Vigilantes and private security are policing the internet where governments have failed

Vigilantes and private security are policing the internet where governments have failed


Mark Button, University of Portsmouth

The internet revolution of the past 20 years has opened up countless new ways for people to shop, bank, find love – and to commit crimes. Every time we switch on a computer, open an email, view a website or make an online payment, there are multiple new opportunities for crimes to occur. In fact, almost half of all crimes against individuals in England and Wales now involve or are enabled by the internet.

These technological changes have fuelled a substantial new private policing sector that includes commercial companies but also online vigilantes. This change is comparable to the “quiet revolution” seen in the 1970s when conventional private policing, particularly the use of uniformed security officers, emerged on an industrial scale.

Despite its scale, online private policing activity has been largely ignored by researchers and politicians. Yet it is already creating some significant issues that need addressing.

This new online private policing sector exists most obviously in the numerous companies providing services. These include designing, testing and maintaining security systems, responding to cyber-attacks and moderating websites for harmful or illegal content.

But many other organisations have also developed their own cybersecurity structures to better protect themselves from online crime. In most large organisations, these structures are led by what are generally called chief information security officers (CISO) but there are also many other new cybersecurity roles such as security architects and ethical hackers.

Millions of people now work in cyber security. Gorodenkoff/Shutterstock

Globally, this new sector is estimated to support around 6 million jobs and is predicted to be worth US$248 billion (£190 billion) by 2023. This is much more than the traditional private security industry, which is only predicted to be worth around US$167 billion (£128 billion) by 2025.

One of the most interesting roles to emerge in this new sector is that of the moderators who police the content published on the internet. They play an important role in preventing the publication of undesirable material, from hardcore pornography and footage from war zones through to abusive and inappropriate language.

There has been virtually no academic research of these important operatives. But media reports have raised concerns over the welfare of these staff, who often have to view large amounts of distressing content, including images. So their conditions of employment and capabilities should be more of a priority for researchers and regulators.

Online vigilantes

The internet hasn’t just stimulated new forms of commercial private policing but has also enabled a new type of vigilantism to flourish. For example, the limited law enforcement response to the masses of scam emails and bogus websites we’re at risk from everyday has led to the growth of “scambaitors”. These are private individuals who try to engage with scammers and waste their time or simply raise awareness of their scams.

One of the problems with scambaiting is the humiliation and racism often involved. For example some scammers have been encouraged to do repetitive tasks such as draw street maps and rewrite books, paint themselves or pose naked in humiliating positions, all of which have then been publicised. Sometimes this is done with explicit or implicit racist commentaries, relating to the fact that many of the scammers are black West Africans.

Perhaps the most controversial area of online vigilantism that has emerged is paedophile hunting. Organised groups of internet users pose as children in online chatrooms to lure and expose paedophiles.

The actions of these groups have clearly helped the police and led to the exposure of real paedophiles who have subsequently been charged and convicted. In 2018, at least 150 people in England and Wales were charged using evidence provided by paedophile hunters.

But some groups have made their exposures and confrontations public, in some cases even live-streaming them online. This has led to innocent people being falsely and publicly condemned, while others have killed themselves after the exposure. It has also been revealed that some of the people enacting this “justice” are themselves convicted criminals – whereas police forces themselves often bar people with criminal records from joining.

The rapid growth of both commercial and amateur attempts at policing the internet shows there is a demand that is not being met by the traditional provider of law enforcement, the state. But the problems that are emerging from this private security activity demonstrate why it isn’t enough to leave such significant operations to the market or volunteers.

The first “quiet revolution” eventually resulted in many jurisdictions introducing regulations to better control the activities of private security. This new shift at least warrants further research and investigation to determine if the controls are adequate. The suspicion is that they are not.

Mark Button, Professor of Security and Fraud, University of Portsmouth

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Posted in Uncategorized | Leave a comment

Hackers have got their hands on $11 billion in stolen cryptocurrency since 2011

Hackers have got their hands on $11 billion in stolen cryptocurrency since 2011

STEPHANIE PALMER-DERRIEN / Wednesday, January 22, 2020


More than US$11 billion has been stolen from supposedly secure crypto exchanges, wallets and mining platforms since 2011, mostly due to hacking incidents, research from Inside Bitcoins has revealed.

For a form of currency that bases itself on safety and security, $11 billion is a pretty significant number. Stored on blockchain technology and protected by encryption keys, cryptocurrencies are supposed to be impossible to counterfeit or copy.

In fact, the currency is so secure that when the co-founder and chief of Canadian exchange QuadringaCX Gerald Cotten died last year, it transpired he was the only one with the digital keys to the digital safe where all the coins were kept.

Since then, there have been questions as to whether or not Cotton actually died at all. Lawyers for Quadringa’s investors have even called for his body to be exhumed in order to settle the matter once and for all.

However, it turns out even crypto coins can be half-inched. According to US bitcoin publication Inside Bitcoins, there have been some 33 hacking incidents, globally, since 2011.

The exchange that fell victim to the first reported crypto hack in 2011 was also on the sharp end of the biggest hack in 2014.

In 2011, Tokyo exchange Mt.Gox was breached, losing about US$17.2 million in bitcoin.

It recovered from the incident, and by 2014, it was the leading exchange in the world, managing about 70% of all bitcoin transactions.

In February 2014, however, it suffered a second attack, losing about US$6.5 billion worth of bitcoin ⁠— or six percent of all bitcoin in existence at the time.

Three years later, Mt.Gox was bankrupt.

The Mt.Gox hack of 2014 is now infamous ⁠— it’s the subject of lengthy deep-dive articles, it’s explored in many tech podcasts and its even the subject of an ebook.

Three additional hacks were recorded in 2014, bringing the total loss to US$6.7 billion, and making the year an almost comical standout on a graph detailing losses over the past eight years.

By contrast, the second most-catastrophic year was 2016, which saw total losses of US$1.6 billion in cryptocurrency.

Interestingly, 2017 saw an increase in the number of hacks, but a dip in the value stolen. It’s perhaps no surprise that there was more criminal interest ⁠— this was the year of the crypto-boom, in which prices reached a peak of US$20,000.

However, the most hacks occurred in 2019, including that of prominent exchange Binance, which lost about US$60.5 million in bitcoin.

Posted in Uncategorized | Leave a comment

Aussie entrepreneur launches “disturbing and unethical” facial recognition tech in Silicon Valley

Aussie entrepreneur launches “disturbing and unethical” facial recognition tech in Silicon Valley

STEPHANIE PALMER-DERRIEN / Wednesday, January 22, 2020

Clearview AI

An Aussie entrepreneur is copping flack online for his contentious and, frankly, dystopian startup designed to identify people and source information about them, from a single image.

According to The New York Times, the technology has already been provided to more than 600 law enforcement agencies, including local police in Florida, the FBI and the Department of Homeland Security.

Founded by Hoan Ton-That, Clearview AI is a secretive Silicon Valley startup that has been reportedly operating in stealth mode for some time.

It’s facial recognition app allows users to take a picture of a person and upload it, to access public photos of that person, and the sites on which they appear (think Facebook and YouTube).

It has a database of about 3 billion images.


Soon anyone will be able to take a picture of you in public and then have your complete identity. What could go wrong? …Clearview app lets strangers find your name, info with snap of a photo, report saysIt may not be long before you’ll have to forget about walking down the street anonymously, says a New York Times report.cnet.com5432:46 PM – Jan 22, 2020Twitter Ads info and privacy252 people are talking about this

According to The New York Times article, although law enforcement didn’t 100% understand how the app works, they’ve used it to help solve shoplifting, credit card fraud and even murder cases.

Clearly, there’s a dark side here.


Is this the CEO of Clearview AI? …

View image on Twitter

CNET@CNETWhat if a stranger could snap your picture on the sidewalk then use an app to quickly discover your name and address? A startup called Clearview AI has made that possible. 6610:24 PM – Jan 20, 2020Twitter Ads info and privacy37 people are talking about this

Clearview is reportedly also licenced to ‘a handful’ of private companies, and it’s not clear whether the technology is available for use by individuals

The story has also predictably, and rightly, drawn scorn on Twitter, with one user calling it “disturbing and unethical”.

Becca Fouts@BeccaFouts

“This app isn’t available to the public yet, but Clearview thinks it will be in the near future.”

Please think very carefully about the lives you would be putting in danger if this app were to become available to the public. This is a disturbing and unethical use of technology. …CNET@CNETWhat if a stranger could snap your picture on the sidewalk then use an app to quickly discover your name and address? A startup called Clearview AI has made that possible. 274:37 AM – Jan 21, 2020Twitter Ads info and privacySee Becca Fouts’s other Tweets

Others expressed serious concern that the technology could put women at risk, and make life easier for all the wrong people.

A memo from Clearview distributed to potential customers purportedly addressed concerns, stressing that the tech is totally legal and not at all creepy.

“An informed legal analysis … establishes that law enforcement agencies’ use of Clearview for its intended purpose is fully consistent with current federal law and state biometric and privacy laws,” the memo said.

So, consider yourself reassured.

Peggy Wolohan von Burkleo@SamhainNight

A lot of women would die. That’s what if. …CNET@CNETWhat if a stranger could snap your picture on the sidewalk then use an app to quickly discover your name and address? A startup called Clearview AI has made that possible. 380K4:44 PM – Jan 20, 2020Twitter Ads info and privacy115K people are talking about this

Peggy Wolohan von Burkleo@SamhainNight · Jan 20, 2020

A lot of women would die. That’s what if. …CNET@CNETWhat if a stranger could snap your picture on the sidewalk then use an app to quickly discover your name and address? A startup called Clearview AI has made that possible. 

 ‘It’s Still Winter’ Selwyn @SelwynAfterDark

This is like…one of the absolute pinnacles of “you were so focused on whether you could that you never stopped to think about whether you should.” The blatant privacy issues are on the SURFACE LEVEL and somebody was still like LeT’s MaKe A sTaRtUp1042:47 AM – Jan 21, 2020Twitter Ads info and privacySee  ‘It’s Still Winter’ Selwyn ‘s other Tweets

Posted in Uncategorized | Leave a comment

Cousin took a DNA test? Courts could use it to argue you are more likely to commit crimes

Cousin took a DNA test? Courts could use it to argue you are more likely to commit crimes

DNA from relatives could be used in sentencing offenders. MR Yanukit / Shutterstock

Allan McCay, University of Sydney and Christopher Lean, University of Sydney

How similar do you think you are to your second cousin? Or your estranged great aunt?

Would you like to have people assess your behaviour from what your great aunt has done? How would you feel if courts used data gained from them to decide how you are likely to behave in the future?

Scientists are making connections between a person’s DNA and their tendencies for certain kinds of behaviour. At the same time, commercial DNA databases are becoming more common and police are gaining access to them.

When these trends combine, genetic data inferred about offenders from their relatives might one day be used by courts to determine sentences. In the future, the data from your great aunt could be used by a court to determine how severely you are punished for a crime.

DNA databases can be used to identify relatives of criminals

A Florida judge recently approved a warrant to search a genetic genealogy database, GED Match. This American company has approximately 1.3 million users who have uploaded their personal genetic data, with the assumption of privacy, in the hope of discovering their family tree.

The court directly overruled these users’ request for privacy and now the company is obliged to hand over the data.

Read more: If you’ve given your DNA to a DNA database, US police may now have access to it

Police can search through the genetic database to identify people who are likely to be relatives of a person who left DNA at a crime scene. Then, by creating a family tree, police may be able to work out the probable identity of the criminal they are looking for.

This is how the infamous Golden State Killer was identified, many years after his serial killings.

Genealogy databases and sentencing

So far, prosecutors have used DNA evidence to persuade courts that a defendant was present at the scene of a crime and is likely to have committed it. But what if they want to use DNA evidence at sentencing to show the defendant is dangerous, and thus merits a longer sentence?

Genetic information – including from relatives – can be used not just to identify who you are, but to work out your likely behavioural and psychological features. The science is still in its infancy, but many traits are influenced by one’s DNA, including aggression.

This DNA information may well be used in the criminal justice system, in order to predict how a person may behave in the future.

Read more: DNA database sold to help law-enforcement crack cold cases

Let’s assume the prosecution wants to show an offender is dangerous. Some research has suggested males with a low-activity monoamine oxidase A gene (MAOA), who experienced maltreatment when young, are significantly more likely to be impulsive and aggressive than the general population.

So if genetic data inferred from an offender’s relatives in a database suggests they have low-activity MAOA, and there is evidence about the offender’s adverse childhood, an expert witness might argue their likely impulsivity and aggression presents an increased risk of future violence.

This might be used by the prosecution to make the case for a longer sentence. In some jurisdictions and circumstances, the prosecution may have a means of obtaining a sample of DNA directly from the offender. But where this is not legally possible without the offender’s consent, the inference from relatives might fill a gap in the prosecution’s case about how dangerous the offender is.

In short, the prosecution may be able to discover previously private information about offenders, which could be used in creative and concerning ways to argue for more severe punishment.

Reasons to be concerned

The stumble towards using this technology is unsettling on several fronts. It seems to provide luck with a disconcerting role in punishment. Should the way our carers treated us when we were young, and the genetic constitution of relatives (perhaps even those who we have never met), really have a significant role in how we are evaluated and sentenced?

A second issue is privacy. When you contribute your DNA to a genetic genealogy database, are you happy with the thought that your contribution might be used in criminal proceedings against a relative to argue for an extra year to be added to their sentence?

Once the DNA data is submitted, courts, governments, and businesses for generations to come will be able to infer the genetic constitution of your relatives.

Companies that collect genetic data, 23andMe and, make a profit through selling it to researchers and other companies. The monetisation of this data is already under way, with 23andMe last week announcing they are licensing a drug created using their databases.

Since the Cambridge Analytica scandal there is good reason to worry about the dangers of businesses like these, which collect highly detailed information about the public in order to sell it for a profit.

Next time your family gathers together, you might want to discuss some of these issues. Who do you want to have your genetic data for generations to come? And how do you want it to be used?

Allan McCay, Law Teacher, University of Sydney and Christopher Lean, Postdoctoral research associate, University of Sydney

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Posted in Uncategorized | Leave a comment

Beware of bushfire scams: how fraudsters take advantage of those in need

Beware of bushfire scams: how fraudsters take advantage of those in need

Australians were also cheated out of A$400,000 last year in charity scams. Dean Lewins/AAP

Cassandra Cross, Queensland University of Technology

There’s been an overwhelming outpouring of love and support around the world for those impacted by the bushfires, from social-media donation drives to music concerts to authors auctioning off their books.

Sadly, but unsurprisingly, we’ve also seen a number of scams directed at those who want to help, as well as victims of the fires.

In recent days, the ACCC set up a hotline dedicated to the reporting of scams associated with the bushfire crisis. The agency notes some 86 scams have been reported since the fires started in September – and counting.

While it’s difficult to believe offenders would seek to profit from other people’s generosity and heartache, this is entirely to be expected.

What types of scams are common

Research has found natural disasters are a catalyst for increased fraud schemes globally. This was the case after Hurricane Katrina in 2005, the 2011 Japanese tsunami and the 2010 earthquake in Haiti, just to name a few.

Read more: How to donate to Australian bushfire relief: give money, watch for scams and think long term

In Australia, the current bushfire crisis has led to the creation of fake fund-raising websites, fraudulent door-knocking donation campaigns and fake calls from banks offering disaster relief funds.

In addition to the ACCC, several other consumer affairs agencies have issued warnings about these schemes.

The ongoing problem of fraud

In 2018, Australians lost over A$489.7 million to fraud. While a large part of this was through investment and romance fraud schemes ($146.5 million), Australians were also cheated out of A$210,000 in charity frauds. This increased to over A$400,000 in 2019.

The key element to fraud is lying for financial gain. Offenders will use whatever means possible to manipulate and deceive people into giving them money. This can involve obtaining money directly from a person, or by convincing victims to provide personal information to get cash through identity theft.

In charity frauds, offenders sometimes use the legitimate name of an organisation or individual to secure donations from victims, or they might use the pretext of a natural disaster or other negative event to obtain cash.

Harnessing the goodwill of strangers

Fraudsters use natural disasters in a variety of ways. They take advantage of our sense of sympathy and desire to help victims struggling through terrible events unfolding before our eyes. They also convey a sense of urgency aimed at convincing people to immediately part with their cash.

Importantly, offenders also exploit the fact people are highly motivated during times of disaster to donate money they ordinarily would not consider giving.

Read more: It’s not about money: we asked catfish why they trick people online

Social media enables offenders to readily advertise their fraudulent schemes. With online fraud, it is often difficult for victims to authenticate email accounts, websites, individuals or organisations soliciting money. Offenders often create fake documentation to support their schemes, as well.

Social media can also be used by fraudsters in disinformation campaigns. As these posts are shared across platforms such as Facebook and Twitter, offenders can generate traction for their “charity” pitch before it is identified as fraud. By this stage, it can be too late.

Victims vulnerable in disaster recovery, too

It’s important to note the risk of fraud is not limited to the time of the actual disaster, or the immediate aftermath.

Many of those who have experienced loss or damage in the bushfires, for instance, face a long road to recovery and could be susceptible to scams at any time.

Research indicates negative life events can make a person more vulnerable to fraud. Those affected by the bushfires may find themselves the victims of fraudulent investment opportunities, romantic relationships and other schemes claiming to help them get their lives back on track.

For example, offenders may offer to assist with the negotiation of mortgage repayments with banks, obviously for a fee (large or small).

Protecting ourselves against fraud

There are steps people can take to protect themselves from scams as the bushfire crisis is unfolding – and into the future.

In the short term, it’s important to think about how we donate financially to those in need. There are many appeals that have been set up by registered charities and organisations (such as the Red Cross, the CFA, and the RFS). These are the safest ways to send money. Remember requests through social media channels and other platforms may not be genuine.

Importantly, the internet is not the only way offenders operate. Fraudsters still use the telephone and even face-to-face communication to collect money.

Read more: From catfish to romance fraud, how to avoid getting caught in any online scam

Only call organisations you have researched to donate money and always ask for identification from those door-knocking for donations. If in doubt, don’t feel pressured to say yes and simply hang up or walk away.

In the longer term, we also need to be aware fraudsters take advantage of people when they are isolated, so it’s important to rally around family members, friends and others who are facing significant losses and feeling alone.

We need to better understand how fraud works and acknowledge anyone can be targeted. We also need to be able to talk about our vulnerabilities more openly in our homes and communities.

Fraud is an ongoing challenge globally. The current Australian bushfire crisis is simply the latest way for fraudsters to target our generosity and cause additional grief.

Cassandra Cross, Senior Research Fellow, Faculty of Law, Cybersecurity Cooperative Research Centre, Queensland University of Technology

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Posted in Uncategorized | Leave a comment