)

Full article [Option 1]:

www.theguardian.com/business/2017/sep/25/deloitte-hit-by-cyber-attack-revealing-clients-secret-emails

One of the world's "big four" accountancy firms has been targeted by a sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients, the Guardian can reveal.

Deloitte, which is registered in London and has its global headquarters in New York, was the victim of a cybersecurity attack that went unnoticed for months.

One of the largest private firms in the US, which reported a record $37bn (£27.3bn) revenue last year, Deloitte provides auditing, tax consultancy and high-end cybersecurity advice to some of the world's biggest banks, multinational companies, media enterprises, pharmaceutical firms and government agencies.
Business Today: sign up for a morning shot of financial news
Read more

The Guardian understands Deloitte clients across all of these sectors had material in the company email system that was breached. The companies include household names as well as US government departments.

So far, six of Deloitte's clients have been told their information was "impacted" by the hack. Deloitte's internal review into the incident is ongoing.

The Guardian understands Deloitte discovered the hack in March this year, but it is believed the attackers may have had access to its systems since October or November 2016.

The hacker compromised the firm's global email server through an "administrator's account" that, in theory, gave them privileged, unrestricted "access to all areas".

The account required only a single password and did not have "two-step" verification, sources said.

Emails to and from Deloitte's 244,000 staff were stored in the Azure cloud service, which was provided by Microsoft. This is Microsoft's equivalent to Amazon Web Service and Google's Cloud Platform.

n addition to emails, the Guardian understands the hackers had potential access to usernames, passwords, IP addresses, architectural diagrams for businesses and health information. Some emails had attachments with sensitive security and design details.

The breach is believed to have been US-focused and was regarded as so sensitive that only a handful of Deloitte's most senior partners and lawyers were informed.

The Guardian has been told the internal inquiry into how this happened has been codenamed "Windham". It has involved specialists trying to map out exactly where the hackers went by analysing the electronic trail of the searches that were made.

The team investigating the hack is understood to have been working out of the firm's offices in Rosslyn, Virginia, where analysts have been reviewing potentially compromised documents for six months.

It has yet to establish whether a lone wolf, business rivals or state-sponsored hackers were responsible.

Sources said if the hackers had been unable to cover their tracks, it should be possible to see where they went and what they compromised by regenerating their queries. This kind of reverse-engineering is not foolproof, however.

A measure of Deloitte's concern came on 27 April when it hired the US law firm Hogan Lovells on "special assignment" to review what it called "a possible cybersecurity incident".

The Washington-based firm has been retained to provide "legal advice and assistance to Deloitte LLP, the Deloitte Central Entities and other Deloitte Entities" about the potential fallout from the hack.

Responding to questions from the Guardian, Deloitte confirmed it had been the victim of a hack but insisted only a small number of its clients had been "impacted". It would not be drawn on how many of its clients had data made potentially vulnerable by the breach.

The Guardian was told an estimated 5m emails were in the "cloud" and could have been been accessed by the hackers. Deloitte said the number of emails that were at risk was a fraction of this number but declined to elaborate.

"In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilising a team of cybersecurity and confidentiality experts inside and outside of Deloitte," a spokesman said.

"As part of the review, Deloitte has been in contact with the very few clients impacted and notified governmental authorities and regulators.

"The review has enabled us to understand what information was at risk and what the hacker actually did, and demonstrated that no disruption has occurred to client businesses, to Deloitte's ability to continue to serve clients, or to consumers.

"We remain deeply committed to ensuring that our cybersecurity defences are best in class, to investing heavily in protecting confidential information and to continually reviewing and enhancing cybersecurity. We will continue to evaluate this matter and take additional steps as required.

"Our review enabled us to determine what the hacker did and what information was at risk as a result. That amount is a very small fraction of the amount that has been suggested."

Deloitte declined to say which government authorities and regulators it had informed, or when, or whether it had contacted law enforcement agencies.

Though all major companies are targeted by hackers, the breach is a deep embarrassment for Deloitte, which offers potential clients advice on how to manage the risks posed by sophisticated cybersecurity attacks.

"Cyber risk is more than a technology or security issue, it is a business risk," Deloitte tells potential customers on its website.

"While today's fast-paced innovation enables strategic advantage, it also exposes businesses to potential cyber-attack. Embedding best practice cyber behaviours help our clients to minimise the impact on business."

Deloitte has a "CyberIntelligence Centre" to provide clients with "round-the-clock business focussed operational security".

"We monitor and assess the threats specific to your organisation, enabling you to swiftly and effectively mitigate risk and strengthen your cyber resilience," its website says. "Going beyond the technical feeds, our professionals are able to contextualise the relevant threats, helping determine the risk to your business, your customers and your stakeholders."

In 2012, Deloitte, which has offices all over the world, was ranked the best cybersecurity consultant in the world.

Earlier this month, Equifax, the US credit monitoring agency, admitted the personal data of 143 million US customers had been accessed or stolen in a massive hack in May. It has also revealed it was also the victim of an earlier breach in March.

About 400,000 people in the UK may have had their information stolen following the cybersecurity breach. The US company said an investigation had revealed that a file containing UK consumer information "may potentially have been accessed".

The data includes names, dates of birth, email addresses and telephone numbers, but does not contain postal addresses, passwords or financial information. Equifax, which is based in Atlanta, discovered the hack in July but only informed consumers last week.

(1st October 2017)



COPS SHUT 28,000 SITES FLOGGING KNOCK-OFF FOOTIE KITS AND OTHER TAT
(The Register, dated 25th September 2017 author Kat Hall)

Full article [Option 1]:

www.theregister.co.uk/2017/09/25/cops_shut_28k_sites_flogging_knock_off_goods/

Cops have closed 28,000 websites selling counterfeit goods over the last three years, the City of London Police's Intellectual Property Crime Unit (PIPCU) revealed today.

Out of those, more than 4,000 were registered using stolen identities of the UK public. Some 400 individuals have had their identity stolen and used in setting up criminal websites.

One of the main consequences of buying counterfeit goods on websites, social media and online is identity crime, it said.

When buying items, people will part with personal details such as their address and financial information which allows fraudsters to set up new websites selling counterfeit goods in their name.

That can negatively affect punters' credit score and chance of getting credit in the future, and can also take up to 300 hours for their identities to be fully regained.

Over 15,000 reports linked to identity crime were received by Action Fraud between April 2016 and March 2017.

PIPCU has launched an awareness campaign today which warns the public that "there's more at stake when it's a fake".

Apparently fake football shirts were among the most popular counterfeit items.

PIPCU recommended customers always ensure the website address begins "https" at the payment stage and watch out for pop-ups asking for confirmation of card details.

Detective Inspector Nicholas Court, from PIPCU, said: "We are aware of many occurrences where criminals have put consumers at risk, compromising their identity as a result of their online shopping habits."

In July, PIPCU confirmed it had confiscated hundreds of thousands of pounds worth of counterfeit Cisco networking gear.

(1st October 2017)

43,000 NEW PHISHING SITES ARE CREATED EVERY DAY
(Netsecurity, dated 22nd September 2017)

Full article [Option 1]:

www.helpnetsecurity.com/2017/09/22/46000-new-phishing-sites/

An average of 1.385 million new, unique phishing sites are created each month, with a high of 2.3 million sites created in May. The data collected by Webroot shows today's phishing attacks are highly targeted, sophisticated, hard to detect, and difficult for users to avoid. The latest phishing sites employ realistic web pages that are hard to find using web crawlers, and they trick victims into providing personal and business information.

Phishing attacks have grown at an unprecedented rate in 2017

Phishing continues to be one of the most common, widespread security threats faced by both businesses and consumers. Phishing is the number 1 cause of breaches in the world, with an average of more than 46,000 new phishing sites created per day. The sheer volume of new sites makes phishing attacks difficult to defend against for

Today's phishing attacks continue to be short-lived

The first half of 2017 highlights the continuing trend of very short-lived phishing sites, with the majority being online and active for only 4 to 8 hours. These short-lived sites are designed to evade detection by traditional anti-phishing strategies, such as block lists. Even if the lists are updated hourly, they are generally 3-5 days out of date by the time they're made available, by which time the sites in question may have already victimized users and disappeared.

Attacks are increasingly sophisticated and more adept at fooling the victim

In the past, phishing attacks randomly targeted as many people as possible, with the hope that a substantial amount would open an infected attachment or visit a malicious web page. Today's phishing is more sophisticated. Hackers do their research and utilize social engineering to uncover relevant personal information for individualized attacks. Phishing sites also hide behind benign domains and obfuscate true URLs, carrying more malignant payloads, and fooling users with realistic impersonated websites.

Mix of companies impersonated continues to evolve


Zero-day websites used for phishing may number in the millions each month, yet they tend to impersonate a small number of companies. Webroot categorized URLs by the type of website being impersonated and found that financial institutions and technology companies are the most phished categories. The top 10 companies being impersonated throughout the first six months of 2017 are:

- Google : 35%
- Chase : 15%
- Dropbox : 13%
- PayPal : 10%
- Facebook : 7%
- Apple : 6%
- Yahoo : 4%
- Wells Fargo : 4%
- Citi : 3%
- Adobe : 3%

SEE ALSO (uaware)


1.4 million phishing websites are created every month
(ZDNET, dated 22nd September 2017 author Danny Palmer)

Full article [Option 1]:

www.zdnet.com/article/1-4-million-phishing-websites-are-created-every-month-heres-who-the-scammers-are-pretending-to-be/

(1st October 2017)


SINGAPORE SEEN AS TOP SPOT TO LAUNCH GLOBAL CYBER ATTACKS
(Bloomberg Technology, dated 22nd September 2017 author Melissa Cheok)

Full article [Option 1]:

www.bloomberg.com/news/articles/2017-09-21/singapore-ranks-first-as-launchpad-for-global-cyber-attacks

Singapore has overtaken nations including the U.S., Russia and China as the country launching the most cyber attacks globally, according to Israeli data security firm Check Point Software Technologies Ltd.

The company, whose software tracks an average of eight to 10 million live cyber attacks daily, said Singapore rose to pole position after ranking in the top five attacking countries for the previous two weeks.

"It is not particularly unusual for Singapore to be featured among the top attacking countries," said Eying Wee, Check Point's Asia-Pacific spokeswoman.

A key Southeast Asian technology hub, much of the internet traffic flowing through Singapore originates in other countries. That means a cyber attack recorded as coming from Singapore may have been launched outside the country, she said.

The Cyber Security Agency of Singapore said there are a number of reports measuring cyber attacks, which are based on various methodologies and therefore provide different perspectives of the situation.

"As a commercial hub with high interconnectivity, Singapore is undoubtedly an attractive target for cybercriminals," a spokesman for the agency said in an email, adding that it's important for the nation to maintain high cybersecurity standards and take necessary measures to protect its systems and data.
Cyber Defense

The city-state, which wants to become a global technology hub, recently stepped up efforts to tighten cyber security after several high profile attacks on government agencies and companies.

"Singapore has now found itself on someone's list," Singapore's Defense Minister Ng Eng Hen said in July. "The attacks are orchestrated, the attacks are targeted, they want to steal specific information, there are minds behind this orchestration."

Earlier this year, Singapore's military established a cyber defense unit while the government drafted legislation to impose new cyber security requirements aimed at helping companies protect critical information infrastructure.

In May, Singapore stopped most of its public servants from being able to access the internet from their work computers. The nation's central bank has also set up an international advisory committee dedicated to enhancing the safety and resilience of Singapore's financial sector.

(1st October 2017)



MORE DATA LOST OR STOLEN IN FIRST HALF OF 2017 THAN THE WHOLE OF LAST YEAR
(The Register, dated 20th September 2017 author John Leyden)

Full article [Option 1]:

www.theregister.co.uk/2017/09/20/gemalto_breach_index/

More data records have been lost or stolen during the first half of 2017 (1.9 billion) than all of 2016 (1.37 billion).

Digital security company Gemalto's Breach Level Index (PDF), published Wednesday, found that an average of 10.4 million records are lost or stolen every day.

During the first half of 2017 there were 918 reported data breaches worldwide, compared with 815 in the last six months of 2016, an increase of 13 per cent. A total 22 breaches in Q1 2017 included the compromise, theft or loss of more than a million records.

Gemalto estimates less than 1 per cent of the stolen, lost or compromised data used encryption to render the information useless.

Malicious outsiders (cybercriminals) made up the largest single source of data breaches (74 per cent) but accounted for only 13 per cent of all stolen, compromised or lost records. While malicious insider attacks only made up 8 per cent of all breaches, the amount of records compromised was 20 million, up from 500,000 in the previous six months.

North America still makes up the majority of all breaches and the number of compromised records, both above 86 per cent. The number of breaches in North America increased by 23 per cent with the number of records compromised increasing threefold (up 201 per cent).

Traditionally, North America has always had the largest number of publicly disclosed breaches and associated record numbers, although this may change somewhat next year when global data privacy regulations like the European General Data Protection Regulation (GDPR) and Australia's Privacy Amendment (Notifiable Data Breaches) Act come into play.

Europe only had 49 reported data breaches (5 per cent of all breaches), a 35 per cent decline from the six months before.

The UK had the second highest number of reported incidents after the US, with 40 (down from 43). A total of 28,331,861 data records were compromised in the UK in H1 2017 (up 130 per cent from H2 2016).

Half of data incidents in the UK involved a malicious outsider (50 per cent), with 38 per cent attributed to accidental loss. Two-thirds of the breaches in the UK are classified as identity theft (65 per cent).

Government was the single biggest source of security incidents with 12 in H1 2017, ahead of technology firms (seven) and healthcare (six).

The Breach Level Index, which has been running since 2013, benchmarks publicly disclosed data breaches.

As new regulations such as the UK's Data Protection Bill and GDPR come into effect, the numbers of disclosed breaches could skyrocket.

(1st October 2017)

POLICE FORCES "MIGHT WORK WITH VIGILANTE PAEDOPHILE HUNTERS"
(The Telegraph, dated 18th September 2017 author Telegraph Reporters)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/09/18/police-forces-might-work-vigilante-paedophile-hunters/

The UK's lead police officer on child protection has said forces will "potentially" have to look at working with so-called paedophile hunters.

Senior officers have previously said vigilante groups such as Dark Justice or The Hunted One could put child abuse investigations at risk.

But figures obtained by the BBC show an increase in the number of cases where evidence gathered by paedophile hunters is being used.

More than 44 per cent (114 of 259) cases of the crime of meeting a child following sexual grooming used this evidence in 2016, compared to 20 out of 176 cases in 2014 (11.3 per cent).

Chief Constable Simon Bailey, the national lead for child protection at the National Police Chiefs' Council, told the BBC: "(These) vigilante groups are putting the lives of children at risk.

"I'm not going to condone these groups and I would encourage them all to stop, but I recognise that I am not winning that conversation."

When asked whether police could work with vigilantes, he said: "I think that's something we're going to have to potentially have to look at, yes, but it comes with some real complexity."

Tyneside-based duo Dark Justice claim on their website to have helped apprehend 104 sex crime suspects, leading to 50 convictions.

A sting operation by a group known as The Hunted One descended into violence as they ambushed a man who sent sexual messages to a decoy account.

Their target, Mirza Beg, 29, was jailed at Maidstone Crown Court in August for 40 months after he turned up with condoms at the Bluewater Shopping Centre in Greenhithe, near Dartford, Kent, believing he was meeting a 14-year-old girl.

(1st October 2017)



HACKERS SLIPPED MALWARE INTO POPULAR PC SOFTWARE CCLEANER

(Yahoo Finance, dated 18th September 2017 author Matt Brian)

Full article [Option 1]:

https://finance.yahoo.com/news/hackers-slipped-malware-popular-pc-142300993.html

A popular PC-cleaning software used by over 130 million people put users at risk after hackers were able to insert malware into legitimate downloads. Piriform's CCleaner, owned by antivirus provider Avast, was found to be hosting a "contained a multi-stage malware payload" that could install ransomware or keyloggers and further infect target computers on command.

According to Avast, around 2.27 million people ran the affected software, which was delivered via a hacked server. The impact is damaging, but considering that the application has amassed over 2 billion downloads and adds around 5 million new users each month, it could have been significantly worse. The company said it has already forced updates of the affected version and in its own words was "able to disarm the threat before it was able to do any harm."

Starting life as a "crap cleaner," CCleaner has earned a reputation for its ability to remove rogue programs and clear things like tracking cookies on Windows PCs. Users trust the brand, which makes it a prime target for attackers. "By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users' inherent trust in the files and web servers used to distribute updates," said Cisco Talos researchers, who discovered the threat, in a blog post.

The attack vector isn't a new one, but it's become a lot more prevalent in recent months. The Petya ransomware was distributed via a similar method and hackers also modified the Mac Bittorrent app Transmission on official servers to compromise users' computers.

In the past, attackers would create fake alternatives of popular applications and trick people into downloading them. The trend now, however, is to attack the download source directly and gain access to legitimate servers. Once they are in, it's a case of loading the trusted software with a nefarious payload, with the end-user being none the wiser.

"This is a prime example of the extent that attackers are willing to go through in their attempt to distribute malware to organizations and individuals around the world," Cisco Talos warns. "Attackers have shown that they are willing to leverage this trust to distribute malware while remaining undetected."

-----------------------

See also :

HACKERS COMPROMISED CCLEANER FREE SOFTWARE, AVAST'S PIRIFORM SAYS
(Reuters, dated 18th September 2017 author Joseph Menn)

Full article [Option 1]:

www.reuters.com/article/us-security-avast/hackers-compromised-free-ccleaner-software-avasts-piriform-says-idUSKCN1BT0R9

-----------------------

(1st October 2017)


BT LAUNCHES SYDNEY CYBERSECURITY CENTRE
(ZDNET, dated 18th September 2017 author Corinne Reichert)

Full article [Option 1]:

www.zdnet.com/article/bt-launches-sydney-cybersecurity-centre/

Telecommunications provider BT and the New South Wales government have announced the launch of a global cybersecurity research and development (R&D) centre in Sydney.

The NSW government's Jobs for NSW invested AU$1.67 million in support of the centre, the state's Minister for Innovation and Better Regulation Matt Kean said, with BT making a AU$2 million investment in capital infrastructure.

"This facility is a major boost for our economy, and will be a real-time nerve centre protecting large enterprises, industries, governments, and even nations from cyber attack," Kean said.

BT will also make a "multimillion investment" in order to employ cybersecurity specialists, Kean added.

According to BT, the cybersecurity hub expands on its already existing security operations centre (SOC) in North Sydney, and will provide 172 new jobs over the next five years, including 38 graduate positions.

"The hub is BT's first cybersecurity R&D facility outside of the United Kingdom, and will employ highly qualified cybersecurity specialists," BT said on Monday.

"The areas of expertise in the new hub will include cybersecurity, machine learning, data science analytics and visualisation, big data engineering, cloud computing, data networking, and the full life cycle of software engineering."

Kean said the NSW government -- which also invested in a startup hub in July, and handed out AU$10 million to incubators and accelerators and AU$3 million in direct grants to startups while providing AU$96 million to the Jobs for NSW initiative -- is hoping the centre's opening will attract and retain IT talent in the state.

"This operation will help keep Australia's best cybersecurity talent here in NSW, and nurture our next generation of specialists to ensure we remain a regional leader in this fast-growing industry," the minister said.

"I'm confident job opportunities offered by BT will also act as an incentive for Australian citizens currently working overseas to come back home and bring their highly valuable skills with them."

BT has 14 SOCs worldwide, which develop, provide, and deploy managed security services for customers across 180 countries.

BT had in May told ZDNet that it was undertaking much of its ongoing development on its new cybersecurity platform -- the Assure Cyber Platform system -- out of its Australian R&D arm.

BT's Assure Cyber Platform makes use of both a computerised element, which uses learning algorithms to sort through the data and learn from it, in addition to a human element in order to combine creative attention to detail with the "relentless efficiency" of computers.

"At least for now, you can't replace people," BT Global Services chief architect for Asia, the Middle East, and Africa Matt Allcoat told ZDNet at the time.

"People have an uncanny knack to spot odd things ... so we have a load of visualisation software that we put on the front of the data lake, and it allows human operators to literally visualise on big screens what this thing is."

BT at the time also took the wraps off its Dynamic Network Services portfolio comprising three offerings: Bandwidth on demand; on-demand virtual services; and on-demand software-defined wide-area networks (SD-WAN).

The first stage enables customers to turn up and down the speeds they're using at will under consumption-based pricing, BT said, which is aimed at aiding the increasing uptake of cloud solutions.

The second phase will see "purely virtual" products, cloud service nodes, and technologies launch by mid-2018, with such network services able to be switched on and off as and where needed by companies, and will be charged via hourly usage, BT told ZDNet.

The final piece of the puzzle involves provisioning on-demand virtual networks, with BT kicking off its SD-WAN suite with the release of Nokia's Agile Connect product, to be joined by Cisco intelligent WAN (IWAN) products in the future.

BT said it is able to extend its virtual networks not only over its own infrastructure, but also over the top of any other carrier.

To match these new network offerings, BT said it was focused on improving its security services.

Earlier this month, BT then announced its new cloud-based "business-platform-as-a-service" offering, which is aimed at speeding up the time it takes businesses to go to market with digitised services.

BT said the new platform, labelled the BT Personalised Compute Management System (PCMS), allows customers to access, purchase, and bring their own digital services to market within around 12 weeks.

It utilises BT's "cloud of clouds" solution, which connects customers to cloud collaboration apps, security services, third-party datacentres, customer datacentres, and third-party cloud services including Cisco, Amazon Web Services, Microsoft Azure, Oracle, HPE, Salesforce, Equinix, Google, and IBM Softlayer.

PCMS contains a global catalogue of services with localised sales channels, allowing customers to buy online in their own currency, contract terms, taxation laws, and language, BT explained.

The platform currently has more than 45 digital business support processes, including customer management, product management, user authentication, order management, and billing solutions.

(1st October 2017)


EQUIFAX HACK PUTS DATA OF 400,000 UK CUSTOMERS AT RISK

(The Guardian, dated 16th September 2017 author Press Association)

Full article [Option 1]:

www.theguardian.com/technology/2017/sep/16/equifax-hack-puts-data-of-400000-uk-customers-at-risk

About 400,000 people in the UK may have had their information stolen following a cybersecurity breach at the credit monitoring firm Equifax.

The US company said an investigation had revealed that a file containing UK consumer information "may potentially have been accessed".

The data includes names, dates of birth, email addresses and telephone numbers, but does not contain postal addresses, passwords or financial information. Equifax, which is based in Atlanta, discovered the hack in July but only informed consumers last week.

In an effort to provide reassurance, the firm said it was unlikely people would be hit by "identity takeover". It said it would contact them in writing to offer advice and a free identity protection service to monitor their personal information and data.

Equifax's president, Patricio Remon, said: "We apologise for this failure to protect UK consumer data. Our immediate focus is to support those affected by this incident and to ensure we make all of the necessary improvements and investments to strengthen our security and processes."

Equifax alerted the public to the cyber-attack on 7 September. The data of 143 million people was breached in America.

Equifax said its UK systems had not been impacted by the attack but that information on British consumers may have been accessed because of a process failure in 2016 that meant a limited amount of UK data was stored on the US system between 2011 and 2016.

The UK consumer data that may have been stolen does not include "any single Equifax business clients or institution," it said.

The alert comes after the Information Commissioner's Office (ICO) ordered Equifax to alert British customers following the firm's announcement that criminals had exploited a website application to access its files.

Lenders rely on the information collected by credit bureaus such as Equifax to help them decide whether to approve financing for homes, cars and credit cards.

A spokesman for the ICO said: "It is always a company's responsibility to identify UK victims and take steps to reduce any harm to consumers.

"The Information Commissioner's Office have been pressing the firm to establish the scale of any impact on UK citizens and have also been engaging with relevant US and UK agencies about the nature of the data breach.

"It can take some time to understand the true impact of incidents like this, and we continue to investigate.

"Members of the public should remain vigilant of any unsolicited emails, texts or calls, even if it appears to be from a company they are familiar with.

"We also advise that people review their financial statements regularly for any unfamiliar activity.

"If any financial details appear to have been compromised, victims should immediately notify their bank or card company. If anyone thinks they may have been a victim of a cyber crime they should contact Action Fraud."

Equifax said the investigation into the data breach was ongoing and it was working with the Financial Conduct Authority and the ICO.

Cyber-attacks have become an increasing problem for firms that hold a large amount of customer data. HSBC and TalkTalk are among the most high profile British firms to be hit in recent years.

uaware - further information

-----------------------

The Equifax breach and 5 years of missed warning signs
(Huffington Post, dated 17th September 2017 author Dante Disparte)

Full article [Option 1]:

www.huffingtonpost.com/entry/the-equifax-breach-and-5-years-of-missed-warning-signs_us_59bf2480e4b06b71800c3b07

-----------------------

EQUIFAX AND THE UK - WHATS GOING ON ?
(BBC News, dated 14th September 2017 author Rory Cellan-Jones)

Full article : www.bbc.co.uk/news/technology-41257580

-----------------------

CYBERSECURITY INCIDENT AND IMPORTANT CONSUMER INFORMATION
(Equifax, 15th September 2017)

Full article [Option 1]: https://www.equifaxsecurity2017.com/

-----------------------

CREDIT CARD FRAUD SPIKES AFTER EQUIFAX CYBER-ATTACK
(New York Post, dated 8th September 2017 author Lisa Fickenscher)

Full article [Option 1]:

http://nypost.com/2017/09/08/credit-card-fraud-spikes-after-equifax-cyber-attack/?utm_campaign=partnerfeed&utm_medium=syndicated&utm_source=flipboard

-----------------------

EQUIFAX IT LEADERS "RETIRE" AS COMPANY SAYS IT KNEW ABOUT THE BUG THAT BROUGHT IT DOWN
(The Register, dated 17th September 2017 author Simon Sharwood)

Full article [Option 1]: www.theregister.co.uk/2017/09/17/equifax_cio_and_cso_retire/

-----------------------

(1st October 2017)

POLICE TAKE 40 MINUTES TO REACH 999 CALLERS
(London Evening Standard, dated 15th September 2017 author Justin Davenport)

Full article [Option 1]:

Scotland Yard has reviewed response policing in parts of London after officers took nearly 40 minutes to reach emergency calls.

Police took an average 36 minutes to respond to 999 calls in Redbridge in June, and 35 minutes in Barking and Dagenham.

The boroughs are part of a trial "super borough" - which also includes Havering - set up in a bid to modernise the force.

Camden and Islington were also merged under the scheme and figures show the Met also failed to reach target response times for 999 calls in these boroughs in June.

Launched in January, the two areas are paving the way for a shake-up in policing in London which will see fewer senior officers and an end to the 32-borough structure.

Critics of the plan say it will leave vast areas under the command of relatively junior officers. Insiders claim that response officers are forced to race on blue lights from an emergency call at one end of a "super borough" to another miles away.

Concerns were raised about figures showing that police were failing to reach the most urgent "I-grade" or "immediate" 999 calls within a target time of 15 minutes.

Typically, these are calls where a resident is reporting a burglar in their home or where someone is in danger of serious injury.

Figures seen by the Standard show response times in the five test boroughs steadily worsened from January when the project began.

Insiders say hundreds of priority calls - so-called "S" calls which should be answered inside one hour - were not even attended on the day they were made but handed to the next shift.

Scotland Yard today admitted some emergency calls were handed over to the following day's shift but insisted police control room operators stayed in touch with callers to ensure that lives were not at risk.

Deputy Assistant Commissioner Mark Simmons, who is responsible for the trial, said: "We have had a problem with response times in these three boroughs [Redbridge, Barking and Dagenham, and Havering], some of the changes we put in place did not work in the way that we thought they would.

We have made significant changes to address that and we have made improvements in response times.

"They are not back to where we want them to be but they are heading in the right direction."

Police say 73 per cent of calls in the three boroughs are now within 15 minutes, compared with 50 per cent in June. The average response time is now just over 10 minutes.

(1st September 2017)


ANOTHER MONTH, ANOTHER MALWARE OUTBREAK IN GOOGLE'S PLAY STORE
(The Register, dated 15th September 2017 author Iain Thomson)

Full Article [Option 1]:

www.theregister.co.uk/2017/09/15/malware_outbreak_googles_play_store/

Google has had to pull 50 malware-laden apps from its Play Store after researchers found that virus writers had once again managed to fool the Chocolate Factory's code checking system.

The malware was dubbed ExpensiveWall by Check Point security researchers because it was found in the Lovely Wallpaper app. It carries a payload that registers victims for paid online services and sends premium SMS messages from a user's phone and leaves them to pick up the bill. It was found in 50 apps on the Play Store and downloaded by between 1 million and 4.2 million users.

The malware is a strain that the researchers first spotted in the Play Store in January, but with one crucial difference. This time the authors had encrypted and compressed the malware, making it impossible for Google's automated checking processes to spot.

Once downloaded, the malware asks for permission to access the internet and send and receive SMS messages. It then pings its command and control server with information on the infected handset, including its location and unique identifiers, such as MAC and IP addresses, IMSI, and IMEI numbers.

The servers then send the malware a URL, which it opens in an embedded WebView window. It then downloads the attack JavaScript code and begins to clock up bills for the victim. The researchers think the malware came from a software development kit called GTK.

"Check Point notified Google about ExpensiveWall on August 7, 2017, and Google promptly removed the reported samples from its store," the researchers note. "However, even after the affected Apps were removed, within days another sample infiltrated Google Play, infecting more than 5,000 devices before it was removed four days later."

It appears that Google missed warnings about the malware infection. The user comments section of at least one of the infected apps was filled with outraged users noting that it was carrying a malicious payload and it appears that the apps were being promoted on Instagram.

Cases of malware infecting Google's Play Store are becoming depressingly common. Just last month it was banking malware and a botnet controller, in July commercial spyware made it in, advertising spamming code popped up in May (preceded by similar cases in March and April), and there was a ransomware outbreak in January.

By contrast, Apple's App Store appears to do a much better job at checking code, and malware is a rarity in Cupertino's app bazaar. While some developers complain that it can take a long time to get code cleared by Apple, at least the firm is protecting its customers by doing a thorough job, although Apple's small market share also means malware writers tend not to use iOS for their apps.

By contrast, Google's Bouncer automated code-checking software appears to be very easily fooled. Google advised users to only download apps from its Store, since many third-party marketplaces are riddled with dodgy apps, but that advice is getting increasingly untenable.

It's clear something's going to have to change down at the Chocolate Factory to rectify this. A big outbreak of seriously damaging malware could wreak havoc, given Android's current market share, and permanently link the reputation of the operating system with malware, in the same way as Windows in the 90s and noughties.

(1st October 2017)


UK TERROR ARRESTS RISE 68% TO RECORD LEVEL DURING YEAR OF ATTACKS
(The Guardian, dated 14th September 2017 author Alan Travis)

Full article [Option 1]:

www.theguardian.com/uk-news/2017/sep/14/uk-terror-arrests-rise-68-record-level-during-year-attacks

The number of people arrested for terrorism-linked offences rose 68% to a record 379 in the 12 months to June, one of the most intense periods for terrorist attacks in recent history.

The Home Office said it was the highest number of terrorist arrests in a year since records began in 2001. They included 12 arrests linked to the Westminster attack in March, 23 connected with the Manchester Arena bombing in May, 21 arrests following the London Bridge attack in June and one in relation to the Finsbury Park van attack soon after.

The Home Office quarterly bulletin on the police's use of their counter-terrorism powers says 123 of those arrested were charged - 105 with terrorism offences - and 189 were released without charge. The rest were either bailed pending further investigation or faced alternative action.

So far, 32 of the 105 charged with terrorist offences have been prosecuted and found guilty and 68 are awaiting prosecution.

The number of terrorist prisoners in British jails has also risen in the past year, by 35% to 204. The Home Office said 91% of those in prison on 30 June held extreme Islamist views and a further 5% had far-right ideologies.

Police use of stop and search powers under the counter-terrorism laws rose by 17%, from 552 stops to 646. But the proportion of people arrested as a result of stops fell from 12% in the previous year to 8% this year.

The deputy assistant commissionerand senior national coordinator for counter-terrorism policing, Neil Basu, said six terrorist plots had been prevented since the Westminster attack in March.

"There is no doubt that since March and following the attacks in London and Manchester we have seen a shift-change in momentum. But while the terrorist threat has increased in recent months, so has our activity, reflected by this significant increase in arrests.

"We're taking every possible opportunity to disrupt terrorist activity - be it making arrests for terrorism offences, intervening where there are signs of radicalisation, or working with communities to prevent terrorists operating in their area," he said.

"Police, together with the security services are determined to make the UK as hostile an environment for terrorists as possible."

The figures show there have been 19 terrorist plots foiled in the UK by police and the UK intelligence community since June 2013. A broad spectrum of people have been arrested in connection with terrorism investigations in terms of age, gender and ethnicity.

"These figures show that there is no such thing as a 'typical' terrorist," Basu said.

"We're seeing young and old; women and men; all from a variety of different ethnic backgrounds and communities. It's therefore important that members of the public remain vigilant in all situations, and report any suspicious activity to police."

(1st October 2017)



NUMBER OF YOUNG PEOPLE PENALISED CARRYING KNIVES AT EIGHT YEAR HIGH
(The Guardian, dated 14th September 2017 author Damien Gayle)

Full article [Option 1]:

www.theguardian.com/uk-news/2017/sep/14/number-of-young-people-penalised-for-carrying-knives-at-eight-year-high

More young people are being cautioned or sentenced for carrying knives than at any time for nearly eight years, new figures have revealed.

Under-18s were penalised for knife possession 1,180 times from April to June, Ministry of Justice statistics show - the highest quarterly tally for that age group since the period July to September 2009.

In total, 5,237 knife possession offences were dealt with by the criminal justice system in the three months to the end of June - up 6% on the equivalent period in 2016.

An MoJ report accompanying the statistics said knife possession offences fell between 2008 and 2014, but the trend has reversed in the last three years.

The figures come amid fresh concern about knife crime, particularly in London where 13 teenagers have been fatally stabbed so far this year. Teenagers have also been charged in many cases where adults have been the victims of deadly stabbings.

Police have shifted their outlook on youth knife crime away from a narrative of gang violence, and now say young people are more often carrying blades for status and self-protection.

Whitney Iles, of Project 507, a social enterprise that tackles the causes of violence, said the increase in knife crime had created a vicious spiral that spurred more young people to carry weapons. Fewer educational opportunities and a lack of decent jobs has also left young people feeling dismal about their future, making them more likely to take risks and adopt violent lifestyles, she said.

"These kinds of things spread, so you have to look at it from the more people that are carrying knives it means that more and more people are going to want to protect themselves," Iles said. "If you carry a knife it means that you are willing to put your life in danger and it means that you feel like your life is in danger - you go straight into survival mode.

"If we've got young people that are not seeing themselves as able to live a longer life or have the opportunities that they need or deserve, then what we have is a lot of young people who are thinking more in the moment."

Two in five adult offenders and 13% of juveniles were given an immediate custodial sentence. Three in 10 juvenile offenders and 7% of adults received cautions.

Under a "two strikes" system introduced in 2015, minimum sentences were introduced for those aged 16 and over who are convicted of a second or subsequent offence of possession of a knife or offensive weapon.

The punishments are at least six months imprisonment for adults, while young offenders face a minimum four-month detention and training order.

Dominic Raab, the justice minister, said: "We're catching and prosecuting more of those who carry a knife or blade. Those convicted are more likely to go to prison, and for longer terms. Knives are a scourge of communities. Our message to those carrying a knife is that you should expect to end up in jail."

So far, 26 young people have been killed by knives in the UK in 2017, according to the Guardian's count.

(1st October 2017)


CONFUSION HITS CONSUMER MARKET OVER US BAN OF KASPERSKY
(CNBC and Reuters, dated 14th September 2017)

Full article [Option 1]:

www.cnbc.com/2017/09/14/confusion-hits-consumer-market-over-us-ban-of-kaspersky.html

Worries rippled through the consumer market for antivirus software after the U.S. government banned federal agencies from using Kaspersky Labs software on Wednesday. Best Buy said it will no longer sell software made by the Russian company, although one security researcher said most consumers don't need to be alarmed.

Best Buy declined to give details about why it dropped Kaspersky products, saying that it doesn't comment on contracts with specific vendors. The Minneapolis Star Tribune first reported that Best Buy would stop selling Kaspersky software.

The U.S. Department of Homeland Security cited concerns about possible ties between unnamed Kaspersky officials and the Kremlin and Russian intelligence services. The department also noted that Russian law might compel Kaspersky to assist the government in espionage.

Kaspersky has denied any unethical ties with Russia or any government. It said Wednesday that its products have been sold at Best Buy for a decade. Kaspersky software is widely used by consumers in both free and paid versions, raising the question of whether those users should follow the U.S. government's lead.

Nicholas Weaver, a computer security researcher at the University of California, Berkeley, called the U.S. government decision "prudent"; he had argued for such a step in July. But he added by email that "for most everybody else, the software is fine."

The biggest risk to U.S. government computers is if Moscow-based Kaspersky is subject to "government-mandated malicious update," Weaver wrote this summer.

Kaspersky products accounted for about 5.5 percent of anti-malware software products worldwide, according to research firm Statista.

Another expert, though, suggested that consumers should also uninstall Kaspersky software to avoid any potential risks. Michael Sulmeyer, director of a cybersecurity program at Harvard, noted that antivirus software has deep access to one's computer and network.

"Voluntarily introducing this kind of Russian software in a geopolitical landscape where the U.S.-Russia relationship is not good at all, I think would be assuming too much risk," he said. "There are plenty of alternatives out there."

Sulmeyer also said retailers should follow Best Buy's lead and stop selling the software.

Amazon, which sells Kaspersky software, declined to comment. Staples and Office Depot, both of which sell the software, didn't immediately return messages seeking comment.

Various U.S. law enforcement and intelligence agencies and several congressional committees are investigating Russian meddling in the 2016 presidential election.

Kaspersky said it is not subject to the Russian laws cited in the directive and said information received by the company is protected in accordance with legal requirements and stringent industry standards, including encryption.

Russia criticized the decision to band the software, saying the U.S. ban is delaying the recovery of bilateral ties between the two countries.

The decision by the U.S. government to stop using Kaspersky Lab products is "regrettable," the Russian embassy in the United States said.

"These steps can only evoke regrets. They only move back the prospects of bilateral ties recovery," the embassy said in a statement issued late on Wednesday.

It also called for consideration of Russia's proposal to form a joint group to address cybersecurity issues.

(1st October 2017)


ULTRASOUND TURNS SIRI AGAINST YOU

(New Scientist, dated 13th September 2017 author Nicole Kobie)

Full article [Option 1]:

www.newscientist.com/article/mg23531433-300-siri-and-alexa-can-be-turned-against-you-by-ultrasound-whispers/

DID you hear that? Alexa certainly did. Voice assistants have been hijacked using sounds above the range of human hearing. Once in, researchers were able to make phone calls, post on social media and disconnect wireless services, among other things.

That is a problem because voice assistants can also be connected to services ranging from smart thermostats to internet banking, so security breaches are pretty serious.

The hack was created by Guoming Zhang, Chen Yan and their team at Zhejiang University in China. Using ultrasound, a command inaudible to us was used to wake the assistant, giving the attacker control of the speaker, smartphone or other device, as well as access to any connected systems (Cryptography and Security, arxiv.org/abs/1708.09537).

The attack works by converting the usual wake-up commands - "OK Google" or "Hey Siri" - into high-pitched analogues. When a voice assistant hears these sounds, it still recognises them as legitimate commands, even though they are imperceptible to the human ear.

Yet it isn't easy to pull off. The attacker needs to be close to the target device to hack it, although it may be possible to play the commands via a hidden speaker as they walk past. Assistants falling for the ploy included Amazon's Alexa, Apple's Siri, Google Now and Microsoft's Cortana.

"Voice assistants are now connected to everything from thermostats to smart banking"

But not all devices were equally easy to fool. To take control of Siri, the owner's voice had to be surreptitiously recorded for playback before being converted to ultrasound, as Apple's system recognises only the speaker.

To secure voice assistants in the future, ultrasound could be suppressed, says Tavish Vaidya of Georgetown University in Washington DC. However, we should focus on protecting against unauthorised commands rather than limiting what assistants can do, he says.

(1st October 2017)

THEY HEAD FOR LONDON IN THE HOPE OF ESCAPING POVERTY....BUT THE SLAVE MASTERS ARE WAITING
(London Evening Standard, dated 13th September 2017 author Ed Cummings)

Full article [Option 1]:

www.standard.co.uk/news/modern-slavery/they-head-for-london-in-the-hope-of-escaping-poverty-but-the-slave-masters-are-waiting-a3633621.html

Down a dirt track on the outskirts of Lagos, sitting in a bare concrete safe house behind an eight-foot fence, the women told me their stories. How they had left their homes after the promise of a better life in Europe, only to find themselves beaten, abused, raped and forced to work as prostitutes.

Recognised as victims of trafficking and returned to safety in Nigeria, these were the lucky ones, although some of them struggled to believe it. But in bleak rooms all over London and the UK, their fellow victims are still being exploited and abused.

Anywhere that people dream of a better life, traffickers lie in wait to take advantage of them. Just as it is an international centre of other kinds of business, London has become a global hub for modern slavery.

As Kevin Hyland, the Independent Anti-Slavery Commissioner, tells the Standard: "London is a global city, truly multicultural, and while that's one of the best things about the capital, we know that criminals have also exploited that.

Where do Britain's modern slaves come from?

The majority of confirmed victims of slavery in the UK in 2016 came from these 30 countries (including the UK).

United Kingdom : 326
Albania : 699
Afghanistan : 83
Bangladesh : 54
Bulgaria : 21
China : 241
Czech Republic : 37
DR Congo : 22
Eritrea : 109
Ethiopia : 41
Egypt : 19
Ghana : 45
Hungary : 36
India : 100
Iran : 60
Iraq : 39
Latvia : 21
Lithuania : 38
Nigeria : 243
Pakistan : 70
Poland : 163
Philippines : 45
Romania : 202
Slovkia : 73
Somalia : 37
Sudan : 79
Thailand : 23
Uganda : 21
Vietnam : 519
Zimbabwe : 19

"London has a huge population with busy airports and a big economy. There is immense demand for illicit services. The criminals have been getting away with it for far too long.

"Compared to smuggling guns or drugs, trafficking of people has been seen as low-risk. We need to develop an understanding of the whole threat picture.

"Until recently we've been operating on unfounded intelligence, or myths. If we don't get these basics right, our response will be wrong."

The National Referral Mechanism identified almost 4,000 potential victims last year, from a staggering 108 countries. As our map shows, the most common foreign nationalities of the victims are Albanian, Vietnamese and Nigerian, followed by Chinese and Romanian.

Given that Mr Hyland estimates the true number of victims to be much higher, up to 13,000 and, according to the National Crime Agency, possibly in the tens of thousands, it's likely there are even more countries involved.

Mr Hyland has launched a report into the trafficking routes from Vietnam. One of his goals as commissioner is to show the complex relationships between Britain and origin countries, each of which has distinct cultural factors that can seem alien to British observers.

Nigerian women might fear a Juju curse. Vietnamese boys - young males make up the largest cohort of Vietnamese modern slaves in Britain - live in fear of debt. A typical case might involve a friend or neighbour offering work in London to someone in the north of Vietnam. As identified in the commissioner's report, the price for transport could be anything from £10,000 to £33,000.

As collateral, the victim's parents might hand over the "red book", the deeds to their property. The journey could take months, with various overland routes leading to France, where the victim will wait with hundreds of other Vietnamese people for an opportunity to cross the Channel. Along the way, beatings and rape are common. Even if they get to the UK, they will almost never repay the debt.

Re-trafficking is another key issue. Once a Vietnamese person has been released from one exploitative situation, through escape, especially from less secure children's facilities or a raid, they can often find themselves walking the streets.

It's easy for them to end up being exploited again. It might be a nail bar, for example, rather than a cannabis farm: often the two businesses are interconnected, with nail bars used to launder drug profits.

Parosha Chandran, the UK's leading anti-slavery barrister and a United Nations expert on trafficking, says part of the problem is the lack of co-ordination between police departments. Too often, raids focus on disrupting the place of illegal cannabis cultivation, rather than investigating who is responsible for running the sophisticated, often multi-million-pound drug business the trafficking victims are caught up in.

Until a landmark case she won, children and adults found cultivating cannabis in this manner were prosecuted as criminals, rather than recognised as being victims of modern slavery.

"It's time for some critical leadership on investigating modern slavery," she says. "There are two crimes being committed [in these cases]: human trafficking and the illegal cultivation of drugs.

"Both have all the hallmarks of organised crime. Police departments must club together their expertise on financial crime, drug crime, modern slavery and witness protection to have an effective response.

"They need to trace money streams, preserve evidence at the scene and offer witness protection to victims to encourage them to come forward, to help with prosecutions. These gangs rule by fear."

While law enforcement has a part to play, it is not the only piece of the puzzle. Londoners who use cannabis, or visit nail bars or car washes, have a responsibility to spot the signs, and fight the modern slavery that goes on under their noses.


Ten key signs that someone is a victim - Spot the red flags and help stop slavery

- Is someone always watching them?

- Do they have injuries that appear to be the result of an assault?

- Do they seem frightened or won't look you in the eye?

- Do they always wear the same few clothes?

- Do they look starving or neglected?

- Are they living in dirty, cramped or overcrowded conditions?

- Do they live and work at the same address?

- Are they being controlled by a "boyfriend"?

- Do they have ID documents?

- Are their travel arrangements unusual?


Take action to end slavery by going to our online activity platform :

www.freedomunited.org/evening-standard-modern-slavery/

(1st October 2017)


WHY HOTEL WIFI CONNECTIONS ARE A HACKERS DREAM COME TRUE
(International Business Times, dated 12th September 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/why-hotel-wifi-connections-are-hackers-dream-come-true-explained-1639101

With your feet up at the end of a long day and with the tiny kettle boiling, it can be very tempting to log into your hotel's WiFi connection and have a scroll through social media. You may quickly log in to your online banking, download some podcasts or even send some work emails.

But have you ever stopped to consider the hotspot you are connected to - which is probably using the name of the hotel followed by the word 'Guest' - is actually a trap?

That your usernames, passwords and other sensitive information may be flowing directly into the hands of a hacker? You should, cybersecurity experts warn.

This week (12 September), research from Broadband Genie, which asked 2,512 thousand people about their internet access when staying in hotels, found that more than 90% admitted to logging in when it's available.

A whole 58% said they were not worried about being monitored.

The survey revealed that the most popular uses for hotel WiFi included email and internet browsing.

A small, but still significant, number (26%) said they used it for work purposes. But nearly all respondents, it claimed, were accessing some form of private data.

You may think it's not important. Why would a hacker be interested in you, after all?

Unfortunately, hackers trade in data - and hotel WiFi connects transmit a lot of sensitive information. Emails contain passwords. Work email accounts are a chance to mould successful social engineering attacks. Your bank account - well, that one is obvious.

Does the connection even have a password?

"Assuming the hotel WiFi is unsecured, the range of potential attacks is broad," Ondrej Kubovic, a security expert at Slovakia-based antivirus firm ESET, told IBTimes UK.

"An attacker can passively eavesdrop on the victim's communication, alter it, hijack the user's session, redirect him/her to malicious sites, extract sensitive data or even manipulate the victim to download malware and take control of his/her device," he added.

Rob Hillborn, head of strategy at Broadband Genie, elaborated: "I think many go in on the assumption they are secure because they've paid for a service and are in a safe environment, where actually we should always be erring on the side of caution on any WiFi connection."

Studies show that such connections are a major weak spot for the general public.

In 2015, cybersecurity firm F-Secure conducted an experiment on the streets of London - creating a fake hotspot to see how many people joined without question. In one half-hour period, a whopping 250 devices connected to the hotspot, the firm later revealed in a report.

One of the terms and conditions of the hijacked hotspot's use was that the user must give up their first-born child or most beloved pet in exchange for the internet. Six people agreed.

"What are we really signing up for when we check the 'agree' box at the end of a long list of T&C's we don't read?" the firm pondered in a blog post at the time. "There's a need for more clarity and transparency about what's actually being collected or required of the user."

And when it comes to the more specific topic of WiFi in hotel rooms - hackers have been caught exploiting it for gain on numerous occasions - be it for money or espionage.

One of the most prolific groups to conduct these operations has, aptly, been dubbed DarkHotel.

n 2014, researchers from Kaspersky Lab, a Russian cybersecurity firm, found the group had - for years - been using malware on victims staying in hotels, mostly businessmen.

It took advantage of unprotected WiFi connections to launch phishing attacks.

"Considering their well-resourced, advanced exploit development efforts and large, dynamic infrastructure, we expect more DarkHotel activity in the coming years," Kaspersky Lab warned in a report at the time.

They were correct.

In 2017, the hackers were again profiled by security firm Bitdefender, which found the team had shifted its attention to political figures. "The threat actors have been able to run their business undisturbed for years," warned threat researcher Bogdan Botezatu in his analysis.

So the problem hasn't gone away. In fact, as more personal information is being bundled into smartphones and tablets, the issue is only likely to intensify, security experts believe.

"Hotel WiFi, or indeed any other public WiFi such as the ones found in airports and coffee shops, should always be approached with caution," Javvad Malik, a security advocate at AlienVault, told IBTimes UK. "It is relatively trivial for an attacker to set up a fake access point."

Users who want to browse the web using public WiFi should, if possible, use a virtual private network, or VPN, to add an extra later of security. In many cases, a common sense approach is paramount - be vigilant of what you click and make sure websites are legitimate.

(1st October 2017)


GUN POLICE TO TAKE ON TERRORISTS FROM NEW LONDON HQ
(London Evening Standard, dated 11th September 2017 authors Martin Bentham and Justin Davenport)

Full article [Option 1]:

www.standard.co.uk/news/london/antiterror-police-to-have-new-50m-hq-and-training-centre-in-london-a3631741.html

A new £50 million base for armed police officers is to be built in central London to help protect the public from terrorism.

The new base will house at least 200 officers and contain a practice firing range, weapons storage and other facilities designed to enable the force's firearms specialists to hone their shooting and decision making skills.

It will be built in Limehouse and is being located in east London partly to make it easier to keep officers on hand to respond to any future terror attacks in the capital.

The move comes as the Met also announced it would trial the use of drones for firearms operations and other police actions in London.

Scotland Yard said it was borrowing a drone from Sussex Police to help deal with incidents such as high risk missing people, serious traffic collisions, searches for suspects and the identification of cannabis factories.

However, the drone would also provide aerial support for "pre-planned and spontaneous firearms operations" in an eight week trial. It will also be used in surveillance operations to provide life footage of operation deployments.

The decision to set up the new firearms base comes as the Met continues to expand its firearms capability through the recruitment of 600 extra armed officers.

Once completed that will take the total number of armed officers employed by the Met to 2,800.

The increase, which amounts to a rise of more than a third in the number of armed officers in London, was ordered last year before this summer's terror attacks in the capital and Manchester in recognition of the heightened threat since the Islamic State urged its followers to inflict murder in their own countries using whatever means possible.

But the need for armed officers to be available to respond rapidly has been illustrated by the incidents at Westminster and London Bridge in particular, as well as by attacks overseas in Barcelona and elsewhere.

News of the new base comes 100 days after the London Bridge attack when armed officers rushed to the scene to confront and kill the three Islamist attackers within eight minutes.

Disclosing the decision to set up a firearms base in Limehouse, Met Deputy Commissioner Craig Mackey said the force needed new sites for its armed officers and had already built a new firearms range at Hendon.

But the new Limehouse base would make it easier to ensure that officers were easily available to tackle both terrorist incidents and other crimes in which guns might be involved.

He added: " The reality is that when you have the sort of firearms capability we have, you have to acrredit and train people regularly.

"The firearms range at Hendon is up, but it's not just that one. As we redevelop in the east of London we are looking at a similar type of capability at Limehouse. That's about making sure we can keep those officers trained, accredited, and up to the standards they need to be, and available."

Mr Mackey said the projected £50 million cost was a "place marker" figure and that the eventual bill could be either higher or lower.

Other non-firearms officers would also be stationed at Limehouse, which will be built as part of a wider overhaul of the Met's property portfolio under which more than 250 buildings will be disposed of and a smaller number of new stations developed to take their place.

"You will see buildings that are multi-functional, that have uniformed operational officers, custody facilities, where we put road policing units, that's the sort of thing that Limehouse will be," Mr Mackey said.

The Met's armed officers will continue to train at a firing range in Gravesend. The opening of the Hendon range has given the force extra capacity but the centrally located Limehouse base will represent a further significant step up.

The Limehouse base will replace the existing Met firearms base in Leman Street in the City of London which is expected to be sold off.

At the moment, as well as armed officers stationed at prominent locations such as Parliament and Buckingham Palace, other Met firearms teams patrol the capital covertly in vehicles.

The aim is to ensure that they are available to respond rapidly to any incident, terrorist or otherwise, requiring an armed response. The speed at which the firearms teams are able to deal with incidents was illustrated at the London Bridge attack when armed officers rushed to the scene, before confronting and killing the three Islamist attackers within eight minutes of being deployed.

In terrorist incidents, firearms officers are trained to advance towards attackers, despite the risk to their own lives.

They are also instructed to fire repeatedly if necessary to ensure that an attacker is completely incapacitated, which will usually mean dead, because of the risk that a suicide belt or other bomb might otherwise be detonated.

A firm date for the construction of the new Limehouse base has yet to be set but it is part of a five year plan by the Met to transform its property portfolio by closing little used buildings while at the same time updating others or building new ones.

The aim is to improve the force's efficiency and save enough money to fund redevelopment and pay for 1,100 officers.

(1st October 2017)


BEST BUY YANKS KASPERSKY ANTIVIRUS FROM THE SHELVES
(The Register, dated 8th September 2017 author Iain Thomson)

Full article [Option 1]:

www.theregister.co.uk/2017/09/08/best_buy_yanks_kaspersky_software/

US big box retailer Best Buy has pulled from its shelves Kaspersky Lab's PC security software amid fears of Kremlin spies using the antivirus tool to snoop on Americans.

Despite there being no concrete evidence to indicate that the security software is a threat, the retail chain is ending its long relationship with Kaspersky, a Best Buy spokesperson confirmed to The Register on Friday. As to the reasoning, the store chain just said that it doesn't comment on contracts with specific vendors.

"Kaspersky Lab and Best Buy have suspended their relationship at this time; however, the relationship may be re-evaluated in the future," the Russian biz told The Register today.

"Kaspersky Lab has enjoyed a decade-long partnership with Best Buy and its customer base, and Kaspersky Lab will continue to offer its industry-leading cybersecurity solutions to consumers through its website and other retailers."

The news caps off a lousy week for Kaspersky. On Monday US Senator Jeanne Shaheen (D-NH) introduced an amendment to the National Defense Authorization Act that would ban Kaspersky software from any federal computer, following on from her earlier ban on the software being used by the Department of Defense.

"Because Kaspersky's servers are in Russia, sensitive United States data is constantly cycled through a hostile country," she said in an op-ed supporting the amendment.

"Under Russian laws and according to Kaspersky Lab's certification by the FSB, the company is required to assist the spy agency in its operations, and the FSB can assign agency officers to work at the company. Russian law requires telecommunications service providers such as Kaspersky Lab to install communications interception equipment that allows the FSB to monitor all of a company's data transmissions."

What she didn't add is that under the terms of the Patriot Act and other legislation pushed through as part of The War Against Terror (TWAT), American software companies are under similar obligations if the government comes knocking at their doors.

Indeed, the CIA's investment arm In-Q-Tel even funds security startups. FireEye, Interset, ArcSight and Silver Tail Systems all got funding from the intelligence agency.

But why let the facts get in the way of a good bit of publicity? Bashing Kaspersky is very much the game de jour at the moment. The FBI has been giving classified briefings to politicians warning them about the software and conducting nocturnal visits to Kaspersky staffers' homes. Those of us without security clearance are being told to trust them and steer clear of the nasty Russian code, m'kay.

Eugene Kasperky, the eccentric founder of the firm that bears his name, has repeatedly and vehemently denied that there are any backdoors in his software that the FSB can use. He has offered the source code up for inspection by the US government, but no one's taking him up on it.

All this technology bashing has had another effect, however. It appears to have given Vladimir Putin ideas about doing exactly the same thing - a move that could be very costly for some technology companies.

At a meeting of technology executives in the Perm region, Putin told them that they should aim to be using only Russian software. Currently about 30 per cent of the software used by Russian business is home grown, and Putin told them that had to change - the government might penalize some companies if they don't.

"In terms of security, there are things of critical importance for the state, that are essential to support certain industries and regions," he said, the state mouthpiece RT reports.

"You shouldn't offer IBM [products], or foreign software. We won't be able to take it because of too many risks."

Updated to add

Best Buy has confirmed that customers who bought Kaspersky software can have it removed by the retailer's Geek Squad techies, who may also check the computer for child abuse images.

(1st October 2017)


59 POLICE OFFICERS SACKED OR PUNISHED FOR RACIST BEHAVIOUR
(London Evening Standard, dated 8th September 2017 author Benedict Moore-Bridger)

Full article [Option 1]:

www.standard.co.uk/news/crime/revealed-59-met-police-officers-sacked-or-punished-for-racist-behaviour-a3629956.html

Fifty-nine Met police officers have been sacked or disciplined for racist behaviour in the past five years, the Standard can reveal.

Scotland Yard dismissed 18 officers following complaints about race discrimination and 41 were subject to other disciplinary sanctions.

The figures, from a freedom of information request, also show that 37 cases of discriminatory behaviour on the basis of race were referred to the Independent Police Complaints Commission between January 2012 and this May.

Between 1999 and 2011, 120 Met officers were found guilty of racist behaviour, with six forced to resign, one dismissed and the rest receiving a sanction, most commonly a fine.

In 1999 the Macpherson report, on the investigation into the 1993 murder of black teenager Stephen Lawrence in Eltham, branded the force "institutionally racist". Since then 550 complaints of racist behaviour against Met officers have been referred to the IPCC.

Details of dismissals or final written warnings include an officer in a squad car who remarked that an area of London needed to be "ethnically cleansed". Told that such a comment should not be made, the officer replied: "Why not?" Others made racist remarks to colleagues and the public, or on messaging apps. In 2013 Pc Alex MacFarlane was sacked for gross misconduct after being secretly recorded telling a man under arrest: "The problem with you is that you will always be a n*****."

Another off-duty officer racially abused a ticket inspector on a train when the friends he was with were told to pay penalty fares after trying to pretend they were also police officers.

Retired police superintendent Leroy Logan, founder and former chairman of the Met's Black Police Association, said: "This saddens me as an officer who gave evidence at the Stephen Lawrence inquiry. Nothing has really significantly improved so I am led to only come to the same conclusion - that the organisation is institutionally racist."

According to official statistics, only 13.4 per cent of the Met's workforce is non-white. However, Scotland Yard said the number of black and minority ethnic officers was increasing compared with previous years, and that work was being done to improve diversity.

The Met said: "Staff must act with professionalism and integrity at all times. Where conduct is proven to have fallen below standards expected, the MPS will take robust action to ensure staff are appropriately disciplined."

(1st October 2017)



WHAT IS DNS HIJACKING ?

(Wired, dated 4th September 2017 author Andy Greenberg)

Full article [Option 1]: www.wired.com/story/what-is-dns-hijacking/

Keeping your internet property safe from hackers is hard enough on its own. But as WikiLeaks was reminded this week, one hacker technique can take over your entire website without even touching it directly. Instead, it takes advantage of the plumbing of the internet to siphon away your website's visitors, and even other data like incoming emails, before they ever reach your network.

On Thursday morning, visitors to WikiLeaks.org saw not the site's usual collection of leaked secrets, but a taunting message from a mischievous group of hackers known as OurMine. WikiLeaks founder Julian Assange explained on Twitter that the website was hacked via its DNS, or Domain Name System, apparently using a perennial technique known as DNS hijacking. As WikiLeaks took care to note, that meant that its servers weren't penetrated in the attack. Instead, OurMine had exploited a more fundamental layer of the internet itself, to reroute WikiLeaks visitors to a destination of the hackers' choosing.

DNS hijacking takes advantage of how the Domain Name System functions as the internet's phone book-or more accurately, a series of phone books that a browser checks, with each book telling a browser which book to look in next, until the final one reveals the location of the server that hosts the website that the user wants to visit. When you type a domain name like "google.com" into your browser, DNS servers hosted by third parties, like the site's domain registrar, translate it into the IP address for a server that hosts that website.

"Basically, DNS is your name to the universe. It's how people find you," says Raymond Pompon, a security researcher with F5 networks who has written extensively about DNS and how hackers can maliciously exploited it. "If someone goes upstream and inserts false entries that pull people away from you, all the traffic to your website, your email, your services are going to get pointed to a false destination."

A DNS lookup is a convoluted process, and one that's largely out of the destination website's control. To perform that domain-to-IP translation, a your browser asks a DNS server-hosted by the your internet service provider-for the location of the domain, which then asks a DNS server hosted by the site's top-level domain registry (the organizations in charge of swathes of the web like .com or .org) and domain registrar, which in turn asks the DNS server of the website or company itself. A hacker who's able to corrupt a DNS lookup anywhere in that chain can send the visitor off in the wrong direction, making the site appear to be offline, or even redirecting users to a website the attacker controls.

"All of that process of lookups and handing back information are on other people's servers," says Pompon. "Only at the end do they visit your servers."

In the WikiLeaks case, it's not clear exactly which part of the DNS chain the attackers hit, or how they successfully redirected a portion of WikiLeaks' audience to their own site. (WikiLeaks also used a safeguard called HTTPS Strict Transport Security that prevented many of its visitors from being redirected, and instead showed them an error message.) But OurMine may not have needed a deep penetration of the registrar's network to pull off that attack. Even a simple social-engineering attack on a domain registrar like Dynadot or GoDaddy can spoof a request in an email, or even a phone call, impersonating the site's administrators and requesting a change to the IP address where the domain resolves.

DNS hijacking can result in more than mere embarrassment. More devious hackers than OurMine could have used the technique to redirect potential WikiLeaks sources to their own fake site to try to identify them. In October of 2016, hackers used DNS hijacking to redirect traffic to all 36 of a Brazilian bank's domains, according to an analysis by the security firm Kaspersky. For as long as six hours, they routed all of the bank's visitors to phishing pages that also attempted to install malware on their computers. "Absolutely all of the bank's online operations were under the attackers' control," Kaspersky researcher Dmitry Bestuzhev told WIRED in April, when Kaspersky revealed the attack.

In another DNS hijacking incident in 2013, the hackers known as the Syrian Electronic Army took over the domain of the New York Times. And in perhaps the most high-profile DNS attack of the last several years, hackers controlling the Mirai botnet of compromised "internet-of-things" devices flooded the servers of the DNS provider Dyn-not exactly a DNS hijacking attack so much as a DNS disruption, but one that caused major sites including Amazon, Twitter, and Reddit to drop offline for hours.

There's no foolproof protection against the kind of DNS hijacking that WikiLeaks and the New York Times have suffered, but countermeasures do exist. Site administrators can choose domain registrars who offer multi-factor authentication, for instance, requiring anyone attempting to change the site's DNS settings to have access to the Google Authenticator or Yubikey of the site's admins. Other registrars offer the ability to "lock" DNS settings, so that they can only be changed after the registrar calls a site's administrators and gets their ok.

Otherwise, DNS hijacking can enable a full takeover of a website's traffic all too easily. And stopping it is almost entirely out of your hands.

(1st October 2017)

SIX MILLION INSTAGRAM ACCOUNTS HACKED
(The Telegraph, dated 4th September 2017 author Matthew Field)

Full article [Option 1]:

www.telegraph.co.uk/technology/2017/09/04/six-million-instagram-accounts-hacked-protect/

Six million Instagram accounts have been exposed online after hackers created a dark web database of personal information, revealing private phone numbers and email addresses.

The scale of the hack on the photo-sharing site emerged after the Instagram account of singer Selena Gomez was compromised last week. UK security researchers discovered hundreds of contact details on the dark web of celebrities including Emma Watson, Taylor Swift and Harry Styles.

In addition to leaking the details of hundreds of A-listers, hackers created an online database where cyber criminals could access private user details for $10 per search.

Instagram initially said a "low percentage" of accounts had been affected, although the hackers claim they have details on as many as six million users, the Daily Beast reported.

Instagram has since responded with its advice on how to protect accounts and report suspicious activity.

The hackers, claiming to be Russian and calling themselves "Doxagram", advertised the account details on online forums with links to the dark web, claiming "it is only $10 (price of 2 cups of coffee) for celebrity contact info".

One website linked to the hack has since been taken down, with Facebook, which owns Instagram, purchasing domain names used by the hackers to take them offline.

An official Instagram account for the President of the United States of America, run by the White House social media team, was also reported to be among the exposed details.

"We quickly fixed the bug, and have been working with law enforcement on the matter," said Instagram co-founder Mike Krieger. He added account passwords had not been exposed by the security flaw.

UK cybersecurity company RepKnight identified 500 celebrity accounts that had been compromised by the hack.

"While Instagram has now fixed the bug that lead to the leak, the cat is out of the bag now, and those affected will have to take extra care to maintain their privacy," said RepKnight analyst Patrick Martin.

How was the data stolen?

The potential vulnerability on Instagram was found by researchers at Kaspersky Labs and reported to Facebook.

A flaw in the password reset option in the Instagram mobile app exposed mobile phone numbers and email addresses, but not passwords. The simple attack involved sending a request for a password reset to an account and intercepting the private phone and email details sent in response to the security query.

The vulnerability existed in a 2016 version of Instagram, meaning those with up-to-date accounts should be safe.


How to protect yourself on Instagram

Instagram has since offered its official advice on what to do if your account has been affected. Instagram said users should exercise additional caution if they receive any calls or emails from unknown or suspicious sources.

"Additionally, we're encouraging you to report any unusual activity through our reporting tools," Instagram said. "You can access those tools by tapping the "…" menu from your profile, selecting 'Report a Problem' and then 'Spam or Abuse.'"

Instagram has a page which offers users advice on how best to keep their account protected and what to do if they think an account has been hacked. Users should change their password or send themselves a password reset email if they think they have been affected.

It also suggests users turn on two-factor authentication on their accounts for added protection.

How to turn on two-factor protection on Instagram

- Go to the settings tab in the top right corner of your profile
- Scroll down and select "two-factor authentication"
- Tap "require security code"
- You will then need to add a phone number to your account
- After this a code will be sent to your phone every time you try to log into your account

While this can keep an account safe from hackers, the information taken from Instagram included phone numbers, showing not all data is safe when stored online, even if it is kept private.


Protect your online identity


1. Report suspicious activity

Notify Instagram, Facebook, Twitter and Tinder if you believe you're being impersonated, those accounts will be removed if the case is proven.

2. Use Google Reverse Image Search

If you suspect somebody may have stolen your images, use Google's tool that allows you to search the internet for use of that picture. Simply click on the camera icon on Google Images (images.google.com) and upload.

3. Keep your profiles locked down

It may not be overly sociable, but if you want to minimise the misuse of your photos, keeping your profiles private - so that only friends can see them - is essential, particularly on Facebook and Instagram.

(1st October 2017)


POST WORKERS RECRUITED BY GANGS TO STEAL BANK CARDS
(BBC News, dated 4th September 2017 authors Jonathan Gibson and Riyah Collins)

Full article : www.bbc.co.uk/news/uk-england-41081396

Postal workers are being offered £1,000 per week to steal bank cards, a BBC investigation has found.

Online adverts offer huge sums to tempt Royal Mail staff to intercept letters containing cards and PINs.

More than 11,000 people in the UK have been affected by this type of fraud in 2016, where bank cards are stolen in transit, according to UK Finance.

Royal Mail would not disclose how many workers had been convicted but claimed "the theft of mail is very rare".

It added its security team was investigating the findings by BBC Inside Out West Midlands and it had no evidence of its employees being involved.

West Midlands Police said its economic and fraud teams are not aware of the BBC's findings and it has not had any reports of this type of fraud.

A BBC journalist posed as a postman and responded to an advert offering £1,000 per week to intercept letters.

After a few weeks working to build up the gang's trust, he was able to persuade a member to meet him.

Our reporter secretly filmed a meeting outside the bus station in Lewisham, south-east London, where the gang member explained what was expected.

"We're going to tell you, for example, that Ms *****, she's going to have a letter from NatWest," he told the undercover journalist.

"Any letters from NatWest for Ms *****, intercept. As simple as that.

"If you open up a new account you're going to get your card and you're going to get your PIN, right? Two letters, that's all it is.

"We do that, you intercept the letters, bring them back to us, you get paid."

One gang in Birmingham has been operating for 30 years, according to the unidentified member who said the leader has "been in the game for 30 years".

"He's worked with a number of postmen.

"I've worked with two. One was in the Midlands - Coventry - and one was on the outskirts of London, Romford area.

"But my guy, he lives in Birmingham and I obviously do the work, he sorts out the other side."

On their second meeting in a south London park, the undercover journalist confronted his contact.

The gang member offered no answer and ran away when asked why he was trying to recruit postal workers to commit fraud.

Royal Mail would not comment on how many of its workers had been prosecuted for stealing mail since it was privatised in 2013.

However, 1,759 Royal Mail workers were convicted of theft between 2007 and 2011.

Figures from UK Finance show the problem does not seem to be getting any better with the number of cases, and the cost to card issuers, rising each year since 2014.

In 2016, there were 11,377 cases of fraud where a card is stolen in transit, costing card issuers £12.5m.

UK Finance said it works closely with Royal Mail to target these types of gangs. It has its own police unit with prosecution powers.

"We do have our own police unit and they target organised criminality," Katy Worobec, head of fraud detection at UK Finance said.

"They try and get the people who are actually organising the criminality behind the scene.

"Once you've taken that part of the gang out, the thing falls apart.

"We've got a very good relationship with Royal Mail to help target these types of gangs and we've seen some good successes in the past."

Royal Mail said: "We take all instances of fraud - alleged or actual - very seriously.

"Our security team is reviewing the programme's findings as a matter of urgency and will continue our close and ongoing cooperation with the relevant law enforcement agency.

"The overwhelming majority of postmen and women do all they can to protect the mail and deliver it safely. The safety and security of mail is of the utmost importance to Royal Mail.

"We deliver millions of items safely every day and the theft of mail is rare. The business operates a zero tolerance approach to any dishonesty. We prosecute anyone we believe has committed a crime."

"I don't trust postman"

Darren Blythe, from Banbury, had his bank card intercepted by postal worker Damon Alvey in 2013.

He sensed something was wrong when the new bank card he requested did not arrive within the estimated time.

"I was waiting and waiting and eventually I rang the bank and that's when they told me my bank account had been wiped out totally."

Alvey, from Thame, was jailed for 10 months in 2014 for the fraud which saw about £3,000 taken from Mr Blythe's account.

"He left me with just over £2 in my account," Mr Blythe said.

"It made me really depressed. I was stuck indoors for days and days on end."

Although his money was refunded by the bank within two weeks, Mr Blythe said he did not "trust postmen any more really".

Cases (Source : UK Finance)


2011 : 8,536
2012 : 9,018
2013 : 9,125
2014 : 9,302
2015 : 10,914
2016 : 11,377

(1st October 2017)


POLICE CHIEF : SAFER TO KEEP CONTACTLESS CAP AT £30
(London Evening Standard, dated 4th September 2017 author Michael Bow)

Full article [Option 1]:

www.standard.co.uk/business/police-chief-says-safer-to-keep-contactless-cap-at-30-a3626506.html

The contactless card payment limit should stay at £30 to prevent a rise in card fraud, the head of the City of London police said.

The maximum contactless payment went up from £20 to £30 two years ago but Commissioner Ian Dyson said current concerns over contactless technology meant it was safer to keep the cap in place for now. Today marks 10 years since the launch of contactless.

"I would advise against increasing it for the moment because the losses could be quite significant," he said. "At some point the technology will change and you can raise the limit. The cap is there for sound reasons."

A poll last month found that more than half of retailers wanted the contactless limit increased.

The average supermarket shop is £25, which has influenced the £30 limit on the card. The average contactless card payment is around £8 or £9.

Regulators have been forced to tackle the technology after it emerged some merchants didn't download payment data to the bank until the end of the day, opening the door for fraud.

However, the technology is still relatively safe - about 2.7p in every £100 that was spent was lost to contactless fraud last year.

"I am not advocating a return to waiting five days for payments to clear but with that convenience the public must accept that there is a risk involved," Dyson added.

(1st October 2017)



DON'T FALL FOR THIS MISSING FONT SCAM SPREADING MALWARE TO CHROME AND FIREFOX BROWSERS
(International Business Times, dated 4th September 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/dont-fall-this-missing-font-scam-spreading-malware-chrome-firefox-browsers-1637893

Hackers are now using a sneaky pop-up technique posing as a font update to spread "Locky" ransomware and a remote access tool (RAT) to users on Google Chrome and Mozilla Firefox which, if clicked, can give cybercriminals complete access over infected computers.

Palo Alto Networks security expert Brad Duncan analysed the hackers' campaign - widely known as "EITest" - which has been using pop-ups since at least December 2016. He has now published his findings in a company blog post and as an update on the SANS Internet Storm Centre.

Two separate attacks were recently spotted in the wild, each using social engineering tactics to send a victim to a compromised website which then displayed a pop-up warning: "The HoeflerText font wasn't found".

An update button - if used by the targeted victim - would instantly download a malicious package.

In one of the August 2017 campaigns, sent via botnet-based spam, Duncan revealed that the pop-up "returned a malicious JavaScript file" disguised as a font library.

It was specially crafted to download and install the Locky strain of ransomware, Duncan said.

The second attack, which took place during the same timeframe, was altered to send out a type of malware under the name "Font_Chrome.exe".

This, it transpired upon analysis, was not a form of ransomware but instead a variant of file downloader which was programmed to spread the "NetSupport Manager RAT".

Locky is a notorious strain of ransomware which typically spreads via spam emails, locks down computer files and demands digital currency for their return. It emerged in February 2016, making an immediate impact by infecting a major hospital in Los Angeles, California.

That campaign alone netted hackers $17,000. The NetSupport RAT in question, meanwhile, is commercially-available software previously linked to hacks on gaming service Steam last year.

According to Duncan, the find signified "a potential shift in the motives of this adversary". The identities of those behind the latest campaigns, however, remains a mystery.

He wrote: "It's yet to be determined why EITest HoeflerText popups changed from pushing ransomware to pushing a RAT. Ransomware is still a serious threat, and it remains the largest category of malware we see on a daily basis from mass-distribution campaigns."

Indeed, in 2017 experts documented multiple ransomware outbreaks. Two major campaigns, using malware called "WannaCry" and "NotPetya" spread to hundreds of thousands of computers across the world. In both cases, experts have suggested the involvement of nation states.

"Users should be aware of this ongoing threat," Duncan said of the EITest campaigns.

"Infected users will probably not notice any change in their day-to-day computer use. If the NetSupport Manager is found on your Windows host, it is probably related to a malware infection."

In March 2017, a security researcher called Mahmoud Al-Qudsi spotted the same HoeflerText pop-ups on a compromised website hosted on WordPress.

(1st October 2017)


THOUGHT YOU'D GOT AWAY WITH THAT PARKING FINE 10 YEARS AGO ? THINK AGAIN
(The Telegraph, dated 3rd September 2017 author Francesca Marshall)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/09/03/thought-got-away-parking-fine-think/

Tens of thousands of people have been left bewildered after receiving letters and text messages demanding payment of hundreds of pounds in fines dating back over a decade.

The demands for unpaid parking tickets and invalid TV licences have been issued in a bid to claw back millions of pounds lost from historic fines.

The orders are part of a scheme being run by the Ministry of Justice with the help of new technology, using databases held by other government departments and online tracing tools which have even managed to locate people who have moved homes.

Since the scheme was launched in September 2016 around £9 million has already been recouped for the taxpayer, but it was not until March this year that the Historic Debt team expanded their tracing activity to include outstanding debts of over 10 years old.

The letters have however left many people confused with some even believing it was a scam and ignoring the requests all together.

The confusion can be blamed in part to the letters failing to include information on the particular incident in question, leaving people to wonder how they are able to prove their innocence.

Recipients are therefore being forced to contact their local magistrates court in order to trace what their alleged offence was.

In one incident a man was charged with a driving offence, despite being abroad at the time, but as a result of the mounting late repayment charges was left with no choice but to pay up.

Mark Thornton, 46, of Kilburn, North London, told the Mail on Sunday how, out of the blue, he received an official letter demanding £183.

He said: "It didn't actually say what the fine was for but eventually we were told it was for an untaxed vehicle. My wife and I were living in Switzerland in 2010, when it was supposed to have occurred.

"'We didn't have the paperwork any more and we didn't want to rack up more fees so we just paid it. It felt Kafka-esque."

The government department responsible has advised that it has been contacting debtors in order to seek payments and further enforcement activity will follow where appropriate.

Such incidents were also reported by The Mail on Sunday with some recipients being hit with further charges from bailiffs and threatened with court action.

Sandra Straupmanis, 54, of Shadwell, East London, received a demand for £205, which related to non-payment of a TV licence seven years ago.

Her son, Dagnis, 29, said: "My mother was very distressed. She rang the number on the letter and discovered it was for a property she had long moved out of.

"Someone else in her shared house put her name on the licence. But she had no way of proving that."

The Ministry of Justice have since said that those who believe they are being wrongly accused can appeal at magistrates court.

An HM Courts and Tribunals Service spokesman said: "The Historic Debt project was set up to tackle outstanding debt.

'It has collected £9 million, including compensation owed to victims of crime. Anyone who believes they have been wrongly contacted can appeal through their local magistrates' court."

A spokesman added that not all debtors have been contacted at this time and that the pursuit of following up the debts will continue.

If you have been contacted the Ministry of Justice advise that you make immediate payment or contact the National Enforcement Service contact centre.


###Parking Fine - When you do have to pay

If you get a Penalty Charge Notice issued by the local council, unless you have grounds to appeal, you should pay up. Here you have broken the law. The penalty is just that - a genuine penalty or fine - not just a "charge".

According to Citizens Advice, the law says that if you have a compelling, or very persuasive, reason for appealing, the council can use its discretion to decide whether to cancel the notice.

First, drivers will have to complain to the council in writing, with any witness statements or photographs included.

If the council accepts your reasons for appealing, your fine will be cancelled and you'll have nothing to pay. If the council rejects your reasons, you will be sent a notice of rejection. You will then have 28 days to make a formal appeal.

The appeal process has two stages before being referred to the courts.

(1st October 2017)

ALARM OVER STEEP RISE IN NUMBER OF SEXTORTION CASES IN UK
(The Guardian, dated 3rd September 2017 author Sarah Marsh)

Full article [Option 1]:

www.theguardian.com/uk-news/2017/sep/03/alarm-over-steep-rise-in-number-of-sextortion-cases-in-uk

Growing numbers of people are falling victim to organised gangs who lure them into sending sexually explicit images and then threaten to post the pictures online unless they get payment.

There has been a sharp rise in webcam blackmail, also known as sextortion. The number of cases reported to the police more than doubling between 2015 and 2016, reaching 1,250 last year. This year so far there have been more than 700 cases.

The figures come as the man who blackmailed Ronan Hughes, 17, was jailed for four years. Iulian Enache, 31, shared intimate photos belonging to Ronan after the schoolboy failed to pay a ransom. The teenager killed himself hours afterwards.

The National Crime Agency (NCA) says the true number of sextortion cases could be even larger because many go unreported. It said the issue was high on its agenda.

The NCA put the rise down to better reporting, but also said copycat criminals were inspired by what they read in the media. Some of the gangs involved operated from overseas, it said.

David Jones, head of the NCA's anti-kidnap and extortion unit, said: "This is a project that is very close to my heart after the sad deaths of four young men because of sextortion reported in recent times. I strongly suspect there may be other suicides linked to it, but I have no evidence for that. It's just my speculation.

"We are keeping this issue on the public radar, first and foremost … making sure all intelligence packages are collated and gathered together to fully exploit all opportunities to put people before judicial systems."

The phenomenon has grown with the use of social media. It can affect anyone, but experts say young men are particularly vulnerable. The majority of cases include men between 18 and 24, but victims have also been as young as 14. Others have been in their 50s to 80s.

The rising figures are mirrored by an increase in calls to the revenge porn helpline, with cases about sextortion rising from 70 in 2015 to 89 last year. They predict a 20% rise in cases this year and a 51% increase from 2015 to 2017.

Laura Higgins, who manages the helpline, said: "Sextortion can be committed by individuals or international, organised crime groups. Our advice to victims is: do not pay or give the perpetrators anything that is being demanded, keep all messages as evidence, immediately cease all contact with the individual and report the matter to the local police.

"The victims will often feel silly or shamed. This is not the case. The fault is with the perpetrator or perpetrators who have violated the trust of the victim and abused that power as a means of coercion."

The NCA said evidence suggests that criminal groups operate in the Philippines, Ivory Coast and Morocco. They pose as young women online and strike up a conversation. They encourage their victims to share explicit photographs and then threaten to share them widely unless they receive payment.

Jones said: "I hope we are on track getting on top of this, but there are likely to be a number of victims who won't come forward to talk about this because of the embarrassment factor.

"We say don't do that ... for whatever reason people may not have any form of encouragement or confidence to report the issue but what I will say is that this is something we take a serious view of and it will not be tolerated in any form whatsoever."

Dr Jessica Barker, a cybersecurity expert, said: "Police figures show a big rise, but that is likely to be the tip of the iceberg as most people who experience sextortion don't report it to the police. There is a lot of embarrassment about it and lots of people feeling like it only happens to them.

"With these crimes it's often criminal gangs, not individuals in their bedroom doing this. These people operate almost like businesses, having office space and teams."

She said teenage girls could also be affected. "What I hear from the female point of view is that teenage girls get targeted over Instagram and get messages. So someone will comment on their photo on Instagram and say: 'I am a model agent or talent scout. I am a casting director in Los Angeles and you have the look we want.' They will exchange messages and build up a rapport and then say, 'We need more photos', and that will go on until they get the girl to send explicit images and then it reverts to sextortion."

Vicky Green of the charity Marie Collins Foundation said young people should be educated about manipulation and that the fault lies not with them for sending a picture but the perpetrator for soliciting it.

Jon Pearn, 64, from Plymouth: 'I told the person trying to blackmail me, this is your unlucky day'

I was on my Facebook and someone sent me a friend request and I pressed yes by accident. The person I accepted was supposedly a young lady and they started sending me private messages.

They asked to Skype me and eventually we spoke over that. She asked: "Do you like sex?" I jokingly replied: "Who doesn't?" And then she said: "You show me yours and I will show you mine."

I said OK but as she suggested it, then she should go first. I was shown a woman stripping over Skype and then I showed her a photo of my penis in response.

That's when the tone changed and the person I was speaking to told me that they were called Angel and they wanted money from me or they would send the pictures to my nieces. I think because we were friends on Facebook they could see my family and knew how to get in touch with them.

Now I look back, I think the clip I saw on Skype may have just been a video of someone. I don't know, it probably wasn't real.

The language when I was asked for money was quite threatening. They said: "Pay up or we will ruin your life." They asked for £500 initially but I said: "Do what you want. I don't care." I told them it was their unlucky day as they had messed with the wrong person.

Eventually they lowered their ask to £100 but I still told them to bugger off. I did think that it would have been different if I had been married or in a relationship but I had nothing to lose.

This happened to me two years ago and I went to the police, but I am not sure if the perpetrator was ever caught. My message is, on Facebook don't friend people you don't know. If people threaten you, don't be ashamed tell the police. Tell them to get stuffed.

(1st October 2017)


CHILD SEX WEBSITE OPERATING IN BRITAIN
(The Times, dated 2nd September 2017 author Katie Gibbons)
thetimes.co.uk [Option 1]

An online listings site that hosts adverts offering trafficked children for sex in the US is running hundreds of explicit postings for sexual services in Britain.

The multimillion dollar site ////////.com, which has been investigated by the US senate for its "knowing facilitation" of child prostitution, operates in the UK yet remains largely unknown.

The company has been linked to the sex trafficking of potentially thousands of children, who are advertised in its "dating" and "escort" sections using coded emojis and phrases.

In the last month alone, dozens of adverts featuring sexually explicit photographs of young girls and boys were posted on ///////.co.uk the British site. Their blurbs used phrases such as "fresh" or "new in town" and the cherry, growing love-heart and lolipop emojis, which have been identified as codes for under-age sex.

Kevin Hyland, the UK independent anti-slavery commissioner, has now called for tighter regulation of such sites to prevent British children from being trafficked and sold for sex online.

"This is wholesale serious crime where people are trading in human suffering and trading in young children," he said. "We need to really think about how we police the internet and how we protect the most vulnerable."

Eight civil actions have been bought in the US this year on behalf of young women allegedly sold for under-age sex through the site, including a 16 year old killed by a customer within three weeks of first being pimped through the dating section.

The company have avoided criminal liability in the US as websites are not legally responsible for third part content. Efforts to amend this legislation are being fought by global tech giants, including Google, Facebook, Amazon and Microsoft, in the name of free speech.

About 70 per cent of the 10,000 trafficked children recorded in America go through ///////.com, according to the National Center for Missing and Exploited Children. However, with sites in 943 locations across 97 countries, experts believe the global number trafficked through the site to be closer to 100,000.

The company has asserted that it is committed to preventing trafficking and the sale of children and as a passive carrier has no control over sex related adverts. However, data files seen by The Times reveal that ///////.com hired workers at a call centre in the Philippines to aggressively drum up sex-related business in the UK.

Though there is no recorded evidence of British children being sold for sex through ///////.co.uk, the company could be held liable in Britain, if they were. James Perry, chairman of the Law Society's criminal law committee, said:" If cases like this emerge in the UK then /////// might well be caught by section 14 of te Sexual Offences Act 2003 which creates an offence of facilitating a child sex offence anywhere in the world".

Spreadsheets,emails, audio files and employee manuals from Avion - the data outsourcing company hired by /////// - reveal that a team of ten were dedicated to drumming up business in the UK. Others targeted Australia, South America and Europe.

They trawled the internet for new sex adverts and offered them free listings. In the first week of March, Avion workers earning $600 a month processed more than a thousand British sex-related adverts. The offshore data haul was inadvertently discovered by the global property company Co-Star while investigating a hack of its own data.

Andrew Florance, its chief executive who is co-operating with the authorities in multiple jurisdictions, said: " As soon as we saw the images it became clear it was very serious. We found what appeared to be child pornography and contacted the FBI. I can confidently say they appeared to be aggressively targeting Britain."

A British child protection chief, who wished to remain anonymous, accused the authorities of an "outdated" approach to traffickers, who were "always one step ahead". She said:" It is very, very likely that children are being bought and sold on listings sites in Britain."

Bharti Patel, chief executive of Ecpat, a global anti-child trafficking organisation, has called for tighter regulation of online platforms to "stop this heinous abuse" that earns traffickers billions.

Reported incidents of child traficking in Britain surged by 30 per cent last year, reaching a record 1,278.

In the US, a senate investigation found that users of ////// were advised how to phrase their posts to avoid removal. Those advertising sex with a "teen" would receive the error message "Sorry, 'teen' is a banned term" and could resubmit their post with sanitised language.

Moderators were instructed to take out words such as "rape", "lolita" and "barely legal" and graphic photographs of what appeared to be children but the adverts themselves remained online. At one point 80 per cent of posts were being moderated.

/////// chief excutive and co-founders have faced several charges of pimping and human trafficking. In eah case the denied any wrongdoing and they have repeatedly avoided prosecution under Section 230 of the US Communication Decency Act. The general counsel for //////, was unable to comment on the allegations because of active legal proceedings.

However, she denied that the site knowingly hosted adverts selling children for sex and said the company "worked continuously" with law enforcement to prevent trafficking.

uaware note

The name of both the company and its website have been redacted from this impression of actual The Times article.

(1st October 2017)


CATCHING THE HACKERS IN THE ACT
(BBC News, dated 2nd September 2017)

Full article : www.bbc.co.uk/news/technology-40850174

Cyber-criminals start attacking servers newly set up online about an hour after they are switched on, suggests research.

The servers were part of an experiment the BBC asked a security company to carry out to judge the scale and calibre of cyber-attacks that firms face every day.

About 71 minutes after the servers were set up online they were visited by automated attack tools that scanned them for weaknesses they could exploit, found security firm Cybereason.

Once the machines had been found by the bots, they were subjected to a "constant" assault by the attack tools.

Thin skin

The servers were accessible online for about 170 hours to form a cyber-attack sampling tool known as a honeypot, said Israel Barak, chief information security officer at Cybereason. The servers were given real, public IP addresses and other identifying information that announced their presence online.

"We set out to map the automatic attack activity," said Mr Barak.

To make them even more realistic, he said, each one was also configured to superficially resemble a legitimate server. Each one could accept requests for webpages, file transfers and secure networking.

"They had no more depth than that," he said, meaning the servers were not capable of doing anything more than providing a very basic response to a query about these basic net services and protocols.

"There was no assumption that anyone was going to go in and probe it and even if they did, there's nothing there for them to find," he said.

The servers' limited responses did not deter the automated attack tools, or bots, that many cyber-thieves use to find potential targets, he said. A wide variety of attack bots probed the servers seeking weaknesses that could be exploited had they been full-blown, production machines.

Many of the code vulnerabilities and other loopholes they looked for had been known about for months or years, he said. However, added Mr Barak, many organisations struggled to keep servers up-to-date with the patches that would thwart these bots potentially giving attackers a way to get at the server.

During the experiment:

- 17% of the attack bots were scrapers that sought to suck up all the web content they found
- 37% looked for vulnerabilities in web apps or tried well-known admin passwords
- 10% checked for bugs in web applications the servers might have been running
- 29% tried to get at user accounts using brute force techniques that tried commonly used passwords
- 7% sought loopholes in the operating system software the servers were supposedly running

"This was a very typical pattern for these automatic bots," said Mr Barak. "They used similar techniques to those we've seen before. There's nothing particularly new."

As well as running a bank of servers for the BBC, Cybereason also sought to find out how quickly phishing gangs start to target new employees. It seeded 100 legitimate marketing email lists with spoof addresses and then waited to see what would turn up.

After 21 hours, the first booby-trapped phishing email landed in the email inbox for the fake employees, said Mr Barak. It was followed by a steady trickle of messages that sought, in many different ways, to trick people into opening malicious attachments.

About 15% of the emails contained a link to a compromised webpage that, if visited, would launch an attack that would compromise the visitor's PC. The other 85% of the phishing messages had malicious attachments. The account received booby-trapped Microsoft Office documents, Adobe PDFs and executable files.

Mr Barak said the techniques used by the bots were a good guide to what organisations should do to avoid falling victim. They should harden servers by patching, controls around admin access, check apps to make sure they are not harbouring well-known bugs and enforce strong passwords

Deeper dive

Criminals often have different targets in mind when seeking out vulnerable servers, he said. Some were keen to hijack user accounts and others sought to take over servers and use them for their own ends.

Cyber-thieves would look through the logs compiled by attack bots to see if they have turned up any useful or lucrative targets. There had been times when a server compromised by a bot was passed on to another criminal gang because it was at a bank, government or other high-value target.

"They sell access to parts of their botnet and offer other attackers access to machines their bots are active on," he said. "We have seen cases where a very typical bot infection turns into a manual operation."

In those cases, attackers would then use the foothold gained by the bots as a starting point for a more comprehensive attack. It's at that point, he said, hackers would take over and start to use other digital attack tools to penetrate further into a compromised organisation.

He said: "Once an adversary has got to a certain level in an organisation you have to ask what will they do next?"

In a bid to explore what happens in those situations, Cybereason is now planning to set up more servers and give these more depth to make them even more tempting targets. The idea is, he said, to get a close look at the techniques hackers use when they embark on a serious attack.

"We'll look for more sophisticated, manual operations," he said. "We'll want to see the techniques they use and if there is any monetisation of the method."

Brian Witten, senior director at Symantec research


We use a lots of honeypots in a lot of different ways. The concept really scales to almost any kind of thing where you can create a believable fake or even a real version of something. You put it out and see who turns up to hit it or break it.

There are honeypots, honey-nets, honey-tokens, honey anything.

When a customer sees a threat that's hit hundreds of honeypots that's different to when they see one that no-one else has. That context in terms of attack is very useful.

Some are thin but some have a lot more depth and are scaled very broadly. Sometimes you put up the equivalent of a fake shop-front to see who turns up to attack it.

If you see an approach that you've never seen before then you might let that in and see what you can learn from it.

The most sophisticated adversaries are often very targeted when they go after specific companies or individuals.

(1st October 2017)



AUGUST 2017


NHS REVEALS RISING TOLL OF ACID ATTACKS AND ADVISES : REPORT, REMOVE, RINSE
(The Guardian, dated 31st August 2017 author Haroon Siddique)

Full article [Option 1]:

www.theguardian.com/world/2017/aug/31/nhs-acid-attacks-report-remove-rinse

The number of people requiring specialist treatment for acid attacks has doubled over the last three years, NHS England has revealed, as it issued first aid guidance on how to help victims.

Following a spate of recent assaults using corrosive substances, the NHS is predicting that the number of people receiving intensive treatment such as reconstructive or eye surgery will continue to rise.

The figures, published on Thursday, compiled from the 28 specialist burns centres in England, paint only a partial picture of the scale of the problem, as they only capture the most serious incidents, but nevertheless make alarming reading.

One burns centre, St Andrew's in Essex, which serves London and the south-east, is on course to help more than 30 people this year, compared to the 32 who received specialist treatment across the whole of England last year. That was up from 16 in in 2014 and 25 in 2015.

Prof Chris Moran, national clinical director for trauma at NHS England, said: "Whilst this type of criminal assault remains rare, the NHS is caring for an increasing number of people who have fallen victim to these cowardly attacks.

"One moment of thoughtless violence can result in serious physical pain and mental trauma, which can involve months if not years of costly and specialist NHS treatment."

NHS England has partnered up with leading burns surgeons who have treated acid attack victims to issue first aid guidance, instructing the public to "report, remove, rinse":

- Report the attack: dial 999.
- Remove contaminated clothing carefully.
- Rinse skin immediately in running water.


David Ward, president of the British Association of Plastic, Reconstructive and Aesthetic Surgeons (BAPRAS), which helped develop the guidance, said surgeons had "seen first-hand the devastating impact on patients admitted to A&E after vicious corrosive substance attacks. They cause severe pain, scarring which can be lifelong, and can damage the sight, sometimes leading to blindness. Unfortunately these vindictive attacks are on the increase.

"The minutes after an acid attack are critical for helping a victim. This guidance BAPRAS has published with NHS England gives the important, urgent steps a victim or witness can take to help reduce the immediate pain and damage, and long-term injuries."

Corrosive substances are increasingly being used in assaults or robberies, with experts pointing to a crackdown on the use of knives and guns, leading street gangs to instead use more readily available corrosive substances, as a reason for the rise.

The number of crimes using acid or other "noxious substances" has more than doubled in London over the last three years, from 186 in 2014-15 to 397 in 2016-17, official figures show, including 45 in April this year. Large percentage increases have also been recorded elsewhere, including in the West Midlands and West Yorkshire.

Recent incidents include the attack on Resham Khan and her cousin Jameel Muhktar, who had acid thrown through their car window on Khan's 21st birthday on 21 June in Beckton, east London. They both suffered horrific face and neck injuries. John Tomlin, 24, has been charged with grievous bodily harm in relation to the attack.

Delivery drivers have expressed particular fears for their safety after Jabed Hussain, an UberEats driver, had acid thrown over him by two men who stole his moped, in the first of five acid attacks to take place in a three-mile radius in 90 minutes across east London last month.

NHS England said it had liaised with organisations including police forces, ambulance services and the Royal College of Surgeons to ensure the first aid advice was also shared with frontline emergency service staff. Last month, it was announced that police officers in London were being issued with 1,000 acid attack response kits, including protective gear and five-litre bottles of water, to allow officers to give immediate treatment to victims.

(28th September 2017)

TWO MILLION CUSTOMERS WARNED AS RETAILER HACKED
(London Evening Standard, dated 30th August 2017 author Mark Blunden)

Full article [Option 1]:

www.standard.co.uk/news/techandgadgets/cex-hack-two-million-customers-warned-as-retailer-hacked-a3622856.html

Two million customers may have had their personal details stolen from electronic retailer CeX after its systems were hacked, the firm said today.

CeX, which runs the WeBuy electricals buying and selling website, sent out an email last night warning it had "been subject to an online security breach". Formerly Complete Entertainment Exchange, the Watford-based firm was founded in London 25 years ago and now has more than 200 stores internationally.

Managing director David Mullins said an "unauthorised third party accessed our computer systems" and he believes that "some customer data has been compromised".

This includes "personal information" of first name, surname, address, email address and phone number, and for a "small number" of customers, also what the company says is encrypted data from expired credit or debit cards.

CeX called the hack a "sophisticated breach" but gave no further details, and advised customers to change their password.

Mr Mullins said: "We are investigating this as a priority and are taking a number of measures to prevent this from happening again."

Further information (uaware)

See also :

www.ibtimes.co.uk/cex-hack-2-million-customers-personal-data-compromised-massive-security-breach-1637174

(28th September 2017)


UK INFRASTRUCTURE FAILING TO MEET THE MOST BASIC CYBERSECURITY STANDARDS
(The Register, dated 29th August 2017 author John Leyden)

Full article [Option 1]:

www.theregister.co.uk/2017/08/29/critical_national_infrastructure_cybersecurity/

More than a third of national critical infrastructure organisations have not met basic cybersecurity standards issued by the UK government, according to Freedom of Information requests by Corero Network Security.

The FoIs were sent in March 2017 to 338 organisations including fire and rescue services, police forces, ambulance trusts, NHS trusts, energy suppliers and transport organisations. In total, 163 responses1 were received, with 63 organisations (39 per cent) admitting to not having completed the "10 Steps" programme. Among responses from NHS Trusts, only 58 per cent had completed the scheme.

In the event of a breach, critical infrastructure organisations could be liable for fines of up to £17m, or 4 per cent of global turnover, under the government's proposals to implement the EU's Network and Information Systems (NIS) directive from May 2018.

The findings suggest that many key organisations are not as resilient as they should be in the face of growing and sophisticated cyber threats. Corero's questions revealed that by not detecting and investigating brief DDoS attacks, organisations could be "leaving their doors wide-open for malware or ransomware attacks, data theft or more serious cyber attacks".

When asked "Have you suffered Distributed Denial of Service (DDoS) cyber attacks on your network in the last year?", just eight organisations (5 per cent) responded "yes".

(28th September 2017)


MOPED MUGGERS SNATCH 30 MOBILES A DAY
London Evening Standard, dated 29th August 2017 author Justin Davenport)
www.standard.co.uk [Option 1]

The number of phones snatched by moped thieves more than doubled last year, as police say gangs target unwary pedestrians using their devices.

Criminals are using mopeds or pedal cycles to steal more than 30 phones a day from Londoners, figures reveal. More than half of the devices were iPhones, with 4,705 taken in 2016/17.

In total, thieves on mopeds and scooters stole 7,041 mobiles in the past financial year, compared with 3,210 in 2015/16. In addition, pedal cycle muggers snatched 4,526 last year, compared with 3,044 the previous year.

Police in London are battling an epidemic of moped crime. Officers say it is driven, in part, by demand for mobiles, which can be sold for their parts.

Detectives point to an increase in the value of phone parts, saying some iPhone pieces can now fetch £150 or more. As well as selling phones, gangs are also using them for other criminal activity, such as drug dealing.

Dr Simon Harding, a criminologist at Middlesex University and an expert on gangs, said: "One of the things that is driving this now, apart from the fact many of these phones cost between £500 to £600, is that gang members need four to five separate phones. They Like us on Facebook Follow us on Twitter and Instagram have one to call mum, another for girlfriends and maybe two or three for drugs deals, which are called 'trap phones'.

"There is a constant demand for these phones. I have interviewed gang members and they all have three or four phones on them.

"They have all seen The Wire and other TV programmes and know how they can be tracked by their phone. If the cops chase them the phones get smashed up."

A stolen iPhone can fetch about £100. Some gangs are stealing 20 in an hour.

The figures, obtained via a Freedom of Information request, show that Islington has the highest number of moped mobile thefts in London. Last year 1,592 were recorded, compared with 1,114 in the previous 12 months.

Five boroughs - Isling­ton, Hackney, Camden, Westminster and Tower Hamlets - account for almost three quarters of moped phone snatches in London.

Commander Julian Bennett, the head of the Met police's Operation Venice, which targets moped gangs, said: "These offenders rely on the unwariness of the public to snatch their phones whilst they make calls.

"It is so important that the public is aware of their surroundings at all times and protect their personal property, particularly when emerging from a train or Underground station or anywhere where they might suddenly decide to take out and use their phone. Smartphones are very valuable to these criminals and they can snatch them in an instant."

He said police were employing overt and covert methods to target criminals using mopeds and bicycles to snatch valuables.

In recent weeks the Met has revealed it is trialling "DNA" sprays to mark fleeing suspects so they can be identified later, and stinger devices to punc­ture tyres.

Peo­ple are urged to be aware of their surroundings, not to text while walking, use the phone's security features and keep a record of its IMEI number.

(28th September 2017)



PICKPOCKETS NETTED €1m FROM VISITORS TO DISNEYLAND
(The Times, dated 28th August 2017 author Adam Sage)
www.thetimes.co.uk [Option 1]

A Romanian couple with seven children will go on trial in France tomorrow accused of running a gang of young pickpockets who netted €1 million from tourists at Disneyland Paris.

Police say that the daily takings of one girl in the gang, whose members were aged 12 to 17, was between €500 and €800.

Marian Tinca, 57, and Maria Iamandita, 51, from Craiova, are accused of operating a Fagin's kitchen in which children were trained to steal wallets and phones.

Prosecutors claim that they were housed in poor areas north of Paris and sent out to steal in groups of three or four. In the morning they operated around the big department stores and would arrive at Disneyland in time for the afternoon parade.

One distracted the victims, the second carried out the theft and the others disappeared with the bounty.

Prosecutors will tell the court in Meaux, 25 miles from Paris, that Mr Tinca, who is said to have started the gang after he and his wife divorced, congratulated them when they brought home a lot of money and castigated them when they did not. Mrs Iamandita was in charge of taking the proceeds back to Romania. They will be tried along with ten others accused of being their accomplices.

The gang, whose members came from eight branches of one family, operated between 2014 and last year. Police became suspicious in 2015 when they started to receive a flow of reports from tourists whose belongings had been stolen. The children were arrested frequently but refused to give their names and claimed to be under 13, the age below which they cannot be detained under French law. They were systematicaly placed in foster care but all left within a few days.

The adults accused of running the operation were arrested in February last year after an investigation that involved tapping phones and despatching undercover officers to follow the suspects. The police in Craiova co-operated with their French counterparts.

The prosecution says that the loot was distributed to numerous members of the clan. Some used it to buy houses, a few gambled it away and others spent it on luxury goods.

(28th September 2017)


NEW YORK POLICE SCRAP 36,000 WINDOWS SMARTPHONES
(The Register, dated 28th August 2017 Kieren MacCarthy)

Full article [Option 1]:

www.theregister.co.uk/2017/08/28/nypd_scraps_36000_windows_smartphones/

The New York Police Department will scrap 36,000 smartphones, thanks to a monumental purchasing cock-up by a billionaire's daughter.

The city spent millions on the phones back in October 2016 as part of its drive to bring the police force into the 21st century. And the woman behind the purchase - Deputy Commissioner for Information Technology, Jessica Tisch - praised them for their ability to quickly send 911 alerts to officers close to an incident.

There was only one problem: Tisch chose Windows-based Lumia 830 and Lumia 640 XL phones, and Microsoft officially ended support for Windows 8.1 in July.

Even though those two models are eligible to be upgraded to Windows 10 Mobile, the NYPD will need to redesign more than a dozen custom apps it created to run on Windows 8.1. And every phone will need to be manually updated to the new operating system. In addition, Microsoft is only promising to support upgraded Windows 10 phones through to June 2019.

In other words, the phones are effectively obsolete and so, according to the New York Post, the police department has decided to scrap them altogether and go with iPhones instead.

(28th September 2017)


GANGS USE LINKEDIN TO IMPERSONATE BOSSES AND DEMAND CASH TRANSFERS
(The Times, dated 28th August 2017 author Alexandra Frean)
www.thetimes.co.uk [Option 1]

Criminal gangs are using LinkedIn to perpetrate "CEO fraud", mining the social network for information about job titles and a company's chain of command to impersonate senior executives and give bogus orders to those below them.

The frauds typically involve an email purporting to be from a finance director or chief executive sent to an underling in the company's finance department, ordering them to transfer money quickly to a bank account for a specific reason.

"The attackers use LinkedIn to do corporate reconnaissance. It tells them a lot about who does what in an organisation," said Andrew Nanson, who is director of Corvid, the military cyberdefence division of Ultra Electronics. "The criminals are using social engineering techniques. Most of the time people follow instructions they get on email, especially if its from a boss. If an email looks like it comes from a certain person, why would'nt someone believe it was from them?"

Attackers make an email appear to come from an official company account using simple techniques, such as replacing a character with another similar one. An l may be become an i, so that Barclays appears as Barciay.

"The human brain will try to help you and you will read it as Barclays and your spam filter might not know there is no such thing as Barciay," Mr Nanson said.

He added that attackers also scour corporate press releases for information about new contracts and who is in charge of them, identifying the customer and supplier by name.

"Six months after the announcement [the supplier] sends an email saying, "our account details have changed, please send all future payments to....""he said. It's very, very common. I'm aware of organisations that have lost hundreds of thousands through diversionary payment fraud," Mr Nanson said.

This year the magazine Fortune reported that Google and Facebook were tricked by Evaldas Rimasauskas, a 48 year old Lithuanian, into sending him more than $100 million.

According to the US Justice department, he forged email addresses, invoices and corporate stamps to impersonate a large Asian based manufacturer with whom the tech firms regularly did business.

A report last year from the City of London police's National Fraud Intelligence Bureau showed that £32 milion had been reported lost as a result of CEO fraud in Britain. The actual figure is likely to be far higher, as many may not realise they have been hit. Action Fraud, the cyber crime reporting centre, reported last year that the average loss is £35,000, but one company lost £18.5 million.

Most organisations now train staff to spot phishing attacks. Many cyber security systems can identify malware and malicious websites, but this often fails to stop diversionary payment fraud.

Linkedin declined to comment.

(28th September 2017)


POLICE TAKE 11 HOURS TO RESPOND TO 999 CALLS
(The Times, dated 27th August 2017 author Andrew Gilligan)
www.thetimes.co.uk [Option 1]

Police in parts of London have been taking an average of 11 hours to respond to some 999 calls after a "disastrous" reorganisation by the Metropolitan police.

In June, in three east London boroughs, officers took an average of 28 minutes to respond to the most urgent calls: those graded by police as needing "immediate" emergency assistance. For the next grade down - calls classed as of "significant" urgency - police took an average of 11 hours and 22 minutes to respond.

In the first week of August the three boroughs had an average of 98 emergency calls "outstanding" and "unassigned" at any one time. The peak was on the morning of August 3, when an average of 163 callers waited for police to be assigned to their emergencies.

The figures are given in reports to the crime and disorder subcommittee of the Havering council, one of five boroughs where the new is being piloted.

Darren Rodwell, leader of the Barking council, another of the five boroughs affected by the re-organisation, sadi police response times in his area had "fallen off of a cliff". He said: " We have the second highest number of acid attacks in London. We've had more teenage stabbings in the last six months here than I can ever remember. But despite our keeping raisin our concerns, it did'nt feel like the message was getting through. We need the mayor to help us".

Abdul Hai, cabinet member for community safety at Camdem council, another of the boroughs in the plot, said he had expressed concerns to police about the changes. "The critical, key thing is the response times, " he said. "There was a period when response times went up quite significantly."

In Camdem and Islington, for the week ending July 25, an average of 25 urgent 999 calls were "outstanding" and "unassigned" at any one time, according to figures given to the London Assembly. At th peak, 54 urgent callers were waiting for assistance.

Under the plans, intended to save money by using officers more flexibly, London's 32 borough commands - which carry out local policing, employing the vast majority of officers - would be merged into 12 much larger units. The first two pilots - the east area, covering Barking, Havering and Redbridge, and the north central area, covering Camdem and Islington - have been fully operational since April.

Serving Met officers said the plan was a "disaster" that put them and the public at risk. "Each borough still has its own radio channel, so the risk is you're not on the right channel if you need to call for backup", said one officer. "Then you've got officers going into places without any local knowledge. It just doesn't work.

Last month the London mayor, Sadiq Khan, said the changes aimed to "strengthen local policing" and "improve the overall service to Londoners". However, he admitted last night that performance was "unacceptable" and said he had demanded "immediate Improvements".

Mark Simmons, Met deputy assistant commissioner, said performance had improved since June, with the average response time to "immediate" calls in the east area now just over 12 minutes.

(28th September 2017)


HUNDREDS CAUGHT BY ROADSIDE DRUG TESTS
(The Times, dated 27th August 2017 author Tim Shipman)
www.thetimes.co.uk [Option 1]

Hundreds of motorists a year are being convicted for driving while intoxicated on drugs after a crackdown dramatically raised the conviction rate.

Half of those caught in roadside drug tests were found to be driving under the influence of cocaine, cannabis or both.

In 2015, the latest year for which official figures have been published, 1,442 drivers - about four a day - were convicted of offences that included being in charge of or attempting to drive a vehicle, or causing death, while exceeding the legal drug limit.

Police forces have recently focused on drug driving: Merseyside police reported 109 arrests for offences during a four-week operation in June.

Ministers have now released figures showing that roadside drug tests to detect cannabis and cocaine introduced in 2015, have increased the conviction rate among those stopped from 80% to 98%.

Previously officers would have to gather evidence that the driver was impaired, or would have to get medical opinion, before being allowed to take a blood or urine sample at a police station.

As well as the new roadside tests, officers are able to test for ecstasy, LSD, ketamine and heroin at a police station with a blood test, even if a driver passes the roadside check.

Drivers can also be convicted of drug driving after taking too many prescription drugs such as morphine, diazepam and temazepam.

The justice minister Dominic Raab said: "Our message is that any driver who risks the lives of others by taking the wheel under the influence of drugs will be punished.

(28th September 2017)

CYBER ATTACK ALERT WEEKS BEFORE US WARSHIP CRASHED
(The Times, dated 27th August 2017 author Richard Kerbaj)
www.thetimes.co.uk [Option 1]

Ship owners were warned about the threat of cyber-attacks only weeks before America began investigating the "possibility" that hackers caused the collision between one of its warships and an oil tanker, The Sunday Times can reveal.

The International Maritime Organisation (IMO), a London-based UN-affiliated body that regulates shipping, last month published guidelines urging ship owners to safeguard vessels against the "current and emerging threats" of cyber-hacking.

This weekend Lord West, a former admiral in the Royal Navy, also raised concerns about cyber-attacks, saying he was worried by merchant vessels' vulnerability.

The revelation follows the collision between the American destroyer USS John S McCain and a Liberian oil tanker, Alnic MC, in the South China Sea last week, leaving 10 US sailors dead or missing.

The route of the tanker taken from tracking signals and posted online by the VesselFinder website, shows it making a sudden turn to port just before the collision. Military intelligence officials fear the tanker may have been sent off course by a remote attack on its navigation systems.

It was the fourth time a US warship has been involved in an accident in Asian waters this year, raising questions about possible interference by state-sponsored hackers, sources say.

The US defence department warned in last years annual report about China's use of "electronic warfare" as a way to "reduce or eliminate US technological advantages". It said Beijing's capabilities include "jamming equipment against multiple communication and rada systems and GPS satellite systems.

Zhang Zhaozhong, a rear admiral in China's People's Liberation Army, celebrated the collision of the USS McCain, accusing the ship of "making a lot of trouble in the South China Sea.... what goes around comes around".

The IMO's new guidlines describe "an increasing need for cyber risk management in th shipping industry".

It is the second time it has warned about cyber attacks, after a 2014 paper revealed that "state sponsored hackers, terrorists and other malicious actors have turned towards exploiting weaknesses in cybersecurity".

Peter Roberts, a cyber expert who runs the military sciences unit at the Royal United Services Institute, said: "The offensive use of cyber has tended to follow the doctrine of electronic warfare of old. Competitor states - China, Russia, Iran, North Korea amongst others - continued to develop and invest in their electronic warfare capabilities ... and now [that] means they have a competitive advantage."

###Further information - uaware

https://securityledger.com/2017/08/analysis-there-is-both-means-and-motive-for-cyber-attacks-on-navy-vessels/

(28th September 2017)



HOW HIDDEN CODE HELPS COPS IDENTIFY DRUG DEALERS AND CHILD PREDATORS ONLINE
(CBC News, dated 26th August 2017 author Matthew Braga)

Full article [Option 1]:

www.cbc.ca/news/technology/hidden-code-ip-address-police-dark-web-investigation-1.4263103

When Dutch police took the notorious Hansa marketplace offline last month, they had a message for the underground site's pseudonymous drug dealers: we know who you are. The question, of course, was how.

Hansa existed on the dark web, and required a special web browser called Tor to access. Tor is designed to protect its users' privacy by keeping the true location of their computers anonymous. And yet, police said they would be able to unmask some of Hansa's users all the same.

On Friday, The Daily Beast appeared to have figured out why. It reported that Dutch police may have uploaded a specially crafted Microsoft Excel spreadsheet to Hansa's site, with hidden code inside designed to phone home to police.

When a user opened the spreadsheet, it would silently connect to a server controlled by police. Investigators would receive their real IP address, and not the anonymous IP address they would otherwise be assigned by Tor. Number in hand, there's a good chance they could get that user's real name and address from their internet service provider.

In many cases, police don't have to go to such lengths. Some criminals unwittingly give up their IP addresses. But the technique likely used against Hansa's users is becoming increasingly necessary as criminals get better at covering their tracks.

###"Designed to avoid suspicion"

There are myriad ways for authorities to get the IP addresses of their targets during criminal investigations. Some, such as the approach used by Calgary Police in a 2012 investigation, are relatively simple.

In that case, Detective Sean Joseph Chartrand of the Calgary Police Service entered a Yahoo chat room posing as an underage girl, court filings show. A man named Michael J. Graff, using a pseudonym, started chatting with Chartrand. Graff sent a series of sexually explicit messages and photos, along with an email address, and invited Chartrand - who he believed was named Ashley - to contact him there.

That was Chartrand's in. He used a now-defunct service called SpyPig to hide a tiny invisible image in an email, and sent it to Graff. When Graff opened the email, his computer retrieved the image from SpyPig's server - and in the process, revealed the IP address of his computer to SpyPig and Calgary Police.

"Det. Chartrand's email using the SpyPig code was specifically designed to avoid suspicion and conceal the SpyPig tracking function," reads a filing from the case.

Kent Teskey, the criminal defence lawyer in the case, was unaware of other cases where similar techniques have been used, as were other privacy lawyers and researchers contacted by CBC News.

###Network investigate techniques

The service used by Calgary Police isn't very sophisticated, nor is it exclusively used by police. Internet marketers, for example, have embedded tiny invisible images inside emails for years to track who opens their emails, at what time, and from where.

But in cases where a carefully crafted email or link may be suspicious or impractical, police have turned to more advanced and covert techniques.

In the Hansa drug market investigation, the tracking code was reportedly hidden inside an Excel file listing recent transactions. Similar code was hidden inside a video that contacted an FBI server when played.

But nothing compares in scope or scale to an FBI investigation in 2015, where the agency installed spyware on over 1,000 computers that accessed a child porn site called Playpen. The FBI refers to its hacking tools as network investigative techniques (NIT).

It's unclear whether police in Canada - who typically decline to comment on operational matters - have deployed similar software here.

(28th September 2017)

DVLA BANS OVER 300 POTENTIALLY OFFENSIVE NUMBER PLATES
(BBC News, dated 25th August 2017)

Full article : www.bbc.co.uk/news/uk-wales-41025969

More than 300 number plates have been banned from use when the 67 vehicle registrations are released next week.

The Driver and Vehicle Licensing Agency (DVLA) has withheld them because they are deemed potentially offensive.

Among those are MU67 DER, BU67 GER, DO67 GER, BA67 ARD, MU67 GER, HU67 WLY and OR67 SAM. Other "words" like AF67 HAN and NE67 ECT also make the list.

A DVLA spokesman said it had a responsibility to ensure plates do not "cause upset or offence".

In June, the Swansea-based agency admitted that a plate JH11 HAD "slipped through the net".

Words which look as if they spell the word jihad among the new plates have also been banned, information supplied under the Freedom of Information Act to BBC Wales has shown.

Also on the list are a range of plates that start with the word NO and end with another complete three-letter word (and the 67 is irrelevant), including NO67 DAD, NO67 FUN, NO67 MUM and NO67 SON.

The spokesman said: "The agency applies a clear policy of withholding potentially offensive registration numbers equally to normal issue series and those made available to purchase from our sales team.

"Such numbers are withheld if they are likely to cause offence or embarrassment to the general population in this country on the grounds of political, racial and religious sensitivities or simply because they are in poor taste when displayed correctly on a number plate."

###Cracking the code?

- To certain eyes, or on some deliberately-designed plates, a 6 can look like a "G" or an "S"
- A 7 can be read as a "T" or even an "L"
- And when put together, the number 67 can be read by some as an "R" - but only if you look really, really hard

(28th September 2017)


DON'T EXPECT POLICE TO COME OUT AFTER A CRIME, IF YOU'RE HEALTHY, MIDDLE-AGED AND SPEAK GOOD ENGLISH
(London Evening Standard, dated 25th August 2017 author Martin Bentham)

Full article [Option 1]:

www.standard.co.uk/news/crime/don-t-expect-police-to-come-out-after-a-crime-if-you-re-healthy-middleaged-and-speak-good-english-a3619956.html

Victims of crime in London could be denied a personal visit from police unless they are judged to be sufficiently "vulnerable", one of Scotland Yard's most senior officers has warned.

Deputy commissioner Craig Mackey said the "absolutely feasible" change would see the Met assessing the level of risk faced by a caller when deciding whether to send officers for a "face to face service".

He said members of the public who might be prioritised in future included people with learning difficulties, the elderly and people who did not speak English as their first language.

Healthy middle-aged men such as himself might miss out. Mr Mackey said burglary victims would "probably always get a service" but that "vehicle crime, those sorts of things" were among the types of offence where police might not attend unless the person affected was vulnerable.

He admitted this was a "difficult area" of policy, but said it could be required to help the force cope with major spending cuts over the coming years.

Speaking to the Standard, Mr Mackey also set out how the Met is striving to prevent officers numbers falling below the landmark 30,000 figure in the face of a projected £400 million drop in funding over the next five years.

Looking ahead to how the force will cope with less money and fewer officers, he said: "That's where you get into some of the difficult areas around do you always offer the same service to everyone? Increasingly, as we go forward we will look at things like trying to assess people and crime on the sort of the threat, the harm, the risk, and people's vulnerability.

"It's absolutely feasible as we go forward that if my neighbour is a vulnerable elderly person who has experienced a particular type of crime, that she gets a face-to-face service that I don't get. So we triage things... we assess people's vulnerability.

"Vulnerability can manifest itself in a number of ways: people with learning difficulties, a whole range of things, some people for whom English isn't a first language. That's about how we get those resources focused on the things you can make a difference with. But also as we go forward, as demand grows, you have to have a way of controlling and triaging."

The deputy commissioner said that it was inevitable that the force would become "smaller", despite rising crime, a growing population and the heightened terror threat.

The scale of the reduction will depend partly on future funding decisions and inflation, which was currently above the assumption in the Met's budget, and the exchange rate, which affects technology purchases. Mr Mackey said a sweeping overhaul of its operations would help to minimise the impact on the public.

This includes a property sell-off which will involve the closure of police stations, safer neighbourhood bases, offices and other sites. The use of technology will also be expanded to enable officers to file crime reports on patrol.

Mr Mackey said: "The Met will get smaller over the next four or five years. We are at 30,700 officers now. Realistically, we will be about 30,000 through most of next year. It's almost impossible to predict beyond that.

"It's about how you maximise what you've got. With buildings, you take running costs out and that equates to keeping more officers. Nothing in this changes when people ring us and say, 'Please, please come'. That 999 service is absolutely not changing.

"The reality is that the core part of the service that there's an emergency, please come quick, is what we all joined policing to do, to protect and to make sure it's the best we can possibly do."

In one scheme in west London, Hammersmith police station will get a £60 million upgrade while five other stations, including Notting Hill and Fulham, close. The plan, which will also pay for the refurbishment of Kensington police station, will save £1.25 million a year in running costs, equivalent to the cost of 27 officers, and provide £55 million in one-off capital receipts.

Similar schemes, which will lead to the closure of more than 250 Met buildings, will generate enough savings to pay for the employment of 1,100 officers a year and help fund the modernisation of remaining buildings. Mr Mackey said each borough would retain at least one police station open 24 hours a day. He said many of the buildings that will be shut currently had no public access - and that many of those which did had a low number of people attending.

(28th September 2017)


SMALL BUSINESSES SHOULD INVEST IN CYBER SECURITY
(The Telegraph, dated 23rd August 2017 author Jow Whitwell)

Full article [Option 1]:

www.telegraph.co.uk/business/open-economy/small-businesses-should-invest-in-cyber-security/

The deluge of cyber-attack stories in the news is becoming commonplace. Recorded cyber crime cost the UK economy £10.9bn in 2015/16; and unreported crime could cost magnitudes more. For small businesses alone, the average cost per attack is around £3,000.

Fortunately, the level of attention criminals are paying to cyber crime is more than matched by those fighting against them. But for SMEs with limited budgets, securing themselves can be a tricky job.

"When it comes to cyber security, a little can go a long way"

The risks remain the same of course: DDoS attacks, ransomware, phishing scams or data dumping can lead to a loss of trust or even fines for data breaches - both of which can close companies for good.

With resources strained, the onus is on small-business leaders to invest shrewdly in technology and staff training, alongside their other responsibilities. But when it comes to cyber security, a little can go a long way.

Define your needs


Using a checklist such as the Government's cyber-essentials questionnaire can help to calibrate your thoughts. It will also highlight ways in which you may have undermined your own security without thinking.

Taking a look around you is essential, too: talk to similar companies and study the way they are being affected. Then take steps to mitigate.

Don't overthink


You are not a hacker; you are not a computer expert; you are a just a regular human. But, there are still simple steps you can take that can make a huge difference ­- as Nik Whitfield, chief executive of cyber-security company Panaseer, explains. "Activate firewalls on computers and access points to the internet," he says.

"Maintain good passwords; activate two-factor authentication for hosted software services; remove unused user accounts; and ensure only administrators have full administrative access to computers."

And importantly: "Run a reputable anti-virus product and ensure it automatically updates on a daily basis."

Update regularly

For the next 24 hours, take note of the update messages you get on your digital devices; your operating systems may be out of date.

"Using yesterday's technology is a great big welcome mat, laid out to invite attackers"Dr Mike Lloyd, CTO, RedSeal

As Dr Mike Lloyd, chief technology officer at cyber-security analytics platform RedSeal, puts it: "Operating systems are more like milk than cheese - they get worse rapidly with age, not better.

"The WannaCry attack is a perfect example of the dangers of an out-of-date operating system. Using yesterday's technology isn't just inefficient; it's a great big welcome mat, laid out to invite attackers."

So, the key message is to update - and soon.

Judge a business by the technology it keeps

In the same way you wouldn't let unscrupulous types enter your house, you need a certain degree of diligence around the technology you allow into your business. Introducing compromised technology to your broader system carries risk.

Consider the next person who wants to charge their phone on-site; they may want to charge that phone from their office laptop, which, because it is connected to the rest of your system, could become a problem. You could consider providing staff with mobiles and computers as standard.

Short of that, every business should build a culture of security awareness. Take the load off management and instil a sense of responsibility in your staff around passwords, software updates and navigating the internet with a degree of scrutiny.

There can be no such thing as security perfection; the landscape changes daily. But with the right technology, the right habits and the right mindset, you can defend against the worst.

(28th September 2017)


POLICE OFFICERS SHOULD BE SACKED IF THEY LACK IT SKILLS, REPORT SUGGESTS
(The Telegraph, dated 23rd August 2017 author Martin Evans)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/08/22/police-officers-should-sacked-lack-skills-report-suggests/

Police chiefs should be allowed to fire officers whose IT skills are not up to scratch, a new report has suggested.

The think tank, Reform, said being able to get rid of staff who were not computer literate, would mean forces would be in better shape to tackle surging levels of cybercrime.

But serving officers have slammed the suggestions, insisting that the police are already well versed at using technology to fight crime of all descriptions.

According to the report, restrictions preventing serving officers from being made redundant, means Chief Constables are currently "hamstrung" when it comes to tailoring their forces to meet the changing face of crime.

The report said: "Senior managers, officers and staff argued that the ability to fire officers without the necessary skills would allow chiefs to get the skill base to meet digital demand and shift culture."

In 2012 a major review of police pay and conditions recommended the introduction of a system of compulsory severance.

But the proposal was not taken forward, meaning officers kept the right to a job for life.

The new study from Reform, published today, (Wed) has called for the issue to be revisited.

Alexander Hitchcock, co-author of the report, said: "Chiefs should have the ability to make officers redundant if officers' roles have changed because of digital crime, and officers have not been able to develop the IT skills to fill these roles.

"But this will be a small minority of officers. We are arguing that forces should give officers every chance to develop IT skills through apps and university partnerships, as well as have the equipment to help them meet digital demand."

He added: "As people live more of their lives online, they need confidence that the police will help them do this securely.

"Bobbies urgently need the technology, skills and confidence to patrol an online beat."

Studies suggest that almost half of all crime is now either dependent on or enabled by technology, with people now 20 times more likely to fall victim to fraud than robbery.

The report also called for the recruitment of 12,000 IT volunteers to help in the fight against cybercrime, and said the government should invest an extra £450 million in police technology.

But the suggestions were not welcomed by rank and file officers.

Simon Kempton, lead on Digital Policing and Cybercrime, for the Police Federation, said: "It is entirely wrong to suggest that the police service has failed to change; indeed no part of either the public or private sector has gone through as much change as policing over the last decade.

"This report shows a lack of understanding of the regulations governing policing which already allow for the dismissal of underperforming officers through clearly defined processes.

"Policing requires a broad base of expertise and to simply dismiss officers who are less conversant with the digital world (rather than giving them proper training) is to treat with absolute contempt those who are prepared to sacrifice everything for the public they serve."

Four common cyber crimes

1 - Phishing - The aim is to trick people into handing over their card details or access to protected systems. Emails are sent out that contain either links or attachments that either take you to a website that looks like your bank's, or installs malware on your system.

A report by Verizon into data breach investigations has shown that 23% of people open phishing emails.

2 - Identity theft - According to fraud protection agency Cifas, the number of victims rose by 31 per cent to 32,058 in the first three months of 2015. Criminals use online 'fraud forums' to buy and sell credit cards, email addresses and passports.

3 - Hacking - In a Verizon study of security breaches there were 285 million data exposures, which works out to about 9 records exposed every second. 26% of these attacks were executed internally within organisations.

It is estimated that 90% of all data records that were used in a crime was a result of hackers employed by organised crime.

4 - Online harrassment - Over half of adolescents and teens have been bullied online, while 73% of adult users have seen someone harassed in some way online and 40% have experienced it.

(28th September 2017)


IDENTITY FRAUD IN THE UK AT EPIDEMIC LEVELS AS CASES RISE 5%
(The Register, dated 23rd August 2017 author Rebecca Hill)

Full article [Option 1]:

www.theregister.co.uk/2017/08/23/identity_fraud_cifas_report/

There were almost 90,000 cases of identify fraud recorded in the first six months of 2017 - 5 per cent higher than the first half of last year, according to data released today.

Fraud prevention firm Cifas, which released the figures, said identity fraud was rising at record levels and now accounts for more than half of all fraud reported by its members.

"We have seen identity fraud attempts increase year on year, now reaching epidemic levels, with identities being stolen at a rate of almost 500 a day," Cifas chief exec Simon Dukes said.

These frauds are "taking place almost exclusively online", he said, with online crime comprising 83 per cent of the total in the most recent figures.

There has also been a shift in the types of product targeted by identity fraudsters this year.

Although plastic cards and bank accounts remain the most common products - with 29,852 and 24,759 reported cases, respectively - these figures represent declines of 12 and 14 per cent.

Meanwhile, there has been a 61 per cent increase in telecoms-related fraud, rising to 9,097, and a 56 per cent increase in online retail, rising to 5,097.

The figures also give an indication of the ages of the fraud victims, although not all cases recorded a date of birth, and some frauds involve an entirely fake identity.

The overall profile of fraud by age group remained the same as in the first half of 2016, with most of the cases in the 31-40 and 41-50 brackets (24 per cent and 23 per cent, respectively).

However, under-21s saw a big increase in identity fraud this year, jumping 50 per cent, from 684 to 1,023 cases in the first half of 2017, compared with 2016.

Glenn Maleary, head of the economic crime division at the City of London police, said the increase in online fraud was "no surprise", adding that increased use of social media allows criminals easier access to a wealth of personal information.

Dukes echoed this statement, noting that the "vast amounts" of data held online - and exposed to breaches - is "only making it easier for the fraudster".

Dukes added: "For smaller and medium-sized businesses in particular, they must focus on educating staff on good cybersecurity behaviours and raise awareness of the social-engineering techniques employed by fraudsters. Relying solely on new fraud prevention technology is not enough."

CIFAS article : www.cifas.org.uk/newsroom/identity-fraud-soars-to-new-levels

(28th September 2017)


WHAT SHOULD YOU DO IF YOU ARE BITTEN BY A TICK ?
(The Guardian, dated 22nd August 2017 author Moya Sarner)

Full articles and Photographs [Option 1]:

www.theguardian.com/lifeandstyle/2017/aug/22/bitten-tick-prevention-symptoms-treatment-lyme-disease

The tricky thing is knowing if you have been bitten by a tick. They are hard to find and can be very small when they first attach because they're not full of blood," says Professor James Logan, head of the department of disease control at the London School of Hygiene and Tropical Medicine. There are three sizes of tick, and they all feed on blood: the larvae are tiny, the nymphs are about the size of a poppy seed and are most likely to transmit Lyme disease, while the adults reach the size of a pea when they are full of blood. "If you are out somewhere where there are likely to be ticks - particularly moorland, but anywhere where there are deer - you need to be checking yourself and your kids every hour or so, and especially when you get home. Even Richmond Park in London has ticks with Lyme disease," he advises. Organisations such as Lyme Disease Action and Public Health England have information on where there is a known prevalence of Lyme disease, such as Dartmoor, Exmoor, the Scottish Highlands and some national parks, but, warns Logan: "Technically it could happen anywhere."

Once you find a tick, the key is to remove it as quickly as possible. Use specially made very fine tweezers - "Not the kind you pluck your eyebrows with, those are too big," says Logan - or you can buy claw-shaped tick-removal tools in pharmacies, outdoor pursuit shops and online. If using tweezers, pull the tick directly upwards - do not twist it - and grab it as close to the skin as possible, to ensure you remove the head and mouth. "When the tick bites you, it injects saliva and a kind of cement into your skin, which means it clings on very tightly - if you pull the body, the head will snap off, stay in the skin and you could become infected," warns Logan. If you use the claw-shaped tool, twisting helps to remove the tick. "I carry a tick-removal tool whenever I go on a walk in the countryside," he says.

The next step is to keep an eye on the bite. "In the majority of people, it will disappear, and there will be no consequences," says Logan. But half of those who do get Lyme disease go on to develop what's known as erythema migrans, a bull's eye-shaped rash that looks like a red spot surrounded by normal skin, then a red circle that starts to expand. "If you have that after a tick bite, you probably have Lyme disease," he says - but if you don't see the mark, it doesn't mean you don't have Lyme. It could take a few days, weeks or months to show, and you might also develop flu-like symptoms: feeling tired with achy joints. "If any of those things occur after the bite, then it's worth going to see your GP. The key is to tell them about the tick and where you've been, so they can make their assessment as to whether it's likely to be Lyme disease," says Logan. If it is, they'll prescribe a course of antibiotics, which should clear up the infection. "The consensus is it's not a good idea to take antibiotics 'just in case' - there has to be some evidence that you're ill or have a very high chance of having contracted Lyme disease," he explains.

Some people with Lyme disease describe getting short shrift from their GP, so what should you do if you don't feel you've been taken seriously? Logan says: "Some GPs are very well informed - such as in the Scottish Highlands, where they regularly see people with tick bites - whereas a GP in a city centre is much less likely to see people with tick bites or Lyme disease very often." If you want a second opinion, you can ask to be referred to another GP, and go to the Hospital for Tropical Diseases, where there are specialists. "What I don't recommend is going online and finding a lab that offers to test for Lyme disease - you have no idea if that lab is accredited, and it could give you a fake result." Lyme Disease Action also offers advice, and the website bug-off.org has information about how to protect yourself from ticks.

(28th September 2017)


NEW LAW TO BAN COLD CALLERS FROM TARGETING PENSION CASH
(The Telegraph, dated 20th August 2017 author Ben Riley-Smith)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/08/19/new-law-ban-cold-callers-targeting-pension-cash/

Cold callers who con elderly Britons out of their private pensions will be fined up to £500,000, ministers have announced as they unveiled an outright ban on the practice.

Fraudsters will also be barred from contacting prospective customers by emails or texts as the Government vows to better protect "vulnerable" pensioners.

The crackdown is designed to end the 250 million cold calls made every year aimed at convincing people to move their pensions savings into fake trusts.

The scams often involve encouraging people to invest in foreign property or wine collections with the lure of higher yearly returns - only for the money to be stolen once transferred.

The crackdown comes after the Telegraph repeatedly exposed the scale of cold calling in Britain and the impact it can have on families and businesses.

Speaking to this newspaper, Guy Opperman, the pensions minister, said the suffering of those caught up in the scams had convinced the Government to act.

"For some people, their private pension is their biggest asset. The loss of that asset is a catastrophic situation," Mr Opperman said.

"The Government believes these changes will provide proper protection for hard-working pensioners who have saved all their lives and want to know we are standing up and protecting them.

"We want to ensure there is no exploitation of the vulnerable or the elderly, because there is some evidence this has happened in the past. We want it to stop."

An estimated eight cold calls are made every second in Britain targeting private pensions - the equivalent of 250 million calls a year.

New figures show people have been conned out of £43 million by pension scammers in the last three years, with the average victim losing £15,000.

Repeated Tory governments have vowed to tackle the problem and hopes were raised of an outright ban when a consultation was announced last year.

There were fears the policy has been ditched when it was not mentioned in the recent Queen's Speech, which lays out what laws the Government wants to bring forward.

However ministers today announce two major changes. The first is an official ban on cold calls targeting private pensions, including text messages and emails.

It will be enforced by the Information Commissioner's Office, with fines of up to £500,000 for those caught breaking the rules.

Businesses will only be exempt from the ban if the individual concerned has expressly requested information or has an existing relationship with the company.

The second change will stop people from transferring their private pensions pots into so-called "dormant" companies, which are not actually investing any money.

Stephen Barclay, the Economic Secretary to the Treasury, said: "It's utterly unacceptable that people who have worked all their lives to build up a pensionpot should be subject to scams which may leave them out of pocket.

"Pensions are often the most valuable asset a person has upon reaching retirement - and that's why we are determined to crack down on scammers and protect our hardworking savers."

This newspaper has repeatedly reported on the blight of cold calling in Britain today, especially revealing those people behind the companies that making vast profits from the enterprise.

Much of the problem is fuelled by technology that can help fraudsters carry out vast numbers of calls automatically, using recorded messages instead of genuine human interaction.

Legislation will be needed to make the changes, with Government sources indicating that it is unlikely they will get on the statute book before Christmas.

Instead it is hoped the ban can come into law in early 2018, once key pieces of Brexit legislation have been passed or made sufficient progress in Parliament.

(28th September 2017)


THINK TWICE, LOOK TWICE AT PEOPLE RENTING VANS
(The Times, dated 20th August 2017 author Mark Hookham and Caroline Wheeler)

Full article [Option 1] :

www.thetimes.co.uk/article/look-twice-at-people-renting-vans-dpb75g3hm

Van hire companies could be forced to share their customers' details with the government so they can be checked against databases of terrorist suspects, it emerged this weekend.

Anti-terror police and government officials have met the vehicle rental firms to discuss how to share data that could indicate people who were trying to hire vehicles to carry out attacks.

The use of a van to mow down pedestrians in Las Ramblas in Barcelona last week is the latest example of an increasingly common tactic.

In June attackers used a Hertz rental van to attack people walking over London Bridge, while just over two weeks later a rented van was driven into a group of people outside a mosque in Finsbury Park, north London.

Toby Poston, director of communications at the BVRLA, the trade body for vehicle rental businesses, said the organisation had met polic and government representatives about sharing information. "They [rental firms] are not going to get a copy of the counter terrorism watchlist, but if we can have some way of cross-referencing reservations systems .... then it gives us a bit more forward warning and the ability for the police to analyse that and use their intelligence to monitor people," he added. Officials are believed to be looking at how firms can share credit card and customer identification information without breaching data protection laws and whether new legislation is needed.

More than 4.6 van rentals take place each year.

Ben Wallace, the security minister, appealed yesterday for car hire rental staff to "think twice, look twice at those driving licences" and to call the government's anti-terrorist hotline if they have suspicions.

(28th September 2017)



SUPERMARKET X COULD HAVE INFECTED THOUSANDS WITH PIG VIRUS

(The Telegraph, dated 20th August 2017 author Francesca Marshall)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/08/20/supermarket-x-could-have-infected-thousands-pig-virus/

Thousands of people may have been put at risk of contracting Hepatitis E from pork products sold at a leading supermarket.

The virus, which can cause liver cirrhosis and neurological damage, could have infected up to 200,000 people in the UK each year from 2014 to 2014, according to a Public Health England (PHE) report.

By tracing the habits of those infected, the study concluded that only "Supermarket X" was significantly associated with Hepatitis E (HEV), in particular own brand sausages. Only pork products from Europe, mainly Holland and Germany, and not the UK carry the strain.

Both PHE and the Food Standards Agency (FSA) have declined to name the supermarket in question.

A spokesman from PHE said: "We clearly state in the paper that the association with the supermarket does not infer any blame.

"If it was thought there was an immediate public health threat or available preventative measures, we would have taken action."

However, sources told the Sunday Times that the supermarket involved was Tesco. When questioned by The Daily Telegraph, the supermarket giant said it would not be able to comment on the allegations specifically.

A spokeswoman for the retailer added: "We work very closely with the FSA and PHE to make sure customers can be confident in the safety and quality of the food they buy.

"This particular research was carried out six years ago on a small number of people, and although it provided no direct link between specific products and hepatitis E we always take care to review research findings such as this.

"Food quality is really important to us and we have in place an expert team to ensure the highest possible standards at every stage of our supply chain, as well as providing clear information to customers on how to handle and cook pork in the home to minimise the risk of hepatitis E."

The FSA said that they were aware of the findings and "reviewing all aspects of hepatitis E" with other government departments and industry.

(28th September 2017)

POLICE BEEF UP DARK NET OPS TO HEAD OFF VIGILANTES
(The Times, dated 20th August 2017 author James Gillespie)
www.thetimes.co.uk [Option 1]

A new team of undercover police officers will seek to track and trap paedophiles grooming children online in a £20m initiative which is also aimed at curbing the activities of vigilantes.

A 12 month pilot scheme in Norfolk led to 43 arrests and will now be launched across the country.

Senior officers have made it clear that they do not appreciate vigilantes who go online and pretend to be children before arranging to meet and then "arrest" suspected paedophiles.

Dark Justice, a prominent vigilante group, said the police move would not deter them. "The government have had the time to tackle this epidemic for a long time but simply haven't," a spokesman said.

"It has been proven that no more than 30 officers are on line at any one time tackling this problem throughout the whole country, so the public have started chipping in where they can and we are highly passionate about what we are doing to tackle this problem head-on.

" Due to the government cuts the police have become reactive not proactive like ourselves. The only way to tackle this problem is by doing it head-on and not beating around the bush".

Simon Bailey, the Norfolk chief constable and National Police Chiefs Council lead for child protection, said: "This increase in our undercover capability will send a clear message to so-called paedophile hunters: if you have information about child abuse, tell the police. Don't try to take it into your own hands, you could undermine police investigations creating more risk for the children we all want to protect.

"They [paedophile hunters] are taking risks they don't understand and can undermine police investigations.

"There is also the risk of wrongly accusing someone; if someone is wrongly accused of being a paedophile in a hugely public way that makes people who live with them, live near them or work with them assume they have committed the offence.

"The temptation to kill themselves may be just as great even if they are innocent; that is an appalling consequence to contemplate.

"Revealing the identity of suspected paedophiles gives the suspect the opportunity to destroy evidence before the police can investigate them .... and thse people have no way of safeguarding child victims."

A trial in Cardiff collapsed this month when a judge ruled that the evidence given by self-appointed paedophile hunter David Poole, 38, was "at best inaccurate and at worst a lie".

Bailey said the police were arresting more than 400 suspected offenders and safeguarding over 500 children each month.

(28th September 2017)



CALLS TO UK's MODERN SLAVERY HOTLINE DOUBLE IN A WEEK
(The Guardian, dated 18th August 2017 author Sarah Marsh)

Full article [Option 1]:

www.theguardian.com/uk-news/2017/aug/18/calls-uk-modern-slavery-hotline-double-week-national-crime-agency

The number of calls to the modern slavery hotline has doubled in a week after the National Crime Agency's report on the "shocking" scale of the problem.

The helpline, for people to report suspicions of modern slavery, received 150 calls in seven days this week, up from a weekly average of 75.

The surge came after the agency said modern slavery and human trafficking were far more prevalent than law enforcement had previously thought.

In a recent crackdown, the NCA said it had lifted the lid on the "shocking" scale of the crime, with potentially tens of thousands of victims in the UK.

Justine Currell, executive director of Unseen, an anti-slavery and anti-trafficking charity, said the warning had prompted a sharp rise in calls to them.

People were reporting workers at car washes, in construction and nail bars, she said. These workers often received low pay and endured poor living conditions. "[The calls] are still coming in thick and fast, we refer them to the police whenever we can," Currell said.

"Some say they got their car washed in the village and the people doing it looked worn down but they will not tell you where it is … we cannot do anything with that information but we leave it on file and if they contact again then we can add to what we know,.


"Quite often there will be no indicator, someone might just have a bit of a feeling, but we cannot refer 'a feeling' on to the police. Normally we have to work with the person calling and identify if the concerning factors indicate modern slavery."

Caroline Young, deputy director for vulnerabilities at the NCA, said the agency was pleased with the response.

She said: "We launched the campaign because we think the public have an awful lot to offer in terms of assisting us and being able to spot … something peculiar and different going on."

Unseen said since it started operating its helpline last October there had been a steady rise in calls, from 40 a week to about 70-75.

Aidan McQuade, director of Anti-Slavery International, said the growing call numbers suggested the NCA work was helping to raise awareness, which was a "positive step forward".

However, he noted that a key concern was whether there was "appropriate capacity in policing to deal with required level of investigation needed to get a grip in this issue in the country".

McQuade said: "It's important to understand that [this problem] does not emerge in a vacuum - it's not just evil people enslaving vulnerable people it's unscrupulous people taking advantage of gaps in the law and policy or implementation of the law and policy.

"So we do tend to see slavery occurring in uninspected places ... places that are not being inspected by the police and by labour inspectors … places where there are un-unionised work forces."

Young said: "[The police] have got lots of things to deal with … it's part of everyday working life, juggling those priorities but looking after those who report modern slavery is part of their core responsibilities."

Currell said tackling modern slavery was a postcode lottery: "The police are mainly doing their best and there are pockets of good practice as with anything … it can be a postcode lottery but … they are trying to deal with it in way that recognises how complex and hidden it is.

"If you look at places like Greater Manchester police or West Yorkshire and the Met, they have all got trafficking teams and have the resources … they have a single point of contact and have the capability to do that rather than provincial forces who will struggle and not have a bespoke team focused on that particular crime area."

(28th September 2017)


WHERE ARE ALL THE BOBBIES ON THE BEAT ?

(The Telegraph, dated 16th August 2017 author Telegraph Reporters)

Full Article [Option 1]:

www.telegraph.co.uk/news/2017/08/16/bobbies-beat-plummet-public-say-number-people-believe-police/

The number of bobbies on the beat has plummeted, according to the public, as statistics showed the number of people who believe police are "highly visible" in their community has fallen by almost half.

Just one in five (22 per cent) people said they feel officers are highly visible, according to the latest Crime Survey for England and Wales, which looks at the period from April last year to March this year.

This compared with 39 per cent in April 2010 to March 2011, while the percentage of the public who said they "never" see police foot patrols has risen by more than half, from 25 per cent to 39 per cent.

It follows a survey last year, which found that one in three people in England and Wales has not seen a bobby on the beat in their local area in the past year.

The poll carried out for police watchdog HM Inspector of Constabulary (HMIC) found 36 per cent of people had not seen a police officer or PCSO on foot in their areas in the past year - while just under a quarter (23 per cent ) had seen uniformed personnel "once or twice".

The watchdog warned of the "erosion" of neighbourhood policing as police forces are forced to make further financial cuts.

Labour's Shadow Policing Minister Louise Haigh said: "Bobbies on the beat don't just reassure the public they collect vital community intelligence and help to keep us safe. Savage cuts mean this tried and tested bedrock of British policing is being chipped away as police withdraw from neighbourhood policing altogether.

"Police visibility has rarely been lower and the blame lies squarely at the Government's door.

"The Tories shamefully accused the police of crying wolf over police cuts, but now the public are seeing the brutal reality; crime rising and fewer officers on hand to keep them safe."

(28th September 2017)


SPIKE IN THE NUMBER OF CAT THEFTS AROUND THE UK
(International Business Times, dated 16th August 2017 author James Tennent)

Full article [Option 1]:

www.ibtimes.co.uk/pussy-pilfering-spike-number-cat-thefts-around-uk-1635337

A new study from pet insuarnce providers Direct Line has shown a marked rise in the number of cats being stolen around the UK - one figure suggesting the increase has been as high as 40% in the last three years.

The data also shows another shocking statistic for pet lovers around the country. According to data from UK police forces, only 18% of the stolen cats are ever recovered.

In 2016, the research said that 261 cats were stolen around the UK - an increase on 2014 when just 181 cats were thought stolen. Other research highlighted by the company said that the number of cat thefts could in fact be higher, with as many as 360,000 adults believing that a cat in their care was stolen during the past year.

As some pedigree kittens can fetch a large price, the breed of cat seems to matter when analysing cat theft data - though whether there's enough of it is another question. Many police forces do not record the breed of cat involved in thefts though many more do record dog breed.

From the data available, Bengal cats seem to be the most sought after. Bengals are larger than normal domestic cats and have leopard-like markings from being bred to resemble big cats in wild.

Where you live could matter too, with most of the recorded thefts occurring in London, followed by Kent.

Prit Powar, Head of Pet Insurance at Direct Line, said: "If an owner believes their cat is missing, they should first check the immediate vicinity such as in neighbouring gardens or garages as well as asking local people if they have seen it."

Failing that, owners should contact a local animal warden, Powar said, and make sure to keep animals microchipped with the information up to date.

(28th September 2017)


SERIOUS FRAUD OFFICE EARNS TAXPAYERS £517 MILLION IN 12 MONTHS
(London Evening Standard, dated 16th August 2017 author Martin Bentham)

Full article [Option 1]:

www.standard.co.uk/news/crime/revealed-serious-fraud-office-earns-taxpayers-517-million-a3612926.html

The Serious Fraud Office earned taxpayers more than £1 million for each of its employees last year after a record run of success, figures have revealed.

The statistics show that £516.8 million was paid into Treasury coffers by the SFO during the 12 months up to the end of the financial year in early April.

That equates to just over £1 million for each of its 500 staff. This year's revenue also equates to more than the SFO's total running costs of £473 million for the past decade and means that it has become one of the Government's most successful earners.

The figures, drawn from an analysis of data in the SFO's annual reports, will heighten the debate about the organisation's future and bolster arguments in favour of its survival. Theresa May had said in the Tory election manifesto that she wanted to abolish it as a separate organisation and hand its functions to the National Crime Agency.

However, senior Conservative MPs, including the former attorney general Dominic Grieve and the chairman of the Commons Justice Select Committee, Bob Neill, have voiced opposition. There was no mention of the idea in the Queen's Speech this summer.

Most of the money earned by the SFO during the past financial year came in a "deferred prosecution agreement" struck with Rolls-Royce in January. The deal, under which Rolls-Royce agreed to pay £497.25 million, followed a four-year investigation into corruption and bribery involving the company in Indonesia, Thailand, India, Russia, Nigeria, China and Malaysia over 30 years.

The earnings last year compare favourably with the £54.6 million cost of running the SFO for the 12-month period. The £516.8 million total also outstrips the £473.2 million operating bill for the organisation over the past 10 years.

In its annual report, the SFO said it had "remained sharply focused on reducing the harm caused by high-level economic crime and preserving the reputation of the UK as a safe place to do business... we remain uniquely well-placed to investigate and prosecute the top-tier of serious and complex economic crime and our operating model underpins our success".

This year's figure of £516.8 million does not include money recovered by the SFO from confiscation orders imposed upon convicted fraudsters.

Nor does it include the £129 million fine paid by Tesco under the terms of another deferred prosecution agreement agreed in April over allegations of false accounting by the retailer. That income will be included in next year's SFO accounts.

(28th September 2017)

FATAL DOG ATTACKS RISE AFTER BAN ON DANGEROUS BREEDS
(The Times, dated 15th August 2017 author Ben Webster)
thetimes.co.uk [Option 1]

The number of people killed by dog bites has almost tripled since the introduction of the Dangerous Dogs Act in 1991, prompting campaigners to call for a change in the law to target behaviour rather than breed.

In the ten years before the act, 11 people were killed, but in the 26 years since there have been 73 deaths - an average of 2.8 a year compared with 1.1 - according to figures from Born Innocent, which wants the act reformed. It said that by focusing on banning specific breeds the act was misleading people into thinking that other dogs were safe and diverting attention from irresponsible owners of any type of dog.

The act bans four breeds : the pitbull terrier, the Tosa and the Brazilian and Argentine mastiffs.

In Calgary there are no ban on breeds but owners are fined C$250 (£150) for not having a licence and up to C$10,000 if their dog attacks someone. The number of bites reported has halved.

Shaila Bux, of Born Innocent, said: " if we go by statistics then current legislation has failed in every area that it was set to tackle. We are at a crossroads with the Dangerous Dog Act in its current format : politicians must be brave enough to admit that the act has failed and implement laws that will reduce dog bites whilst not punishing dogs based on how they look. The law should target irresponsible owners and their dog's behaviour.

She said that figures showed that more people died from bee or wasp stings or being attacked by cows and pigs. There were ten deaths from dog bites in the three years from 2013 to 2015, compared with 14 from stinging insects and 27 by pigs, cows and other mammals.

The RSPCA has also called for the act to be reformed and last year published NHS data showing that hospital admissions after dog bites had risen by 76 percent in a decade in England, from 4,110 in 2004-05 to 7,227 in 2014-15.

Samantha Gaines, the RSPCA's do welfare expert, said" Other countries have moved away from a breed specific approach and have achieved a reduction in dog bites through education and fostering responsible dog ownership."

The Department for Environment and Rural Affairs said: " Prohibiting certain types of dog...is crucial to help deal with the heightened risk they pose. However, any dog can become dangerous if it is kept by irresponsible owners in the wrong environment, which is why the act covers any type of dog that is dangerously out of control."

(28th September 2017)



CITY OF LONDON POLICE CAN'T SHARE BODYCAM FOOTAGE WITH PROSECUTORS
(London Evening Standard, dated 15th August 2017 author Justin Davenport)

Full article [Option 1]:

www.standard.co.uk/news/crime/computer-says-no-met-police-cant-share-bodycam-footage-with-prosecutors-because-of-difference-in-it-a3611976.html

Police in the City of London are unable to share footage from body cameras directly with prosecutors because of differences in computer software systems, it was revealed today.

Instead, police have to transfer footage onto DVDs which are then hand-delivered to the Crown Prosecution Service.

The City of London force is one of several across the UK which cannot download video to the CPS, it has emerged. Only the Met is able to share footage digitally with prosecutors, with officers now routinely submitting more than 3,000 clips a month.

The 700-strong City force, which patrols the Square Mile, is rolling out body-worn cameras to all its front-line officers and launched a trial of the system early last year.

Researchers from the London Metropolitan University were employed to examine the effectiveness of the cameras and look at officers' attitudes to the new technology.

The study, released today, found that a big majority, 83 per cent of 149 officers questioned, welcomed the introduction of cameras but several highlighted frustration that they could not share footage with the CPS.

One officer remarked: "The only thing we weren't taught, which still hasn't gone live yet, is how we send data to CPS."

The report by two criminologists headed by Dr James Morgan from the London Met said the failure to synchronise the systems inhibited "successful policing outcomes".

Researchers found that the cameras had not led to more efficient justice in the City, with figures showing only a slight increase in the number of guilty pleas submitted following their introduction.

The study suggested that because technology was not available to send footage to the CPS, the evidence was not routinely available in court. A City police spokesman said: "This is a national issue which affects a number of forces and is currently being addressed, and a system is currently being developed to allow the direct transfer of footage."

Digital policing chief constable Andy Marsh said forces were working on ways to share footage wirelessly.

In other findings the London Met university study recorded that the number of complaints from the public about incivility or oppressive conduct halved during the trial period, though the numbers were small - down from 11 and 10 in 2014 and 2015 to five during the trial period in 2016. All but one of those five complaints were dismissed.

Some officers said having a camera had a calming effect on confrontational situations and backed up their evidence, debunking malicious complaints.

Some said the cameras were also useful in prosecuting minor crimes such as motorists or cyclists breaking red lights when in the past it was often one person's word against another's.

One officer said: "We have all had trouble in proving that someone is drunk, violent, or abusive.

"That is usually what we deal with on Friday, Saturday, Thursday, Wednesday nights even ... with the body camera it will be good to have the footage to back up what I'm saying."

Dr Morgan said: "There have been assumptions about cop culture which see the police as resistant to change but we found a group of officers who very much wanted to have their side of the story told."

(28th September 2017)

BODY CAMERAS FOR POLICE HAVE LITTLE IMPACT ON CRIME
(The Times, dated 15th August 2017 author Fiona Hamilton)
www.thetimes.co.uk [Option 1]

Police forces have spent nearly £23 million on body cameras even though trials have raised questions about their effectiveness and suggested that they do little to reduce crime, according to a report published today.

Big Brother Watch, the civil liberties and privacy organisation, found that 32 of the 45 police forces in the UK had adopted body cameras but that forces were unable to say how often the footage had been used in the courts. Nearly 48,000 cameras have been purchased for use by officers, the group said.

Yesterday the Metropolitan Police announced that armed officers would wear head-mounted cameras for the first time to increase transparency.

Senior police across the country have justified the increasingly widespread use of the technology on the grounds that it helps relations with the public, reduces assaults on officers and improves prosecution rates because the footage provides better evidence.

However, Big Brother Watch found a series of studies cast doubts on what impact the technology had on crime.

An evaluation by North Wales police said it had seen "no increase in detection rates" and that " the current effect of (body worn video) on complaint volumes appears to be very marginal."

A report for Durham Constabulary said it was "unlikely any impact could actually be attributed to body cameras" in regard to a reduction in crime figure.

A Metropolitan Police trial, covering the use of 500 cameras by 814 officers found no overall impact on the number of stop and searches carried out, no effect on the proportion of arrests for violent crime and no evidence
that the cameras had changed the way officers dealt with either victims or suspects.

The three largest forces in the country - the Met, Greater Manchester police and West Midlands police - use cameras that do not feature a front facing screen to make it clear to a citizen that they are being filmed. All cameras show a blinking light when recording.

Using freedom of information requests, Big Brother Watch found that 71 percent of forces had adopted cameras at a total cost of £22.7 million.

Renate Samson, chief executive of the group, said: "Police trials of the technology have proven inconclusive. If the future of policing is to arm all officers with wearable surveillance, the value of the technology must be proven and not just assumed. It is not enough to tell the public they are essential policing tools if the benefits cannot be shown."

Andy Marsh, National Police Chiefs Council lead on body worn video, said: " that they were evaluating its effectiveness and benefits to forces and the public. He said: " Video captured is fully admissible and increasingly used as evidence in court. Ongoing trials and accademic research indicate that the use of body worn video can reduce complaints and help to bring about quicker fairer justice."

(28th September 2017)



IF YOU'VE USED HOTEL WIFI RECENTLY, YOU SHOULD PROBABLY WORRY

(Metro, dated 14th August 2017 author Rob Waugh)

Full article [Option 1]:

http://metro.co.uk/2017/08/14/if-youve-used-hotel-wi-fi-recently-you-should-probably-worry-6850437/

If you've logged in to hotel Wi-Fi on the continent recently, you might want to change your passwords, experts have warned.

Hardcore hackers with suspected links to Russian intelligence have been targeting travellers in Europe, breaking into laptops to steal passwords.

Hotel Wi-Fi is notorious for putting users at risk - and hackers are believed to have used malware to 'sniff' passwords from users in top European hotels.

Guests in eight countries, researchers at security firm FireEye said on Friday.

The espionage group, dubbed APT 28, sought to steal password credentials from Western government and business travellers using hotel wi-fi networks, in order then to infect their organisational networks back home, FireEye said in a report.

The wave of attacks during the first week of July targeted travellers who were staying in several hotel chains in at least seven countries in Europe and one in the Middle East, it said.

Several governments and security research firms have linked APT 28 to the GRU, Russia's military intelligence directorate.

Moscow vehemently denies the accusations.

In the July attacks, FireEye found spear-phishing emails were used to trick hotel employees to download an infected hotel reservation document, which then installed GAMEFISH malware run remotely from internet sites known to be controlled by APT 28.

(28th September 2017)

FARMYARDS ARE BEING TURNED INTO FORTRESSES TO WARD OF BRAZEN THIEVES AMID SURGE IN CRIME IN RURAL AREAS
(The Telegraph, dated 14th August 2017 author Telegraph reporters)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/08/14/farmyards-turned-fortresses-ward-brazen-thieves-amid-crime-surge/

Farmyards are being turned into fortresses to ward off "brazen thieves" amid a surge in crime in rural areas, figures show.

Insurance claims for rural crime have risen by more than 20 per cent in the six months to June, with insurers warning that emboldened criminals are forcing farmers to take extraordinary steps to protect their property - including the installation of tracking devices on their tractors.

Publishing its annual report on rural crime across the UK, NFU Mutual said that the surge contrasted with a £40m decline in claims last year, adding that the trend was "deeply worrying".

Commenting on the figures, Tim Price, a rural affairs specialist at the firm, said: "While the fall in rural theft in 2016 is welcome news, the sharp rise in the first half of 2017 is deeply worrying.

"Countryside criminals are becoming more brazen and farmers are now having to continually increase security and adopt new ways of protecting their equipment.

"In some parts of the country, farmers are having to turn their farmyards into fortresses to protect themselves from repeated thieves who are targeting quads, tractors and power tools."

Last year England bore the brunt of the criminal activity in rural areas, with total claims totalling just under £34m. Claims in Northern Ireland amounted to £2.5m, whilst those made in Wales came to £1.3m.

Farmers tools and specialist equipment were the most common items targeted, whilst more than £2m worth of quad bikes were stolen during the same period.

However, the costs of illegal cattle and livestock rustling continue to fall, down to £2.2m.

(28th September 2017)


DRUNK AIR PASSENGER ARRESTS UP 50%
(BBC News, dated 14th August 2017)

Full article : www.bbc.co.uk/news/uk-40877229

Arrests of passengers suspected of being drunk at UK airports and on flights have risen by 50% in a year, a BBC Panorama investigation suggests.

A total of 387 people were arrested between February 2016 and February 2017 - up from 255 the previous year.

Meanwhile, more than half of cabin crew who responded to a survey said they had witnessed disruptive drunken passenger behaviour at UK airports.

The Home Office is "considering" calls for tougher rules on alcohol.

The arrest figures obtained by Panorama came from 18 out of the 20 police forces with a major airport in their area.

Trade body Airlines UK said it should be made illegal for people to drink their own alcohol on board a plane.

'Barmaids in the sky'


A total of 19,000 of the Unite union's cabin crew members were surveyed and 4,000 responded, with one in five saying they had suffered physical abuse.

A former cabin crew manager with Virgin, Ally Murphy, quit her job last October after 14 years and told Panorama: "People just see us as barmaids in the sky.

"They would touch your breasts, or they'd touch your bum or your legs. I've had hands going up my skirt before."

In July 2016 the aviation industry introduced a voluntary code of conduct on disruptive passengers, which most of the big airlines and airports signed up to.

The code's advice included asking retailers to warn passengers not to consume duty-free purchases on the plane, while staff are also asked not to sell alcohol to passengers who appear drunk.

Panorama found more than a quarter of cabin crew surveyed were unaware of the code of practice and, of those who had heard of it, only 23% thought it was working.

One anonymous crew member told Panorama: "The code of conduct isn't working… We're seeing these incidents on a daily, a weekly, a monthly basis. It's the alcohol mainly in the duty free that is the significant problem."

Alcohol in the air


- Entering an aircraft when drunk or being drunk on an aircraft is a criminal offence, with a maximum sentence of two years' imprisonment

- Licensing laws which prevent the sale of alcohol outside permitted hours do not apply to airside sales of alcohol at UK international airports. Bars can remain open to serve passengers on the earliest and latest flights - from 04:00 in some cases

- About 270m passengers passed through UK airports last year* and travellers spend an estimated £300m on alcohol at UK airports each year - around a fifth of total retail sales of £1.5bn**

- The Civil Aviation Authority reported a 600% increase in disruptive passenger incidents in the UK between 2012 and 2016 with "most involving alcohol". They say the increase is partly down to improved reporting of incidents

Sources: Airlines UK* and UK Travel Retail Forum**

Manchester Airport is one of the signatories but when Panorama's undercover reporter asked at World Duty Free whether she could open alcohol bought at a duty-free shop to consume on the plane, she was told "officially probably not, unofficially I think you'll get away with it". Another shop in the airport did give the right advice.

World Duty Free said it was committed to dealing with the issue and that it displays "clear advisory notices at till points, on till receipts and on carrier bags that remind customers that alcohol purchases cannot be opened until their final destination is reached".

Airlines UK, which represents carriers such as Virgin, British Airways and EasyJet, wants the government to amend the law to make consumption of a passenger's own alcohol on board an aircraft a criminal offence.

'There for one reason'


Airlines can limit the amount of alcohol sold to passengers on board flights.

Low-cost airline Jet2 has already banned alcohol sales on flights before 08:00 and managing director Phil Ward agreed further action was needed.

"I think they [airports] could do more. I think the retailers could do more as well.

"Two litre steins of beer in bars, mixes and miniatures in duty free shops, which can only be there for one reason - you know, they're items that are not sold on the high street.

"We can't allow it not to change."

A House of Lords committee report earlier this year called for tougher rules on the sale of alcohol at airports.

Committee chair Baroness McIntosh of Pickering said: "We didn't hear one shred of evidence to show the voluntary code was either working now or had any possible vestige of success in working any time soon."

The Home Office said it was considering the report's recommendations, which include revoking the airports' exemption from the Licensing Act, "and will respond in due course".

Karen Dee, chief executive of the Airport Operators Association, said: "I don't accept that the airports don't sell alcohol responsibly. The sale of alcohol per se is not a problem. It's the misuse of it and drinking to excess and then behaving badly."

She said they were working with retailers and staff to make sure they understand the rules.

(28th September 2017)



ARMED MET POLICE OFFICERS TO WEAR HEAD-MOUNTED CAMERAS
(BBC News, dated 14th August 2017)

Full article : www.bbc.co.uk/news/uk-40920095

Armed officers are to be issued with head-mounted cameras in a effort to provide "greater transparency" in police shootings, the Met Police says.

The Met - the UK's largest police force - said officers in its armed response units will have cameras fitted to baseball caps and ballistic helmets.

It will give "a documented and accurate account" of situations, the Met added.

Armed officers had trialled body-mounted cameras, but in 2015 they were criticised as "unfit-for-purpose".

Their introduction followed criticisms of the Met over the death of Mark Duggan, who was shot by armed officers in August 2011, sparking riots across England.

However, the force said it was still examining how cameras could be used in such undercover operations.

'World's largest rollout'


The new cameras will be worn by officers who carry an "overt" firearm.

The police watchdog, the Independent Police Complaints Commission (IPCC), said during the trial the positioning of the cameras on officers' bodies had obscured and impacted on the the quality of some footage.

The Met says it has decided that because of the way armed police operate, head cameras are a better option.

The firearms command will receive around 1,000 cameras, the force added, saying it was part of "the largest rollout of body worn cameras by police in the world".

'Greater transparency'

Commander Matt Twist said armed officers "very much welcome" the cameras.

"It provides a documented and accurate account of the threats officers face and the split second decisions they make," he said.

"The cameras also offer greater transparency for those in front of the camera as well as those behind it."

Body-mounted cameras have already been issued to frontline officers in 30 of the 32 London boroughs, as well as to officers from the roads and transport units, the territorial support group and the dog unit.

The deployment of 22,000 cameras, which do not permanently record, is anticipated to be complete by the end of October, the force added.

The Mayor of London, Sadiq Khan, said cameras were "a huge step forward in bringing our capital's police force into the 21st century and building trust and confidence in the city's policing".

(28th September 2017)


HOW CLOSE IS JAPANESE KNOTWEED GETTING TO MY HOME ?
(BBC News, dated 11th August 2017 author Brian Milligan)

Full article : www.bbc.co.uk/news/business-40899108

Two centuries ago, when Victorian engineers were designing the latest in transport technology, Japanese knotweed sounded like a very clever idea.

A plant that typically colonised volcanoes in Japan was imported to Britain to help hide, or possibly even stabilise, railway embankments.

Since then its spread has caused much unhappiness amongst home-owners and prospective house purchasers.

It can crack tarmac, block drains, undermine foundations and invade homes. Its presence can be enough to cut a property's value by up to 20%, or prevent a mortgage lender approving a loan.

But just as new technology created the problem originally, new technology may help to solve it.

How close is it to me?

Five years ago, the Environment Agency commissioned a new app to track Japanese knotweed, using the crowd-sourcing principle.

More than 20,000 people have now downloaded it, and their data has pin-pointed over 6,000 knotweed locations.

www.planttracker.org.uk/map/knotweed

Note : The App is also available on Apple itunes and Google Play (see full article for links)

"If we can get more people taking an interest and submitting records, so much the better," says Dave Kilbey, director of Natural Apptitude, which designed and launched the app.

"Hopefully it will mean people will become a bit more aware of the problems, and what to look for."

So far the results show a particular concentration of knotweed in South Wales, the Midlands, London, Scotland's central belt and Cornwall - where the plant was also introduced by Victorians into ornamental gardens.

Those looking for a property can use the app to find out if knotweed has been found nearby - but the fact it is not on the map does not mean it is not present; it is simply that no one has reported it.

How to recognise Japanese knotweed


- Dense thickets of green, purple-speckled, bamboo-like stems up to three metres tall

- Heart or shield-shaped leaves

- Alternate leafing pattern along stems

- Completely hollow stems that can be snapped easily

- Tiny creamy white flowers August to October

Rivers and canals

The data provided by the PlantTracker app is also added to the National Biodiversity Network (NBN) atlas, which aims to track the whereabouts of all the UK's plants and animals, from bee orchids to goshawks.

Even though it has only been available to the public since April, and is not yet fully functional, the atlas has further information about Japanese knotweed locations.

The map shows more than 43,000 historical records for the plant, going back to 1900.

But Purba Choudhury, communications officer for the NBN, says that if there are no records in your area, that doesn't guarantee its absence.

"Conversely, the record you are seeing might be an old record, and the Japanese knotweed might have been removed since the record was uploaded," she says.

What if I find knotweed?

Trying to destroy Japanese knotweed by yourself is virtually impossible.

That is because the roots, or rhizomes, spread rapidly underground, and can regenerate from tiny amounts of material. In fact it can grow at the rate of 10cm a day during the summer.

"Digging it out of the ground can just spread it terribly," warns Stephen Hodgson, the chief executive of the Property Care Association (PCA).

"If you've got it in your garden, either leave it alone, or treat it properly."

The advice is as follows:

- Do not try to dig it up: Tiny root fragments can regenerate into another plant

- If you cut down the branches, dispose of them on-site. Compost separately, preferably on plastic sheets

- Do not take it to your local council dump. It needs specialist waste management

- Do not dispose of it in the countryside. This is against the law

- Do not spread the soil. Earth within seven horizontal metres of a plant can be contaminated

- Take advice from the Invasive Non-Native Specialists Association (INNSA) or the Property Care Association (PCA) on local removal contractors. Many treatments don't work.

In an experiment being conducted in South Wales, thousands of plant lice were released last summer, in the hopes that they would help destroy some of the knotweed along river banks.

But otherwise the accepted best-practice treatment is for professionals to inject the plant with industrial-strength weed killer glyphosate.

David Layland, the joint managing director of Japanese Knotweed Control, based in Stockport, says it is the only thing that works.

"Once we inject into it, it transfers into the root system pretty quickly, and then it binds with the roots. Over time, it rots away into the subsoil."

But professional treatment is costly, starting at about £2,500, and going upwards to £30,000 for a major infestation.

Court case

Just as big a worry for many home-owners is the discovery that your neighbour has Japanese knotweed on his or her property, and refuses to do anything about it.

But under the 2014 Anti-Social Behaviour, Crime and Policing Act, local councils or police forces can now issue a Community Protection Notice (CPN), forcing neighbours to take action, and fining them if they don't.

"I think when they are enforced - and they are starting to be enforced - CPNs are very effective," says Stephen Hodgson. "But they are, and should be, a measure of last resort."

In the meantime judges at the Court of Appeal are gearing up to provide an important precedent on who should pay if a landowner allows knotweed to encroach on somebody else's property.

Next year they will rule on the case of Williams v Network Rail - after two homeowners in South Wales were awarded £15,000 to compensate them for knotweed which had spread into their gardens.

(28th September 2017)


TENS OF THOUSANDS OF MODERN SLAVERY VICTIMS IN UK
(The Guardian, dated 10th August 2017 author Jamie Grierson)

Full article [Option 1]:

www.theguardian.com/world/2017/aug/10/modern-slavery-uk-nca-human-trafficking-prostitution

Modern slavery and human trafficking is far more prevalent than law enforcement previously thought, with a recent crackdown lifting the lid on the "shocking" scale of the crime and potentially tens of thousands of victims in the UK, the National Crime Agency (NCA) said.

Will Kerr, the NCA's director of vulnerabilities, said the figures were far higher than those identified by the system set up by the government to identify victims of trafficking, which stood at abut 3,800 in 2016.

"It's likely in the tens of thousands," Kerr said. "The more we look for modern slavery the more we find evidence of the widespread abuse of the vulnerable. The growing body of evidence we are collecting points to the scale being far larger than anyone had previously thought."

There has been a wide range of cases uncovered, from a Romanian organised crime gang making €5m (£4.5m) advertising prostitutes online and laundering the proceeds, to a 12-year-old girl being trafficked into the UK to take children to school.

Victims are predominantly from eastern Europe, Vietnam and Nigeria, with a roughly equal balance between men and women, the NCA said. There were currently more than 300 live policing operations targeting modern slavery in the UK, it added.

In May and June alone, there were 111 arrests related to 130 potential victims in the UK as part of an operation led by the NCA.

The agency has launched a campaign to increase public awareness and encourage people to report suspicions to a modern slavery hotline.

Kerr said examples included those working at car washes and in construction, agriculture and food processing. They receive very little pay and are forced to put up with poor living conditions.

Others sold into slavery could be kept in pop-up brothels, where sex workers who have been promised a better life are left penniless with few clothes other than underwear, while some work in cannabis factories, he said.

"As you go about your normal daily life and as you're engaged in a legitimate economy accessing goods and services, there is a growing and a good chance you will come across a victim who has been exploited in one of those different sectors," he said. "That's why we are asking the public to try and recognise the signs and to report their concerns and suspicions to us."

He cited one example of a 12-year-old girl being stopped at border control, having been bound for a life as a domestic slave. "She was being brought in to work for a family in part of the UK, where she had effectively been sold by her father - or it had been facilitated by her father - and she was being brought in to take this family's children to school and pick them up every day, and clean the house in between," he said.

Kerr said criminal charges were pending against those involved in the case.

"People are being exploited on an hourly and daily basis. The full scale and extent of it, we don't know. But what we have found is that in every medium-to-large town and every city in the UK, we have found evidence of vulnerable people being exploited," he said.

The modern slavery helpline, which launched in 2016, operates 24/7, with fully trained specialist staff. The helpline has so far received 1,799 calls and made 1,051 referrals, with more than 2,000 potential modern slavery victims indicated.

Mark Burns-Williamson, Association of Police and Crime Commissioners national lead for human trafficking and modern slavery, said: "The main point we really need to drive home is that this horrendous crime is happening everywhere and we need our communities help to stop it."

He added: "General indicators of human trafficking or modern slavery can include signs of physical or psychological abuse, fear of authorities, no ID documents, poor living conditions and working long hours for little or no pay.

"Human trafficking and modern slavery destroy lives. They are terrible abuses of human rights, shamefully robbing people of their dignity, causing total misery to the victims, their families and our communities. We all need to work together to stop it."

Philippa Rowen, chaplain to the bishop of Derby, said the Church of England would be launching a three-year project in October to help dioceses respond to modern slavery in their communities. "We need communities that have their eyes open, who are aware enough of their surroundings that they can say when something doesn't look right," she said.

"When the man cleaning their car has no safety equipment, and looks underfed and tired. When their neighbours live-in nanny never seems to leave the house and is too frightened to talk to them. When the holiday let at the end of the road is being visited by different men all through the day and night.

"The Church of England, with a presence in every parish, is uniquely placed to be those eyes and ears, and to spread this message further."

(28th September 2017)

WOMAN FIGHTS TO CHANGE THE LAW AFTER BEING TOLD MAN WHO PUT CAMERA UP HER SKIRT DID NOTHING WRONG
(The Telegraph, dated 9th August 2017 author Helena Horton)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/08/09/woman-fights-upskirting-sexual-offense-told-men-put-camera-skirt/

When a man took a picture up Gina Martin's skirt when she was enjoying herself at a festival, she was sure he could be punished.

However, after being told he did nothing illegal, she has taken things into her own hands and started a campaign which has reverberated across the country - to make 'upskirting' a specific offence under the law.

'Upskirting' is the term for when people put cameras under unsuspecting women's skirts and take a picture of their crotch, usually just before the woman notices what has happened.

On the 8th July 2017, this happened to Ms Martin, who was at the British Summertime Festival.

After seeing the man standing in front of her had an image of a woman's bare legs and crotch on his phone screen, she realised it was of her.

She thought quickly and grabbed the phone, giving it to the festival staff, who called the police.

The police arrived and asked the man to delete the photo. However, five days later, Ms Martin was told the case was closed as the police said the man hadn't broken any laws.

Ms Martin, a 25-year-old writer from London, started a petition to change this.

The campaign to make upskirt photos illegal under the Sexual Offences Act of 2003 has been signed by more than 53,000 people.

"At British Summer Time music festival in London, the two men whose faces I've obscured in the photo above were taking up-skirt photos of my -you know what I mean- without me knowing," she wrote.

"Please join me in calling on the Met Police to reopen my case and help me to get justice by prosecuting the men. "

She said that it is a common practice, and that police should take action.

"This happens regularly to so many women and by putting pressure on the police to prosecute we're also aiming to raise awareness nationwide that this is a crime," she wrote.

"We want the law to specify clearly that this is a sexual offence with a victim, by adding this offence to the Sexual Offences Act 2003."

Men who have taken 'upskirt' photographs have been prosecuted before under different laws.

If Ms Martin had been in a place which would reasonably be expected to provide privacy, such as her home or a changing room, it could amount to voyeurism under section 67 of the Sexual Offences Act.

However, a festival field would not fit under the remit of this law.

'Upskirting' can also come under the criminal offence of "outraging public decency" if two or more people see the photograph - but in Ms Miller's case, no such charge was made.

The Metropolitan Police said in a statement: "The Met takes allegations of voyeurism seriously and does and will investigate them thoroughly. We use a range of policing tactics and deploy officers on specific operations to target this sort of criminal behaviour based on intelligence. We understand that it can be incredibly invasive and distressing for those that this happens to.

"In this specific case we believed the allegation had originally been dealt with in line with the victim's wishes. We have subsequently recontacted the victim and inquiries are ongoing."

Ms Martin also doesn't think it is good enough that it can only fall under outraging public decency to take a photograph up a woman's skirt.

She told the BBC: "I found out that the one law I could charge under was an old common law called "outraging public decency" - a law that states something lewd or indecent happened in public and at least two people saw it. Ironically, it is usually applied to flashers. So, to put it plainly, the only law that protects a victim of upskirting in England and Wales is one that worries about what the public saw, not the victim who's been harassed.

"It's an old law too - victims don't push for it because they don't know about it. If they had known about that law would the police have dealt with my case differently?

"Something has to change here, and that's why I'm campaigning to make upskirt photography a sexual offence. Scotland just did it. So we could too.

"My case has since been reopened and I hope that the men are prosecuted. But this isn't just about my case. My next step is to have the laws amended so that upskirt photos are listed as a sexual offence and a "victim crime", not a public nuisance."

Since she started her petition, the Metropolitan Police re-opened her case.

The Northumbria Police and Crime Commissioner Dame Vera Baird told the Today programme on Saturday that upskirting "needs to be an offence, there is no doubt about it".

(28th September 2017


THIEVES STEAL £20,000 IN SUSSEX SHOPPERS BANK CARD SCAM
(BBC News, dated 9th August 2017)

Full article : www.bbc.co.uk/news/uk-england-sussex-40873724

Two men are suspected of stealing nearly £20,000 from shoppers by watching them enter their Pin codes and then stealing their bank cards.

A CCTV image of the men, believed to be working with others, has been released by Sussex Police.

Victims' purses and wallets were stolen as they left stores and cash withdrawn from nearby ATM machines before they became aware of the theft.

One one occasion they targeted a person in a hospice shop.

There have been 22 such reports in Sussex since November last year, mostly in supermarkets, but also from pubs and fast food restaurants. The amounts stolen vary but have reached as much as £3,500.

The men are described as being of Eastern European appearance, one bald and the other with dark hair.

Investigator Kayleigh Bartup said: "We are working with the large supermarket brands to raise awareness about these incidents among staff and customers.

"Be alert and aware of strangers when shopping and never leave your bag or trolley unattended at any point. Try not to be distracted by strangers, and also be alert for any suspicious activity around your vehicle.

"It appears that these men, and others, may strike up to twice a day in different towns, and then lay low for a while, so we need to maintain awareness even when there are no reports."

Incidents include:

- Tesco in Lewes on 19 November 2016 - £1,360 obtained
- Sainsbury's in East Grinstead on 13 February - £1,749 obtained
- Morrisons in Seaford on 7 March - £1,800 obtained
- Asda in Brighton on 11 March - £1,000 obtained:
- Waitrose in Eastbourne on 12 May - £2,500 obtained
- Sainsbury's in East Grinstead on 26 May - £1,219 obtained
- St Catherine's Hospice shop, East Grinstead on 26 May - £240 obtained
- Waitrose in Burgess Hill on 8 June - £900 obtained
- Waitrose in Hove on 17 June - £3,500 obtained

(28th September 2017)



THE ROYAL MAIL SCAM YOU NEED TO KNOW ABOUT
(Liverpool Echo, dated 9th August 2017 authors Rebecca Koncienzcy and John Fitzsimmons)

Full article [Option 1]:

www.liverpoolecho.co.uk/news/liverpool-news/royal-mail-scam-you-need-13452009

The Royal Mail is warning the public about a scam that is duping people out of money.

It involves missed delivery cards being posted through your letter box, but they are actually FAKE.

The clever con makes the cards look like the 'something for you' cards you typically receive from Royal Mail when you have missed a delivery.

They use the same colour scheme, headings and four-box layout. Indeed, the only clear difference is that the scammers' cards do not have the Royal Mail logo on them.

Recipients are invited to call a number beginning 0208 in order to arrange a delivery, The Mirror reports.

They are then put through to an automated message where they are asked to leave their details and a 'consignment number'. Victims have claimed that calling the number - which isn't registered to Royal Mail - has cost them £45.

A spokesperson for the Royal Mail said that it was looking into the scam as a "matter of urgency", adding that people receiving missed delivery notes should be vigilant and ensure that they contain the Royal Mail's logo.

While this particular version is new, scammers have seen the value in using fake missed delivery notes for some time now.

For example, back in 2015 fraud experts Action Fraud highlighted a scam where postcards were being delivered to homes, claiming that a parcel containing jewellery was waiting to be collected.

The postcards said: "The office is attempting to reach you. To claim this parcel and accept this offer, you must telephone the number below immediately and arrange for a delivery.

"The item is prepaid, but a processing and delivery free of £10 must be remitted. This fee can be paid only by telephone and only with a credit card (VISA or MasterCard). This is your only notification"

Of course, even after the money was paid, no such delivery took place.

There is undeniably something exciting about getting a parcel, rather than a letter. For one thing, at least it won't be a bill!

It may seem obvious, but any time you receive a note through the letterbox about a missed delivery, the first question should be whether you have actually ordered anything.

(28th September 2017)

SECURITY GURU APOLOGISES FOR INVALID PASSWORD TIPS
(The Times, dated 9th August 2017 author Mark Bridge)
www.thetimes.co.uk

Fourteen years ago Bill Burr became the guru of secure passwords.

His advice - to do away with memorable words in favour of garbled strings of letters, numbers and special characters that would be near-impossible for criminals to guess - became accepted as gospel around the world.

The former employee of the US National Institute of Standards and Technology (NIST) has now acknowledged that the guidance he published in 2003 only makes people more vulnerable to hackers.

The trouble, according to security researchers, is that in reality the recommendation caused many people to adopt highly predictable "complex" passwords, such as "Pa$$w0rd", to try to remember them.

Mr Burr also suggested that people should change their passwords regularly and at least every 90 days. This advice, which was adopted by corporations, universities and government bodies, gave individuals grappling with ever-growing numbers of passwords an even greater incentive to adopt easy combinations.

Many people have come to update their passwords by making the simplest tweaks "Pa55w0rd1" becomes "Pa55w0rd2", "Pa55w0rd3" and then "Pa55w0rd4", for example.

Because of the stress surrounding complex passwords, people also tend to use the same or similar credentials on different sites. This means that if log-in details are stolen in a data breach, such as the Yahoo hack, criminals can use the same password to access a victim's accounts on other sites.

To counter these problems, crytography experts have highlighted the merits of long "simple" passwords, made up of strings of ordinary words.

In a widely circulated diagram, the Nasa engineer turned cartoonist and author Randal Munroe calculated that it would take 550 years at 1,000 guesses per second to crack the password "correcthorsebatterystaple", while "TrOub4dor&3" could be cracked in three days.

Mr Burr, 72, who is now retired, told The Wall Street Journal: "much of what I did I now regret. In the end, it was probably too complicated for a lot of folks to understand, and the truth is, it was barking up the wrong tree".

NIST recentl reissued its digital identity guidelines, dropping the advice on passwords expiration and special characters and urging organisations to allow longer passwords that are more memorable.

On the other hand, the document says that they should prohibit obvious passwords such as single dictionary words, the account creator's street, or sequences such as 123456.

It also recommends that companies provide password strength indicators.

Ciaran Martin, head of GCHQ's National Cyber Security Centre, has also criticised the standard advice for passwords. In February he told Radio 4's Today programme that even his own "best Technical People" would struggle to remember complex, changing logins for multiple accounts.

Mr Burr, who programmed US Army computers during the Vietnam War, told The Wall Street Journal that he had wanted to base his guidance on real-world password data, but too little was available in 2003 and he was under pressure to publish quickly.

(28th September 2017)



OVER 1000 SEX CRIMES ON TUBE AND RAILWAYS IN JUST ONE YEAR
(London Evening Standard, dated 9th August 2017 author Martin Bentham)

Full article [Option 1]:

www.standard.co.uk/news/crime/revealed-over-1000-sex-crimes-on-tube-and-railways-in-just-one-year-a3607441.html

More than 1,000 sex crimes were committed on the Tube and Overground network last year as the number of offences rose to a new peak, official figures reveal today.

British Transport Police statistics show that there were 1,032 sex offences on Transport for London's rail network in the year to the end of March.

That is up 15 per cent on the previous annual tally and nearly double the total of 567 recorded two years earlier.

Sex crimes were also up in the force's South area, which covers commuter routes from Kent, Surrey, and Sussex into London.

At least part of the rise is thought to be the result of a "Report It to Stop It" campaign to encourage more victims to come forward.

The figures will, however, raise renewed concerns about the activities of sex pests on the Tube and rail network following complaints from campaigners about groping, leering and other unpleasant and potentially illegal conduct by some passengers.

Today's statistics also show a rise of 6.4 per cent in overall crime on the Tube and Overground, pushing the annual total to 11,410 offences.

This included nearly 400 more violent attacks, as well as increases in criminal damage, drug and public order offences. Racially or religiously aggravated crimes "causing public fear, alarm or distress" were also up with 576 offences in the past 12 months, compared with 419 in the previous year. There was also small rise in robbery, but falls in theft and fraud.

The crime rise on London's transport network is mirrored by a similar nationwide rise in offences recorded by British Transport Police.

The force's chief constable Paul Crowther said one reason was that the number of passengers had grown, with an extra 17.5 million journeys nationwide over the year. Stations such as St Pancras had also become "entertainment hubs" drawing "more people to their shops, bars and coffee shops".

He warned, however, that pressures were increasing with the additional problem of protecting the public from terrorism.

"In the last 12 months, BTP officers have been at the forefront of a number of major incidents, including a tram derailment in Croydon in November and critical incidents in Westminster, Manchester and London Bridge and Borough Market," Mr Crowther said.

"Coupled with increasing demand on our services, a growing rail infrastructure and the ever-present threat of terrorism, these are certainly challenging times for police forces. However, I am confident that BTP is in the right position to keep our railways safe."

Crime on the Tube and railways


British Transport Police figures of recorded crime in the Transport for London division. Use the drop down menu to see the stats for different types of crime

2016-17 = n 2015-16 = (n)

Total notifiable crime/offences : 11,410 (10,719)
Sexual crime : 1,032 (894)
Violence against the person : 2,352 (1,963)
Robbery : 103 (97)
Drug crime : 253 (201)
Public order : 1,884 (1,617)
Criminal damage / malicious mischief : 1,005 (736)
Theft of passenger property : 3,901 (4,236)
Line of route crime : 79 (71)
Motor vehicle / cycle crime : 429 (448)
Theft of railway / commercial property and burglary : 171 (194)
Fraud : 131 (186)

(28th September 2017)

FORGET BANKING HEIST, PAYDAY-HUNGRY HACKERS NOW HOLDING "CRITICAL" FACTORIES TO RANSOM
(International Business Times, dated 9th August 2017 author Associated Press)

Full article [Option 1]:

www.ibtimes.co.uk/forget-banking-heists-payday-hungry-hackers-now-holding-critical-factories-ransom-1634218

The malware entered the North Carolina transmission plant's computer network via email last August, just as the criminals wanted, spreading like a virus and threatening to lock up the production line until the company paid a ransom.

AW North Carolina stood to lose $270,000 (£207,000, €230,000) in revenue, plus wages for idled employees, for every hour the factory wasn't shipping its crucial auto parts to nine Toyota car and truck plants across North America, said John Peterson, the plant's information technology manager.

The company is just one of a growing number being hit by cybercriminals looking for a payday.

While online thieves have long targeted banks for digital holdups, today's just-in-time manufacturing sector is climbing toward the top of hackers' hit lists.

Production lines that integrate computer-imaging, barcode scanners and measuring tolerances to a hair's width at multiple points are more vulnerable to malevolent outsiders.

"These people who try to hack into your network know you have a set schedule. And they know hours are meaningful to what you're doing," Peterson said in an interview.

"There's only a day and a half of inventory in the entire supply chain. And so if we don't make our product in time, that means Toyota doesn't make their product in time, which means they don't have a car to sell on the lot that next day. It's that tight."

He said that creates pressure on manufacturers to make the criminals go away by paying the sums demanded. "They may not know what that number is, but they know it's not zero. So what is that number? Where do you flinch?"

Last August at the 2,200-worker Durham transmission factory, the computer virus coursed through the plant's network, flooding machines with data and stopping production for about four hours, Peterson said.

Data on some laptops was lost, but the malware was blocked by a firewall when it tried to exit the plant's network and put the hackers' lock on the plant's computer network.

The plant was hit again in April, this time by different crooks using new malware designed to hold data or devices hostage to force a ransom payment, Peterson said. The virus was contained before affecting production, and no ransom was paid to either group, he said.

"Top targets globally"

Manufacturers, government and financial firms are now the top targets globally for illicit intrusions by criminals, foreign espionage agencies and others up to no good, according to a report this spring by NTT Security.

A survey of nearly 3,000 corporate cybersecurity executives in 13 countries last year by Cisco Systems found about one out of four manufacturing organisations reported cyberattacks that cost them money in the previous 12 months.

Since 2015, US manufacturers considered "critical" to the economy and to normal modern life, like makers of autos and aviation parts, have been the main targets of cyberattacks - outstripping energy, communications and other critical infrastructure, according to Department of Homeland Security incident response data. The numbers may be imprecise because companies in key industries often don't report attacks for fear of diminished public perception.

But attacks demanding ransom against all US institutions are spiralling higher. The FBI's Internet Crime Complaint Centre received 2,673 ransomware reports in the year ending last September - nearly double from 2014.

Global infections are growing

While manufacturers are increasingly prey to these cyber-stickups, it may just be because criminals are playing the odds and striking as many enterprises of all types as they can across a targeted region, said John Miller, who heads a team at cybersecurity firm FireEye that tracks money-driven online threats.

Attackers "aren't necessarily going after manufacturing to the exclusion of other sectors or with a preference above other sectors. It's more that, 'OK, we're going to try to infect everybody in this country that we can,'" Miller said.

One high-profile example came in May and June, when auto manufacturers including Renault shut down production after they were swept up in the worldwide onslaught of the WannaCry ransomware virus.

But attackers also are increasingly injecting ways to remotely control the robots and other automated systems that control production inside targeted factories.

The threat of computer code tailored to hit specific targets has been around since researchers in 2010 discovered Stuxnet, malware apparently designed to sabotage Iran's nuclear program by causing centrifuge machines to spin out of control.

Stuxnet is widely believed to be a covert American and Israeli creation, but neither country has officially acknowledged a role in the attack.

Malicious software that attacked Ukraine's electricity grid last December was built to remotely sabotage circuit breakers, switches and protection relays, researchers said.

Cyberattacks that reach into industrial control systems have doubled in the past two years in the US to nearly four dozen so far in the federal fiscal year that ends in September, outstripping last year's total, according to DHS data.

"I think the emerging threat you're going to see in the future now is really custom ransomware that's going to be targeted more toward individual companies," said Neil Hershfield, the acting director of the DHS team that handles emergency response to cyberattacks on industrial control systems.

(28th September 2017)


FAILURE TO TACKLE CHILD TRAFFICKERS "LIKE LETTING RAPIST LOOSE IN LONDON"
(London Evening Standard, dated 9th August 2017 author Martin Bentham)

Full article [Option 1]:

www.standard.co.uk/news/uk/failure-to-tackle-child-traffickers-like-letting-rapist-loose-in-london-a3607511.html

Britain's top law enforcement agency has allowed child traffickers to escape justice by ignoring information which could have stopped them preying on victims, the Government's slavery watchdog warned today.

Kevin Hyland, the independent anti-slavery commissioner, said that important information about modern slavery offences had "sat dormant" on the National Crime Agency's databases because the crime was not being taken seriously enough.

As a result, offenders had not been pursued. Measures to protect other potential victims had also not been taken in a failure which he likened to allowing a rapist to "run around London" without police taking action.

Mr Hyland's comments came in an interview with the Evening Standard in which he also suggested that legislation might be needed to force tech firms to take stronger action to prevent traffickers from using the internet to lure victims online.

He also disclosed that law enforcement officials from Nigeria are to be deployed at British airports to help identify traffickers and victims as they fly into the country.

His most striking remarks, however, came as he expressed concern about the failure of law enforcers to act on information about victims logged via the "national referral mechanism" and held by the NCA.

A total of 3,805 victims from 108 countries were recorded via the system last year after being identified as slaves forced into labour exploitation, prostitution or domestic servitude.

Mr Hyland said recent improvements taken in response to his complaints meant the information was now being used more consistently.

But there had still been too many occasions - including cases involving child slavery victims - on which the data had not been used to track down criminals and prevent further crimes.

He said: "We understand that lots of victims perhaps don't want to see the police, but once the state has got that information they need to do something about it - see if there are other victims, if there are prevention opportunities.

"Also, even without the victim you can sometimes arrest the offender, as in murder or domestic abuse.

"If we knew there was a rapist running round a part of London and the victims didn't want to come forward you would hope that the police would take some sort of action with the information that was there.

"Yet with modern slavery we have had information like that, which has included cases involving children, where there is no proactive response, where the information has just sat there dormant in the National Crime Agency's databases."

Mr Hyland said that the Home Office had agreed to examine the system in response to his complaints and insisted that trafficking should in future be tackled in the same way as other forms of serious organised crime.

He emphasised that there had been a "sea change" in the NCA's approach in recent months with the "beginning of a professional response". But he remained concerned.

"I want to make sure that all the processes that are there for other crimes are adhered to - that this is seen as equally serious," he added.

"We know this is crime where somebody operates one minute in eastern Europe, the next minute they are in London, then Birmingham, then Manchester, and unless we bring all that information together and assess it in the correct way we are going to miss opportunities to stop it."

Mr Hyland also expressed concern about the number of British children being used as slaves, including for activities such as smuggling drugs, with 255 juvenile trafficking victims from this country recorded last year.

He also called on tech firms to do more to stop their services being used by traffickers and warned that legislation might be needed.

"If you look online, adverts are posted overseas and the promises that are made, you can see some of the jobs are false and they are just luring people over. We need the companies involved to take responsibility."

Official figures show that forced labour is the most common form of slavery, but there are also many victims of sexual exploitation and domestic servitude. One third of cases recorded last year involved children.

The National Crime Agency said in a statement: "The NCA takes action on every referral it receives. We pass information to police forces so it can be acted on, and rigorously analyse all intelligence, in order to co-ordinate the most effective response against criminals who try to profit from the exploitation of vulnerable people."


Doctor made woman a domestic slave

The problem of modern slavery was highlighted earlier this summer when a London GP and her husband were jailed for trafficking a woman to the capital to exploit her.

Ayodeji Adewakun, 45, a doctor, and her husband Abimbola Adewakun, 49, a nurse, both from Bexley, brought the 29-year-old from Nigeria and used her as a domestic slave in their home for more than two years. Their victim was contracted to work from 7am to 5pm from Monday to Saturday looking after the pair's children for £500 a month. But they paid her nothing and, after being confronted by the woman, only handed over £350.

She never received a day off, worked night and day, and suffered health problems. After protesting, she was banned from using the family bathroom and made to wash her clothes by hand.

At Southwark crown court Dr Adewakun was sentenced to six months' imprisonment for trafficking for the purpose of exploitation. Her husband was jailed for nine months for the same offence.

(28th September 2017)



THERE IS A SIMPLE NEW WAY TO FIND OUT IF HACKERS ALREADY HAVE YOUR PASSWORD
(Science Alert, dated 8th August 2017 author Peter Dockrill)

Full article [Option 1]:

www.sciencealert.com/there-s-a-simple-new-way-to-find-out-if-hackers-know-your-passwords

Passwords suck. They're hard to remember, we all have about a million of them, and they're not supposed to be anything easy or memorable like your cat's name (sorry Furball1).

Worst of all, when massive data breaches happen to the companies we actually trust with our online credentials, our usernames and passwords can become totally exposed - but luckily, there's now a simple way to find out if you've been compromised like this.

Troy Hunt is an Australian security researcher and the man behind Have I Been Pwned (HIBP), a website that lets people check if their email addresses and usernames have been involved in some of the biggest data breaches ever - involving companies like Myspace, LinkedIn, Adobe, Dropbox (and sadly hundreds more).

Have I been Pwned website : https://haveibeenpwned.com/

Now, Hunt has approached the same problem from the opposite perspective, building a new tool called Pwned Passwords that does the same kind of thing, but this time it lets you enter just your passwords to see if they've been leaked in any of the aforementioned hacks.

There's a staggering 320 million leaked passwords stored in this database, and if you're wondering whether it's maybe irresponsible to collect them all in one place like this, there are a couple of things to bear in mind.

One, none of the passwords here are stored alongside the email addresses or usernames that they pair with, so if any people are still using these long-exposed passwords, their anonymised listing here shouldn't make things any easier for hackers.

Two, Hunt's whole point with Pwned Passwords is to draw attention to the issue of how just how many of our passwords have been outed by hackers up until now - by letting people check if one of their passwords is out there on the big bad internet.

Again, all of these passwords are already out in the wild - some have been for a long time - so hopefully most users have already changed them.

There are two ways of using Pwned Passwords: an online search tool on the website itself, and by downloading the whole list of 320 million leaked passwords, which are stored across three separate text files (note: you're looking at more than 5GB in total, as the list is very long).

Before we go any further, a word of warning. You really shouldn't type any active passwords you're currently using in to the online search tool, because it goes against the whole principle of never sharing or distributing your passwords, even if it's with a website set up by a professional security researcher.

As Hunt explains on his blog:

- "It goes without saying (although I say it anyway on that page), but don't enter a password you currently use into any third-party service like this! I don't explicitly log them and I'm a trustworthy guy but yeah, don't.

- The point of the web-based service is so that people who have been guilty of using sloppy passwords have a means of independent verification that it's not one they should be using any more."

What this means is that if you want to see if any of your current passwords have been exposed, you really ought to download the whole list and search through it from the privacy and security of your own device.

It's an extra step of hassle, sure, but it's worth it, guys, and it's still a pretty simple thing to do.

For extra security - and to protect anybody still using these leaked passwords - the passwords in the list files have been encrypted with SHA-1 hashes, so you'll need to generate the hash of your password before you search for it in the list (instructions for generating SHA-1 hashes are easily found online).

Hopefully, whichever way you choose to use the service, you'll find that none of your passwords have been leaked, but if they are, now's as good a time as any to change them - and if you don't already, you should really consider using a password manager to store and generate your passwords.

For more on how to make the most of Pwned Passwords, check the instructions on the site, and have a read of Hunt's blog post introducing the service.

One last thing, if searching the service doesn't bring up any of your passwords, that's good news for sure, but it doesn't necessarily mean your password hasn't been leaked at some point - just that it's not included as part of this database.

"One quick caveat on the search feature: absence of evidence is not evidence of absence," as Hunt explains, "or in other words, just because a password doesn't return a hit doesn't mean it hasn't been previously exposed."

Stay vigilant, folks!

(28th September 2017)


FACING THE AXE, POLICE FRONT COUNTER THAT COST £500,000 JUST TWO YEARS AGO

(London Evening Standard, dated 8th August 2017 author Justin Davenport)

Full article [Option 1]:

www.standard.co.uk/news/crime/facing-the-axe-police-front-counter-that-cost-500000-just-two-years-ago-a3606461.html

A police "front counter" which opened in south London after £500,000 restoration work two years ago has been earmarked for closure under new cost-cutting plans.

Residents have condemned the move to close the premises as a "waste of public money" in a growing protest over police station cuts.

The front counter was opened in February 2015 in a former shop in Streatham High Road as a replacement for the local police station which was closed in the last round of cutbacks.

Now Mayor Sadiq Khan has announced plans to axe 40 stations as well as dozens of neighbourhood officers and public "contact points" in libraries and supermarkets in an effort to meet £400 million of government savings.

Senior police officers and the Mayor argue few people visit the buildings and that most people want to report crime over the phone or online.

The Mayor has proposed there should be one 24-hour police station in every borough while local ward officers should hold "community contact sessions" in "convenient locations".

However, the plans are meeting increasing resistance from residents and politicians. In Streatham, Julian Heather, chairman of a safer neighbourhood panel, said: "People were furious when they closed the original police station. The front counter was supposed to be a replacement and they spent about eight years and half a million pounds bringing it back into use as a police front counter and local neighbourhood base.

"Shutting it after just two or three years is a monumental waste of money, it is squandering public money."

He added: "People want a proper focus in the community where they know the police are based." In Wimbledon, residents are campaigning to save their local police station - which is earmarked for closure, while neighbouring Mitcham will stay open.

Local Tory MP Stephen Hammond said: "Wimbledon police station is integral to the local community, there is a vibrant night-time economy and a large transport hub which needs policing. If you are going to close a station it makes sense to close the one with less contact with the community which is Mitcham. This also strikes me as a deeply political move, since Mitcham is Labour and Wimbledon Conservative.

"The Mayor needs to make sure that he is policing London correctly and there is a good need for a police station at Wimbledon."

Meanwhile, the leaders of 20 Labour- run boroughs around London have declared their opposition to further police station closures.

In an open letter coordinated by Lambeth leader Lib Peck, they called on the Government to scrap planned cuts to the police service and work with the Mayor to keep stations open.

A total of eight are earmarked for closure in Lambeth, with only Brixton remaining open. A spokeswoman for the Mayor's Office for Policing and Crime said the plans were still open for consultation. The Mayor said recently that government cuts left him no choice but to take drastic action.

He said: "We will still be able to maintain a 24/7 front counter service in every borough and are improving the telephone and online services that Londoners value so highly.


How cash could have been spent

Annual salary for 12 detective constables

19 fully kitted police cell vans

333 new X2 model Tasers

28,000 handcuffs

(28th September 2017)

BOY ATTACKED BY BLOODTHIRSTY SEA FLEAS
(The Times, dated 8th August 2017 author Bernard Lagan)
www.thetimes.co.uk

There are many creatures, big and small, to be feared in Australia but strolling on a suburban beach in a few feet of water should have been safe enough.

Yet when Sam Kanizay, 16, decided to paddle in the sea near his home in Melbourne his legs became covered in blood and both he and hospital staff struggled to stem the bleeding. Doctors were left puzzled by the "pin-sized holes" in his legs and feet through which the blood seeped out, many of which required stitches.

Scientists eventually identified his attackers as tiny carnivorous creatures, half a centimetre to a centimetre long, known as sea fleas and found in many inshore waters.

"I didn't feel anything untoward when I was in the water," Sam said: "It was cold, so I expected my legs to go numb. Blood covered both my feet nd I was leaving little pools of it everywhere. I thought I had maybe stood on a rock, but the amount of blood quickly told me it wasn't it."

Genefor Walker-Smith, a marine scientist, told The Age newspaper that the number of bites inflicted on the teenager was highly unusual and it appeared that he had been attacked by a swarm of sea fleas. She said it was possible she said it was possible that he had disturbed a dead fish on which they were feeding.

Like leeches, sea creatures release an anticoagulant, which stops blood from clotting.

"It probably made it worse that Sam was standing still - they may not have been ablet cling on too tightly if he had been moving through the water," Dr Walker-Smith said.

Officials in the state of Victoria warned swimmers in Port Phillip bay to wear a wetsuit with boots.

(28th September 2017)


THIS HOUSEHOLD ITEM COULD HELP YOU STAY SAFE ON YOUR TRAVELS
(Cosmopolitan, dated 4th August 2017 author Katie Jones)

Full article [Option 1]:

www.cosmopolitan.com/uk/entertainment/travel/a11437600/doorstop-security-device-hotel-rooms/?src=socialflowTW

Hotel room safety is often a big concern for tourists, particularly for those who are travelling alone. And while the doors to most hotel rooms are fairly secure, there's one tip that globetrotters have shared when it comes to protection from intruders.

The Mirror points out that when asked to advise on the best security device to pack in hand luggage, frequent traveller David Klain said he never goes on holiday without a doorstop.

"Believe it or not, this is one of the best security devices anyone can have when travelling!" he explained on Quora.

"When staying in a hotel, you can put that doorstop under the door preventing someone from breaking in (the chain on the door will stop no one). In the case of a terrorist attack or lone gunman/active shooter incident, typically they will go through all rooms but, if they can't get the door open, move on to other rooms before working their way back to the doors that wouldn't open. This buys you time for you to get away/police to respond/etc."

Klain isn't the only seasoned traveller to advocate the household item as a safety measure. Former police officer and expedition leader, Lloyd Figgins, also recommended it to Wanderlust as a "simple and effective" way of preventing even those with a key from entering a room.

"Once you are in your room, simply lock your door and push the wedge under it. For added security, simply place more wedges under the door," he explained.

There are a number of precautions travellers can take while on trips abroad. To help you prepare for a holiday, use the government's foreign travel checklist for advice and safety tips :

www.gov.uk/guidance/foreign-travel-checklist

(28th September 2017)


POLICE RISK PROSECUTION OVER CRIME CHASES
(The Guardian, dated 4th August 2017 author Rowena Mason)

Full article [Option 1]:

www.theguardian.com/uk-news/2017/aug/04/police-risk-prosecution-over-moped-chases

Police are unable to properly pursue members of organised gangs on mopeds because they risk being prosecuted for dangerous driving, the shadow policing minister has said.

Louise Haigh called for a review of police driving laws after officers were warned by the Police Federation not to carry out emergency manoeuvres that would be illegal for any other "careful and competent" driver.

The federation has called for the law to be changed after rulings that the police should be held to the same rules as other motorists, with the exception of the speed limit, even though they are trained to a higher level. Police are allowed to ignore road traffic signals, such as red lights, if this does not endanger anyone, but there are legal concerns that this exemption is meaningless because driving a vehicle on a road always carries a risk of danger.

Writing for the Guardian, Haigh said that without changes to the law the government risked "handing over our streets to criminals".

"[Officers] should be assessed based on their special training and circumstances, not compared to how you and I might normally drive. That, in turn, requires legislative change and for the government to stop dragging its feet," said Haigh, who is a member of Diane Abbott's shadow Home Office team.

"We need to have confidence that the police will enforce the law. The police need to have confidence that the law itself allows them to do so. If we don't tackle this we will hand our streets over to criminals and it will be the poorest communities that will suffer the most."

She said officers were at significant risk if prosecuted because their driving behaviour would be assessed on the same basis as any "competent and careful driver"; there were no specific exemptions for emergency manoeuvres beyond "disapplying" the speed limit.

"That is hampering the ability of the police to apprehend very serious offenders and take them off the streets. Bikers who have progressed well beyond petty crime into much more serious gang-related activity, to the point where the Met police has now classified moped-enabled crime as serious organised crime," Haigh said.

Figures obtained under freedom of information laws show moped-enabled crime has risen 10-fold in London since 2011 to more than 5,000 incidents a year.

In June, the federation warned all of its 120,000 members in 43 force branches that emergency manoeuvres in pursuit of suspects could land them in trouble.

Tim Rogers, the federation board member for roads policing, said: "Legal advice has recently highlighted that police response and pursuit drives are, in most circumstances, highly likely to fall within the definitions of careless and/or dangerous driving. There are no exemptions to the offences of careless or dangerous driving to permit emergency driving … Officers have a sworn duty and must uphold that duty. Officers should drive in a way which is lawful and does not contravene the laws of dangerous or careless driving. Officers are advised not to undertake any manoeuvre which may well fall outside the standard of the careful and competent non-police driver."

A Home Office spokesman said: "All emergency services, including the police, are exempt from speed limit, traffic light and sign violations when undertaking an emergency service response. However, they remain subject to the general law on motoring in the same way as members of the public - including the law on careless and dangerous driving. Decisions on the management of pursuits and response driving are an operational matter for forces."

(28th September 2017)


CO-OP ATM THIEVES TO BE SPRAYED WITH LONG-LASTING TRACEABLE GEL
(The Guardian, dated 3rd August 2017 author Rupert Jones)

Full article [Option 1]:

www.theguardian.com/business/2017/aug/03/co-operative-atm-cash-machine-thieves-sprayed-traceable-gel-crime

An invisible traceable gel that stays on skin and clothes for years will be sprayed on anyone who tries to break into a Co-operative cash machine as part of a hi-tech initiative to combat ATM crime.

The Co-op group has teamed up with forensic technology company SmartWater to roll out the deterrent. The gel was invented by former West Midlands police officer Phil Cleary and his chartered chemist brother Mike.

The technology is being installed at about 2,500 cash machines at Co-op food stores across the UK, after a pilot scheme in 2016 resulted in a more than 90% reduction in ATM crime.

The Co-op revealed industry figures that showed north-west England was the number one UK hotspot for ATM crime, accounting for almost 29% of attacks carried out between January and June this year. London was in second place at 19%.

SmartWater has adapted the technology to ensure that criminals who attack ATMs, and any cash they manage to steal, are marked with the water-based gel.

"Invisible to the naked eye, an amount of gel the size of a speck of dust can provide the solution for scientists to undertake a successful analysis and help police with identification, with the forensic signature guaranteed to last five years," the firm said. The gel glows neon yellow under UV light and is "difficult for criminals to remove".

The Metropolitan police has a partnership with SmartWater aimed at cutting the number of burglaries in London. "As a result, all custody areas have suitable detectors fitted, with prisoners routinely scanned, and hundreds of patrol staff have been equipped and trained to detect it," said DCI Iain Raphael, Enfield borough commander. "We welcome any crime prevention initiative such as this … Criminals contemplating attacks on Co-op ATMs should take note."

The Co-op said the technology was effective regardless of how a cash machine was targeted. It added that gas attacks - where gas was piped into the machine from cylinders and ignited from a distance - were in decline.

ATM raids involving a saw or angle grinder are most common in the north-west, while black box attacks are a particular problem in London. The latter involves an unauthorised device being fitted to cash machines that causes them to dispense all their cash. Another method involves thieves trying to remove an ATM with a rope or heavy machinery such as a digger.

Chris Whitfield, director of retail and logistics at the Co-op, said: "ATM crime impacts customers and communities - it can also have a disproportionate impact on rural police force areas where cash dispensers are more of a lifeline for residents and the local economy."

(28th September 2017)


POLICE USE FORCE AGAINST SUSPECTS 138 TIMES A DAY IN LONDON
(London Evening Standard, dated 1st August 2017 author Justin Davenport)

Full article [Option 1]:

www.standard.co.uk/news/crime/police-use-force-against-suspects-138-times-a-day-in-london-figures-show-a3601176.html

Police used force against suspects and individuals more than 100 times a day in London, according to data released for the first time today.

It showed the number of cases where officers used tactics ranging from handcuffs and physical restraint to Tasers and firearms.

In the three months to the end of June, individual officers recorded "incidents of force" 12,605 times, or an average of 138 cases a day.

Nearly half - 5,397 - were described as "compliant handcuffing" while other common tactics included the use of "unarmed skills", restraint and "tactical communications" to defuse situations.

However, the data also showed that Taser stun guns were deployed on 1,102 occasions, although they were only fired 100 times.

Firearms officers aimed weapons on 281 occasions, police used batons 46 times and controversial spit guards were used 25 times.

The figures record armed police firing weapons on only two occasions, believed to be the incidents involving a raid on suspected terrorists in Willesden, when a woman was shot, and the terror attack in Borough Market when three extremists were shot dead.

The statistics record that force was used 10,925 times against men, 1,643 against women and 37 against transgender individuals.

Most incidents, 6,404, were against men aged between 18 and 34 years, although there were 17 children under the age of 10 who were subject to the use of force.

However, police say children could have been restrained by an officer for their own safety or to detain them, incidents which would have been recorded as force.

The data revealed that 45 per cent of those who were subject to force were white, 36 per cent were black and 10 per cent from the Asian community.

Around 14 per cent were believed to have mental health issues.

Police dogs were deployed 24 times - and people were bitten by the dogs on 17 occasions. CS spray was drawn 87 times and used on violent suspects 68 times.

The figures were released after hundreds took to the streets in London to protest over the deaths of two black men after they were apprehended by police officers.

Rashan Charles, 20, died last month after being restrained by officers in Dalston, while Edson Da Costa, 25, from East Ham, died after contact with the police five weeks earlier.

The figures showed 655 suspects were injured, 11 seriously.

Commander Matt Twist said of the figures: "Our officers face the most dangerous situations every day. The use of force techniques are there to stop violence and danger, protecting not only the officer making an arrest but the public at the scene, and the person being arrested.

"It is important to recognise the type of force used with the most common being the use of compliant handcuffs.

"These figures will ensure transparency to the public who will get a better idea of what officers face on a day-to-day basis."

He added: "We can see from the data that on 643 occasions officers were injured in this period."

The figures include the first data on the use of spit guards after they were deployed to all custody suites across London.

Westminster officers recorded the most use of force followed by Lambeth, Croydon, Hackney and Wandsworth.

Commander Twist added: "It is really important to note that this first three month period is very early data and not comparable against anything else.

"It will take time for us to ensure officers comply with filling out this form after every use of force interaction becomes routine or second nature.

"We know that there will be instances of force used in this period which have not been recorded, but having scrutinised the data we have already seen a steady increase in the number of online recording.

"We have been training officers on the new form through officer safety training and briefings."

Officers are asked to record "tactical communications" as "force" to show where their attempt to defuse situations by talking failed and they had to resort to more robust tactics.

(28th September 2017)



HUGE HUMAN TRAFFICKING RING FLYING HUNDREDS OF MIGRANTS, INTO UK SMASHED BY POLICE
(London Evening Standard, dated 3rd August 2017 author Martin Bentham)

Full article [Option 1]:

www.standard.co.uk/news/crime/huge-human-trafficking-ring-flying-hundreds-of-migrants-into-uk-smashed-by-police-a3603156.html

A huge human trafficking ring that has been flying hundreds of Iranian migrants, some as young as five, into Britain has been smashed after the arrest of more than 100 people by European law enforcers and the Met.

The alleged leader of the criminal gang was detained at Heathrow as he tried to escape justice by flying to Brazil. Another 14 gang members were held in Malaga, southern Spain, where the smuggling operation was based.

The EU's law enforcement agency, Europol, said that more than 200 people a year had been smuggled by the gang for around 10 years. Most were flown into Britain, although some were sent to other European countries.

Europol said the gang had run a "perfectly structured" criminal operation in which each migrant was charged around £22,000 and provided with accommodation, transfers and flights.

There was no immediate information from the Home Office about how many Iranians have managed to enter Britain illegally or whether any of those detained have been removed from the country.

But the discovery of the operation will raise renewed concerns about the security of Britain's borders and the ability of traffickers to use fake or legitimate documents from other EU countries to smuggle illegal migrants into the country.

Announcing the successful operation against the gang today, Europol said that Spanish National Police had "dismantled an international criminal network involved in smuggling Iranian nationals into the UK on commercial flights" on an "action day" across Europe.

As the well as the alleged ringleader arrested at Heathow, another 14 members of the trafficking ring were arrested in Spain, along with 42 Spanish citizens suspected of selling their documents to help the gang carry out is smuggling operation.

A total of 44 Iranians were also detained at airports across Europe carrying forged passports. Seven other Iranians, including a child aged five, were also found during searches carried out by Spanish police. Passports, more than 400 blank identity cards, firearms, cash, computers, printers and a "high-end vehicle" were also seized during the searches.

Europol said that law enforcers had become aware of the gang, which was operating out of Malaga in southern Spain, after seven Iranian citizens were caught a year ago using fake passports to board a lane flying to this country from Germany.

Investigations found that the flight tickets had been bought at travel agnecy in Malaga and realised that there was "a migrant smuggling network operating in the city".

"The criminal group was perfectly structured and each member had a defined role, ranging from recruiting the irregular migrants in their country of origin, to facilitating the transfers, hosting them in safe houses in Spain, and supplying the travel documents," Europol said.

"The network operated from Málaga and used Spain as a transit country. In total, 101 individuals were arrested. The Spanish National Police arrested 14 members of the criminal group in Málaga, as well as another 42 individuals accused of selling their Spanish documents to the members of the organisation for prices ranging from 500 euros (£445) to 3000 euros (£2,680).

"Another 44 individuals of Iranian nationality were intercepted at different European airports carrying forged passports. The leader of the criminal group was arrested by the Metropolitan Police at Heathrow airport, after a European Arrest Warrant was issued by the Spanish authorities. The suspect intended to take a flight to Brazil to evade justice."

Europol added that searches of safe houses in Spain had led to the discovery of seven other Iranians, including a five-year-old child, as well as 40 authentic Iranian and Spanish passports and other equipment used by the criminal gang.

A spokesman for Europol added that it was difficult to estimate the exact number of the numbers trafficked into Britain by the gang but that "around 200 Iranians were smuggled per year, most of them to the UK but not all". He added that the gang had been operating for "various" years before it was detected but that it was not possible to give a "concrete" length of time.

(28th September 2017)

500 IDENTITIES STOLEN A DAY IN ID FRAUD EPIDEMIC
(Which, dated August 2017 author Gareth Shaw)

Full article [Option 1]:

www.which.co.uk/news/2017/08/500-identities-stolen-a-day-in-id-fraud-epidemic/

Identity fraud has reached 'epidemic' levels, according to fraud prevention service Cifas, with almost 500 cases of ID fraud a day being reported in the first six months of the year.

There were 89,000 cases of identity frauds recorded between January and June 2017, up 5% on the previous year - a record high. More than four in every five (83%) cases of identity fraud were perpetrated online.

Cifas' figures suggest a sharp rise in fraudsters applying for loans, telecoms and insurance products, although the majority fraud attempts have been against bank accounts and credit cards.

The fraud body said that the 'vast majority of identity fraud happens when a fraudster pretends to be an innocent individual to buy a product or take out a loan in their name. Often victims do not even realise that they have been targeted until a bill arrives for something they did not buy or they experience problems with their credit rating.'

Indeed, yesterday we reported the story of a company director who fell victim to ID fraud an incredible 29 times.

West Midlands and Scotland see surge in ID fraud

Cifas' data suggests that while London remains the capital for ID fraud, with more than 26,000 cases reported in the first half of the year, the West Midlands and Scotland have seen 30% increases over the past six months

ID FRAUD VICTIMS ACROSS THE UK

East of England : 8673 (-7%)
East Midlands : 4647 (-2%0
Greater London : 26177 (-3%)
North East : 1968 (+22%)
North West : 7556 (-12%)
South West : 3839 (+25%)
South East : 12721 (+8%)
Scotland : 3507 (+30%)
Wales : 1696 (-2%)
West Midlands : 7355 (31%)
Yorkshire and Humber : 6069 (+20%)

This follows an investigation carried out by Which? research in June, which revealed the fraud capitals of the UK. The majority of victims are aged between 31 and 40, but as the table below shows, the number of victims aged under 21 has doubled in the past year, albeit from a low base.

Which June investigation article : www.which.co.uk/news/2017/06/revealed-the-fraud-capitals-near-you/

Age of victim : Number of victims of impersonation : (% change between 2016 and 2017)

Under 21 : 1023 (49.6%)
21 - 30 : 12303 (5.6%)
31 - 40 : 18916 (1.5%)
41 - 50 : 18338 (1.4%)
51 - 60 : 15940 (4.3%)
Over 60 : 13294 (-6.2%)

Source : Cifas

What is Cifas?

if you've been a victim of fraud, you can pay for Cifas' 'Protective Registration'. This will place a flag alongside your name and personal details in their secure anti-fraud database, and helps retailers see you're at extra risk of fraud and prompt to take extra steps to verify your identity. Applying for financial products and services might take a little longer, as companies may see the flag and request further details, but you can be reassured that your details are being protected. Registration costs £20 and lasts for two years.

Huge spike in insurance ID fraud


Incidents of insurance ID fraud have reportedly risen from just 20 cases last year to more than 2,000.

The Insurance Fraud Bureau, which captures and shares information on insurance fraud, said that while the amount lost to insurance fraud (£1.3bn) has fallen over the past year, the rise could be attributed to an increase in 'application' fraud and people buying cheap or fake insurance from 'ghost brokers'.

Ghost brokers tend to advertise online, on social media and popular selling websites, offering people the opportunity to get cheap insurance. They impersonate the person looking for cover and fraudulently apply for insurance with inaccurate and misleading information to reduce the cost of cover. Sometimes, ghost brokers produce fake policy documents to sell insurance to a consumer.

Ben Fletcher, director of the Insurance Fraud Bureau, said that a third of all open investigations the body is conducting are concerning ghost brokers and application fraud. The Bureau has a 'cheat line' which allows people to report potentially fraudulent insurance brokers and dodgy practices.

The Association of British Insurers stated that 'using someone else's details to try to save money on a policy, or to sell fraudulent insurance policies… are both crimes which come with serious consequences', and that the insurance industry was involved in a number of initiatives to combat fraud and 'help keep prices down for the majority of honest customers.'

(28th September 2017)



JULY 2017

WHITE COLLAR CRIME PROSECUTIONS FALL AS OFFENCES RISE
(The Register, dated 31st July 2017 author out-law.com)

Full article [Option 1]: www.theregister.co.uk/2017/07/31/white_collar_crime_prosecutions_fall/

The number of white collar crime prosecutions in the UK fell by 12 per cent between 2015 and 2016, despite a 4 per cent increase in the number of reported offences.

Figures sourced by Pinsent Masons, the law firm behind Out-Law.com, show a trend of falling white collar crime prosecutions since 2011.

Pinsent Masons' corporate crime expert Barry Vitou said the decrease raised questions over the funding of enforcement bodies such as the Serious Fraud Office (SFO) to pursue white collar criminals.

"More money and time needs to be spent ensuring regulators, agencies and police forces can deal with new threats effectively, and follow-up with any intelligence. There is clearly no shortage of leads," said Vitou. "Government support and adequate funding is the lifeblood of any organisation fighting white collar crime."

White collar crime prosecutions fell from 9,489 in 2015 to 8,304 last year. Since 2011, when there were 11,261 prosecutions, there has been a 26% drop in prosecutions.

Meanwhile the number of reported fraud offences increased 4% in the last year, to 641,539 in 2016 up from 617,112 in 2015. Since 2011 the number of reported crimes has risen nearly four-fold, from 142,991 offences.

White collar crime includes corruption, bribery, insider dealing, computer fraud, and false accounting practices. Online fraud was the most commonly-reported offence last year and according to a recent National Audit Office report, cost private sector businesses an estimated £144 billion last year and individuals £10bn.

Recent high-profile white collar crime prosecutions included a £497 million deferred prosecution agreement (DPA) agreed between Rolls-Royce and the SFO in January and a £129m DPA between Tesco and the SFO in March.

According to Pinsent Masons these high-profile cases came despite the downward trend in mainstream white collar crime enforcement, which is the task of the police and the National Crime Agency (NCA)

During the recent general election campaign the Conservative party manifesto pledged to merge the SFO with the NCA. Vitou, who has previously predicted that the election result put these plans into doubt, said there needed to be an end to uncertainty over the future of the SFO.

"It is also time, once and for all, to lay to rest the constant speculation about the future of the SFO and to guarantee its future as a stand-alone agency," Vitou said.

(21st September 2017)



STEALTHY REVIVAL OF STOP AND SEARCH
(Sunday Times, dated 30th July 2017 authors Tom Harper and Arthi Nachiappan)
www.thetimes.co.uk [Option 1]

Two of Britain's biggest police forces have quietly stepped up their use of controversial stop-and-search powers in the face of a surge in violent crime.

Officers in Greater Manchester and Surrey detained more people in the first four months of this year on suspicion of carrying knives and drugs than in the same period last year. It is the first official sign of a reversal after a dramatic fall since 2014 prompted by Theresa May.

As home secretary, May insisted all stop and search had to be intelligence-led and not random. She was concerned by data showing black people were seven times more likely than white people to be stopped. The number of searches fell to 387,448 last year, the lowest since 2002.

The reforms have been blamed for the largest rise in recorded crime in a decade. Total recorded crime in England and Wales rose by 10% last year with violent crime up by 18%, including a 20% rise in gun and knife crime, according to the Office for National Statistics (ONS).

The biggest increase in knife crime was in London. The Sunday Times revealed in May that Cressida Dick, the Metropolitan Police commissioner, had decided to increase stop and search in response. Twelve Londoners had been fatally stabbed in just three weeks.

Now a Sunday Times analysis of College of Policing statistics show that two forces have followed Dick's lead.

In Surrey the annual rise in total recorded crime is 8% and in violent crime 12%. Stop and search rose 78% in January to April compared with the same period last year : officers detained 193 people suspected of carrying offensive weapons.

Greater Manchester officers used stop and search 958 times in that period, a rise of 7%. The force almost doubled its use to detain people suspected of carrying offensive weapons.The force saw a 29% rise in violent crime year on year.

However, Richard Garside, director of the Centre for Crime and Justice Studies, said:"Ramping up stop and search is unlikely to have a meaningful impact on crime levels while doing much to antagonise innocent members of the public."

What's happening on the street (from graph within article)

Whilst stop and search dropped from 1,017,542 to 387,448 between 2012 and 2016. The amount of violent crime rose from 601,141 cases in 2012 to 992,366 cases in 2016.

(21st September 2017)


NIGERIAN AGENTS TO SNARE SLAVERS AT UK AIRPORTS
(The Sunady Times, dated 30th July 2017 authors Jon Ungoed-Thomas and George Arbuthnott)
www.thetimes.co.uk [Option 1]

Nigerian anti-trafficking officials have been posted at British airports to combat gangs trading human slaves.

They started work with Border Force officers at Gatwick and Heathrow last week after new figures revealed a sevenfold increase in the number of Nigerian women and unaccompanied minors on a key trafficking route into Europe since 2014.

Speaking from Nigeria, Kevin Hyland, the UK's independent anti-slavery commissioner, said officials from Nigeria's National Agency for the Prohibition of Trafficking in Persons (Naptip) would help identify victims of trafficking.

"There are criminal networks operating with impunity and they are earning a fortune trading in people lives," said Hyland. "We are now working with Nigeria to stem this at source and en route."

At least £5m from Britain's overseas aid budget is being spent in Nigeria to combat modern slavery. MI5 and MI6, GCHQ and Interpol are also involved after a report in204 found that in the UK there were between 10,000 and 13,000 potential victims of slavery, from all countries.

In 2016, 243 Nigerians were identified as potential victims through the governments national referral mechanism, which provides support and protection. Nigeria was the third most common foreign country of origin.

One of the hubs of the trafficking route is Edo state in southern Nigeria. Women are trafficked north to Libya before embarking on the perilous journey across the Mediterranean to Italy.

The number of young women arriving in Italy by sea increased from 1,454 in 2014 to 11,009 in 2016. In the same period, the number of unaccompanied minors arriving jumped from 461 to 3,040. About 80% of women and girls arriving from Nigeria are potential victims of sexual exploitation.

Another route is by air from Nigeria to London. Woman and children travel on genuine visas or are given false documentation. The women may be forced to work in brothels and children as unpaid household servants. Victims are often coerced into travelling by using witchcraft rituals.

Julie Okah-Donli, director general of Naptip, said in a message to traffickers:" If we miss you here in Nigeria at departure, we will not miss you as you arrive at your destination".

(21st September 2017)


GANGS POSE AS RETAIL BUYERS TO DUPE SUPPLIERS
(The Times, dated 29th July 2017 author John Simpson)
www.thetimes.co.uk [Option 1]:

Fraudsters posing as supermarket buyers are tricking suppliers into delivering vast quantities of food and drink then stealing it on arrival, industry leaders say.

The thieves have developed cunning scams in which they rent warehouses and send realistic emails that appear to come from supermarket chains. They are netting goods worth tens of thousands of pounds ranging from tinned tuna to wine.

Police have warned of a growing spate of thefts through "supplier fraud" and industry figures have estimated a global loss of as much as £5 billion to brands worldwide. The gangs generally target European suppliers, which have to ship the order in. Once the delivery arrives it is swiftly broken up and moved.

Recent cases of fraudsters posing as Iceland supermarket executives led to the theft of about £250,000 worth of tinned tuna from a Portugese supplier, and more than £20,000 of wine from Germany.

Last year, Action Fraud received 237 reports of this type of crime, which it refers to as distribution fraud. As a result, 138 investigations were launched across the country.

Detective Inspector Chris Felton, of City of London police, said in the Grocer magazine: " You're often trying to chase after shadows because once the goods are delivered they're very quickly broken up and moved to other storage venues. "Where the goods are delivered is only going to have a very tenuous connection to the criminals anyway, because they've deliberately chosen somewhere that won't leave any easy trial. Where we have results, like the recent Greater Manchester case, they're down to really good detective wok and beavering away at this. Unless you get lucky they're not at all easy to piece together. These are not individual crimes and each report potentially has bits of information that (when) built up together gives us enough for a successful operation. These are organised groups doing it again and again."

Duncan Vaughan, legal director at Iceland, told The Grocer that the company had "endless lever-arch files full" of incidents and losses.

Brakes, a food wholesaler, has reported a "significant" number of thefts and attempted thefts. The company's legal counsel said:" Sadly, in the event of an actual fraud we tend to find out too late, which is normally when the supplier requests payment".

Tomasz Nowowiejski, the chief executive of Mutalo Group, a Polish company that makes energy drinks, said that it had nearly shipped two containers of goods worth about £45,000 to a group of scammers posing as Iceland. "Everything was spot on", he said. We've had many attempts at a scam where someone has sent an email claiming to order a big aount of merchandise, but usually they're ver poorly done and if someone's been woking in the field for a couple of years they'll recognise it".

(21st September 2017)

ALMOST A QUARTER OF SHOPS "ILLEGALLY SELL KNIVES TO UNDERAGE PEOPLE"
(The Guardian, dated 29th July 2017 author David Connet and Haroon Siddique)

Full article [Option 1]:

www.theguardian.com/membership/2017/jul/29/almost-a-quarter-of-shops-illegally-sell-knives-to-underage-people

Nearly one in four shops is breaking the law on under-age knife sales, with blades sold to children as young as 12, trading standards officers have warned.

In test purchases carried out for the Local Government Association, implements including a machete, a nine-inch serrated knife, razor blades and craft knives were sold to underage teenagers across England and Wales. Major supermarket chains were among the offenders.

The results, which the LGA said were alarming, follow widespread concern at police-recorded crime figures, which found a 20% rise in knife offences to 34,703 incidents - the highest level in seven years.

Responding to the new crime figures, the head of parliament's youth violence commission said that 2017 could be a new low point for knife deaths in the UK, calling for an "urgent, united and societal response" to the problem.

"Indications so far suggest that knife crime and knife-related deaths will be much higher in 2017 than in previous years," said Labour MP Vicky Foxcroft, who established the commission last year after a spate of killings of young people in her Lewisham constituency in south-east London.

Foxcroft suggested that the number of incidents was likely to be higher because many people who went to hospital with stab wounds did not go to the police. "We need to have much more accurate reporting." she said.

This year the Guardian has launched Beyond the Blade, a reporting project that will mark the deaths of children and teenagers in the UK who are killed by knives in 2017. There is no publicly available national data on the number of victims in this age group.

Foxcroft's intervention was echoed by Simon Blackburn, chair of the LGA Safer and Stronger Communities Board, who said the trading standard tests demonstrated "shocking abuses of the law" by retailers across the country. The LGA called for greater fines and tougher sentences for shop owners who break the law banning the sale of knives to people under 18.

In test purchases in one area alone, one teenager was sold a machete, another a lock knife and a third a nine-inch serrated knife.

In London, where knives have been behind a spate of murders, 96 out of 725 test purchases carried out saw knives and blades sold to children as young as 13 including a national supermarket chain.

One 16-year-old bought a pack of craft knives from a major high street store without being asked for proof of age at the self-service checkout. In another instance, a 17-year-old police cadet bought a pack of double edge razor blades from a supermarket chain self-service point.

That picture was not confined to the capital. In purchases undertaken by Devon, Somerset and Torbay Trading Standards in cooperation with police, seven out of 29 shops - including two major supermarkets - sold knives to under 18s.

At one shop in Bristol, a 14-year-old girl was sold a nine-inch serrated knife. Afterwards she commented: "It's scary how easy it is to buy a knife."

Blackburn said knife crime had risen significantly last year and people accessed knives from different places but it was "important to make sure the retail supply of knives is managed robustly across all sales points".

He added: "Knives are lethal weapons in the wrong hands and it's vital that shops do all they can to prevent them falling into the hands of young people."

In London, 19 traders were prosecuted or have cases pending. Others received official warnings or provided with compliance advice. Trading standard officers warn that cuts to frontline staff and funding have made enforcing knife sale laws increasingly difficult.

Foxcroft said that the level of knife crime revealed by the police-recorded figures could underplay the real picture, suggesting that the number of incidents is likely to be higher as many people who attend hospital with stab wounds do not go to the police.

"We need to have much more accurate reporting," she said. Pointing to the death of four teenagers in a week just before the election, she said: "Now, more than ever, we need an urgent, united and societal response to tackle the epidemic of violence affecting young people across the country."

Foxcroft welcomed proposed new anti-knife crime measures including banning the delivery of knives to private addresses and police powers to confiscate banned weapons found in people's homes. However, she said they failed to go far enough.

Improved retail display of knives was important, she said. "The commission spoke to lots of different people. One of the things they said was in terms of them being so freely available, on display in shop counters. If a kid is willing to use or carry a knife, are they going to think anything of stealing one? Should [the knives] be behind counters, locked up?"

The four young people killed in nine days as the election campaign drew to a close were Matthew Cassidy, 19, in Deeside, north Wales; Abdirahman Mohamed, 17, in Peckham, south London; Koy Bentley, 15, in Watford, Hertfordshire; and Osman Sharif, 17, in Tottenham, north London.

Since the four deaths, another 18-year old, Mahad Ali, was killed following a party in Park Royal, west London on June 29. Mahad was stabbed several times in the chest by a number of attackers. Three men were arrested after his death. Two have been released and third is on police bail.

Together, the deaths bring the count of children and teenagers killed this year by violence involving knives to 21.

(21st September 2017)


GANGSTERS USING YOUNG PEOPLE AS "MONEY MULES", POLICE WARN
(The Telegraph, dated 28th July 2017 authors Telegraph Reporters)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/07/28/young-people-used-money-mules-police-warn/

Cases involving young people who are targeted to become "money mules" by letting criminals use their bank accounts have reportedly almost doubled.

Police in London are warning parents to monitor their children's accounts amid concerns they could be falling victim to such crime either through force or when offered payment, the Times said.

Figures from fraud prevention service Cifas, reported by the paper, show the number of "misuse of facility" frauds involving a person under 21 has risen year-on-year.

Cifas said there were 4,222 such cases in the first half of 2017, compared with 2,143 in the first part of last year.

It also reported that 65% of the 17,040 incidents of that type in the UK in the first six months of this year were committed by people aged under 30.

This kind of fraud usually sees the person allowing their bank account to be used to move criminal money, Cifas said, making it harder for the authorities to track.

The Times said a letter sent to schools from the Metropolitan Police's fraud unit urged them to support officers by educating young people that they should not let their accounts be used in this way.

(21st September 2017)



UNDERCOVER POLICE SPIED ON MORE THAN 1000 POLITICAL GROUPS

(The Guardian, dated 27th July 2017 author Rob Evans)

Full article [Option 1]:

www.theguardian.com/uk-news/2017/jul/27/undercover-police-spied-on-more-than-1000-political-groups-in-uk

Undercover police officers who adopted fake identities in deployments lasting several years spied on more than 1,000 political groups, a judge-led public inquiry has said.

It is the first time that the number of political groups infiltrated by the undercover spies over more than four decades has been made public. The list of groups that were infiltrated has not been published by the inquiry. However, it is known to include environmental, anti-racist and animal rights groups, leftwing parties and the far right.

The number of infiltrated political groups has been released by the public inquiry that was set up by Theresa May, while she was home secretary, to examine the conduct of the police spies since 1968.

May ordered the inquiry following revelations that the spies had gathered information about grieving relatives such as the parents of murdered teenager Stephen Lawrence, deceived women into forming long-term relationships and stolen the identities of dead children.

The inquiry disclosed the figure after campaigners who were spied on asked how many political groups were known to have been infiltrated.

The campaigners have been pressing the inquiry to publish a list of the groups and the names of the fake identities that were used by the police spies during their covert missions.

At least 144 undercover police officers have been deployed to spy on political groups since 1968. It appears that they gathered information on more than one group.

The spies developed elaborate false identities, often based on dead children and supported with fake documentation such as driving licences provided by the state.

They spent long periods, usually five years, pretending to be political activists while they fed back to their superiors information about the activities of campaigners and the protests that were being organised.

Sixteen of the spies have been identified following investigations by campaigners and journalists, giving some idea of which groups were spied on.

The initial groups infiltrated by the spies in the late 1960s and 1970s included campaigns against the Vietnam war and apartheid, and leftwing organisations such as the International Marxist Group. The operation was later expanded to target the extreme right.

In the 1980s, Bob Lambert, an undercover officer, masqueraded as an activist in the Animal Liberation Front and an environmental group, London Greenpeace.

In the 1990s, Peter Francis, an undercover officer who became a whistleblower, was deployed to spy on anti-racist groups such as Youth Against Racism in Europe, and the Socialist party. Another spy, Jim Boyling, was embedded in environmental groups such as Reclaim the Streets. His colleague Mark Jenner infiltrated the Colin Roach Centre, a group in London that sought to expose police corruption.

Andy Coles spied on animal rights campaigns, including the London Boots Action Group. In May, he resigned as the deputy police and crime commissioner for Cambridgeshire after he was accused of deceiving a 19-year-old political activist into starting a sexual relationship while undercover in the 1990s. He is currently under pressure to resign as a Tory councillor in Peterborough.

Since the turn of the century, Mark Kennedy and Lynn Watson have been sent to spy on environmental campaigns, while Marco Jacobs infiltrated the Cardiff Anarchist Network and Simon Wellings an anti-capitalist group, Global Resistance.

On Tuesday, the Home Office confirmed that the public inquiry was now being headed by a new judge, Sir John Mitting. He replaced Sir Christopher Pitchford, who stepped down after being diagnosed with motor neurone disease.

The inquiry has been delayed as the police are arguing that most of its proceedings should be held in private in order to protect the spies and their techniques. The police are submitting legal applications that would, if granted, keep secret the identities of their spies.

(21st September 2017)

THREE HUNDRED UK CHARITIES HIT BY GLOBAL CRACKDOWN ON ILLEGAL FUNDS
(Reuters, dated 27th July 2017 author Lawrence White)

Full article [Option 1]:

www.reuters.com/article/us-banks-charities-idUSKBN1AC0FH

More than 300 UK-based charities have had their bank accounts closed in the last two years after being caught up in a global crackdown on illegal money flows, forcing the government to explore how to allow them easier access to the financial system.

Thousands more charities have had operations disrupted by delayed payments causing financial losses and risks to employees, Britain's Charity Finance Group, that helps to organize charity financing, told Reuters. Major charities Oxfam and Save the Children say they were amongst those hit.

The government is setting up a panel of charity executives, bankers and officials to meet in the coming months to "drive new policy thinking" to allow legitimate charities to operate unhindered, an official told Reuters.

The decision to assemble the working group comes ahead of a review by the inter-governmental Financial Action Task Force (FATF) next March of Britain's efforts to tackle money-laundering and financing of militant groups.

At the FATF meeting, Britain could face criticism of its failure to tackle the problem of charities losing access to the banking system, charity sector analysts said.

The FATF has recorded over 100 cases worldwide of alleged abuse of charities for terrorist finance. In one example in the city of Birmingham in 2011, three people were convicted of impersonating Muslim Aid charity workers to fund a bomb attack.

But legitimate charities say they have been cut off from the financial system because banks have been alarmed by billion-dollar fines meted out for breaching sanctions, anti-terror financing and anti-money laundering rules.

Charity officials say the clamp-down on charities by banks is causing government-backed aid efforts to fail, humanitarian workers to be put at risk and potential recipients to suffer.

"Save the Children believes a more aligned approach between governments, regulators, and NGOs will help to reduce financial crime, whilst ensuring critical and life-saving humanitarian work continues," the group said in a statement for this article.

HSBC and Co-Operative Bank closed the most charity bank accounts in the last two years, according to a Reuters survey of more than 30 case studies. Both banks, along with other big institutions, said they were taking action to better understand the needs and internal governance of charity clients.

HSBC SETS UP TEAM

In the last two years, HSBC hired some 35 staff to work in a team dedicated to the charity sector, according to a source familiar with the hirings. The specialists aim to ensure charities comply with global financial rules.

A problem that hit mainly smaller Muslim-related charities after September 11, 2001 attacks in America accelerated in the last few years to involve thousands of charities.

"Delayed and declined payments have become a regular recurrence in the sector with charities experiencing disruption to their objectives on a daily or weekly basis," a director at UK-based umbrella group Muslim Charities Forum, Monowara Gani, told Reuters.

Many British charities affected were reluctant to speak on the record about their experiences because they were worried that other banks might cut them off, or that donations could dry up if their banking problems were publicized.

One small human rights charity funded by Britain's Foreign Office, which did not want to be identified, closed down this year after being unable to open a bank account, two sources familiar with the situation said.

This illustrated the problem posed to British international aid policy by the banks' fear of being punished for breaching regulations, said the sources who declined to be named.

Around 20 per cent or nearly $1 billion a year of the government's bilateral assistance funds distributed by the Department for International Development are channeled through charities, according to government data.

"We continue to engage with humanitarian organizations to understand and discuss what impact the wider security context may be having on their operations overseas in conflict-affected states," said the government official, who confirmed a panel had been set up to engage with the issue.

RISK RULES

"The humanitarian sector is struggling with a policy vacuum, leaving commercial organizations such as banks to set the risk rules for delivery of publicly-funded aid," said Mike Parkinson, policy adviser for Oxfam UK, which has encountered delays in opening bank accounts overseas.

Some banks are responding to the problem, but others are reluctant to serve a sector deemed to have a "medium-high" risk of terrorist financing in a 2015 British government report.

"We feel like banks used to be competing for charity business, but now they are pushing us away," said Tim Boyes-Watson, executive director of British-based Mango which specializes in helping charities manage their finances.

Boyes-Watson said Mango is working on creating a certification system that would aim to make approved charities easier for banks to work with, but that implementing and regulating such a scheme could prove costly.

In addition to hiring a team dedicated to the charity sector, HSBC in April sent a guide called "Keeping your Charity Safe" to 11,000 charity and non-profit customers.

"We will continue to work with the UK government and industry bodies to support the not-for-profit sector," a spokeswoman for the bank said in an email.

Co-Operative Bank has closed accounts for dozens of organizations in the last few years including branches of the Cuba Solidarity Campaign and the Nicaragua Solidarity Campaign.

Amnesty International UK in December 2016 published a report criticizing the bank's handling of those closures, which were often abruptly communicated to the charities. The bank said it was unethical not to comply with legal and regulatory rules.

A spokesman for the bank said it has introduced a new "exit forum" to manage closures of charities' accounts better and will soon publish a summary of its account closure data.

UNDERSTANDING CHARITY CLIENTS

Barclays has sent a mandatory questionnaire to all of its charity clients in recent months asking them how they deal with financial crime and sanctions-related issues.

"The idea is that if we understand charity clients better and get confident in their internal governance, we should be better placed to make payments for them," said David McHattie, head of the charities team at Barclays.

McHattie said no customers have lost their accounts as a result of unsatisfactory answers to the questionnaire, but that the bank has asked some clients to improve their processes.

While Britain's government, banks, and charity officials take steps to tackle the problem, aid workers say the consequences of losing access to banking are getting worse.

"I've been talking to banks for over a year and still don't have an account, so I'm having to send money for life-saving care through Western Union which is expensive and time-consuming," said the head of one medical aid organization operating in Syria who did not wish to be named.

Other aid organizations without bank accounts are resorting to more primitive, risky methods.

"A number of organizations I know are back to throwing bags of cash over the border into Syria," said Lisa Reilly, executive coordinator at the European Interagency Security Forum which works to improve the safety of aid workers.

(21st September 2017)


HORSEMEAT TRIAL SHINES LIGHT ON KEY PART OF INTERNATIONAL FRAUD
(The Guardian, dated 26th July 2017 author Felicity Lawrence)

Full article [Option 1]:

www.theguardian.com/uk-news/2017/jul/26/horsemeat-trial-shines-light-international-fraud

The conviction of three men in London for conspiracy to defraud by selling horse mislabelled as beef marks the end of the UK police operation to identify the criminals in its jurisdiction behind the horsemeat scandal of 2013.

Operation Boldo, run by the City of London police's specialist fraud division, tracked just one of the trails of dodgy meat that were exposed when the Food Safety Authority of Ireland (FSAI) published tests at the beginning of 2013.

These showed that burgers and ready meals on sale in leading retailers and fast food outlets contained undeclared horse and pig DNA. The FSAI report sparked testing across Europe, which exposed industrial-scale adulteration of the food supply.

Investigations that followed in the UK led to others being charged with or convicted of regulatory offences relating to horse slaughter or selling beefburgers containing undeclared offal, and a conviction for labelling goat as lamb but, four and a half years on, this is the first UK conviction for selling mislabelled horsemeat.

The trial shone a light on how one key part of the transnational fraud worked.

The three convicted men were from two companies. One was a meat trading operation called FlexiFoods, based in Hull and run by the Danish businessman Ulrik Nielsen and his administrator Alex Beech. The other was a cold store and sausage processing plant called Dinos in Tottenham, north London, run by a Cypriot called Andronicos Sideras. Nielsen was described by police as the "brains" behind the UK part of the fraud.

The court heard how he traded meat on paper across countries and contracted others to move it. He kept meticulous records, which enabled the authorities to pin down how and where horse had been mislabeled as beef. Sideras was the "hands" of the fraud and it was at his site, according to the prosecution, that beef and horse were mixed and forged beef labels were applied before they were supplied to manufacturers via other traders.

The beef products adulterated with horse were mostly bottom-of-the-range bargain lines. At the time of the scandal, discount frozen burgers were typically being sold for around 25p per quarter pound when the market price for real beef of the grade suitable for burgers was 43p per quarter pound.

When processing to meet the low prices set by the supermarkets, manufacturers generally put out a call to traders to supply blocks of frozen meat at the cheapest price possible. By substituting much cheaper horsemeat, the traders on trial were able to increase their profits by 30-40%, according to a police investigator.

Some of the beefburgers that tested positive for horse DNA had been manufactured in an Irish factory called Silvercrest that was part of a giant beef processing company, the ABP group. They had been sold in leading supermarkets. Some contained traces of equine DNA, which might have come from contamination from previous batches on the production line, but Tesco burgers from Silvercrest tested as 29% horse, suggesting lumps of horsemeat had been added.

ABP said rogue Silvercrest managers had strayed from specifications in buying some meat from an Irish trader, Martin McAdam, based nearby in County Monaghan. He and ABP insisted they were victims of the fraud and had no idea they had ever handled horse. McAdam had in turn bought from FlexiFoods.

Separately, environmental health officers (EHOs) in Newry, Northern Ireland, had received a tip-off that undeclared beef hearts were being used for manufacturing at a factory in their area called Freeza Meats. Freeza Meats was a large supplier of burgers to Asda. An EHO went to inspect and found a suspicious load of meat that was not properly labelled so she detained it.

It was found to contain different batches of meat, some Polish beef, some Polish beef mixed with Polish horsemeat, and some Irish horse. During the gruesome job of defrosting and examining it, police found the microchips of three registered riding horses. Wiktor and Trak had been ponies owned in Poland; Carnesella Lady had once been a valued hunter and broodmare kept in Galway.

The detained meat was owned by McAdam, who said he had bought the load from FlexiFoods for another Irish burger manufacturer, Rangeland, who had rejected it because it was the wrong size for its machines, which was why it was being kept in Freeza Meats's cold store. Freeza Meats denied any knowledge of the contents of the load. It later pleaded guilty to selling undeclared beef hearts in Asda burgers and was fined. It had bought 653 tonnes of beef hearts for processing between January 2012 and April 2013.

Police following the horse trail back through traders were led by FlexiFoods' records for the detained load to Dinos. While they were able to physically test the rejected load, other loads had already been eaten. So the prosecution examined the invoice and shipping evidence for seven orders that had gone through FlexiFoods and Dinos and ended up at Silvercrest and Rangeland, accounting for 83 tonnes of adulterated meat.

On paper, FlexiFoods placed orders for horse with an Italian meat trader, the court heard. The Italian company then bought horsemeat for FlexiFoods, again on paper, from an Irish cold store that owned large quantities of Irish-slaughtered horse. The Irish horse, labelled as horse, was then delivered to Dinos in London where it was mixed with imported Polish beef and sent back to Ireland labelled as 100% beef, the prosecution said.

Meat processors in Europe must be licensed and each has its own official health stamps to prove traceability. Sideras made new labels with faked stamps for the mixed loads.

Dinos had also done business with a Dutchman who has been charged and is due for trial in November in the Netherlands in connection with the 2013 horsemeat scandal. He was arrested again earlier this month in Spain as part a huge operation by the Spanish authorities and Europol, which suggested that horse frauds continue. He cannot be named for legal reasons but Europol said he had been charged along with 65 others with crimes including animal abuse, document forgery, money laundering, and being members of a criminal organisation.

ABP sacked its Silvercrest managers and sold the factory in 2013. Freeza Meats was closed. Silvercrest, Rangeland and McAdam's company were fully investigated in 2013 by the Irish department of agriculture, which said there was no evidence that any of them had knowingly bought or used horsemeat.

(21st September 2017)


ANTI-SEMETIC HATE INCIDENTS SOAR TO RECORD HIGH IN UK
(International Business Times, dated 27th July 2017 author Isabelle Gerretsen)

Full article [Option 1]:

www.ibtimes.co.uk/anti-semitic-incidents-soar-by-over-200-decade-1632098

Anti-Jewish incidents rose to a record high in the UK in the first six months of 2017, a new report by Britain's anti-Semitism watchdog has revealed.

There were 767 acts of anti-Semitism recorded nationwide between January and June this year, a 30% increase compared with 2016, according to research by the Community Security Trust (CST), a charity monitoring anti-Jewish acts in the UK. This is the highest total ever recorded across a six-month period and a 212% rise on the same period a decade before, when there were 246 incidents.

In 2016, the year of the bitter Brexit referendum, anti-Semitic instances rose 42% in a year, with 1,309 incidents recorded, compared with 924 the previous year.

The authors of the CST report acknowledge that "improvements in reporting of anti-Semitism" may have contributed to the overall increase, but say that this alone does not explain "the scale or breadth" of the problem.

A spokesperson for the CST, Dave Rich, told IBTimes UK that there is "no simple answer" why the number of incidents is so high.

"Previously when we have seen record totals they have usually been linked to particular events such as wars in Israel and Gaza, but that is not the case this year," he said.

"Nor is it down to better reporting from what we can tell. It seems that there is simply more anti-Semitic hate crime happening.

"Perhaps this is because anti-Semitism has been a prominent issue in the media and politics over the past year or two, or because of wider divisions and tensions in society that have led to increases in other types of hate crime as well."

Eighty of the incidents involved physical assaults, almost 80% more than the previous year. There were 568 instances of abusive behaviour against Jewish people, with the majority involving damage to property, verbal aggression and abuse on social media.

Jewish Labour MPs, including Ruth Smeeth and Luciana Berger, were also targeted by online trolls last year. Smeeth has said that she was called a "CIA/MI5/Mossad informant" and a "f*****g traitor" on Twitter.

Simon Johnson, CEO of the Jewish Leadership Council, said more should be done to tackle "vile and disgusting anti-Semitic online abuse" and called on social media companies such as Twitter, Facebook and YouTube to ramp up efforts to police their platforms.

MPs condemned the "worrying rise" in anti-Semitism and vowed to do more to tackle "bigotry and hate" in Britain.

"One such incident is one too many," Home Secretary Amber Rudd said. "[The government] will continue to do everything we can to stamp out the division and hatred that blights our communities. That is why we are providing £13.4m to protect Jewish sites and made available £900,000 to tackle various types of hate crime."

Communities Secretary Sajid Javid said the record number of anti-Semitic incidents was "completely unacceptable" but added that it was "encouraging" that "Jewish communities are more confident in coming forward."

(21st September 2017)


WOMEN NOT REPORTING CHEMICAL ASSAULTS DUE TO FEAR OF REPRISALS
(London Evening Standard, dated 26th July 2017 author David Churchill)
www.standard.co.uk [Option 1]

A campaigner in one of the Boroughs worst hit by acid attacks today said she fears cases were being "under reported" by female victims who feared reprisals.

Rabina Khan, 44, is an independent councillor in Tower Hamlets, Scotland Yard figures showed men were twice as likely to be victims but Ms Khan said that the number of women was likely to be higher.

She said acid was used in "honour" crimes and domestic abuse, adding: " I would say there is under-reporting that we need to be looking at and which is one of the biggest worrying factors. People may be afraid or scared to report - that's what we've seen.

"What we want to do is make sure that it's particularly women talking about this because the victims are usually women and tend to be afraid of reprisals, with some not coming forward".

Since 2010 there have been more than 1,800 reports of attacks involving corrosive fluids in the capital. Between 2011 and 2016 there were 398 acid attacks in Newham, 134 in Barking and Dagenham and 84 in Tower Hamlets.

Ms Khan, who runs End Acid Attacks in London, said the crimes should be recorded seperately from other forms of violence. She joined calls for people to able to be prosecuted for " carrying an offensive weapon" if caught with corrosive substances.

(21st September 2017)


THESE CHEAP PHONES COME AT A PRICE - YOUR PRIVACY
(CNET, dated 26th July 2017 author Alfred Ng)

Full article [Option 1]:

www.cnet.com/uk/news/these-cheap-phones-are-costing-you-your-privacy/

Cheap phones are coming at the price of your privacy, security analysts discovered.

At $60, the Blu R1 HD is the top-selling phone on Amazon. Last November, researchers caught it secretly sending private data to China.

Shanghai Adups Technology, the group behind the spying software on the Blu R1 HD, called it a mistake. But analysts at Kryptowire found the software provider is still making the same "mistake" on other phones.

At the Black Hat security conference in Las Vegas on Wednesday, researchers from Kryptowire, a security firm, revealed that Adups' software is still sending a device's data to the company's server in Shanghai without alerting people. But now, it's being more secretive about it.

"They replaced them with nicer versions," Ryan Johnson, a research engineer and co-founder at Kryptowire, said. "I have captured the network traffic of them using the command and control channel when they did it."

An Adups spokeswoman said that the company had resolved the issues in 2016 and that the issues "are not existing anymore."

Kryptowire said it has observed Adups sending data without telling users on at least three different phones.

This year's Black Hat conference comes against the backdrop of a year's worth of reports about Russian hacking and its intrusion into the 2016 presidential race, as well as news in the last few months about ransomware attacks that hijack people's computers, to be unlocked (if you're lucky) for a fee.

People have enough to worry about when it comes to privacy on their personal devices. Between government surveillance and security vulnerabilities, preinstalled software on the phone itself is an unexpected breach of both trust and privacy for millions of owners who are just looking for an inexpensive phone.

Blu, which says it disputes the notion that Adups is spyware, said it "has several policies in place which take customer privacy and security seriously," and says there have been no breach with its devices. The company also cites Kryptowire vice president Tom Karygiannis as saying the data collection does not constitute any wrong doing.

Karygiannis, however, told CNET: "I did not authorize them to make a public statement on my behalf."

A huge invasion of privacy'

Having access to the command and control channel -- a communications route between your device and a server -- allowed Adups to execute commands as if it's the user, meaning it could also install apps, take screenshots, record the screen, make calls and wipe devices without needing permission.

"It does seem like a huge invasion of privacy," Johnson said.

Kryptowire looked at more than 20 pieces of firmware from low-end Android devices, all which had vulnerabilities that allowed for spyware apps and all of which had a MediaTek chipset. The chipset always came with a preinstalled app called MTKLogger, which allowed for surveillance of data like your browsing history and GPS location if it were hijacked.

MediaTek said it resolved the issue in November, but researchers at Kryptowire found out last week that the Blu Advance 5.0 still ships with a vulnerable version of the app. The phone, which is the third best-selling phone on Amazon, does not have a firmware update available to stop a potential exploit, Johnson said.

It works through something called privilege escalation, which gives advanced permissions to certain apps far beyond what you would like it to have. Kryptowire has not found any cases yet in which the MTKLogger has been hijacked, but the vulnerability still exists.

Kryptowire originally discovered Adups' spying nature last October. After it had been revealed, Adups removed its data tracking on devices like the Blu R1 HD and the Blu Life One X2, two phones that are popular on Amazon for their cheap prices. For those two devices, Adups stopped sending text message and call logs to China since.

A widespread problem


Johnson only found Adups' secret data funneling to China because it was the top-selling phone on Amazon -- but the issue remains prevalent on low-profile devices, he said. In May, he purchased a Blu Grand M from Best Buy, which goes for between $60 and $75.

Six months after Adups said it made a mistake with its data tracking, Johnson discovered that it was still happening on the Blu Grand M. In May, he found the phone was sending data to China containing a list of apps installed, the apps used, unique phone identifiers like the MAC address and IMEI, the phone number, and cell phone tower ID.

It doesn't track your phone's GPS, but cell phone tower data is close enough to be admissible as evidence in murder trials and has raised massive debates on digital privacy.

"It can generally locate a person, presuming they're in an urban area," Johnson said.

Adups' spying intensity varies based on the phone, but it comes preinstalled on up to 700 million devices, including cars and other connected devices. Some of the more aggressive spying would send a person's browsing history and bookmarks.

Johnson said he hasn't found the spyware on any phones that cost more than $300, as Adups is mostly installed on cheaper devices. It's not only on Blu devices, as Johnson in May found data exfiltration on the Cubot X16S as well.

The Chinese phone, which sells for between $90 and $110, was sending call logs, browser history and location data behind users' backs. Cubot did not respond to requests for comment.

"It seems pretty widespread around lower-end phones," Johnson said.

Johnson tested the Cubot X16S's software again on Monday, and found that Adups had quietly removed the backdoor app on the device -- shortly after CNET reached out to the company.

It's still unclear what happens with the data once it's on servers in China. When Johnson contacted Adups, the company said it would just delete the data. Kryptowire was able to track the data to where it ended up, but not what was done with it.

(21st September 2017)


OVER HALF OF (Scottish) COUNCILS AND HEALTH BOARDS ATTACKED IN PAST THREE YEARS
(i, dated 24th July 2017 author Deborah Punshon)
www.independent.co.uk [Option 1]

Almost 60 per cent of Scottish councils and over half of health boards logged attempted or successful cyber attacks in the past three years, the Johnston Press Investigations unit has discovered.

Data produced from Freedom of Information requests showed only half of local authorities reported incidents to the police.

Ransomware - both attempted and successful - was among the most common type of attack experienced by Scottish public bodies.

Data shows that 19 of Scotland's 32 councils experienced over 50 no table incidents in the past three financial years. Of the incidents logged, only nine authorities reported any to police though no data was stolen or lost.

Between 2014 and 2017, Aberdeen City Council suffered 12 successful cyber attacks, including six ransomware incidents, and had its webpage defaced. None of the council's data was compromised during any of the incidents.

The data also shows that over half of Scotland's health boards have been targeted by cyber criminals since 2014.

Apart from the WannaCry attack in May which affected 11 of Scotland's 14 health boards, incidents were not reported to Po­lice Scotland despite at least nine breached systems.

NHS Greater Glasgow and Clyde was subject to four cyber breaches in 2016. Files became inaccessible after being encrypted by ransomware. All data was recovered and the ransoms were not paid.

A Scottish Government spokesman said: "Scotland's public sector bodies take cyber security seriously and implement a wide range of mea­sures to ensure basic security standards. Ministers expect to receive recommendations from the National Cyber Resilience Leaders' Board shortly."

(21st September 2017)


LONDON POLICE GIVEN 1,000 ACID RESPONSE KITS AFTER SURGE IN ATTACKS
(The Guardian, dated 24th July 2017 author Holly Watt)

Full article [Option 1]:

www.theguardian.com/uk-news/2017/jul/24/london-acid-attacks-police-given-1000-emergency-response-kits

Police officers in London are being issued with 1,000 acid attack response kits after a rise in the number of crimes involving corrosive liquids. Rapid response police cars will now carry the kits, which include protective gear and five-litre bottles of water, to allow officers to give immediate treatment to victims sprayed with acid.

The London fire brigade will respond alongside police, because the service is able to provide large volumes of water rapidly. Pouring water over a victim can help prevent further damage to skin, but speed is critical.

Police in east London will also carry kits to allow them to test for acid and other corrosive liquids. At the moment it is not illegal to carry such substances, meaning that police have to show there is intent to cause harm.

Stephen Timms, the Labour MP for East Ham, has called for carrying acid to be made a crime. Criminals who carry out acid attacks can be prosecuted for grievous bodily harm and jailed for life.

A number of attacks have taken place in east London recently, particularly in Newham. At the moment, police cars in east London carry the attack response kits, but they will now be rolled out to all cars in the capital.

A spokesman for the Metropolitan police said the force was working closely with the London fire brigade, the ambulance service, the Home Office and hospitals on how to deal with the issue.

Acting Det Supt Mike West, the Met's lead officer for corrosive-based crime, told the Evening Standard: "These are life-changing injuries. While the volumes in comparison with knife and gun crime are small, the injuries are a life sentence for victims.

"I am confident that we are stepping up our response to this crime and we are looking for a safer way to identify some of the substances on the streets. So you might be walking down the street with what appears to be a bottle of Lucozade, but officers will now be testing you to establish what is in that bottle."

A London fire brigade spokesperson said: "Our firefighters are specialists in dealing with a full range of incidents involving hazardous materials. If our crews are called to the scene and someone is suffering from the affects of a corrosive substance, we will assist our colleagues from the London ambulance service and Metropolitan police in treating the casualty, primarily by helping to flush the affected area with copious amounts of water."

The number of crimes involving acid or other "noxious substances" has more than doubled in London over the past three years. In 2016, there were 455 crimes in the city where a corrosive substance was used or threatened to be used.

Experts have linked the rise in acid attacks to a crackdown on knives and guns, saying street gangs have started using corrosive substances because they are more readily available.

Police say there is anecdotal evidence that young criminals are carrying acid following legislation introduced in 2015 that means an immediate jail term for a repeat offence of carrying a knife.

(21st September 2017)


CENTRAL BANK WARNS CONSUMERS AS FRAUDSTERS CLONE DETAILS OF IRISH REGISTERED COMPANIES
(Irish Independent, dated 24th July 2017 author Louise Kelly)

Full article [Option 1]:

www.independent.ie/business/irish/central-bank-warns-consumers-as-fraudsters-clone-details-of-irish-registered-companies-35961561.html

Consumers have been warned to be aware of financial fraudsters as an unauthorised firm has cloned the details of an Irish registered company.

The Central Bank have discovered that Baradero Global Transfer Limited (www.baraderoglotrans.tk) has been operating as a payment institution and/or as a money transmission business here without appropriate authorisation.

According to the bank, this unauthorised firm cloned the details of a company called Baradero Limited, a company registered with the Irish Companies Registration Office (CRO) which does not deal in financial services.

"It should be noted that there is no connection whatsoever between Baradero Limited, which is a company registered with the CRO and the unauthorised entity Baradero Global Transfer Limited (www.baraderoglotrans.tk) that has cloned its details," read a Central Bank statement.

Meanwhile, Park Projects Investments Limited (www.parkprinvest.eu.pn), has been operating as a retail credit firm without authorisation, cloning the details (name and Irish registered address) of a company called Park Projects Investments Limited.

"Fraudsters are increasingly using legitimate firms' details to add an air of legitimacy to their fraud. The fraudsters will 'borrow' all of the legitimate information of an authorised/legitimate firm for the purpose of this fraud.

"They may quote authorisation numbers/company registration numbers and links to seemingly legitimate websites and even provide the real address of an authorised/legitimate firm."

The Central Bank said that it is a criminal offence for an unauthorised firm to provide financial services in Ireland and has advised consumers should be aware that, if they deal with a firm which is not authorised, they are not eligible for compensation from the Investor Compensation Scheme.

Consumers have also been advised to check the Central Bank's register to verify a firm's details and to call the firm back directly using its advertised phone number.

(21st September 2017)


BRITS MUST NOW REGISTER VIRTUALLY ALL NEW DRONES AND UNDERGO SAFETY TESTS
(The Register, dated 24th July 2017 author Gareth Corfield)

Full article [Option 1]:

www.theregister.co.uk/2017/07/24/uk_mandatory_drone_registration_rules_floated/

New British drone owners will have to register their craft with the state and pass a mandatory safety test, according to a government announcement sneaked out over the weekend.

The plans are a response to the perceived danger of amateur drone operators cavorting around the skies willy-nilly, causing headaches for airliner pilots and air traffic controllers alike.

"Like all technology, drones too can be misused. By registering drones, introducing safety awareness tests to educate users we can reduce the inadvertent breaching of airspace restrictions to protect the public," said aviation minister Lord Callanan in a statement.

The rules will apply to all new drones weighing more than 250 grams, with the move being intended "to improve accountability and encourage owners to act responsibly".

Though the government's intention is clearly to force all new users of items other than kids' toys to register, the details have not yet been worked out. We are told: "Users may be able to register online or through apps, under plans being explored by the government," though the mandatory test will cover "safety, security and privacy regulations".

"There is no time frame or firm plans as to how the new rules will be enforced," noted the BBC.

Chinese drone maker DJI, the pre-eminent market supplier, welcomed the move. Brendan Schulman, a veep at the firm, said in a statement: "The Department for Transport's proposal appears to strike a sensible balance between protecting public safety and bringing those benefits to the UK's businesses and the public at large."

Schulman also sounded a warning note over the scheme's sketchiness: "We expect the government to work closely with industry leaders to ensure progress and promote technological innovation... The key will be maintaining this balance in the next round of deliberation."

Hackers have circumvented software restrictions on off-the-shelf DJI drones, bypassing height limits and so-called geofences around areas that governments would rather the public couldn't see inside. Earlier this year DJI imposed its own mandatory registration scheme, limiting flight performance if users chose not to bother.

The EU announced its own set of "draft" regulations on drones earlier this year, with industry figures expecting them to become mandatory with few or no changes.

Nobody has kept track of how many consumer drones have been sold up until now, meaning there are potentially thousands of people with drones weighing 250g or more who will not be affected by the registration scheme - or tested on their knowledge of aerospace regulations.

Was the study justifying this move a fair test?

Key to the government's published justification for this is a study carried out by British miltech boffinry outfit Qinetiq (PDF, 18 pages) which showed that drones colliding with aircraft cause significant damage. Commissioned by the Department for Transport, the Military Aviation Authority (a branch of the Ministry of Defence) and the British Airline Pilots' Association, a trade union, the study found "drones can cause significantly more damage than a bird of equivalent mass at the same speed... due to the hard metallic components present in drones."

Some in the drone community immediately questioned the study's validity because of the drone and payload used. Qinetiq testers decided to strap a hand-held Nikon DSLR camera underneath the drone. This is not typical of how most camera-equipped drones operate; the vast majority have integral cameras of about the size and weight of an external webcam.

"It's important for the drone industry, with both hobbyist and commercial interests, that any regulations that are agreed on, or legislation that is enacted, should be based on sound studies which global drone experts agree are accurate and based on real life like use cases," Ian Hudson, a CAA-approved drone pilot, told The Register. "The photographed device appears to be a collection of parts barely passable as either a consumer or professional drone. The camera alone is the weight equivalent of a DJI Mavic and DJI Spark taped together."

During the tests, the drone and its components were fired into a sample of airliner and helicopter windscreens and a computer model derived from the gathered data.

(21st September 2017)


MONEYSUPERMARKET FINED £80,000 FOR SPAMMING SEVEN MILLION CUSTOMERS
(The Register, dated 21st July 2017 author Rebecca Hill)

Full article [Option 1]:

www.theregister.co.uk/2017/07/21/moneysupermarket_fined_80000_for_spamming_seven_million_customers/

Price-comparison darling Moneysupermarket.com has been fined £80,000 for sending 7.1 million emails to customers who had opted out of receiving direct marketing emails.

The UK's data protection watchdog stepped in to compare the firm's behaviour with the law - and found that it had attempted to circumvent rules on direct marketing. Between 30 November and 10 December 2016, Moneysupermarket.com sent out a batch of emails to people who had asked not to be contacted, with 6.8 million successfully received.

The message was audaciously dressed up as an invitation asking people to accept promo material. Folks who had previously insisted they'd rather not be receiving end of marketing bumf were asked if if they'd like to reconsider. The missive read:

We hold an e-mail address for you which means we could be sending you personalised news, products and promotions. You've told us in the past you prefer not to receive these. If you'd like to reconsider, simply click the following link to start receiving our e-mails
.

In a move that anyone - apart from, it seems, Moneysupermarket - should have predicted, customers weren't pleased, and one reported it to the Information Commissioner's Office.

On investigation, the ICO said that Moneysupermarket.com had broken Privacy and Electronic Communications Regulations, and slapped it with an £80,000 fine. Head of enforcement Steve Eckersley said in a statement:

"Organisations can't get around the law by sending direct marketing dressed up as legitimate updates.

"When people opt out of direct marketing, organisations must stop sending it, no questions asked, until such time as the consumer gives their consent. They don't get a chance to persuade people to change their minds.
"

He added that emails sent by companies "under the guise of 'customer service', checking or seeking their consent, is a circumvention of the rules and is unacceptable," and that the ICO would continue to take action against them.

The watchdog last month gave Morrisons supermarket a £10,500 fine for a similar breach, in which the chain sent more than 200,000 emails to people who had previously opted out.

(21st September 2017)


MET POLICE PUT UNDERCOVER OFFICERS ON BICYCLES TO CATCH DANGEROUS LONDON DRIVERS
(Independent, dated 21st July 2017 author Tom Bachelor)

Full article [Option 1]:

www.independent.co.uk/news/uk/home-news/met-police-london-drivers-undercover-officers-bicycles-dangerous-driving-roads-a7852951.html

Undercover police officers will be deployed on London's roads using unbranded bicycles to catch dangerous drivers who pass cyclists too closely.

Plain clothes officers wearing video cameras will be dispatched to accident black spots in a bid to tackle bad driving under the "space for cyclists" scheme.

The new tactic is designed to reduce the number of deaths and injuries on the capital's roads.

Drivers caught making close passes, tailgating or cutting up cyclists by making unsafe left or right turns across bike lanes will be targeted.

The latest figures for cycling deaths and injuries show that 18,844 cyclists were hurt or killed on Britain's roads in 2015.

Bike-mounted officers will be sent to any location based on police intelligence and complaints from the public. Once a driver is witnessed driving dangerously, a nearby marked police motorcycle rider will be alerted.

Bad drivers will be required to pass a roadside eyesight test, have their vehicle checked for roadworthiness and have the Highway Code explained to them. The most serious offenders will face a court appearance.

The first car stopped under the scheme on Friday morning had no insurance, MOT or tax, and was impounded.

A bus driver was also recorded passing less than 30cm from the cycling officer.

The Highway Code states drivers overtaking cyclists must give at least give as much space as they would a car.

Cyclist smashed off his bike by driver following mobile phone row

Duncan Dollimore, senior road safety officer at Cycling UK, told The Independent: "When the Metropolitan Police pulled over drivers in Peckham this morning for overtaking cyclists too close, it was no surprise to discover that some of those spoken to were also driving untaxed vehicles with no insurance.

"Other forces conducting similar operations have experienced exactly the same, showing that a small investment of time and resources in a simple enforcement operation can prove really effective."

?Ashok Sinha, chief executive of the London Cycling Campaign, added: "Drivers passing too close is terrifying and off-putting to people cycling.

"Most people cite road danger and near misses as major reasons why they don't cycle.

"The Highway Code requires drivers give safe space to cyclists when overtaking.

"This welcome operation on close passes will send a message to drivers in London to obey the Highway Code and stay wider of the rider."

A spate of cycle deaths in London earlier this year put pressure on the Mayor of London, Sadiq Khan, to improve safety for cyclists by providing more segregated cycle lanes.

In one case, a cyclist in his 30s was dragged at least 20 yards under the wheels of a lorry before the driver was alerted by other motorists to the mangled bike in his wheels.

City Hall defended its record on road safety, saying the cycling budget for 2016/17 was £127m - eclipsing the average yearly spend under the previous mayor, Boris Johnson, of £79m.

London's injured cyclists


Will Norman, London's Walking and Cycling Commissioner, expressed support for the police initiative and said the mayor's office was "working hard to build high-quality safe routes to encourage even more people to cycle".

Sergeant Andy Osborne, of the Met's Cycle Safety Team, said: "This tactic is about education and encouraging motorists who do not comply with the rules of the road to start doing so - for everyone's safety and protection - theirs included.

"There is a lot of traffic in the capital and we all need to share the roads and be mindful of other road users. In its simplest form, it's about being courteous to one another.

"By all road users obeying the Highway Code, collectively we can help lessen incidents of people being killed or seriously injured on the roads."

Efforts by the Met to reduce road casualties follow a similar scheme introduced by West Midlands Police, which deploys undercover officers on bicycles to monitor dangerous driving.

(21st September 2017)


UK HOUSEHOLDS HIT BY 1.8m COMPUTER MISUSE OFFENCES IN A YEAR
(The Register, dated 20th July 2017 author Rebecca Hill)

Full article [Option 1]: www.theregister.co.uk/2017/07/20/uk_computer_misuse_statistics/

The number of incidents of computer misuse in England and Wales reached 1.8 million in the year up to March 2015, according to official crime statistics released today.

The Office for National Statistics data, based on a household survey of around 17,000 people, reveal 1.19 million cases of computer viruses.

There were a further 603,000 incidents where someone gained unauthorised access to personal information, which includes hacking.

The data suggests people don't tend to bother reporting computer viruses to the police, with just 3.7 per cent of people informing law enforcement.

However, more people thought cops should know when someone had access their personal info - 11.8 per cent said they reported such incidents.

Some 18 per cent of people surveyed said they fell victim to computer misuse crimes more than once during the year.

Of the overall total, 6 per cent said they had suffered three or more incidents (El Reg wonders whether they were simply unlucky or might need to do something about their security measures).

These computer misuse stats are experimental - they only got added into the official crime survey back in October 2015, which means that until there are two years of data there isn't a previous set to compare them against.

The ONS also added in questions on fraud at the same time, and the data shows that, in the 12 months up to March 2017, there were 3.4 million incidents.

Not all of these resulted in financial loss - 31.9 per cent didn't - and just 0.5 per cent resulted in a loss of £20,000 or more. Nearly half (45.4 per cent) resulted in a loss of between £50 and £1,000.

Of these cases, 57 per cent were classed as cyber crime - defined by the ONS as being those that involved the internet or any kind of online activity. Somewhat unsurprisingly, 97 per cent of computer misuse cases fell into this category.

The survey also looked at offences recorded as online crime by the police in England and Wales, finding that there were almost 50,000 such cases.

Of these, harassment and stalking was the most prevalent, with 29,570 recorded cases.

But obscene publications were more likely to involve the internet - 43 per cent of all obscene publications were classed as online crime, while just 14 per cent of harassment and stalking took place online.

The other incidents most often reported as online crime were child sexual offences (5,710 cases) and blackmail (2,114).

Overall, the crime survey showed 11 million incidents of crime in the year up to March 2017, including these experimental figures. Without them, there were 5.9 million incidents, which was a 7 per cent drop on last year's survey.

(21st September 2017)


SHOTGUN CRIME HAS GONE UP 44% IN THE UK IN A SINGLE YEAR
(International Business Times, dated 20th July 2017 author Josh Robbins)

Full article [Option 1]:

www.ibtimes.co.uk/uk-sees-23-rise-gun-crime-20-rise-knife-crime-just-one-year-1631201

Dramatic rises in gun crime and knife crime have been recorded by British police in the year between April 2016 and March 2017, according to the Office for National Statistics (ONS).

There were 6,375 firearms offences during the period, up 23% from the year before. Meanwhile, the number of crimes involving knives or sharp instruments rose 20% to 34,703.

These developments were at the extreme end of a wider trend that saw all recorded crime rise by 10% - the biggest spike for a decade.

"This government is failing in its duty to keep our streets safe," Liberal Democrat MP Ed Davey told The Guardian.

"The Conservatives have utterly disrespected the police by freezing their wages and cutting their budgets time and again".

Sexual assaults committed with a knife or sharp instrument rose by a staggering 50% to 180 while rapes aided with a knife rose 25% to 416.

Shotgun crime was up 44% to 592 while handgun offences rose by 24% to 2685.

John Flatley, from the ONS, warned that some of the increases were driven by improvements in the way police now record crime.

However, he added that this did not account for all the data and that crime had undoubtedly risen in the last year.

A separate national crime survey, also released today, called The Crime Survey of England and Wales (CSEW) found that overall crime had fallen by 7%.

The ONS figures relate to police recorded crime whereas the CSEW figures are derived from surveying the general public.

He made explicit reference to weapon-related crime, arguing that the ONS's figures, which showed sharp rises, were more accurate.

"Some of the increases recorded by the police are in the low-volume, but high-harm, offences such as homicide and knife crime that the crime survey [CSEW] is not designed to measure," he said.

Labour's shadow home secretary, Diane Abbott, said: "The Tories have cut police officer numbers again in the latest 12 months and now there are well over 20,000 fewer than in 2010.

"The Tories simply aren't allowing the police to protect the public. Labour in government will tackle rising crime."

(21st September 2017)


CRIME RISE IS BIGGEST IN A DECADE - ONS FIGURES SHOW
(The Guardian, dated 20th July 2017 author Alan Travis)

Full article [Option 1]:

www.theguardian.com/uk-news/2017/jul/20/official-figures-show-biggest-rise-crime-in-a-decade

Police-recorded crime has risen by 10% across England and Wales - the largest annual rise for a decade - according to the Office for National Statistics.

The latest crime figures for the 12 months to March also show an 18% rise in violent crime, including a 20% surge in gun and knife crime. The official figures also show a 26% rise to 723 in the homicide rate, which includes the 96 cases of manslaughter at Hillsborough in 1989.

More alarmingly, the statisticians say the rise in crime is accelerating, with a 3% increase recorded in the year to March 2015, followed by an 8% rise in the following year, and now a 10% increase in the 12 months to this March.

The accelerating rise in crime comes as Home Office figures show a further fall of 924 in the past year in the number of police officers, to 123,142 in England and Wales. This is the fewest officers in England and Wales since 1985. Police numbers have fallen by 20,592 since 2010.

Ministers will also be concerned that the country is becoming increasingly violent in nature, with gun crime rising 23% to 6,375 offences, largely driven by an increase in the use of handguns. Knife crime has also jumped by 20% to 34,703 incidents - the highest level for seven years. The largest increase in knife crime came in London, which accounted for 40% of the rise.

There has been a particular increase in the number of robberies at knife point to nearly 13,000 incidents. Rape or sexual assaults at knife point also show large percentage increases, although the numbers remain low with a total of 142 offences.

The 10% rise in police-recorded crime to nearly 5m offences include increases in burglary and vehicle theft, suggesting that the long-term fall in these higher volume offences may be coming to an end.

In contrast to the ONS figures, the official Crime Survey of England and Wales (CSEW), also released on Thursday, asked 35,000 households if they had been a victim of crime in the previous year. It is not designed to measure high-harm but low-volume offences such as murder and knife crime, and showed a 7% fall compared with the previous year, excluding fraud and computer misuse offences. If online is included, the number of crimes estimated by the survey rises from 5.9m to 11m.

The policing minister, Nick Hurd, said that crime, as measured by the crime survey, was down by a third since 2010 and by 69% since its 1995 peak.

"The Office for National Statistics is clear that much of the rise in violent offences recorded by police is down to better recording by forces but also believes some of the increases may be genuine and clearly there is more we must do to tackle the violent crimes which blight communities," said the Home Office minister.

"We recognise that crime is changing and we are determined to get ahead of new and emerging threats to the safety and security of our families and communities. Our latest action, announced in the past week, includes urgent work to bear down on acid attacks and proposals to strengthen the law to get knives off our streets."

The shadow home secretary, Diane Abbott, said the figures were a damning indictment. "The Tories have cut police officer numbers again in the latest 12 months and now there are well over 20,000 fewer than in 2010," she said. "The Tories simply aren't allowing the police to protect the public. Labour in government will tackle rising crime." She added that Labour would bring back 10,000 officers when in power.

The Liberal Democrats' Ed Davey said the figures had exposed the Conservative record of failure on crime. "This government is failing in its duty to keep our streets safe," he said. "The Conservatives have utterly disrespected the police by freezing their wages and cutting their budgets time and again."

John Flatley, head of crime statistics and analysis at the ONS, said: "The latest figures show the largest annual rise in crimes recorded by the police in a decade. While ongoing improvements to recording practices are driving this volume rise, we believe actual increases in crime are also a factor in a number of categories.

"Some of the increases recorded by the police are in the low-volume, but high-harm, offences such as homicide and knife crime that the crime survey is not designed to measure. If the increases in burglary and vehicle theft recorded by the police continue, we would expect these to show up in the survey in due course. We will continue to monitor these trends and investigate the factors driving any changes."

The 10% rise in police-recorded crime - an increase of 458,021 offences - was largely driven by increases in violence against the person (up 175,000 offences), theft (up 118,000), and public order offences (up 78,000).

There were smaller volume increases in criminal damage and arson (24,000), sexual offences (up 14,000), burglary (up 10,500), and robbery (up 8,000).

The 26% rise in the homicide rate to 723, an increase of 149, cover the 96 cases of manslaughter at Hillsborough in 1989, which were included in the annual figure as the inquests were finally concluded. Without the Hillsborough deaths, the number of homicides rose by 9%.

All forces across England and Wales, except Cumbria and North Yorkshire, recorded an annual increase in their latest figures.

Official statisticians say that although police-recorded crime figures lost their national statistics status in 2014 because of quality issues in changes in recording, they say the year-on-year increases represent actual increases in crime. The 10% rise in police-recorded crime contrasts with a 7% fall in the official crime survey.

Alexa Bradley, deputy head of crime statistics at ONS, explained why the CSEW and police records data appeared to show different trends. "It is important to remember that the sources differ in the population and offences they cover," she said.

"At least half of the increase in police-recorded crime series is in offences not covered by the survey, including shoplifting, public order offences and possession of weapons."

(21st September 2017)


BRITISH SILENCE ON PUBLIC TRANSPORT "MAKES IT HARDER TO STOP SEXUAL ASSAULT"
(The Telegraph, dated 20th July 2017 author Olivia Rudgard)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/07/20/british-silence-public-transport-makes-harder-stop-sexual-assault/

British silence on the rail network is making it harder for women to speak up about being sexually assaulted, campaigners have said.

Figures obtained by BBC Radio 5 Live Investigates show that the number of reported sexual offences on trains has doubled in five years from 650 in 2012/13 to 1,448 in 2016/16.

The data, which was released by the British Transport Police following a freedom of information request, shows that the majority were sexual assaults on females aged over 13.

Campaigners said the figures, which cover England, Scotland and Wales and include the London Underground, showed that women were more comfortable reporting incidents to the police, but added that commuters needed to do more to look out for each other.

Rachel Krys, co-director of the End Violence Against Women Coalition, said: "As many times as you hear a good story about someone intervening to help, you hear another one about nothing happening.

"People don't interact on the Tube and this does take all of us interacting a little bit better and taking some responsibility for each other.

"We need to say we want a different type of transport system."

She said the organisation's research had showed that most incidents take place at rush hour when carriages are busy.

"It's an opportunistic crime in many ways and when the Tube is really full these perpetrators play on that, in that a woman is not really sure whether it's happened to her."

Busy carriages made it even more difficult for others to intervene, she added.

"Women are also thinking 'is this actually assault, what's actually happening' so it's really hard for a stranger to see what's happening.

"The likelihood of them saying something is very low. We could all be looking out for each other a bit more."

Many of the reported assaults involve men pressing up against or groping a victim, often in a busy carriage.

In 2015 Labour leader Jeremy Corbyn, who at the time was campaigning for the leadership, was criticised for suggesting that women-only carriages could be considered to reduce attacks.

Ms Krys called the idea "extremely problematic". "Some men feel like they have more right to the space than women", she said.

"We need equal spaces - we need freedom for women," she added.

Detective Chief Inspector Darren Malpas from the British Transport Police said: "Tackling all forms of unwanted sexual behaviour on public transport is a priority for British Transport Police and we have worked hard in recent years to send a clear message to victims that they will be taken seriously and we will investigate offences."

(21st September 2017)


RUSSIAN HACKERS OFFER COURSES IN CREDIT CARD THEFT ON THE DARK WEB
(The Times, dated 19th July 2017 author John Simpson)
www.thetimes.co.uk [Option 1]

Russian hackers are offering sophisticated training on how to steal up to £10,000 a month through credit-card scams, researchers have found.

Operating through encrypted forums on the dark web, the online marketplace for illegal goods, the gangs give lectures and comprehensive guides to evading detection, often with the strict rule that course participants do not target Russian credit cards.

Undercover monitoring of the dark web by Digital Shadows, an online risk management company, found student reviews bragging of purchases made using stolen card details with images of cameras, games consoles and beach holidays.

The company's analysts investigated hundreds of criminal forums and found card details for 37,000 UK bank account holders on just two of the more popular dark web sites. The report warned that payment card fraud was expected to be worth as much as £18.5 billion globally by the end of 2018.

Digital shadows said that there was a growing trend for the six-week online fraud course, which are offered in the Russian language.

In exchange for 45,000 roubles (£575) plus about £150 course fees, aspiring cybercriminals were told they would make £9,200 a month, working a 40 hour week using stolen card details. The average wage in Russia is about £530.

Where PINs were necessary to steal from a victim, the course offered "automated services which call cardholders in the UK in an attempt to scam their details using social engineering techniques", the report found.

Scammers were also offered detailed coaching on social engineering and confidence fraud techniques for targeting victims over the telephone. One instructor advised the class to use conversation about the news and current events because they "play beautifully".

The research identified a hierarchy of linked individuals forming organised crime networks online.

Payment card data harvesters did the "dirty work" of intercepting the card data, whether physically running a "skimmer" over them or using computer viruses to steal them.

The details were then passed to distributors - who earned the lion's share of the wealth - to repackage and sell on to fraudsters who used the stolen or cloned cards to buy goods. A forth layer is made up of the criminals who are tasked with re-selling items and services bought with the stolen data.

Students were also given a guide and tools for hacking other people's PayPal accounts.

The company witheld the names of the many of the dark websites used by the hackers for fear of advertising new strategies to would-be fraudsters, but among the was Alphabay, which has had various iterations over the years and was recently taken offline.

Another site, Fraud.cat was used to test the strength of an IP address (the unique identifying code of a computers internet connection) against detection techniques.

Rick Holland, vice-president for the strategy at Digital Shadows, said:" The card companies have developed sophisticated anti-fraud measures and high-quality training like this can be seen as a reaction to this. Unfortunately, its a sign that criminals continually seek to lower barriers to entry, which then put more criminals into the ecosystem.

"However, the benefit is that the criminals are increasingly exposing their methods, which means that credit card companies, merchants and customers can learn from them and adjust the defences accordingly."

(21st September 2017)


SCOTLAND YARD URGES RETIRED OFFICERS TO RETURN TO WORK DUE TO STAFF SHORTAGES IN "CHALLENGING TIMES"
(The Telegraph, dated 18th July 2017 author Victoria Ward)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/07/18/scotland-yard-urges-retired-officers-return-work-due-staff-shortages/

Scotland Yard has asked former detectives to return to work as it struggles to cope in the wake of a string of terror attacks and the Grenfell Tower disaster.

The force has sent a letter to hundreds of retired detectives in a desperate bid to solve an apparent staffing crisis.

In the letter, deputy commissioner Craig Mackey, notes that recent incidents have required a "significant policing response" and that certain skills were in "high demand".

He acknowledges that that they are facing "challenging times" and that it is a "significant ask" of former employees who have long since left the force.

Since the Grenfell tragedy and terror attacks in Westminster, London Bridge and Finsbury Park, the force has also had to deal with an increase in knife crime, motorbike thefts and a spate of acid attacks.

Controversial budget cuts have also left it having to find savings of £400million in the next three years and it has struggled to maintain staff levels.

The letter, obtained by Sky News, is understood to have been sent to some 400 detective constables, who were either recently retired or on a career break.

It says officers are working extremely hard to support the victims and families of those affected by recent events.

"The nature of the response is placing certain skills in high demand, particularly across the investigative, counter terrorism and firearms commands," it adds.

"If you have considered the scope for a time-limited return to the Met in any capacity - either as a police officer, civilian investigator or volunteer (either warranted or non-warranted) - we would of course be open to discussions with you.

"Whether this be for a limited time or for the longer term, your support would be greatly appreciated during these unprecedented times."

Mr Mackey says the letter was prompted by other retired officers who had already offered to return to work.

Meanwhile, it has emerged that residents of Grenfell Tower were experiencing power surges in the weeks leading up to the deadly blaze that may have caused the fire.

Residents have claimed there were problems with electricity spikes in the flats, expressing concerns about safety and wiring.

A fire expert said the surges could have been the issue that caused the fire to start in a fridge freezer on the fourth floor.

At least 80 people are thought to have died as the blaze rapidly took hold and engulfed the tower in June

Joe Delaney, spokesman for the Grenfell Action Group, told the BBC: "There's been lots of issues with the electrics. There seemed to be a litany of problems."

In 2013, dozens of Grenfell Tower residents suffered electricity power surges so strong their appliances exploded, overheated and emitted smoke.

At the time, 25 residents successfully claimed compensation from the council.

But some have now revealed that the electricity problems persisted much more recently, suggesting they were never properly resolved.

Geoff Wilkinson, a building inspector and fire expert, told the BBC: "Certainly the issue with electricity spikes could well have been an issue which led to the fire in the first instance.

"If you're getting appliances overheat as a result of that then that could be an initial ignition source but that itself would not have led to the spread.

"I think it clearly concerns anyone that if you hear that there are 20 appliances in one day, there is something that is clearly wrong."

(21st September 2017)


UK.GOV PREPARES FOR MANDATORY PORN CHECKS
(The Register, dated 17th July 2017 author Kat Hall)

Full article [Option 1]:

www.theregister.co.uk/2017/07/17/gov_mandatory_adult_site_pr0n_checks/

The government is poised to usher in mandatory porn checks this week, with reports it will require users to provide details from a credit card to prove they are over 18.

The legislation was introduced in the Digital Economy Act in April, and will require websites serving up adult content to verify users' ages or be blocked by ISPs.

According to the Mail On Sunday, porn sites will have to use the same method as gambling websites to verify users are over 18. Sites could also face £250,000 fines if they fail to comply, it said.

The government is also expected to announce plans to appoint a regulator to police the sex websites, with the intention that all online porn sites have age verification controls by April 2018.

Digital Minister Matt Hancock said: "We are taking the next step to put in place the legal requirement for websites with adult content to ensure it is safely behind an age-verification control.

"All this means that while we can enjoy the freedom of the web, the UK will have the most robust internet child protection measures of any country in the world."

Hancock is expected to make a statement to the House of Commons today.

Information Commission Elizabeth Denham, meanwhile, has raised concerns that age checks could lead to the collection and retention of information that could be misused "or attractive to disreputable third parties".

The Liberal Democrats have previously opposed the plans, having describing the measures as something the "Russian or Chinese governments" would impose.

The party's spokesman Ed Davey said the rules will have limited success, while creating huge databases of those over 18 accessing legal adult content.

"This data is a practical treasure trove of information for hackers and criminals and the Government have failed to deal with this flaw," he said today.

"At the time we forced the government to accept a review of how these provisions function. I hope that ministers will be monitoring whether age-verification actually works rather than being content with passing legislation that sounds tough but fails to meet its objectives."

(21st September 2017)


POLICE BODYCAMS COULD SPOT CRIMINALS WITH REAL-TIME ARTIFICIAL INTELLIGENCE
(International Business Times, dated 17th July 2017 author Alistair Charlton)

Full article [Option 1]:

www.ibtimes.co.uk/police-bodycams-could-spot-criminals-real-time-artificial-intelligence-1630689

Police officers could soon be wearing body-mounted cameras programmed to spot criminals and missing people in real-time, using artificial intelligence.

The cameras, built by Motorola and similar to those already used by some US police forces to record an officer's point of view, could also help find missing objects like a stolen car, thanks to machine learning.

A prototype of the AI camera is already being developed by Motorola and Neurala, a deep learning startup based in Boston, Massachusetts that recently added its software to drone cameras to help track poachers in Africa.

The smart camera will learn while it is used and "automatically search for persons or objects of interest, significantly reducing the time and effort required to find a missing child or suspicious object in environments that are often crowded or chaotic," Motorola and Neurala said in a joint statement.

"We see powerful potential for artificial intelligence to improve safety and efficiency for our customers, which in turn helps create safer communities," said Paul Steinberg, chief technology officer of Motorola Solutions. "But applying AI in a public safety setting presents unique challenges. Neurala's 'edge learning' capabilities will help us explore solutions for a variety of public safety workflows such as finding a missing child or investigating an object of interest, such as a bicycle."

Using a system called 'at the edge' learning, the high-tech camera learns the appearance of the person or object being searched for, without lengthy training. This process, also known as incremental learning, is claimed to reduce the risk of "catastrophic forgetting", which occurs when a neural network forgets its previous training. This technique also enhances accuracy and reduces latency so the camera can be used to scan for a person in a crowd in real time.

Steinberg continues: "In the case of a missing child, imagine if the parent showed the child's photo to a nearby police officer on patrol. The officer's body-worn camera sees the photo, the AI engine 'learns' what the child looks like and deploys an engine to the body-worn cameras of nearby officers, quickly creating a team searching for the child."

(21st September 2017)


THIS WHAT CAN HAPPEN IF YOU USE THE SAME PASSWORD OVER AND OVER
(The Telegraph, dated 16th July 2017 author Amelia Murray)

Full article [Option 1]:

www.telegraph.co.uk/money/consumer-affairs/can-happen-use-passwords/

The typical person has 26 online log-ins - with the associated passwords and other ID - so it is no wonder that most of us use the same passwords for more than one service.

But this can be dangerous.

Kristy Jasper, 28, had almost £4,000 stolen from her business account by fraudsters 18 months ago and police told her the likely cause was her use of identical passwords for numerous online accounts. These included PayPal, Amazon, LinkedIn, Facebook and a website used to buy office supplies.

Upon checking her accounts she noticed nine online payments totalling £3,800 had been made to high street retailers such as Argos and Currys.

The crime was reported to the police and Metro Bank, the account provider, straight away.

"We couldn't understand how this had happened," said Ms Jasper.

"The police suggested it may have had something to do with our passwords plus other information the criminals found about us on social media."

The police never fully explained how the fraud occurred. Metro Bank repaid the money - so it ultimately bore the cost.

Angela Sasse, professor of human-centred security at University College London and director of the UK Research Institute in Science of Cyber Security, said most consumers were unaware of the data accessible via login details.

She said: "Our emails alone could contain plenty of financial information. How many of us have sent our bank details to friends, business partners or guesthouses?"

But that's not the extent of it.

If you've got the same password for your social media accounts, fraudsters could glean personal information from friends and contacts, enabling them to develop a more detailed personal profile.

This would enable them to impersonate you or "steal your identity".

Once criminals have your password and username for one service, they can check to see if they've been reused on other sites using free online software known as "credential stuffers", said Chris Underhill, chief technical officer at Equiniti, the cyber security firm.

"Fraudsters enter millions of emails and passwords into this software. Once they click 'go', the software starts to build a database of other sites they can access with your information," he said.

Your details can then be sold on or traded, broadening the risks to which the original owner is exposed.

The prize for the criminals is to be able to access bank accounts or other payment accounts, including PayPal, where payments can be made or money transferred.

In another twist, fraudsters could take over your email or social media account and ask your contacts to send you money, perhaps because you are abroad or have lost your cards, said Nick Mothershaw, director of fraud and identity solutions at Experian, the credit reference agency.

Ms Jasper and her business partner have since changed their passwords and have different ones for each of their accounts.

"It's a huge lesson to learn and we won't be making the same mistake again," she said.

How do the fraudsters get your password?


Emails that appear to be from genuine firms are often able to garner personal information from recipients by suggesting their accounts have been compromised or that they need to verify their identification.

These messages may also contain links to sophisticated copycat sites, such as an online banking page, which asks for consumers to enter their security details, such as passwords and account details.

Fraudsters also send out "malware" via email which, when accidentally installed by an unknowing user, could access passwords saved on your computer.

"All it takes is one click in a cleverly disguised email, one promoting a special offer, for example, and the malware is downloaded without you realising," said Mr Mothershaw.

Data breaches are another way criminals access your information.

Millions of MySpace, Adobe and LinkedIn users had their details compromised when the firms were breached between 2008 and 2016.

You can check if your credentials have been compromised in large-scale leaks on haveibeenpwned.com.

Making it easier to memorise "strong" passwords


Research by Experian showed that the "younger generation" rarely have more than five unique passwords for online accounts while a quarter of those aged over 55 have at least 11.

"We may well have reached 'peak password'," said Mr Mothershaw.

Few people can hope to remember scores of unique and complex passwords, so prioritise your email, work accounts and your online banking.

Eight characters is the ideal minimum for passwords - try using short, random words with a combination of lower case and upper case letters and a sprinkling of numbers and symbols.

Bruce Schneier, an American cryptographer and computer security professional, suggested making a memorable sentence into a password.

For example, "no man is an island" could become "N0mI5aI" and "two wrongs don't make a right" could be "2Wdm1R".

Don't keep records of passwords on your computer, in an email or in notes on your smart phone.

Prof Sasse said "the safest way" is to write them down on a pad of paper and "keep this locked away".

(21st September 2017)


BRITISH JEWS SUFFERING "INTOLERABLE" ABUSE AS ANTI-SEMITISM REACHES RECORD LEVELS
(International Business Times, dated 16th July 2017 author Paul Wright)

Full article [Option 1]:

www.ibtimes.co.uk/british-jews-suffering-intolerable-abuse-anti-semitism-reaches-record-levels-1630479

British Jews are said to be suffering "intolerable levels" of abuse in the UK, with anti-Semitic crime at the worst level on record after rising for the third year running.

Home Secretary Amber Rudd vowed to investigate the surge after figures also showed less than 2% of all reported anti-Jewish crime last year saw a prosecution and almost half of police forces failed to bring a single charge.

The figures were compiled from data received via Freedom of Information requests submitted to all UK police forces by the Campaign Against Antisemitism (CAA).

The organisation said the problem had become so bad some members of the Jewish community may soon leave Britain, should the situation not improve.

Last year there were 1,078 anti-Semitic crimes reported to the police - a rise of about 15% from 2015, and of 45% from 2014.

Almost two thirds of incidents last year were reported in London and Manchester, home to the largest Jewish communities in the UK.

The CAA said its own monitoring of court proceedings found that despite 10% of anti-Jewish crimes reported in 2016 being classed as violent, there was just one prosecution.

In total, just 15 (1.4%) of anti-Semitic crimes reported last year led to court action, while just 89 crimes led to charges - a drop of about a third compared to the previous two years.

The CAA said a consistently elevated level of anti-Semitic crime "has become the new normality for British Jews" and followed broken promises from the authorities to clamp down on the issue.

Gideon Falter, chairman of CAA, said: "2016 was the worst year on record for antisemitic crime, yet instead of protecting British Jews, the authorities prosecuted merely fifteen cases of antisemitic hate crime, including one solitary violent crime. The failure of police forces and the Crown Prosecution Service to protect British Jews is a betrayal.

"The solutions are simple, but whilst the right promises are being made, little has been implemented. The result is that British Jews continue to endure intolerable levels of hate crime."

Falter went on to say that while Britain "has the political will to fight antisemitism and strong laws with which to do it" those in charge are "failing to enforce the law".

He added: "There is a very real danger of Jewish citizens emigrating, as has happened elsewhere in Europe, unless there is radical change."

The CAA, which has called for police and prosecutors to be given more training on hate crime, claimed anti-Semitic incidents had also worsened in the initial months of 2017.

This includes the firebombing of kosher restaurants in Manchester last month and an incident in May during which a man allegedly chased Jews down a London street while brandishing a meat cleaver.

Home Secretary Amber Rudd said in response to the CAA's report: "Hate crime of any type is not acceptable. Everyone in this country has the right to be safe from violence and persecution.

"We are working together to tackle antisemitic hate crime in all its forms and using the full force of the law to protect every person in the UK. Our Hate Crime Action Plan has encouraged further action against hate crime across the police and criminal justice system.

"This includes encouraging more victims to report incidents to the police. We will consider the report's recommendations carefully as we develop new ways to rid the country of this sickening crime."

(21st September 2017)


BRITAIN'S COLD CALL NUISANCE IS THE WORST IN EUROPE
(The Times, dated 14th July 2017 author Andrew Ellson)
www.thetimes.co.uk [Option 1]

Britain is the worst country in Europe for cold calling and the nuisance is growing, researchers say.

The number of spam calls has increased by 180 per cent in the past ten months with Britons collectively being bombarded with 2.6 million calls a month despite new rules to try to limit the problem.

In Europe, only the Italians come close to receiving as many unwanted calls as British people. The French are pestered less than half as much.

The research identifies the claims management industry as the main reason why British households receive more calls than their European neighbours. It said that one in four unwanted calls came from companies trying to persuade people to make payment protection insurance claims.

The study appears to vindicate consumer groups which warned the City watchdog that setting a deadline for making these claims would result in a surge of unwanted calls as claims managers intensified their efforts to find new claimants before in became too late. In March the Financial Conduct Authority ignored these warnings and set a deadline of August 2019.

The figures also suggest that new government rules to ban cold callers from hiding their identity behind withheld numbers has failed to stem the rising tide of calls.

Since April all marketing companies have been made to display their telephone number or face heavy fines. The idea was to make it easier for people receiving unwanted calls to complain to the Information Commissioners Office (ICO). However, call centres, particularly those overseas, are now bulk buying UK telephone numbers from telecoms providers and splitting their spam calls equally between them, so that no single number gets a significant enough number of complaints for the ICO to investigate.

Nick Larson, of Truecaller, the call blocking service that conducted the study, said: "Across all markets we see that nuisance calls are still a problem on the rise. Despite good initiatives in the UK by the government, making the legislation tougher and issuing record fines, the offenders keep finding ways around this."

"With more homes becoming mobile-only, the spam callers have found new target group that is always reachable, making it crucial not only to block nuisance calls on your landline but also on your mobile phone."

The research found that more than one in ten spam phone calls came from telecoms operators trying to persuade their customers to upgrade or push promotional offers to the public at large.

It said that almost one in ten calls came from fraudsters, with the most common type being the "Microsoft Windows support scam", and one in 50 from market research companies.

Other countries have an even bigger problem. In America the average household receives more than twice as many unwanted calls each month than in the UK. India has the worst cold calling problem, with each houshold receiving 23 calls a month compared with 9 in the UK.

(21st September 2017)


MOTORCYCLIST CAUGHT USING "JAMES BOND" LICENSE PLATE GADGET TO AVOID SPEEDING FINES
(International Business Times, dated 12th July 2017 author James Billington)

Full article [Option 1]:

www.ibtimes.co.uk/motorcyclist-caught-using-james-bond-license-plate-gadget-avoid-speeding-fines-1630069

A motorcyclist has been caught using a 'James Bond' style gadget to hide his license plate from police in order to avoid speed cameras.

Traffic police in Spain discovered the modified license plate fitted to the bike of a Swiss national had the ability to flip up at the press of a button in order to conceal it from police and traffic cameras. The unlawful addition is akin to that seen on Sean Connery's Aston Martin DB5 in Goldfinger whereby the secret agent's plate could revolve to reveal another.

According to a report on the Catalan police website, using the secret gadget led to the motorcyclist's downfall after the Mossos d'Esquadra (police squad) in the Girona region noticed the rider was travelling without a license plate.

After pursuing and pulling the motorcyclist over they noticed the number plate had mysteriously re-appeared. A swift search of the vehicle resulted in officers finding the activation switch to move the license plate up and down, so as to thwart any speed camera traps.

The rider was found guilty of violating Article 77 of the Law on Road Safety that prevents a vehicle having any systems, mechanisms or radar jammers fitted designed to interfere with traffic monitoring systems. As a result six points were added to the rider's license and they received a €6,000 (£5,300) fine.

Any motorists thinking of masterminding an evil plan to conceal their own license plate might want to think twice. Despite kits being readily available on eBay, known as 'stealth number plates', for as little as £95 that can cover number plates at the press of a button, in the UK it could land drivers with up to two years in prison if found using it.

(21st September 2017)


SCAM OR FRAUD ? BANKS MINCE WORDS AS THEY LIMIT PAYOUTS TO VICTIMS
(The Telegraph, dated 10th July 2017 author Amelia Murray)

Full article [Option 1]:

www.telegraph.co.uk/personal-banking/savings/scam-fraud-banks-mince-words-limit-payouts-victims/

Banks can refuse to offer to claw back remaining funds when their customers fall victim to scams because of a "gap in consumer protection", according to consumer experts.

Months after Telegraph Money demanded banks develop clear procedures to help those who are tricked into paying money to fraudsters, victims continue to face confused or conflicting advice from their banks.

HSBC told one of its customers, who fell victim to a fake business loan operation, that because she was the victim of a "scam", rather than "fraud", it could not help her.

What is the difference?

Banks view as "scams" those situations where the victim has been tricked into authorising a payment to a fraudster. A "fraud" is where a payment is made without the authority of the customer, according to banks' typical stance.

"It's vital that the industry does more to protect consumers when they are tricked into transferring money to a fraudster, regardless of whether it meets a technical definition of a 'fraud' or 'scam'"Gareth Shaw, Which?

However, in practice the terms are imprecise and often used interchangeably.

Consumer groups warn that this confusion gives banks room to do little or nothing to help genuine victims.

In particular, where the victim's bank refuses to ask for a recall of funds from the fraudster's bank, the victim is often left with no recourse. The recipient bank is unlikely to release the funds without such a request.

Lesley Thompson, 51, found herself caught between HSBC - her own bank - and Nationwide when she fell victim to a fraudster and transferred £3,000 to a Nationwide account.

Ms Thompson, who runs a children's nursery, was tricked by a sophisticated ruse in which she was promised a £7,000 "government-backed grant". To qualify she would have to contribute £3,000 of her own money to a nominated account to ensure the funds were "used wisely".

But two weeks later, when the card and Pin for the promised account failed to arrive, Ms Thompson realised something was wrong. She tried to contact the firms involved but the businesses had been closed.

After looking online, Ms Thompson realised she hadn't been the only victim of the scam.

She reported it to her bank HSBC, the north Yorkshire police and Action Fraud, the national fraud and cybercrime reporting service on June 12.

Ms Thompson also spoke to Nationwide, and claims staff there indicated there were "partial funds remaining" in the account. For the money to be released, however, HSBC would have to make a formal request to Nationwide - something it refused to do.

The bank told Telegraph Money that it had queried the transaction before it was made. A spokesman said bank staff had called Ms Thompson asking her to check she was sending the money to a legitimate source.

It said: "During the same calls we let her know that once the payments were released, HSBC is no longer liable for any subsequent loss. We also notified both beneficiary banks of the fraud as soon as Ms Thompson told us it was a scam."

As a result, it insisted it would be treating Ms Thompson's "dispute" as a scam to which there was no "protection available to recall or reimburse funds".

It advised her to "seek legal advice."

"HSBC was basically saying it was not going to ask for the money back, end of story", she said.

Gareth Shaw from Which?, the consumer group, said while people assume their banks will help them when they've become a victim of a fraud, it's not always the case.

He said there is "still a substantial gap in consumer protection when it comes to these types of scams."

Mr Shaw said that banks were relying on "semantics" to shirk their responsibilities toward certain victims.

He said: "It's vital that the industry, regulator and government act quickly to do more to protect consumers when they are tricked into transferring money to a fraudster, regardless of whether it meets a technical definition of a 'fraud' or 'scam'.

"Failure to do so will continue to leave consumers paying the price."

The Payments System Regulator said it is working to develop a best practice standards that sending and receiving banks should follow when customers fall victim to bank transfer scams. This includes indemnity agreements between banks.

How the 'business grant' scam unfolded

The ruse began with an email sent to Ms Thompson, who owns her own nurseries, from "Melanie Williams", an administration assistant at a company called Business Grants at the start of May this year.

The email explained there was a "new multi-purpose government grant available for nurseries and pre-schools" up to £25m that Ms Thompson qualified for.

"Melanie" offered to match Ms Thompson up with the available grants and suggested she would have most success with a firm called Midas Funding UK.

It signposted her to a PDF grant brochure and the short application form which it claimed would take just five minutes.

The company literature was well put together, grammatically sound and Ms Thompson said she had no reason to doubt its legitimacy.

The fraudsters even included the registered company numbers of real firms they were purporting to be along with the contact details of the genuine firms.

The criminals told Ms Thompson was told she qualified for a £10,000 grant which she wanted to build a small farm on her grounds for the children and to develop a forestry school.

Applicants were asked for a 30pc contribution of the total grant which would ensure "the funding is used wisely" and Ms Thompson transferred her £3,000 to the firm's Nationwide account on May 26.

She was told this would be loaded onto a "Business Mastercard" along with the £7,000 from Midas Funding so they could monitor her spending.

Once she had made her contribution, she was told she would receive a prepaid card and Pin.

This was yet another layer to an incredibly sophisticated scam.

The fraudsters had cleverly created a fake "Business Mastercard" website where Ms Thompson could login with her personal details and view her recent transactions.

When she made her transfer on May 26, she could see Midas Funding UK had paid in £7,000 two days earlier.

But after getting nowhere with HSBC and Nationwide, Ms Thomspon approached this newspaper for help.

Nationwide told this newspaper that contrary to what Ms Thompson was told, her money had left the account by the time it was contacted.

It said the account was not fraudulent but belonged to a genuine customer who had also been scammed.

Nationwide refused to give specific details of how its customer was involved in the scam but said they were elderly and were defrauded after being "requested to withdraw the funds".

A spokesman said customers should be cautious about requests to transfer money. It said it "cannot always prevent individuals from withdrawing cash from their accounts after receiving a recent credit".

Mastercard it is taking action to have the fake website closed.

Do other banks define scams and fraud differently?


RBS/NatWest said a scam generally involves a customer who has been "persuaded to authorise a transaction through engagement with a third party."

It said with "fraud" cases the victim is not likely to be explicitly involved in the transaction. The banking group said where victims reported having made payments to suspected fraudsters, it would not automatically recall the funds from the recipient bank.

Lloyds Banking Group took a similar line. It said a "fraud" was where a customer had not authorised the transaction, and they would be likely to be entitled to a refund. Where payments were authorised refunds would not be granted.

TSB said it views frauds and scams on case-by-case basis. A spokesman said it always chases funds when a victim reports fraud, and claimed it requested a return of funds "where appropriate".

Santander said: "Any customers reporting fraud and scams will have their accounts protected and we will instigate the recovery of funds as quickly as possible."

(21st September 2017)


HOMEBUYERS DESPERATE TO KNOW WHO REALLY OWNS THEIR FREEHOLD
(The Guardian, dated 8th July 2017 authors Emma Lunn and Patrick Collinson)

Full article [Option 1]:

www.theguardian.com/money/2017/jul/08/homebuyers-who-owns-freehold-housebuilders-sold

A pass-the-parcel nightmare sees freeholds sold by major housebuilders to obscure companies which demand huge sums

Buyers who purchased new properties direct from some of the UK's biggest builders have been left in the dark as investment companies play pass-the-parcel with the land their homes stand on.

Take Joanne Darbyshire, 46, and her husband Mark, 47. They bought a five-bedroom house in Bolton from Taylor Wimpey in 2010, and are among thousands of unfortunate leaseholders put on "doubling" ground rent contracts that in extreme cases have left their properties almost worthless, with mortgage lenders refusing loans to future buyers. The only way to escape the escalating payments is to buy the freehold. But in Darbyshire's case, Taylor Wimpey sold it to Adriatic Land 2 (GR2) in 2012.

In January 2017 that company transferred it to Adriatic Land 1 (GR3), while some of Darbyshire's neighbours have seen their freeholds transferred from Adriatic Land 2 (GR2) to Abacus Land Ltd. "You have no idea who owns the land under your feet," says Darbyshire. "Your dream house is traded from one offshore company to another for tax reasons, or who knows what else?"

Paul Griffin (not his real name) bought a property from Morris Homes in Winsford, Cheshire, in November 2014. By last year, when he decided to add a conservatory, his freehold was in the hands of Adriatic Land 3 and managed by its fee-collecting agents HomeGround. Young was horrified to discover he had to pay £108 just to look at his file.

Although the conservatory didn't need local authority planning permission and was not subject to building regulations, HomeGround then demanded £1,200 for a "licence" for the work to go ahead. This was broken down into solicitors fees (£480), surveyors (£360), and its own fee of £360. On top of this it demanded numerous official documents at Young's expense totalling about £400.

Helen Burke (not her real name) in Ellesmere Port, meanwhile, was shocked to discover that after Bellway sold her freehold to Adriatic, the cost of seeking consent for a small single-storey extension rocketed. Initially, she had applied to Bellway - the freeholder at the time - and it wanted £300. But after putting off the work for a few months she discovered that Bellway had sold the freehold to Adriatic Land 4 (GR1) Ltd.

HomeGround then demanded £2,440 for consent. That is not planning permission, which householders must obtain separately from the local authority. It is simply a fee charged without any material services provided.

"It's daylight robbery," says Burke. "The most disgusting thing is the developers like Bellway think they are doing nothing wrong selling the freeholds on and state that our T&Cs don't change. Yes, the lease terms don't change, but for a permission fee to increase from £300 to £2,440 in a matter of months is disgraceful and it should absolutely be pointed out to new homeowners, up front, that this might happen if they don't buy the freeholds."

Burke said she was quoted £3,750 to buy the freehold off Bellway, but once it was sold to Adriatic the price quadrupled to £13,000. After a long legal battle she has acquired it for £7,680.

All the leaseholders who contacted Guardian Money are united in their frustration at finding out who is really behind the money extracted from them once their freehold is sold on.

In Darbyshire's case, Adriatic Land 1 (GR3) is registered at Companies House with an address at Palmer Street in the heart of Westminster, London. The documents show that one of its directors until late 2013 was "The Honourable William Waldorf Astor", the half brother of David Cameron's wife, Samantha. Astor runs fund manager Long Harbour, which invests in residential freeholds, and is also director of HomeGround management, which administers freeholds on behalf of various landlords, including the Adriatic Land vehicles.

Since 2013, Adriatic Land 1 (GR3) lists its directors as individuals based in Dublin, and says its ultimate controlling party is Jetty Finance DAC, registered in Dublin. Its last reported accounts show that the company had £19m in property assets and earned an income of £1.9m, on which it made a profit of £1.3m. In the year to March 2016 it paid zero corporation tax. The year before, on a profit of £870,000, it paid £3,000 in tax.

There are numerous other Adriatic Land companies registered at Companies House. Burke's freeholder, Adriatic Land 4 (GR1), has £27m-worth of property, with its immediate parent company listed in Guernsey in the Channel Islands.

Griffin's freeholder, Adriatic Land 3, says it has £18m-worth of freeholds, with a turnover of £4.9m and a profit of £4.1m. Its ultimate controlling party is Boardwalk Finance DAC, another Dublin-registered company sharing the same address as Jetty Finance DAC. It paid no corporation tax in either 2015 or 2016.

Guardian Money put a number of questions to HomeGround, which acts as the agent for Adriatic. It says: "Housebuilders periodically sell off large portfolios of freehold properties and they usually do so within a company structure rather than as individual freeholds.

"Buying groups of freeholds in companies is an easier and more efficient way of buying these property assets. It does not alter the ability of leaseholders to buy their freeholds. When there is a change of name of the company, or a change of landlord within the same group, the leaseholder is informed as is required under the legislation.

"Administration fees for dealing with applications for landlord's consent for matters specified in the lease are subject to a test of 'reasonableness' in accordance with statutory regulation.

"The HomeGround team is made up of law graduates who are all overseen by a fully qualified property solicitor. The cost of the work they carry out compares very favourably with any fees charged by any firm of solicitors, even those outside of London. It is easily forgotten that these are often variations to leases and are property transactions. These must be done in accordance with the legislation and need to be carefully and properly considered.

"HomeGround's fees are also regularly benchmarked against other companies providing similar services. In addition to ensuring the fees are transparent, reasonable and justifiable, HomeGround's aim is to be in the lower quartile of fees charged by market peers."

But Labour MP for Ellesmere Port & Neston, Justin Madders, is not convinced. He plans to spend part of parliament's summer recess investigating the whole business of freehold ownership. "Once the developers sell the rights on, they can be transferred on many times, going through complicated ownership structures with no transparency," he says.

"It is far from clear whether all the ultimate beneficiaries are UK taxpayers, nor why there are so many names that keep cropping up."

(21st September 2017)


AA FINALLY COMES CLEAN ON SECURITY BREAKDOWN
(The Register, dated 8th July 2017 author Chris Williams)

Full article [Option 1]:

www.theregister.co.uk/2017/07/08/aa_apology_security_breach/

UK car insurance and driving school giant The AA has at last admitted it accidentally spilled its customers' personal information all over the web.

In an astonishing U-turn, the motoring biz confessed on Friday that people's names, postal addresses, phone numbers, and email addresses were exposed to the internet - and, in some cases, hashed account passwords and partial payment card numbers. This affects those who have shopped online for car equipment and other gear at TheAA.com.

The admission comes after it emailed folks at the end of June telling them it had reset their passwords: soon after it said it hadn't, and blamed the mass alert on an IT blunder while insisting that customer "data remains secure."

Then it emerged this week that TheAA.com account records plus expiry dates and the final four digits of some payment cards had been accidentally made accessible to the public in a 13GB database backup on The AA's website. Roughly 120,000 accounts were in the bundle, including shoppers' IP addresses and lists of stuff purchased.

That cockup was discovered and reported to the motoring corp in April and quietly rectified with no announcement or warning, just the files disappearing from view - leading to security researchers accusing the biz of a cover up.

Amid an ongoing probe by the UK's data protection watchdog, the ICO, plus an internal investigation, and after giving journalists the silent treatment for days, AA president Edmund King has written to customers apologizing for the kerfuffle. He also blamed an IT supplier for the privacy leak.

"It has taken us a long time to sort this issue out as it was more complex than we thought," King told The Register in an email.

"However we are now contacting all our customers. The process to really find out what happened was difficult, although that's no excuse."

Below is The AA's statement in response to the security fumble.

We're sorry.

We are aware of concerns that we fell short in our handling of reports that some personal data from the AA Shop online had been compromised. We accept the criticism that the issue should have been handled better. We are grateful for the support of the information security community in flagging issues to us.

Some of our customers' personal data, given to us when they shopped online at our AA shop, became insecure when our service provider made an error with its computer systems leaving backup data exposed. We took steps to correct this when we were notified of this issue and then commissioned an investigation by external experts. This is ongoing, but we can now share the following information:

- We have notified the relevant authorities.

- We have emailed all of the customers affected with more details. Some emails may still be going through.

- The data affected in all cases included names, addresses, phone numbers and email addresses.

- For some customers who shopped with us prior to October 2014 it will also have included partial payment card information.

- We do not believe customers who only shopped with us after January 2017 to have been affected at all.

- Some encrypted passwords were included in the data. Whilst we do not believe that customer accounts at our AA shop were accessed, we are reminding customers of industry advice that they should consider changing their password if they used it on other sites. We will offer support to our customers. Similarly, while there is no information from customers or our specialist advisors that any data has been used for fraudulent activity, we have reminded customers that they should always look out for phishing and other scams.

- This incident originated from third party systems outside our own network and did not affect main AA systems such as those processing insurance or membership information.

- Nonetheless, it is clear that our supplier's security safeguards in this instance fell short of the high standards that we and our customers rightly expect.

We know that our customers and the information security community expect and trust us to keep information safe and secure, and apologise wholeheartedly for what has happened. We will continue to work hard to keep customer data as safe as possible.

We again thank those of you with an interest in these important matters for your cooperation in helping us improve our data security.

(21st September 2017)


SICK SEXUAL ABUSE FORUM WITH 87,000 MEMBERS LET USERS MAKE APPOINTMENTS WITH CHILDREN
(International Business Times, dated 7th July 2017 author Jason Murdock)
Full article [Option 1]:

www.ibtimes.co.uk/sick-sexual-abuse-forum-87000-members-let-users-make-appointments-children-1629367

A pan-European investigation into a child abuse website hosted on the dark web, dubbed Elysium, has resulted in the arrest of 14 suspects this week following an intensive probe by Germany's Federal Criminal Police Office and EU crime fighting agency Europol.

Law enforcement arrested the individuals on suspicion of "serious sexual abuse of children" and "distribution of large amounts of child abuse material online". Police said a dozen of those arrested are suspected of having "actively taken part" in the exploitation of minors.

Elysium, which popped up on the dark web at the end of 2016, was designed as a forum and reportedly had more than 87,000 members worldwide.

It was used to exchange illicit material and "make appointments" for members to sexually target children, Europol said in a release on 7 July 2017.

The chat rooms featured languages including German, French, Spanish and Italian. The servers of the website, which was only accessible with the use of special software, have been seized by German police.

The main suspect in the case, a 39-year-old German national, was arrested on 12 June after his apartment was searched and his servers taken offline, the Associated Press (AP) reported on 6 July.

He is suspected of being the administrator and technical manager of the platform.

Another individual, a 61-year-old man from Bavaria, is suspected of production and dissemination of child abuse material alongside the sexual abuse of two children aged five and seven years. The victims were reportedly the children of another Elysium forum member.

An additional arrestee, a 56-year-old from Baden-Württemberg, is accused of being the forum's moderator. In Austria, a 28-year-old male was arrested under suspicion of "severely" sexually abusing his two children and facilitating the abuse of his own children by other suspects.

All of the accused, who remain anonymous, are alleged to have met and communicated via Elysium. Europol, which aided regional authorities by streamlining the exchange of operational data, said more arrests are expected shortly in Germany and other European countries.

Steven Wilson, head of the European Cybercrime Centre (EC3) at Europol, said: "The action [...] has resulted in the arrest of individuals involved not only in the physical abuse of children but the takedown of a platform, Elysium, used to distribute large amounts of child abuse material.

"This is a highly significant action in safeguarding children from abuse."

(21st September 2017)


"SPYDEALER" ANDROID MALWARE STEALS DATA FROM FACEBOOK, WHATSAPP AND SKYPE APPS
(International Business Times, dated 7th July 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/spydealer-android-malware-steals-data-facebook-whatsapp-skype-apps-1629441

An advanced strain of Android malware with the ability to snoop on text messages and record phone calls is now being used by hackers to steal personal user data from more than 40 mainstream applications including Facebook, WhatsApp and Skype and WeChat.

Researchers from Unit42, the cybersecurity division of Palo Alto Networks, branded the malware 'SpyDealer' as it has a slew of sophisticated surveillance features such as "recording phone calls and surrounding audio, recording video, taking photos and capturing screenshots."

The malware is only 100% effective against devices running Android versions between 2.2 and 4.4, the experts wrote in a blog post, published on 7 July 2017.

This represents roughly 25% of all Android devices in the wild, leaving a massive 500 million phones and tablets potentially at risk in the worst-case scenario.

The malware relies on a commerical "rooting" tool which gives users greater control over devices - a process also known as jailbreaking. SpyDealer also abuses Android Accessibility (a feature designed to help disabled users' communicate) to steal data, Unit 41 said.

"SpyDealer makes use of the commercial rooting app 'Baidu Easy Root' to gain root privilege and maintain persistence on the compromised device," Unit 42 stated after analysing 1,046 separate samples. "SpyDealer employs a wide array of mechanisms to steal private information.

"At the same time, it accesses and exfiltrates sensitive data from more than 40 different popular apps with root privilege. With Accessibility Service, this malware is also capable of extracting plain-text messages from target apps in real time."

The team said SpyDealer remains under "active development".

The top 10 applications it targets are Facebook, WeChat, WhatsApp, Skype, Line, Viber, QQ, Telegram, Ali WangXin, and Kik. The services are exploited with the use of root privilages and malicious code, the popular services are not individually compromised in any way.

The data stolen from each service varies, but it includes databases, personal messages, chats, personal preferences and usernames.

There are currently three versions of SpyDealer spreading around third-party app stores and the majority are posing as Google Update software, the experts warned.

New strains of SpyDealer were created this year but evidence suggests older versions stretch back to October 2015.

There is nothing to suggest it is active on the official Google Play Store, the team said.

It remains unknown how many devices have been infected globally but analysis suggested that some Chinese users had been infected through compromised wireless networks.

Like most well-designed malware samples, SpyDealer automatically connects to the culprit's command and control (C&C) server, a place where they can send malicious prompts to the targeted device and steal files, documents, pictures, recordings and much more.

In some ways, it is the perfect spy tool. Once the malware notices an active call it can record the conversation (and background audio) before sending it to the hacker. It can also record video for up to 10 seconds and - if a Wi-Fi connection is available - upload it to the criminal.

Users are advised to only download applications from the official Google application store, always check reviews before using software and ensuring all devices have the latest security updates installed. Third-party stores may give you free apps, but they could leave your data exposed.

(21st September 2017)


ONE COMPLAINT EVERY MINUTE IN FIRST 24 HOURS OF HOTLINE TO REPORT CHARITIES THAT PESTER DONORS FOR CASH
(The Telegraph, dated 6th July 2017 author Christopher Hope)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/07/06/one-complaint-every-minute-first-24-hours-charity-pester-hotline/

More than 1,300 complaints about charities were made in the first 24 hours of a new 'pester' hotline that allows donors to block them

The Fundraising Preference Service, which was launched on yesterday by the Fundraising Regulator, saw 1,312 total requests for "suppression notices" from 614 people on its first day of operation.

The rate works out at one complaint every minute.

The service, which went live at 5am this morning, enables members of the public to block phone, email, text and direct mail communications from named charities.

If an individual continues to receive direct marketing communications 28 days after a complaint, the charity can be reported to the information watchdog which can levy fines running into tens of thousands of pounds.

The service is available online or by phone. Family members are also able to use it on behalf of a friend or relative.

Stephen Dunmore, the regulator's chief executive, said: "The launch of the FPS is a big moment for the Fundraising Regulator and a crucial step in ensuring that the trusting relationship between the sector and the public is rebuilt.

"The high sign up numbers indicate a clear desire from members of the public to have greater control over which charities contact them and how they do it.

"The figures also indicate that many charities have some way to go in how they communicate with individuals.

"That said, we are very encouraged by the progress that is being made by the charity sector in ensuring that fundraising is ethical and respects the wishes of the donor."

The Fundraising Regulator was established after a 2015 cross party review of fund raising and is funded by a voluntary levy which just under 2,000 charities have been asked to pay.

But Sir Stephen Bubb, the former chief executive of the Association of Chief Executives of Voluntary Organisations, defended charities' fund-raising activities.

He said: "It is not wrong for charities to ask people for money indeed it is essential otherwise charities cannot do their job.

"Frankly these are not large numbers of complaints - the vast majority of charities do their fund-raising very responsibly."

The regulator is currently weighing up whether to name charities which receive complaints from members of the public.

This would allow donors to study rankings of the charities which are most complained about every year.

The hotline comes two years after Olive Cooke, 92, took her own life after receiving 466 mailings from 99 charities in a single year. The Bristol resident had 27 standing orders to different charities at one stage.

Her family insisted the charities, while "intrusive", did not cause her to take her own life and she had suffered from depression - previously attempting suicide in 2009.

A friend said that while the "pestering" was not entirely to blame for her death, she had been put "under pressure" by persistent charity fundraisers.

Lord Grade of Yarmouth, the chairman of the regulator, said: "Sadly this wasn't an isolated case, and as a result of that high-profile tragedy it was clear that there was bad practice across many charities."

Writing in the Daily Telegraph Lord Grade added that "too many charities are proving to be laggards" in upping their game.

He said: "The slow rebuilding of trust between charities and the public could yet all be undone by another wave of high-profile cases of bad behaviour.

"The extraordinary and long-term generosity of the British public needs to be sustained. It cannot be taken for granted."

(21st September 2017)


STALKING AND HARASSMENT CRIMES ROUTINELY BADLY HANDLED, UK REPORT SAYS
(The Guardian, dated 5th July 2017 author Owen Bowcott)

Full article [Option 1]:

www.theguardian.com/uk-news/2017/jul/05/stalking-and-harassment-crimes-routinely-badly-handled-uk-report-says

The full extent of stalking and harassment in England and Wales is unknown because police and prosecutors often do not recognise the crimes, or record them incorrectly.

A highly critical report by a joint inspectorate team has found that victims' complaints are frequently not investigated and are dismissed by informal police information notices (PIN) being issued to perpetrators. In one case, a PIN was used after a violent domestic abuser armed with a knife threatened to cut the throat of a victim.

Out of a sample of 112 cases of stalking and harassment examined by HM Crown Prosecution Service Inspectorate and HM Inspectorate of Constabulary, none were found to have been dealt with well. More than 60% showed no evidence of a risk management plan being prepared to protect victims.
Guardian Today: the headlines, the analysis, the debate - sent direct to you
Read more

In 95% of the case files reviewed, care for the victim was deemed to be inadequate; three-quarters of the cases were not even handled by detectives.

"Harassment and stalking are crimes of persistence," the report says. "It is the unrelenting repeat behaviour by the perpetrator ... which seems inescapable and inevitable, that has such a detrimental effect on the victim."

One stalking victim recalled her pursuer telling her: "I will stay in your life for ever ... I will make sure nothing in your life or your family's ever runs smoothly."

The number of recorded offences has, nonetheless, been rising. There were more than 1,200 cases of stalking and more than 5,000 cases of harassment in the three months to December 2016.

Almost anyone can become a victim of stalking, the report warns. The crime survey for England and Wales estimates that 15% of adults aged 16 to 59 had been victims of some form of stalking or harassment during their life.

Harassment became an offence in 1997 and stalking was added to the criminal statute book in 2012. Police and the Crown Prosecution Service frequently struggled to separate the two, the inspectorate report said.

"We found that stalking in particular was misunderstood by the police and the CPS," the study said. "As a result, it often went unrecognised. The police sometimes mis-recorded stalking offences, or, worse, did not record them at all. Prosecutors on occasions missed opportunities to charge stalking offences, instead preferring other offences, particularly harassment."

The absence of a single accepted, consistent definition of stalking is said to be a "very significant contributory factor to the unacceptably low number of recorded crimes and prosecutions".

Many cases involve online stalking, sometimes through accounts created under fictional names spreading baseless allegations. Victims are sometimes afraid to turn on their computers.

"We found that if an investigation was started, victims were often badly let down throughout the criminal justice process," the inspectorate report concludes. "One reason for this was the failure to impose bail conditions on perpetrators, which sometimes left the victim at risk of further offending.

"The increasing prevalence of the use of digital media gives perpetrators another easily accessible method by which to torment victims."

PINs should be withdrawn from use immediately, the report recommends. The government's commitment to introduce a stalking protection order (SPO) to target offenders is welcomed.

"We found compelling evidence in some cases that the use of PINs meant no thorough investigation had taken place and there had been little positive action to protect the victim," the report says.

Laura Richards, the founder and director of Paladin, a stalking advocacy service, said: "These cases are what I call murder in slow motion. In all cases that I have reviewed, there was stalking, threats to kill, high levels of fear, and women not being believed.

"These are the most dangerous of cases, yet more resources are dedicated to burglaries and robberies than public protection, and there is little investment in specialist-led training."

Clive Ruggles, whose daughter Alice was murdered by an obsessive ex-boyfriend, said: "Her stalker had a history of abuse, was issued a police information notice that was not enforced when breached, and we believe Alice's fear was dismissed due to her polite and respectful demeanour.

"We have to stop this from continually happening. It seems clear to me that the warning signs are there in many cases, and there are stark lessons to be learned."

Alison Saunders, director of public prosecutions, said: "We know that, compared to other types of threatening behaviour, perpetrators of these crimes are significantly more likely to escalate their behaviour.

"The CPS has made significant strides over recent years in identifying, understanding and successfully prosecuting these cases and I am pleased to note that the report highlights many instances of good practice.

"In order to drive forward improvement in our performance we will be taking a range of steps, including the introduction of mandatory stalking and harassment training for all prosecutors."

Harry Fletcher, director of the Digital-Trust and one of the drafters of stalking laws, said: "The report underlines what victims of stalking have been saying for the last four years. The police are not properly trained and still do not take stalking complaints seriously. This puts victims at risk of further harm. Now is the time for a major change of attitude."

(21st September 2017)


UK's NEW CYBER NERVE CENTRE TACKLED 480 MAJOR INCIDENTS IN ITS FIRST 8 MONTHS
(International Business Times, dated 5th July 2017 author Jason Murdock

Full article [Option 1]:

www.ibtimes.co.uk/uks-new-cyber-nerve-centre-tackled-480-major-incidents-its-first-8-months-1629077

The UK's new National Cyber Security Centre (NCSC) had a busy first eight months of operation contending with a total of 480 major incidents, from global ransomware outbreaks to smaller breaches at British businesses. Officials say the pace shows no sign of slowing.

Launched in October 2016, the NCSC is a fork of British intelligence agency GCHQ tasked with investigating hacking, malware outbreaks and data leaks. It serves as the nerve centre for tech savvy analysts who aim to combat online crime, terror groups and nation-state adversaries.

The existence of the NCSC has coincided with a spike in the reporting of digital crimes over the past few months, John Noble, a director of incident management at the agency, told attendees at the Cyber Security Summit in London on Tuesday 4 July.

"This increase in major attacks is mainly being driven by the fact that cyberattack tools are becoming more readily available, in combination with a growing willingness to use them," he said, as reported by ComputerWeekly. He warned that too many firms are still "not getting the basics right".

The foundation of online security, including the use of anti-virus software, routine vulnerability patches and the management of administrator controls, is still lacking, Noble asserted.

The NCSC director revealed the majority of incidents the agency responded to - 451 to be exact - were lower level attacks typically related to a single organisation. The rest, classified as "C2-level attacks", demanded more attention alongside a "cross-government" response.

The one incident which almost veered into a top-level (C1) attack was WannaCry, a ransomware pandemic that spread to hundreds of thousands of computers in more than 150 countries back in May. In the UK, it caused widespread disruption at the National Health Service (NHS).

Most recently, the NCSC was forced to respond to an attempted hack against the British parliament, with attackers using brute-force tactics to try and force their way into politicians' email accounts.

It was ultimately stopped, but not before up to 90 inboxes were ransacked.

In its first month of operation alone, the NCSC responded to nearly 70 hacking incidents including seven cases of ransomware. Conservative MP Mike Penning said at the time the UK is "regularly targeted by criminals, foreign intelligence services and other malicious actors".

In February this year officials revealed the UK was being hit with roughly 60 significant cyberattacks every month. Ciaran Martin, head of the NCSC, told The Sunday Times in an rare interview that some of the incidents involved state-sponsored hackers vying for government secrets.

"There has been a step change in Russian aggression in cyberspace," he said at the time. "Part of that step change has been a series of attacks on political institutions, political parties, parliamentary organisations and that's all very well evidenced by our international partners."

Martin was speaking a month after US intelligence published its analysis of the hacking campaign that targeted the 2016 US presidential election, believed to be the work of two cybercrime units, dubbed Fancy Bear (APT28) and Cosy Bear (APT29), each with alleged links to Russian spies.

(21st September 2017)


MIND GAMES : 7 WAYS SCAMMERS WIN YOU OVER
(Which ?, dated 5th July 2017 author Stefanie Garber)

Full article [Option 1]:

www.which.co.uk/news/2017/07/mind-games-7-ways-scammers-win-you-over/

More than a quarter of Brits have fallen prey to online scammers - even though a majority of victims thought there was something fishy going on. How do scammers convince you to go against your gut instinct? New research from online marketplace Gumtree shows 27% of British adults have fallen for a scam online, losing on average £63.76 each. But the bad news may not have come as a surprise for everyone - up to 55% of victims reported they thought the transaction might be suspicious early on, but continued anyway. As online shopping becomes more popular, fraudsters are becoming more sophisticated in their techniques. Which? explains the top tactics scammers use to convince you to go ahead with a transaction and how you can avoid taking the bait.

1. The bargain is too good to pass up

The Gumtree survey found that scammers used low pricing to entice targets, even those who might otherwise be skeptical. Of the victims who reported having suspicions about the transaction, 35% said they went ahead anyway because it involved a small sum of money while 29% felt the bargain was worth the risk. Items priced significantly below their normal market value could be an online trap for bargain hunters. If a deal seems too good to be true, it probably is. Always question why an item is significantly discounted and ask yourself whether the price seems realistic.

2. The decision has to be made quickly

Scammers know that time is of the essence. The longer their target thinks about the transaction, the more likely they are to spot red flags. The survey found that 27% of scammers tried to rush through the transaction, while 17% tried to get payment before the item was viewed. If a seller is putting pressure on you to move quickly, consider whether they are trying to pull a fast one

3. Fake ads look real


In some cases, fraudulent ads are obvious, with terrible spelling, bad photoshop or information that is flat-out wrong. Often though, people can't tell a fake ad from a real one. In an exercise where Brits were shown eight ads and asked to identify frauds, just 7% were able to correctly spot all of them. A major warning sign is ad copy that seems generic or is lifted from somewhere else, with 24% of scammers using this approach. But bear in mind that even a legitimate-seeming ad might be a con, and keep an eye out for any other signs that the seller is not above board.

4. Sellers weave a tale

Scammers know that if buyers trust them, they are less likely to take the same precautions to protect themselves. Around 21% of scam victims said they went ahead because they trusted the seller. In around 15% of cases, scammers offered up a compelling story, with dramatic twists designed to distract from their ploy. When dealing with strangers on the internet, wariness should be your default. No matter how trustworthy the person seems, take all normal measures to verify their authenticity.

5. Communications go offline


Many online platforms have systems in place to detect fraud, or to compensate buyers who get defrauded. To bypass these security measures, scammers will often encourage you to contact them outside of the platform, either by mobile phone or email. If a seller seems eager to deal with you outside of the normal communications channels for that platform, be cautious. Communicating via the platform is often the safest way to protect yourself and may help you get your money back.

6. Victims are reluctant to come forward


For many people, there is a sense of shame that comes with being scammed - especially if they acted against their better judgement. Around 39% of victims reported 'feeling stupid' while 28% blamed themselves. This leads to under-reporting of fraudsters, with up to 15% of victims choosing not to report the incident to the online platform or the police. Scammers rely on this sense of shame to keep operating with impunity. Anyone can get scammed - but reporting the scammer helps prevent other people from falling into the same trap.

7. Buyers take short-cuts

As buying and selling online becomes commonplace, some buyers are failing to protect
their own best interests. Around 26% of online buyers said they 'rarely' or 'never' asked for paperwork to verify that the product or service they are receiving is genuine. Almost one in five don't attempt to compare the ad to others on the site for authenticity, and 15% take no steps to check if an item is real. When it comes to money, buyers are savvier, with 67% always paying by credit card or Pay Pal so they can claim back any payments. No matter how often you buy online, keep doing your due diligence and remember that you never know who is on the other side of the transaction.

(21st September 2017)


HOME OFFICE AND POLICE FAILED CONSUMERS EXPOSING THEM TO RAMPANT ONLINE FRAUD
(The Independent, dated 5th July 2017 author Kate Hughes)

Full article [Option 1]:

www.independent.co.uk/money/spend-save/online-fraud-consumers-expose-home-office-police-report-scams-awareness-month-nao-national-audit-a7824746.html

A damning report has criticised police for failing to act on online fraud - the majority part of the most common crime in England and Wales - because the amounts being stolen are too modest.

As Scams Awareness Month gets under way this July, an investigation by the National Audit Office (NAO), which scrutinises public spending for Parliament, has highlighted a lacklustre response by the Home Office, which is also failing to get banks and other important stakeholders to take action.

"For too long, as a low-value but high-volume crime, online fraud has been overlooked by Government, law enforcement and industry," says Sir Amyas Morse, head of the National Audit Office, which describes current action as "disproportionate to the threat".

"It is now the most commonly experienced crime in England and Wales and demands an urgent response. While the department is not solely responsible for reducing and preventing online fraud, it is the only body that can oversee the system and lead change."

"The launch of the Joint Fraud Taskforce in February 2016 was a positive step, but there is still much work to be done. At this stage it is hard to judge that the response to online fraud is proportionate, efficient or effective."

Through the Taskforce, the Home Office is seeking to raise awareness of online fraud, reduce card not present fraud and to return money to fraud victims. But it faces challenges convincing other partners such as banks and law enforcement bodies to take on responsibility for preventing and reducing fraud, the report has found.

And without accurate data, the NAO warns that the department has no clear idea whether its response is sufficient or adequate.

"Not only is online fraud underreported, but where data is available, there is a lack of sharing of information between Government, industry and law enforcement agencies," says Sir Amyas. "There is, for example, no formal requirement for banks to report fraud or share reports with Government.

"Measuring the impact of campaigns and the contribution Government makes to improving online behaviours is challenging. The growing scale of online fraud suggests that many people are still not aware of the risks and that there is much to do to change behaviour.

"In addition, different organisations running campaigns, with slightly different messages, can confuse consumers and reduce their effectiveness."

Nor can Government and industry simply pass on responsibility for online fraud prevention to consumers and businesses, the report asserts. The NAO found the protection banks provide varies, with some investing more than others in educating customers and improving their anti-fraud technology. The ways banks work together in responding to scams also needs to improve.

Though examples of how to go about preventing people from becoming victims of these crimes are out there, such as Sussex Police's initiative to help bodies such as banks and charities identify potential victims, the nature of online fraud makes it difficult to pursue and prosecute criminals.

There are also concerns about the sentences fraudsters receive.

Responding to the report, a Home Office spokesperson said: "Tackling online fraud demands a collaborative and innovative response to keep pace with the emerging threat.

"That is why we launched the Joint Fraud Taskforce - which sees the Government, law enforcement and industry working together to tackle some of the toughest fraud issues that a single organisation cannot address alone.

"The NAO has said that the creation of the Joint Fraud Taskforce is a positive step - but we know that there is more to do to successfully prevent, disrupt and prosecute fraudsters.

"The Joint Fraud Taskforce is now working to develop a cross-industry strategic plan to specifically tackle fraud where a person's bank card is being fraudulently used online or over the phone.

"We are also working together to identify what makes a person susceptible to falling victim to fraud in order to reduce an individual's vulnerability to this."

Although the Government wants the police and judiciary to make greater use of existing laws, the NAO found that stakeholders had mixed views on the adequacy of current legislation.

The international and hidden nature of online fraud makes it difficult to pursue and prosecute criminals because of the need for international cooperation and an ability to take action across borders.

"Although the banking industry has started to raise awareness of fraud, banks are still placing too much responsibility on consumers to spot and protect themselves from sophisticated online scams," says Gareth Shaw, Which? money commentator.

"We've heard from many people who have lost life-changing amounts of money through bank transfer fraud, but who have seen little swift action to help them.

"The Government now needs to set out an ambitious agenda to tackle fraud, publish an update on the progress of the Joint Fraud Taskforce and outline what action it will urgently take to safeguard consumers from scams."

5 ways to protect yourself from financial fraud


1. Never disclose security details, such as your PIN or full banking password
2. Don't assume an email, text or phone call is authentic
3. Don't be rushed - a genuine organisation won't mind waiting
4. Listen to your instincts - you know if something doesn't feel right
5. Stay in control - don't panic and make a decision you'll regret

(21st September 2017)


ONLINE BARGAIN HUNTERS "BUY EVEN IF THEY THINK IT MAY BE A SCAM"
(The Telegraph, dated 4th July 2017 author Telegraph Reporters)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/07/03/online-bargain-hunters-buy-even-think-may-scam/

Online shoppers are so desperate to bag a bargain that they will go ahead with a purchase even if they think it may be a scam, a study has found.

More than a third of scam victims questioned in a survey said even if they thought an advert may be a fraud, they still went ahead.

The research also found that more than a quarter of Britons have been the victim of an online marketplace scam, losing £63.76 on average in each incident.

Popular categories targeted by online fraudsters include items for sale, vehicles, jobs, services and property. The desire to grab what looks like a cheap deal often overrides people's instincts when shopping online, according to the survey.

The report, from trading website Gumtree, found that the top reasons people fell victim to scams included that something was perceived to be a good deal, while one in five were willing to take the risk because they really wanted something.

In some cases, a fraudster appearing to be kind and trustworthy - for example, offering to travel to the victim's home to make a transaction - lulled them into a false sense of security.

Items subject to scams tended to be slightly cheaper than others available for sale, but not so keenly priced as to arouse suspicion - making victims think they had spotted a good deal.

The embarrassment factor meant that, after being scammed, one in six victims did not tell anyone.

Morten Heuing, general manager at Gumtree, said the research showed "users of online marketplaces can be lulled into a false sense of security".

"Whilst millions of people use these websites safely and successfully, the reality is that fraudsters are out there exploiting honest users," he added.

Researchers also showed eight adverts to people and asked them to identify the scams. Only 7 per cent correctly identified all the bogus adverts - while 93 per cent of people could not spot all the scams.

Those who spotted fake adverts said giveaway signs included spelling mistakes, pictures looking "dodgy", a lack of detail and factual errors in the description.

The findings from the Psychology of Scamming report coincide with Scams Awareness Month, which sees Citizens Advice and Trading Standards Services leading activities throughout the month of July.

Gumtree said it is working with various organisations to tackle online fraud and help keep people safe. Scam victims were also asked what tactics had been used against them.

More than a quarter (27 per cent) had been put under pressure to complete the transaction quickly, 17 per cent had been encouraged to pay for the item without seeing it first and 15 per cent had been persuaded to continue their discussion off the website they were using.

While 17 per cent of those scammed said they thought they were getting a bargain, the same proportion also said they thought the advert was convincing.

Victims of scams in Gumtree's research said they had learned to physically see and test items out before making a purchase and avoid websites where they have had a bad experience.

They also said they would look for guarantees when making payments and pay more attention to consumer reviews and seller ratings.

The report included research among 2,000 people from across the UK and a further 1,000 scam victims.

(21st September 2017)


AGGRESSIVE CHARITY FUNDRAISERS FACE FINES
(BBC News, dated 4th July 2017)

Full article : www.bbc.co.uk/news/uk-40490936

Charities with "extremely aggressive" fundraising practices could be fined up to £25,000 if they do not crack down on nuisance calls, emails and letters.

Fundraising Regulator chairman Lord Grade said "such terrible practices" could not be tolerated.

He said trust in the UK charity sector had been "sorely tested" in recent years and must be restored.

Organisations must comply with new data protection legislation and provide marketing opt-outs from Thursday.

Lord Grade, a former BBC and ITV executive, said stories of aggressive fundraising and its consequences shocked Britain after the suicide of poppy seller Olive Cooke.

'Not an isolated case'

In 2015, the 92-year-old took her own life after receiving 466 mailings from 99 charities in a single year.

The Bristol resident had 27 standing orders to different charities at one stage.

Her family insisted the charities, while "intrusive", did not cause her to take her own life and she had suffered from depression - previously attempting suicide in 2009.

A friend, though, said that while the "pestering" was not entirely to blame for her death, she had been put "under pressure" by persistent charity fundraisers.

Speaking on the BBC's Today programme, Lord Grade said: "Sadly this wasn't an isolated case, and as a result of that high-profile tragedy it was clear that there was bad practice across many charities."

The Fundraising Standards Board found that 70% of the charities who contacted Mrs Cooke had acquired her details from third parties.

The new data protection legislation should prevent fundraising companies from sharing personal data or potential donation targets.

Fundraisers must also clearly provide an opt-out for marketing on all communications (texts, letters and phone calls) to potential contributors.

The Fundraising Preference Service (FPS) was set up after a cross-party review into the self-regulation of charity fundraising. The review was called by David Cameron after Mrs Cooke's case.

Announcing the new body, Lord Grade said: "You go online through our website or through a charity's website and you can send a message that you do not want to hear from any charities, or you only want to hear from charities you select."

He added that people with no access to a computer could opt out by phone.

The Fundraising Regulator would then notify the charity and give them 28 days to stop communications.

If charities do not adhere to the request, they will be referred to the Information Commissioner's Office and could be prosecuted under the Data Protection Act 1998.

Lord Grade added: "Many [charities] have embraced the new world, but charities have to understand that the fabulous generosity in the wallets of the British public cannot be taken for granted."

(21st September 2017)


ROYAL FREE BREACHED UK DATA LAW IN 1.6m PATIENT DEAL WITH GOOGLE'S DEEPMIND
(The Guardian, dated 3rd July 2017 author Alex Hern)

Full article [Option 1]:

www.theguardian.com/technology/2017/jul/03/google-deepmind-16m-patient-royal-free-deal-data-protection-act

Information Commissioner's Office rules record transfer from London hospital to AI company failed to comply with Data Protection Act.

London's Royal Free hospital failed to comply with the Data Protection Act when it handed over personal data of 1.6 million patients to DeepMind, a Google subsidiary, according to the Information Commissioner's Office.

The data transfer was part of the two organisation's partnership to create the healthcare app Streams, an alert, diagnosis and detection system for acute kidney injury. The ICO's ruling was largely based on the fact that the app continued to undergo testing after patient data was transferred. Patients, it said, were not adequately informed that their data would be used as part of the test.

"Our investigation found a number of shortcomings in the way patient records were shared for this trial," said Elizabeth Denham, the information commissioner. "Patients would not have reasonably expected their information to have been used in this way, and the Trust could and should have been far more transparent with patients as to what was happening.

"We've asked the Trust to commit to making changes that will address those shortcomings, and their co-operation is welcome. The Data Protection Act is not a barrier to innovation, but it does need to be considered wherever people's data is being used."

The ICO ruled that testing the app with real patient data went beyond Royal Free's authority, particularly given how broad the scope of the data transfer was. "A patient presenting at accident and emergency within the last five years to receive treatment or a person who engages with radiology services and who has had little or no prior engagement with the Trust would not reasonably expect their data to be accessible to a third party for the testing of a new mobile application, however positive the aims of that application may be," the office said in its findings.

While privacy campaigners were hoping the ruling would touch on the continued use of patient data for the production version of Streams, the ICO was muted on the live use of Streams in a clinical environment, but warned that "concerns regarding the necessity and proportionality of the use of the sensitive data of 1.6 million patients remain".

The Royal Free has been asked to commission a third-party audit of the trial following the ruling, complete a privacy assessment, set out how it will better comply with its duties in future trials and establish a proper legal basis for the DeepMind project.

In a statement, the hospital trust said: "We are pleased that the information commissioner … has allowed us to continue using the app which is helping us to get the fastest treatment to our most vulnerable patients - potentially saving lives.

"We accept the ICO's findings and have already made good progress to address the areas where they have concerns. For example, we are now doing much more to keep our patients informed about how their data is used. We would like to reassure patients that their information has been in our control at all times and has never been used for anything other than delivering patient care or ensuring their safety."

The ruling does not directly criticise DeepMind, a London-based AI company purchased by Google in 2013, since the ICO views the Royal Free as the "data controller" responsible for upholding the data protection act throughout its partnership with Streams, with DeepMind acting as a data processor on behalf of the trust.

In a blogpost, the company said: "We welcome the ICO's thoughtful resolution of this case, which we hope will guarantee the ongoing safe and legal handling of patient data for Streams.

"Although today's findings are about the Royal Free, we need to reflect on our own actions too. In our determination to achieve quick impact when this work started in 2015, we underestimated the complexity of the NHS and of the rules around patient data, as well as the potential fears about a well-known tech company working in health.

"We were almost exclusively focused on building tools that nurses and doctors wanted, and thought of our work as technology for clinicians rather than something that needed to be accountable to and shaped by patients, the public and the NHS as a whole. We got that wrong, and we need to do better."

The company highlighted a number of changes it had made since the launch of Streams, including a significant increase in transparency, and the creation of a independent health review board.

Streams has since been rolled out to other British hospitals, and DeepMind has also branched out into other clinical trials, including a project aimed at using machine-learning techniques to improve diagnosis of diabetic retinopathy, and another aimed at using similar techniques to better prepare radiotherapists for treating head and neck cancers.

(21st September 2017)


RANSOMWARE ATTACKS - HALF OF ALL ORGANIZATIONS HIT BY RANSOMWARE SUFFER MULTIPLE ATTACKS
(International Business Times, dated 30th June 2017 author AJ Dellinger)

Full Article [Option 1]:

www.ibtimes.com/ransomware-attacks-half-all-organizations-hit-ransomware-suffer-multiple-attacks-2560086

A new survey has revealed a startling statistic for governments and businesses that rely heavily on computer systems: organizations that have been hit by a ransomware attack are more likely to suffer from multiple attacks.

The data comes as part of the Annual Ransomware Report conducted by cloud data protection and information management firm Druva, which polled 830 information technology professionals in a number of industries.

Thirty-eight percent of respondents said they were hit by two to three ransomware attacks, while 12 percent reported falling victim to 4 or more attacks, indicating that recovering from a ransomware attack doesn't guarantee an organization is prepared for or immune from another in the future.

The majority of attacks that have hit organizations stem from endpoints-often devices used by individuals within a company who fail to follow proper security protocol and allow vulnerabilities to exist on their machine, which leads to the network becoming infected.

While 60 percent of all ransomware attacks have come from endpoint infections, one-third of all attacks target corporate servers, which can result in attacks that are far more compromising than an endpoint attack.

South Korean web hosting company Nayana recently fell victim to a server-targeted ransomware attack that took down more than 150 of its servers that hosted thousands of websites. Nayana paid the largest known ransom ever-over $1 million-just to recover from the attack.

In most cases of ransomware attacks, it is not just a single device that is affected. The survey found that 70 percent of the time, multiple devices are hit.

This is because an attack can often go unnoticed or unaddressed until it has already spread to other machines. Those surveyed said 40 percent of the time, the ransomware was unaddressed for two hours or longer. In 11 percent of instances, it took more than eight hours for IT to be alerted to the issue.

While ransomware attacks are undoubtedly a pain, there is respite for those who are hit if they are prepared. In 82 percent of cases, organizations were able to recover from an attack simply by keeping a backup that they could restore their systems from. Ten percent lost their data completely while 5 percent paid the ransom to regain access to their data.

"It's no longer a question of if an organization will be the victim of a ransomware attack, but when. [This report] underscores the importance of planning. Simply put, protecting data protects your bottom line," Jaspreet Singh, CEO of Druva, said.

With widespread ransomware attacks like WannaCry and Petya hitting computer systems around the globe, companies will assuredly find themselves dealing with attempts to hold their data hostage. Being prepared for such an attack-especially with secure backups-will make the experience much less painful.

--------------------------
RANSOMWARE ATTACK IS COVER FOR SOMETHING FAR MORE DESTRUCTIVE
(CNET, dated 1st July 2017 author Alfred Ng)

Full article [Option 1]:

www.cnet.com/uk/news/ransomware-attack-goldeneye-petya-cover-data-destroy-nation-state/

As odd as it sounds, the ransomware attack that swept across the world over the past few days wasn't about the money.

GoldenEye, also known as NotPetya, swarmed computers on Tuesday, locking up devices at multibillion-dollar companies including FedEx, Merck, Cadbury and AP Moller-Maersk.

Combined, these four companies are worth about $130 billion -- big targets with fat wallets. You'd think the hackers would ask for more than $300 per hijacked computer.

But now experts believe nation-state attackers are using ransomware as a screen, tempting victims to blame faceless hackers instead of the countries allegedly behind the attacks. The real goal was to get at and destroy data.

The revelation is a surprising new aspect of an escalating cyberwar between countries that has already compromised infrastructure, elections and businesses. North Korea leaked Sony emails in a display of power, hackers shut down Ukraine's power grids during a conflict with Russia and the US is still reeling from Russian interference in the 2016 presidential election.

Using ransomware as a cover for national attacks has serious implications not just for governments. Innocent people end up in the crossfire of these massive cyberattacks. Whether it's hospitals, universities, supermarkets, airports or even a chocolate factory in the firing line, the mess eventually trickles down to you. It could mean not being able to get your medicine because Merck's data is compromised or having flights grounded at a hacked airport.

"Sabotage often has collateral damage," said Lesley Carhart, a digital forensics expert. "Nothing new. Just digitized."

Flawed ransoming

The biggest tipoff that something was awry came from how the hackers planned to collect the ransom. The Posteo server shut down the email address that victims were supposed to use to contact the hackers, suggesting that aspect of the operation wasn't well thought out.

"If the authors of this malware's primary purpose was to make money, they certainly had the technical and strategic offensive skill set to successfully make way more than they did," Carhart said. "The actual 'ransoming' to get money was flawed and inefficient."

When a ransomware attack hit a South Korean web-hosting company earlier this month, the victims paid $1 million -- the largest known payout ever. Two days after GoldenEye hit, it had made only about $10,000.

The WannaCry attack, which struck last month, had reaped roughly $132,000 as of Wednesday.

GoldenEye the destroyer

Researchers from both Comae Technologies and Kaspersky Lab found that GoldenEye was a wiper, designed to destroy data. It used as its base a form of ransomware called Petya (hence the NotPetya name) to encrypt crucial files, steal login credentials and seize your hard drive, too.

Even though the ransomware promised you'd get your data back if you paid up, Comae founder Matt Suiche noticed that GoldenEye actually ended up destroying several blocks of data. The original Petya encrypted files, but there was always a way to reverse that, he noted.

Researchers from Kaspersky called this the "worst-case" scenario for the victims.

"I wouldn't be surprised if they're trying to shut down a couple of facilities that they're targeting," said Amanda Rousseau, a malware researcher at Endgame.

GoldenEye started as an attack on a single organization, with the ransomware attaching itself to a software update for MeDoc, Ukraine's most popular tax-filing software. From that one victim, it spread to multibillion-dollar companies that were using it. (The companies all have branches in Ukraine.) About 60 percent of the attacks happened in Ukraine, according to Kaspersky Lab. GoldenEye, like WannaCry before it, used a technique from the National Security Agency to get into one PC and took advantage of Windows sharing tools to spread to every other computer on the same network.

Ukraine has been rife with alleged cyberattacks from Russian state-sponsored hackers, as a testing ground for global hacks on major infrastructure.

Beyond Ukraine, the collateral damage continues after more than 200,000 computers around the world were infected. The attack showed hackers don't even have to target countries directly to get the job done.

If they can attack companies and infrastructure that help everyday life run smoothly, they've won.

"It's the equivalent of shutting down your power," Rousseau said.

--------------------------
(21st September 2017)


JUNE 2017


ICO FINES MORRISONS FOR EMAILING CUSTOMERS WHO DIDN'T WANT TO BE EMAILED
(The Register, dated 16th June 2017 author Rebecca Hill)

Full article [Option 1]:

www.theregister.co.uk/2017/06/16/ico_fine_morrisons_unsolicited_emails/

Supermarket chain Morrisons has been fined £10,500 by the UK's data protection watchdog for sending marketing emails to people who had unsubscribed from marketing bumf.

The Information Commissioner's Office (ICO) said the company had broken the law when it deliberately sent more than 200,000 emails to people who had previously opted out of receiving such emails.

The emails, sent between October 24 and November 25 2016, were titled "Your account details" and went out to Morrisons More loyalty cardholders that had opted out of, er, Morrisons More card marketing.

According to the ICO, the message told cardholders that they had opted out of such emails - then asked them to change their preferences to start receiving coupons and points.

It also helpfully "provided directions on the steps to follow to opt back in to receive marketing".

The email was sent out to 236,651 people, but only 130,671 emails were successfully received.

In an unsurprising twist, one of the recipients was irritated that they received the email despite having unsubscribed from Morrisons' direct marketing - and shopped the chain to the ICO.

The ICO's investigation found that the email in question "would be in itself sent for the purposes of direct marketing, and so is subject to the same rules as other marketing emails".

In deliberately sending the emails, the ICO said, Morrisons had deliberately contravened the Privacy and Electronic Communications Regulations, and issued it with the fine, to be paid by July 13.

Deputy commissioner Simon Entwisle said: "It is vital that the public can trust companies to respect their wishes when it comes to how their personal information is used for marketing.

"These customers had explicitly told Morrisons they didn't want marketing emails about their More card. Morrisons ignored their decision and for that we've taken action."

The watchdog also pointed out that the impending General Data Protection Regulation - which comes into force next May - "sets a high bar for the consent organisations must obtain from customers before using their personal data for marketing".

A Morrisons spokesperson told The Register: "We sent out an information message to a small percentage of our customers that aimed to provide some helpful information about our service. We did this with the best of intentions and we're disappointed that this was deemed to be 'marketing material'."

Earlier this year, the ICO fined Flybe and Honda £80,000 and £13,000 respectively for emailing customers who had said they didn't want to receive marketing emails to ask whether they would consent to future marketing.

uaware comment

This law also applies to unsolicited text messages where you did not give prior permission.

(1st September 2017)


WHAT HAPPENS WHEN YOU CALL 999
(BT News, dated 30th June 2017)

Full article [Option 1]:

https://home.bt.com/tech-gadgets/what-happens-when-you-call-999-the-secrets-of-the-emergency-services-number-11364191315763

We hope we never have to call the emergency services, but when we do, it's reassuring to know the highly-trained men and women on the other end of the phone are waiting to help us.

The 999 service was set up in 1937 - with help from the GPO, BT's forerunner - and was the first emergency services number in the world.

On June 30, 2017, it will be 80 years since the service came into effect. A lot has changed in that time, but not the dedication of the emergency services. Here's what happens when you call 999, from when you speak to the operator to the moment the emergency services arrive to help you.

First point of contact


When you dial 999, you don't get put straight through to the emergency services. Instead, you speak to an operator who asks which service you require: ambulance, fire, police or coastguard.

They will identify your approximate location, which, if you're calling from a mobile phone, they can detect by identifying which phone mast your mobile is connected to. Most Android smartphones can be located to an area less than half the size of a football pitch using GPS signal and wi-fi location data, thanks to Advanced Mobile Location (AML), which was developed with BT. If you're calling from a landline, they can consult a database of addresses linked to phone numbers.

Once your location has been determined, the operator will patch you through to a call handler at the service closest to you.

What happens next varies depending on which service you require, and where you are in the UK.

"All police forces use different computer systems," says Mark Rothwell, a call handler at Devon & Cornwall Police.

"At Devon & Cornwall, when the BT operator passes the call on, it's forced onto the call handler - we have no choice but to answer it. It beeps, and the first voice we hear is the BT operator, who passes on the telephone number of the caller.

"This can be a bit confusing for the caller because to begin with it's basically a three-way conference call, and they might think the BT operator is talking to them."

This isn't the case in every force, however. Some use a data exchange system called EISEC - this stands for Enhanced Information Service for Emergency Calls, and is provided using the BT ISDN access network. It means the BT operator doesn't have to speak, as it enables the call handler to retrieve the information automatically.

For forces without EISEC, the BT operator is vital to ensuring a good response time.

"Often we can't get the caller's location, because they're distressed and don't know where they are, or maybe they can't speak because they don't want to be overheard by a perpetrator," says Rothwell.

"If that's the case, we can ask the BT operator where the call is coming from. The role of the BT operator can't be overstated - sometimes we manage a 999 call purely by speaking to them."

Determining the urgency

Once the call handler knows what the call is about, they have to decide how urgently officers should respond. "Most 999 calls are graded as 'immediate', which means police should arrive on the scene within 20 minutes - that's a target set by the Home Office," says Rothwell.

The next rating down is 'prompt', which has a response time of 60 minutes, and then 'routine', which is 24 hours. "It all depends how immediate the danger is," Rothwell says.

The call handler inputs the information about the call into the command and control system - Devon & Cornwall's is called Storm, and is made by a company called Sopra Steria. "It's the backbone of the whole operation," according to Rothwell. They then send this to a radio operator, who is the one who dispatches the police officers.

If the radio operator disputes the urgency of a call, they can question it with the call handler, and if they can't agree, it goes to the senior officer in the contact centre - an inspector, or one of their sergeants if they're otherwise engaged - who has the final say.

Getting emergency services to the scene

The radio operator contacts the police officers on the ground via a direct link to their body-worn radios. While the officers are on their way to the incident, the radio operator reads them the risk assessment that the call handler has carried out - this includes research on the people and vehicles involved, so the officers know what to expect.

All the officers' radios have GPS, so they can be followed on the mapping system, which interfaces directly with the command and control system. Each radio also has a big red button - if the officer is in trouble, they press it, and it creates an emergency incident log called Code Zero. The control room can then determine what's happened and how to respond.

"The officer could find themselves outnumbered 10 to one," says Rothwell. "In those situations, Code Zero can be a lifesaver."

(1st September 2017)


RUTHLESS ONLINE ROMANCE SCAMS TARGET LONELY HEARTS ON INDUSTRIAL SCALE
(International Business Times, dated 30th June 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/ruthless-online-romance-scams-target-lonely-hearts-industrial-scale-1628494

Online fraudsters using fake identities on dating websites and social media networks to trick victims out of their money has become a lucrative underground industry and is only set to grow over the next 18 months.

The fraud, known as a romance scam, is being bolstered by leaks from major dating and pornography websites which can reveal a victim's intimate secrets, according to the UK National Crime Agency (NCA). Data breaches, for example at Ashley Madison and AdultFriendFinder, can lead to blackmail and extortion, it added.

It is "almost certain" that the UK will be targeted with more romance scams and highly targeted email compromise campaigns over the next 18 months, the agency warned in its National Strategic Assessment, released to the public on Thursday 29 June.

"Social engineering is highly likely to continue to rise as an attack vector, originating most notably from West Africa," it added.

In these social engineering attacks, which often rely on direct messages and grooming tactics, victims believe they are talking to a genuine person.

How romance scams work


The online fraudster orchestrating a romance scam plays the long game and will work to earn the trust of their victim over time. Once this is gained, the culprit pretends to experience a life-threatening or heartbreaking event before asking the victim for financial aid.

Once a payment is sent, the scheme then becomes more relentless as the scammer attempts to bleed as much money as possible by creating more fake situations - be it the death of a loved one or being stranded in a foreign country after being robbed. The statistics show it works.

Figures released in January by the National Fraud Intelligence Bureau revealed there were 3,389 victims of romance fraud in 2016, losing a combined total of more than £39m ($50m).

This was a rise from the previous year, when 3,363 victims lost a total of just under £26m ($33m). Meanwhile, in 2016, the average loss for each victim was £11,500 compared with £7,731 in 2015. At least 39% of those who were tricked are men, the figures suggested.

The victims are mounting

There are numerous victims who have spoken out about being fooled by romance scams over the years - and for some the personal consequences are more severe that financial ruin.

In March this year, 54-year-old Pam Wareing was taken to court after allegedly stealing more than £500,000 from her employer, a UK solicitor, to send to a conman she met online. That case was referred to a higher court and remains under investigation.

Another high-profile case was that of 68-year-old Judith Lathlean, a university professor who fell victim to a romance scam in 2015 via an online dating website. Lathlean lost a total of £140,000 after a man using the name John Porter online convinced her to send it to him.

"Porter" claimed his house had been broken into, resulting in the loss of his passport and phone. He claimed to have a vast fortune of £10m that was suddenly available but only if someone could go to Amsterdam and pay a fee to release the money. It was a complex web of lies.

"A lot of the online dating fraudsters we know are abroad," Steve Proffitt, deputy head of Action Fraud, told the BBC earlier this year. They're in West Africa, Eastern Europe and it's very difficult for British law enforcement to take action against them in those jurisdictions."

Luckily, there are a number of steps you can take to protect yourself from romance scams, as well as a number of key signs to look out for if you are suspicious of someone online. The advice comes courtesy of Action Fraud, the primary UK reporting centre for scams and cybercrime.

If you have struck up a relationship with someone online, you should be concerned if they are asking a lot of personal questions but never interested in talking about themselves, Action Fraud said. Additionally, it is advised to reverse image search their picture to make sure it's not stolen.

"What is striking from this year's assessment are the themes running through the crime types," NCA deputy director general Matthew Horne said in a statement at the release of the report. "Organised criminal networks are using online methods to defraud and extort," he warned.

How to protect yourself:


- Avoid giving away too many personal details when dating online. Revealing your full name, date of birth and home address may lead to your identity being stolen.

- Never send or receive money or give away your bank details to someone you've only met online, no matter how much you trust them or believe their story.

- Pick a reputable dating website and use the site's messaging service. Fraudsters want to quickly switch to social media or texting so there's no evidence of them asking you for money.

(1st September 2017)


ONLINE FRAUD COST PUBLIC BILLIONS BUT IS STILL NOT A POLICE PRIORITY
(The Guardian, dated 30th June 2017 author Press Association)

Full article [Option 1]:

www.theguardian.com/uk-news/2017/jun/30/online-costs-public-billions-but-is-still-not-a-police-priority-says-watchdog

Police forces are not doing enough to tackle the growing threat of online fraud, a public spending watchdog has found.

The National Audit Office (NAO) said the issue was "not yet a priority" for all local police forces and the problem had been overlooked by government, law enforcement and industry.

The report said the overall cost of all forms of fraud in 2016 was £10bn to individuals and £144bn to the private sector, arising from almost 2m cyber-related fraud incidents.

The NAO's chief, Sir Amyas Morse, said: "For too long, as a low-value but high-volume crime, online fraud has been overlooked by government, law enforcement and industry. It is now the most commonly experienced crime in England and Wales and demands an urgent response."

He said the Home Office, while not solely responsible for tackling the issue, was the only organisation that could oversee the system and lead change.

The Home Office's joint fraud taskforce, launched in February 2016, was a positive step "but there is still much work to be done", he said. "At this stage it is hard to judge that the response to online fraud is proportionate, efficient or effective."

In the year to 30 September 2016 there were 1.9m estimated instances of cyber fraud, or 16% of all crimes.

The report said: "Fraud is now the most commonly experienced crime in England and Wales, is growing rapidly and demands an urgent response. Yet fraud is not a strategic priority for local police forces and the response from industry is uneven."

The report said one idea being considered by the banking industry to tackle online fraud was to make the security codes on the back of debit and credit cards change every hour.

"This is a positive step, as the redesign may help to stop an increase in online card fraud," the NAO said. "However, such a plan requires all card providers to participate."

------------------------

BANKS CONSIDER CHANGING SECURITY CODES ON DEBIT AND CREDIT CARDS EVERY HOUR TO FOIL ONLINE FRAUDSTERS
(The Telegraph, dated 30th June 2017 author Telegraph Reporters)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/06/29/banks-considering-adopting-debit-credit-cards-security-code/

Banks are considering adopting debit and credit cards where the security code changes every hour, to keep ahead of online fraudsters.

UK financial institutions are looking at the technology which has unveiled in France last year.

The new cards replace the printed three-digit security code on the back of the card with a mini screen which displays a random code that changes automatically every hour.

The development is encouraged today in a National Audit Office report that warns police forces are not doing enough to tackle the growing threat of online fraud.

The NAO said new cards with changing numbers could be "a positive step, as the re-design may help to stop an increase in online card fraud. However, such a plan requires all card providers to participate."

The NAO said the issue was "not yet a priority" for all local police forces and the problem had been overlooked by government, law enforcement and industry.

Almost two million cyber-related fraud incidents were estimated to have taken place in a year and the cost is likely to run into billions of pounds, the NAO said.

NAO chief Sir Amyas Morse said: "For too long, as a low value but high volume crime, online fraud has been overlooked by government, law enforcement and industry.

"It is now the most commonly experienced crime in England and Wales and demands an urgent response."

He said the Home Office, while not solely responsible for tackling the issue, was the only organisation that could oversee the system and lead change.

The Home Office's Joint Fraud Taskforce, launched in February 2016, was a positive step "but there is still much work to be done", he said.

"At this stage it is hard to judge that the response to online fraud is proportionate, efficient or effective."

The report said that the overall cost of all forms of fraud in 2016 was £10 billion to individuals and £144 billion to the private sector as a whole.

In the year to September 30 2016 there were 1.9 million estimated incidents of cyber fraud, some 16% of all crime incidents.

The report said: "Fraud is now the most commonly experienced crime in England and Wales, is growing rapidly and demands an urgent response.

"Yet fraud is not a strategic priority for local police forces and the response from industry is uneven."


Five tricks hackers use to steal your bank details


- Using fake "free" WiFi networks to steal passwords
- Guessing obvious passwords like "123456"
- Social media stalkers who find out when you're on holiday, using Facebook
- Dodgy apps that trick you into giving away data using in-app permissions
- Fake emails pretending to be from well-known brands - like Amazon or eBay

What is the NCA's advice to UK internet users?

Members of the public are reminded they should be vigilant and not open documents in emails, or click on links, if they are unexpected or if they are unclear about its origin.

If any internet users think they have lost money through malware such as Dridex, they should report their concerns to Action Fraud and alert their respective banks.

Users are urged to visit the CyberStreetWise and GetSafeOnline websites where a number of anti-virus tools are available to download to help clean up infected machines and get advice and guidance on how to protect themselves in the future.

(1st Septemeber 2017)


CIVIL RIGHTS WARRIORS GET GREEN LIGHT TO CHALLENGE UK MASS SURVEILLANCE
(The Register, dated 30th June 2017 author Rebecca Hill)

Full article [Option 1]:

www.theregister.co.uk/2017/06/30/liberty_gets_green_light_to_challenge_snoopers_charter/

The High Court in London, England, has given Liberty permission to challenge parts of the UK's Investigatory Powers Act.

The act, which was passed into law last year, offers the state unprecedented powers to monitor the population en masse, and to collect and retain bulk personal and communications data.

It has been roundly condemned by privacy and civil liberties groups, as well as opposition MPs - the Lib Dems branded it "Orwellian" and promised to roll back the law if they gained power in the last election.

Liberty launched its legal challenge after a landmark EU ruling stated that access to retained data must only be given in serious crime.

That case, brought by Labour MP Tom Watson, was heard in the European Union's Court of Justice.

The court stated that governments could only collect data in a targeted way - and not collect and retain data indiscriminately on a population scale.

Liberty has today announced the High Court has granted it permission to challenge part of the Investigatory Powers Act.

Martha Spurrier, director of the advocacy group, said: "We're delighted to have been granted permission to challenge this authoritarian surveillance regime.

"It's become clearer than ever in recent months that this law is not fit for purpose. The government doesn't need to spy on the entire population to fight terrorism. All that does is undermine the very rights, freedoms and democracy terrorists seek to destroy."

She added that recent cyber-attacks that took "businesses and public bodies to their knees" made the government's "obsession with storing vast amounts of sensitive information about every single one of us look dangerously irresponsible".

The UK's High Court has also allowed the group to seek permission to challenge three other parts of the Act, which it can do when the government publishes further codes of practice for the legislation or in March 2018, whichever is later.

These parts are: bulk interception of communications content; bulk personal datasets; and thematic hacking - which would see state actors covertly access, control and alter electronic devices if their owners are suspected of involvement in crime.

The group - which is crowdfunding the case, and has so far raised more than £53,000 - is now waiting on its application for a costs capping order, which sets the upper limit of costs in the case. If that is granted, the case will be listed for a full hearing in due course.

uaware comment

The main question about the outcome of this appeal is how much light does Liberty want to shine on the operation of the UK Security Services.Their existence is to lurk in "dark places" obtaining information because that is where the bad guys are. The main problem is who also can use the same surveillance laws; in the past there were comments that local councils could use them to check what waste materials residents throw away. The sheer fact that an Act has been passed to describe what the Secret Services are doing or are going to do puts them in enough light. Are Liberty and their supporters naive enough to believe that the Secret Services have not been carrying out the "Acts described actions" already for years. The Act describes formally what they have been doing.

How many terrorist atrocities would have taken place if our appropriate authorities were not allowed to snoop ?

(1st September 2017)


NHS WANNACRYPT POSTMORTEM - OUTBREAK BLAMED ON LACK OF ACCOUNTABILITY
(The Register, dated 29th June 2017 author John Leyden)

Full article [Option 1]:

www.theregister.co.uk/2017/06/29/nhs_wannacry_report/

A lack of accountability and investment in cyber-security has been blamed for the recent WannaCrypt virus that hobbled multiple hospital NHS IT systems last month in England, a report by The Chartered Institute for IT concludes.

The report, published today, comes following a similar, but more limited attack against UK-based companies as the result of the spread of the NotPetya ransomware earlier this week.

Whilst doing their best with the limited resources available, the Chartered Institute for IT report suggests some hospital IT teams lacked access to "trained, registered and accountable cyber-security professionals with the power to assure hospital Boards that computer systems were fit for purpose".

The healthcare sector has struggled to keep pace with cyber-security best practice thanks in large part to a systemic lack of investment. The WannaCrypt attack was an accident waiting to happen, according to David Evans, director of community & policy at The Chartered Institute for IT.

"Unfortunately, without the necessary IT professionals, proper investment and training the damage caused by the WannaCrypt ransomware virus was an inevitability, but with the roadmap we are releasing today, will make it less likely that such an attack will have the same impact in the future," Evans said.

The Chartered Institute of IT has joined forces with the Patient's Association, the Royal College of Nursing, BT and Microsoft to produce a blueprint that outlines steps NHS trusts should take to avoid another crippling cyber-attack. Employing accredited IT professionals tops the list. The NHS board is being urged to ensure it understands its responsibilities, and how to make use of registered cyber security experts. The number of properly qualified and registered IT professionals needs to be increased, the report recommends.

Almost 50 NHS Trusts were hit by the WannaCrypt cyber-attack that left infected computers with encrypted files and at least temporarily unusable in many areas of the health service. The outbreak led to operations and appointments being cancelled or postponed.

The issue of how to improve security in the NHS following the WannaCrypt outbreak has been raised in Parliament. In response to a written question, junior Department of Health minister Jackie Doyle-Price said a review of the cyber attack was under way. Emergency measures specifically allocated to deal with last month's NHS ransomware attack cost £180,000. The government is making cyber-security a requirement of health service contracts, she added.

**********************************
We have changed the National Health Service standard contract to include, from April 2017, cyber security requirements.

Evidence shows that the use of unsupported systems is continuing to reduce in health and care, as organisations replace older har