Escaped prisoner taunts police on Facebook

An escaped prisoner, Craig Lynch, has set up a Facebook page and is using it to taunt police by posting messages about his whereabouts.

Craig "Lazie" Lynch vanished from Hollesley Bay Prison in Suffolk in September this year close to the end of a seven-year sentence for aggravated burglary.

Instead of hiding away from police Lynch has set up a Facebook account complete with a photograph sticking his middle finger up and boasts about eating 12lb steaks and his home being so warm it feels like the Caribbean.

The burglar has become prolific Facebooker with 199 friends and has even posted when he is going round to friend's homes and attending parties and events.

In a status update via mobile phone on Monday, Lynch said: "Craig 'Lazie' Lynch just had bundles of fun on the ice in me motor. Pure a--- out action, but well controlled."

In another at the weekend he said: "Craig 'Lazie' Lynch just nearly wrote my motor off again. Ice everywhere I went round the corner and ended up halfway on someone's driveway!!"

While Lynch should be doing porridge he boasted about tucking into extravagant meals: "Craig 'Lazie' Lynch mmm I just had a 12lb venison steak. Roasted veg and chips, bangin meal."

And instead of languishing in a prison cell he taunted police by saying his home is so warm it is tropical.

He said: "That's on already if it gets any colder durin xmas we'll have to stick the sun bed on as an extra heater we did it the other night it felt like the Caribbean in the bedroom ha ha."

The 28-year-old, who has links to Edgware and north east London, escaped from the open prison on September 23 and has not been seen since although, according to his Facebook page, police could find him at a New Year's Eve party in Lowestoft or another event in Norwich in February.

In a section with information about him Lynch states: "Life is what you make it, live fast, die young!!!" The criminal is also thought to have posted messages on local newspaper websites asking if there is a reward for his recapture.

John Gummer, MP for Suffolk Coastal, criticised the Government for using the open prison as a dumping ground.

He added: "I think it's very dangerous to assume the police could easily locate someone through a social networking site. We all know that one of the problems of a virtual world is that people can be very difficult to track down in the real world.

"However once again it does show that Hollesley Bay is being used for detaining people who should not be in an open prison because of a shortness of prison places that the Government seems unwilling to admit."

A Prison Service spokesman said the search for Lynch is a police matter and added that only prisoners who are assessed to be a low risk to the public are given places in an open prison. He added that 96 per cent of prisoners who escape are recaptured.

The Metropolitan Police refused to comment about Lynch's Facebook account but a spokeswoman for Suffolk Constabulary said routine checks are carried out on addresses he is linked to and his details have been circulated on the Police National Computer.

She added: "Because he has no links to Suffolk, other than the fact that he was in prison here, then these checks may be carried out by colleagues in other parts of the country."

Anyone with information about Lynch's whereabouts can contact Suffolk Police on 01473 613500.

found on http://www.telegraph.co.uk/

Kid uses facebook to blackmail classmates into sex.

From a purely depraved perspective, Anthony R. Stancl's plot was simple and effective. He went on Facebook posing as a girl named "Kayla," then chatted up his male classmates at Eisenhower High School in New Berlin, Wisconsin. The fictitious "Kayla" had a way with the boys, convincing 31 to send Stancl pictures of themselves naked...

​But that's when "Kayla" would turn on her Facebook lovers. Once they sent the photos, she would threaten to send them to the rest of the school unless they had sex with fellow student Anthony R. Stancl.

It didn't work on all 31, but police believe at least seven boys fell for the ruse. They would meet for sex with Stancl in the high school bathroom, the school parking lot, the men's room at the public library, and various parks around town. The victims ranged in age from 13-19.

The scam might have continued if Stancl hadn't overplayed his cards. One 15-year-old boy repeatedly had sex with Stancl to avoid having his naked photos sent around the school. Stancl would then photograph the encounters to add to his leverage.

Then Stancl tried to push the envelope, asking for naked pictures of the boy's brother. The kid didn't want his brother involved, so he told his parents, who in turn called the cops. When detectives grabbed Stancl's computer, they found it loaded with evidence, containing more than 300 nude photos of classmates at Eisenhower High School.

Stancl originally faced 12 felonies that could have landed him nearly 300 years in prison. But yesterday, he pleaded no contest to lesser charges of sexual assault and repeated sexual assault of a minor. The 19-year-old still faces up to 50 years in the slam.

Detectives say the victims were more than happy with the plea, since it kept them from having to out themselves in court.

"I've never had a case where the victims and their families were more apprehensive about testifying," Waukesha County district attorney Brad Schimel told the Associated Press. "From the victims' perspective, they're relieved we're doing this."

By Pete Kotz

Hackers Brew Self-Destruct Code to Counter Police Forensics

Hackers have released an application designed to thwart a Microsoft-packaged forensic toolkit used by law enforcement agencies to examine a suspect’s hard drive during a raid.

The hacker tool, dubbed DECAF, is designed to counteract the Computer Online Forensic Evidence Extractor, aka COFEE. The latter is a suite of 150 bundled, off-the-shelf forensic tools that run from a script. Microsoft combined the programs into a portable tool that can be used by law enforcement agents in the field before they bring a computer back to their forensic lab. The script runs on a USB stick that agents plug into the machine.

The tools scan files and gather information about activities performed on the machine, such as where the user surfed on the internet or what files were downloaded.

Someone submitted the COFEE suite to the whistleblower site Cryptome last month, prompting Microsoft lawyers to issue a take-down notice to the site. The tool was also being distributed through the Bit Torrent file sharing network.

This week two unnamed hackers released DECAF, an application that monitors a computer for any signs that COFEE is operating on the machine.
According to the Register, the program deletes temporary files or processes associated with COFEE, erases all COFEE logs, disables USB drives, and contaminates or spoofs a variety of MAC addresses to muddy forensic tracks.

The hackers say that later releases of the program will allow computer owners to remotely lock down their machine once they detect that it has fallen into law enforcement hands. The hackers, however, have not released source code for the program, which would make it easy for anyone to see if the program contains malware that might also harm a computer or allow the attackers to take control of it.

By Kim Zetter

H1N1 malware epidemic is more contagious than real deal

Malware authors are impersonating the CDC in a new scheme to propagate a trojan horse. Fraudulent e-mails sent by a botnet claim that the recipient must register for a fake state vaccination program but really link to a malware-infested phishing website.

The Center for Disease Control (CDC) issued a statement this week to warn citizens about a recent wave of phishing e-mails that deceptively claim to be from the government organization. The e-mails refer to a state vaccination program and tell recipients that they have to create a personal H1N1 vaccination profile.

No such vaccination program exists. A link in the e-mail directs users to a fraudulent website that attempts to infect their computer with malware. Specifically, the fake H1N1 messages are being used to propagate ZBot (also known as Zeus), a trojan horse that powers one of the most active botnets. The program serves as a spam relay and also surreptitiously collects private data about the user to funnel back to the botnet operator.

E-mail security company AppRiver detected the malware campaign earlier this week when it seemingly exploded in volume. The company's researchers wrote about it in a blog entry.

"We are seeing these messages at the extremely high rate of nearly 18,000 messages per minute netting over 1 million of these messages in the first hour alone," they wrote. "It is now officially flu season and considering the recent concerns over the H1N1 vaccine, I expect this to be a highly effective campaign against those who are not protected from this cyber-threat."

Security company Sunbelt Software, which publishes monthly reports on the prevalence of malware threats, says that ZBot held the top spot for seven months but declined sharply last month. Its November report, which was published today, lists ZBot as the second most prevalent malware threat and says that it represents 6 percent of all malware infections. The new H1N1 phishing scheme could potentially give it a boost.

ZBot's authors have used similar tactics in the past. A report at the CA Security Advisor Research Blog describes how previous iterations of have used fake e-mails claiming to come from the IRS, FDIC, and Microsoft. The websites linked in the e-mails attempt to get users to download the malware. They also have embedded iframes with PDF or Flash content that attempts to take advantage of security vulnerabilities in Adobe's software. Although Adobe has patched known vulnerabilities, users who have not updated to the latest versions are at risk.

Malware propagation is largely an exercise in social engineering. These fraudulent e-mails expand the botnet pool by preying on the ignorance and fear of recipients.

By Ryan Paul

Viagra spam gang fined $15.2m in US court

A US district court has ordered the largest "spam gang" in the world to pay nearly $15.2 million (£9.4 million) for sending unsolicited email messages marketing male-enhancement pills, prescription drugs and weight-loss supplements, the US Federal Trade Commission said Monday.

Spamhaus, the antispam organisation, called the email marketing network the "No. 1 worst spam gang" on the Internet for much of 2007 and 2008.

Australian resident Lance Atkinson, the spam ring's leader, has paid more than $80,000 to New Zealand authorities after confirming his involvement in the spam network, and accomplice Jody Smith, a US resident, has agreed to an order that he turn over nearly all his assets to the FTC, the agency said.

In October 2008, a judge in the US District Court for the Northern District of Illinois, Eastern Division, ordered an asset freeze and a halt to the network's operation, which generated more than 3 million complaints to law enforcement authorities, the FTC said.

Earlier this month, the court issued a default judgment against Atkinson, his company, and three companies affiliated with Smith. In addition to the $15.2 million that Atkinson and his company have been ordered to pay, the three companies affiliated with Smith are liable for nearly $3.8 million.

Atkinson and Smith recruited spammers from around the world, according to the FTC’s complaint, filed last year. Those spammers sent billions of e-mail messages directing consumers to websites operated by an affiliate program called Affking, according to the complaint. The spammers used false header information to hide the origin of the messages and failed to provide an opt-out link or list a physical postal address, violations of the US CAN-SPAM Act, the FTC said.

The spam network, using the Canadian Healthcare brand name and other labels, marketed a male-enhancement pill, prescription drugs and a weight-loss pill, the FTC said. The e-mail messages falsely claimed that the medications came from a US-licensed pharmacy that dispenses US Federal Food and Drug Administration-approved generic drugs.

The defendants did not operate a pharmacy licensed in the US, the FTC said. The drugs they sold were shipped from India and had not been approved by the FDA, the agency.

The FTC alleged that Atkinson and Smith made false claims about the security of consumers’ credit card information and other personal data consumers provided when they bought goods. The defendants’ Web site assured potential consumers that the pharmacy "treats your personal information (including credit card data) with the highest level of security.”

The website went on to describe its encryption process, which supposedly involved “Secure Socket Layer (SSL) technology.” However, there was no indication that consumers’ information was encrypted using SSL technology.

To settle FTC charges that he helped send spam e-mails to millions of consumers, Smith will turn over nearly all his assets. Under the terms of the settlement, Smith will pay approximately $212,000. He also will assign any rights he has to $91,000 frozen in the name of one of his co-defendants, and $547,000 that may be held for his benefit in an Israeli bank.

Smith pled guilty in August to the criminal charge of conspiracy to traffic counterfeit goods, and faces up to five years in prison. He is scheduled to be sentenced in December in US District Court for the Eastern District of Missouri.

By Grant Gross
http://news.techworld.com