The Police Oracle paints a positive picture of a man who is a banker by day and do-good vigilante by night.

“All day I look at numbers and percentages and work out how to make people richer.

“It’s not a popular occupation but I like to think I make up for this by going out at night and trying to do something to help everybody.”

His night-time antics see him breaking up fights, stopping would-be burglars and feeding homeless people.

He says he and three other superheroes — who remain anonymous — sometimes team up and target other cities together.

To keep attention off them they hide their costumes under dark overcoats and burst out when help beckons.

They have even helped Police Community Support Officers (PCSOs) to capture a drug dealer.

The Statesman added: “We were patrolling London together at 3am one night and heard a commotion.

“We saw a huge guy running across Trafalgar Square away from two PCSOs.

“They were shouting at him but he wasn’t going to stop so we threw off our overcoats and chased him. We caught up with him and pinned him down until the officers arrived.

“They told us he had jumped bail and they had seen him throwing away packets of drugs as he ran from them.

“That was the first time what I do really felt justified. The police wagon turned up and took him away and it felt good. The PCSO’s thought it was great. They loved it.”

This reminds me of a situation I saw a couple weeks ago in San Francisco on the corner of Polk and California. Two men who were loitering on the sidewalk sprung to action and ran towards a white VW at a stop light. At the exact same time an unmarked family Van turned on flashing red/blue lights under its hood and raced across the intersection and pinned the VW from the front; another car was already behind it so it could not reverse. An unmarked sedan also turned on red and blue lights hidden under the hood and raced from the opposite direction to pin the VW against the curb a pole.

About four or five men in plain clothes, including the two running pedestrians, pulled badges on neck chains out of their shirts as they ran forward, grabbed the driver out of the VW, put him in cuffs, and moved him to the back seat of the sedan. One of the men then drove away in the VW as the van and sedan left in the opposite direction. I noticed the front passenger seat of the van had a woman who did not get out.

Were they police? Domestic police? Do I trust the badge and lights alone?

The modern concept of a police force was invented in 1829 by Sir Robert “Bobby” Peel, 2nd Baronet of Britain for the city of London. He said at the time “the police are the public, and the public are the police.” I find it interesting that the man in the above story has chosen what was once considered the most risky option for fighting crime — putting himself directly in harms way — instead of using a collective force. It must serve as a personal reward for him to operate hands-on with crime as a street vigilante, but it also begs a look at the original intent of Peel.

The man instead could redirect his banking success to the collective police force through donations of time or money, or join the police force as an undercover officer who could be easily authenticated by police. He works during the day trying to make people richer but it sounds like he finds it more satisfying at work on the street to prevent people from becoming poorer.

The problem I see is with his approach is authentication, not to mention authorization. If he gets into trouble with a criminal before police are on the scene how can they know who to arrest and charge and who to pat on the back? His mask, belt and “hero” suit are probably meant to help, but they provide extremely weak identification compared to registering with police before an incident (eye contact, wave of the hand, paperwork at the station, etc.) and if he registers with them then…does he become one of them?

The Computer and Communications Industry Association (CCIA), which represents many of the largest technology companies, has posted a scathing retort to the White House:

The White House’s IP czar Victoria Espinel is calling on Congress to further expand and toughen U.S. intellectual property law, which is already among the most sweeping and strictest in the world.

[…]

The legitimate desire to address some serious counterfeiting abuses – such as medications or industrial components used in defense products – has been hijacked to create draconian proposals to alleviate the content industry of the burden of protecting its own interest using its own extensive resources. The government’s role in protecting the public’s right to safe medicine and component parts should not be allowed to morph into supplanting the responsibility of private companies to use existing legal remedies to remove possibly infringing content online and bring legal action against those involved.

“The government has shown how its zeal leads to carelessness in its unprecedented efforts to widely seize domain names for IP enforcement, which ICE undertook this year. Sites were wrongfully shut down based on allegations the user was engaged in criminal conduct deemed lawful by their courts. We are concerned the same low threshold will be used in making decisions to spy on U.S. citizens.

“Some in Congress and the White House have apparently decided that no price is too high to pay to kowtow to Big Content’s every desire, including curtailing civil liberties by expanding wiretapping of electronic communications. Even the controversial USA PATRIOT Act exists because of extraordinary national security circumstances involving an attack on our country. Does Hollywood deserve its own PATRIOT Act?

[…]

“This is the latest indication of the extent to which the content industry has infiltrated this administration and managed to turn the Administration’s IP agenda into a policy which protects old business models at the expense of consumers, citizens’ rights and our most innovative job creating industries.”

Wham. Blam. Zowie.

Espinel’s post was created by the Prioritizing Resources and Organization of Intellectual Property (Pro-IP) Act of 2008 signed into law by President Bush.

The legislation was vigorously opposed by the Department of Justice, find their position here courtesy of the EFF. The main objection is that the DOJ will now have the power to bring civil actions and is forced to turn the proceeds over to private industry, essentially making what is now a private system of enforcing copyright and trademark laws a government function. The DOJ also felt that appointment of an IP Czar with the duties described in the legislation would violate the principle of separation of powers between the Executive and Legislative branches of government.

The Justice Department mandate was removed to ease their objections. The IP Czar post remained and Espinel was appointed in 2009; the CCIA is clearly not impressed with her direction.

I can’t say I’m impressed either. Hard to believe she studied at the LSE — first they are caught red handed on Libya, now this? I would caution the White House not only on grounds of questionable justification (who really believes IP alone has the same risk calculation as terrorism or assassination?) but on the fact that broadening the wiretap for vague commercial interests will seriously weaken national security.

Interesting paper from IsecLab (Institute Eurécom, University of California Santa Barbara, Ruhr University Bochum, Northeastern University): “The Underground Economy of Spam: A Botmaster’s Perspective of Coordinating Large-Scale Spam Campaigns”.

Based on the value of the products and services that we previously described, we can estimate on a high level the cost of operating Cutwail’s spam campaigns, and approximate the transaction volume related to such an operation. As we discussed in Section 3, there were an average of 121,336 unique IPs online per day. Thus, the Cutwail operators may have paid between $1,500 and $15,000 on a recurring basis to grow and maintain their botnet (assuming they did not develop their own loads system). If we estimate the value of the largest email address list (containing over 1,596,093,833 unique records) from advertised prices, it is worth approximately $10,000–$20,000. Finally, we estimate the Cutwail gang’s profit for providing spam services at roughly $1.7 million to $4.2 million since June 2009 (contingent on whether bulk discounts were provided to customers).

Unfortunately this Infographic called “How to Spot a Liar” would not be very useful in online scams like 419 Fraud. The references hint that technology may have been left out of focus; do people really lie more often on the telephone than with email or IM?

Spoiler alert, this is their list:

1. Listen to how they say what they say
2. Watch their body language
3. Detect irregular emotional patterns
4. Recognize awkward interactions
5. Study subtle facial expressions
6. Understand eye movements

First, although this Infographic says it will help you spot a liar, the list is nearly impossible to use with online fraud as I pointed out above. That seems to me a strange oversight. That is why I titled this post how to detect fraud in-person. It still seems useful that regard.

Second, however, it appears to fail to bridge cultural differences, the very foundation of 419 fraud — attackers can use differences to exploit victims through social engineering. If you expect an African to have funny body language because you don’t know much about Africa or Africans, then you will be unable to use their #2 recommendation. In fact, you might be more likely to be a victim because you think #2 is a good test but you also think you have to disable it because you are more convinced that Africans have funny body language.

Third, the list gives examples from a baseline that may not fit your situation. It comes from a particular view which may not be suited to every environment. It suggests to watch for people who repeat what you say, for example. Yet I have found this to be common in some rural communities. As an outsider from the city I may find it unusual but I am not about to suggest that rural inhabitants should be trusted less because they behave differently from me. I see a tendency in the Infographic to assume that time in a zone is the same thing as time.

Overall it’s a good presentation on specific fraud vectors and specific detection methods. It would be easy to add the the above points to the Infographic and make it more flexible, as we have described in our paper and presentations.

Attacks by scammers appear to make sophisticated use of language ideology to abuse trust relationships. Language that indexes Africans allows perceived ‘authenticity’ to be constructed in a way that breaks down a victims’ defenses — a variety of linguistic devices are used as attack tools.

In the meantime it serves as a good illustration of how a fraud detection system could backfire or fail a simple change of environment.