Jim Risen Writes about Reporting Government Secrets

Comments

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.

Posted in Security | Leave a comment

Serial SWATter Tyler “SWAuTistic” Barriss Charged with Involuntary Manslaughter

Tyler Raj Barriss, a 25-year-old serial “swatter” whose phony emergency call to Kansas police last month triggered a fatal shooting, has been charged with involuntary manslaughter and faces up to eleven years in prison.

Tyler Raj Barriss, in an undated selfie.

Barriss’s online alias — “SWAuTistic” — is a nod to a dangerous hoax known as “swatting,” in which the perpetrator spoofs a call about a hostage situation or other violent crime in progress in the hopes of tricking police into responding at a particular address with potentially deadly force.

Barriss was arrested in Los Angeles this month for alerting authorities in Kansas to a fake hostage situation at an address in Wichita, Kansas on Dec. 28, 2017.

Police responding to the alert surrounded the home at the address Barriss provided and shot 28-year old Andrew Finch as he emerged from the doorway of his mother’s home. Finch, a father of two, was unarmed, and died shortly after being shot by police.

The officer who fired the shot that killed Finch has been identified as a seven-year veteran with the Wichita department. He has been placed on administrative leave pending an internal investigation.

Following his arrest, Barriss was extradited to a Wichita jail, where he had his first court appearance via video on FridayThe Los Angeles Times reports that Barriss was charged with involuntary manslaughter and could face up to 11 years and three months in prison if convicted.

The moment that police in Kansas fired a single shot that killed Andrew Finch (in doorway of his mother’s home).

Barriss also was charged with making a false alarm — a felony offense in Kansas. His bond was set at 0,000.

Sedgwick County District Attorney Marc Bennett told the The LA Times Barriss made the fake emergency call at the urging of several other individuals, and that authorities have identified other “potential suspects” that may also face criminal charges.

Barriss sought an interview with KrebsOnSecurity on Dec. 29, just hours after his hoax turned tragic. In that interview, Barriss said he routinely called in bomb threats and fake hostage situations across the country in exchange for money, and that he began doing it after his own home was swatted.

Barriss told KrebsOnSecurity that he felt bad about the incident, but that it wasn’t he who pulled the trigger. He also enthused about the rush that he got from evading police.

“Bomb threats are more fun and cooler than swats in my opinion and I should have just stuck to that,” he wrote in an instant message conversation with this author.

In a jailhouse interview Friday with local Wichita news station KWCH, Barriss said he feels “a little remorse for what happened.”

“I never intended for anyone to get shot and killed,” he reportedly told the news station. “I don’t think during any attempted swatting anyone’s intentions are for someone to get shot and killed.”

The Wichita Eagle reports that Barriss also has been charged in Calgary, Canada with public mischief, fraud and mischief for allegedly making a similar swatting call to authorities there. However, no one was hurt or killed in that incident.

Barriss was convicted in 2016 for calling in a bomb threat to an ABC affiliate in Los Angeles. He was sentenced to two years in prison for that stunt, but was released in January 2017.

Using his SWAuTistic alias, Barriss claimed credit for more than a hundred fake calls to authorities across the nation. In an exclusive story published here on Jan. 2, KrebsOnSecurity dissected several months’ worth of tweets from SWAuTistic’s account before those messages were deleted. In those tweets, SWAuTistic claimed responsibility for calling in bogus hostage situations and bomb threats at roughly 100 schools and at least 10 residences.

In his public tweets, SWAuTistic claimed credit for bomb threats against a convention center in Dallas and a high school in Florida, as well as an incident that disrupted a much-watched meeting at the U.S. Federal Communications Commission (FCC) in November.

But in private online messages shared by his online friends and acquaintances SWAuTistic can be seen bragging about his escapades, claiming to have called in fake emergencies at approximately 100 schools and 10 homes.

The serial swatter known as “SWAuTistic” claimed in private conversations to have carried out swattings or bomb threats against 100 schools and 10 homes.

Tags: , , , , , ,

Posted in Security | Leave a comment

Drunk droning now illegal in New Jersey

(Reuters) – New Jersey Governor Chris Christie signed a law on Monday making it illegal to fly an unmanned drone aircraft after too many drinks, a spokesman said on the Republican’s last day in office.

Posted in Uncategorized | Leave a comment

Canadian Police Charge Operator of Hacked Password Service Leakedsource.com

Canadian authorities have arrested and charged a 27-year-old Ontario man for allegedly selling billions of stolen passwords online through the now-defunct service Leakedsource.com.

The now-defunct Leakedsource service.

On Dec. 22, 2017, the Royal Canadian Mounted Police (RCMP) charged Jordan Evan Bloom of Thornhill, Ontario for trafficking in identity information, unauthorized use of a computer, mischief to data, and possession of property obtained by crime. Bloom is expected to make his first court appearance today.

According to a statement from the RCMP, “Project Adoration” began in 2016 when the RCMP learned that LeakedSource.com was being hosted by servers located in Quebec.

“This investigation is related to claims about a website operator alleged to have made hundreds of thousands of dollars selling personal information,” said Rafael Alvarado, the officer in charge of the RCMP Cybercrime Investigative Team. “The RCMP will continue to work diligently with our domestic and international law enforcement partners to prosecute online criminality.”

In January 2017, multiple news outlets reported that unspecified law enforcement officials had seized the servers for Leakedsource.com, perhaps the largest online collection of usernames and passwords leaked or stolen in some of the worst data breaches — including three billion credentials for accounts at top sites like LinkedIn and Myspace.

Jordan Evan Bloom. Photo: RCMP.

LeakedSource in October 2015 began selling access to passwords stolen in high-profile breaches. Enter any email address on the site’s search page and it would tell you if it had a password corresponding to that address. However, users had to select a payment plan before viewing any passwords.

The RCMP alleges that Jordan Evan Bloom was responsible for administering the LeakedSource.com website, and earned approximately $247,000 from trafficking identity information.

A February 2017 story here at KrebsOnSecurity examined clues that LeakedSource was administered by an individual in the United States.  Multiple sources suggested that one of the administrators of LeakedSource also was the admin of abusewith[dot]us, a site unabashedly dedicated to helping people hack email and online gaming accounts.

That story traced those clues back to a Michigan man who ultimately admitted to running Abusewith[dot]us, but who denied being the owner of LeakedSource.

The RCMP said it had help in the investigation from The Dutch National Police and the FBI. The FBI could not be immediately reached for comment.

LeakedSource was a curiosity to many, and for some journalists a potential source of news about new breaches. But unlike services such as BreachAlarm and HaveIBeenPwned.com — which force users to verify that they can access a given account or inbox before the site displays whether it has found a password associated with the account in question — LeakedSource did nothing to validate users.

This fact, critics charged, showed that the proprietors of LeakedSource were purely interested in making money and helping others pillage accounts.

Since the demise of LeakedSource.com, multiple, competing new services have moved in to fill the void. These services — which are primarily useful because they expose when people re-use passwords across multiple accounts — are popular among those involved in a variety of cybercriminal activities, particular account takeovers and email hacking.

Tags: , , , , , , , , ,

Posted in Security | Leave a comment

January 11, 2018: Former New Hampshire Pharmacist Pleads Guilty for Tampering with Narcotics at Bedford Pharmacy

OCI Small Clear Seal 

 

Food and Drug Administration 
Office of Criminal Investigations

 

CONCORD, N.H. — Thomas Kellermann, 65, of Bedford, pleaded guilty in federal court on Wednesday to tampering with a consumer product and obtaining and controlled substance by fraud, announced Acting United States Attorney John J. Farley.  

According to court documents and statements in court, Kellerman was employed as a pharmacist at a pharmacy in Bedford that dispensed prescription drugs to patients, including patients at hospice facilities.  In 2011, Kellermann began abusing narcotic pain relievers.  In March of 2012, Kellermann took medical leave from his position.  While on medical leave in March and April 2012, Kellerman repeatedly returned to the pharmacy after business hours and on weekends and stole narcotic pain medication for his personal use.  Kellermann removed the plastic top of vials containing hydromorphone and morphine, inserted syringes into the vials, and withdrew drugs from the vials.  He then injected saline into the vials, placed a small amount of glue on top of the vials to reattach the plastic caps, and placed the vials back into pharmacy stock.  This made it appear that the vials were unused.  Kellermann also accessed hydromorphone that had been prepared for delivery to a patient, but which had been returned to the pharmacy and wasted. 

The tampering was discovered when an employee of the pharmacy detected irregularities in certain vials of drugs.  After the tampering was discovered, some of the vials were analyzed by an independent laboratory and found to be substantially below their labeled strength.

Kellermann pleaded guilty to a two-count Information charging him with one count of tampering with a consumer product and one count of obtaining a controlled substance by misrepresentation, fraud, deception, or subterfuge. He is scheduled to be sentenced on May 9, 2018.

 

“Tampering with controlled substances by health care workers is a very serious crime,” said Acting U.S. Attorney Farley.  “This type of activity is a betrayal of the trust that patients place in the health care system.  Tampering and diversion not only can deprive patients of needed medicine but also can expose patients to other substantial health risks. We will continue to work closely with our law enforcement partners to identify and prosecute health care workers who engage in this very dangerous conduct.”

 

“Patients deserve to have confidence that they are receiving the proper treatment from those entrusted with providing their medical care,” said Jeffrey J. Ebersole, Special Agent in Charge, FDA Office of Criminal Investigations’ New York Field Office. “We must hold medical personnel accountable when they take advantage of their unique position and tamper with drugs needed by their patients. Tampering can not only endanger the health of patients by exposing them to contaminated products but also may deny them access to the treatments they need.”

 

“The reckless action by this health care worker is not only a violation of the Controlled Substance Act but a betrayal of the public trust,” said DEA Special Agent in Charge Michael J. Ferguson.  “In response to the ongoing opioid epidemic DEA’s obligation is to improve public safety and public health, and we are committed to working with our law enforcement and regulatory partners to ensure that these rules and regulations are followed.”

 

The investigation was conducted by the United States Food and Drug Administration (FDA) Office of Criminal Investigations and the Drug Enforcement Administration. The case was prosecuted by Assistant United States Attorney Arnold H. Huftalen and Special Assistant United States Attorney Sarah Hawkins of the FDA’s Office of Chief Counsel.

 

###

 

Topic(s): 

Prescription Drugs

 

Component(s): 

USAO – New Hampshire

 

Press Release Number: 

18-007

 

Posted in Security | Leave a comment