University of Wisconsin-La Crosse student Adam Bauer has nearly 400 friends on Facebook. He got an offer for a new one about a month ago. “She was a good-looking girl. I usually don’t accept friends I don’t know, but I randomly accepted this one for some reason,” the 19-year-old said.
He thinks that led to his invitation to come down to the La Crosse police station, where an officer laid out photos from Facebook of Bauer holding a beer — and then ticketed him for underage drinking.
For some reason? I bet the police know the reason. Great example of how the police make use of social engineering methods.
The article does not explain whether the police acted on suspicion or if they had any particular reason to launch a probe into Facebook accounts of minors. Perhaps some would argue that establishing a “friendship” is all that is needed to authorize a search for incriminating evidence, like inviting a plain-clothes officer into your home.
Reuters reports that 147 AK-47 rifles have been seized in Texas.
Acting on a tip, police in the border city of Laredo stopped a truck on Saturday and found the AK-47 rifles, along with more than 200 high-capacity magazines, bayonets and 10,000 rounds of ammunition, Laredo police told reporters.
This news item brings to mind the speech by President Calderon of Mexico last May to the US Congress. He said 75,000 weapons had been seized since 2007 and 80% of them were traced to the US. He was making an appeal to reconsider the Federal Assault Weapons Ban (AWB) enacted in 1994 by President Clinton (under the Violent Crime Control and Law Enforcement Act) and allowed to expire in 2004, during the Bush presidency.
Although the US Congress has debated several versions of a new AWB since 2004, none have passed. President Obama has hinted that he now wants the US to support CIFTA (Inter-American Convention Against the Illicit Manufacturing of and Trafficking in Firearms, Ammunition, Explosives and other Related Items) more than another AWB. The news of this raid will surely help that effort.
The Social Engineering Toolkit (SET) has been updated to perform “TabNabbing” attacks.
As Mozilla Firefox creative lead Aza Raskin describes it, the attack is as elegant as it is simple: A user has multiple tabs open, and surfs to a site that uses special javacript code to silently alter the contents of a tabbed page along with the information displayed on the tab itself, so that when the user switches back to that tab it appears to be the login page for a site the user normally visits.
An attacker now just needs a copy of SET to automate the entire process — replicate a website and then get a victim to access the decoy by manipulation of browser tabs.
This video shows a successful attack using Google mail as the decoy.