According to one police chief, yes.

District of Columbia police chief Cathy Lanier says that carriers benefit from phone theft, going so far as to insinuate that they are somehow complicit in the underground economy of stolen mobile devices.

“The carriers are not innocent in this whole game,” Lanier told the NY Times. “They are making profit off this.”

Our own reporter, Christina Farr, was recently robbed of her iPhone 5 at knife-point in downtown San Francisco. Police who took her statement were “nonchalant,” simply having far too much experience with similar crimes. San Francisco and New York Police have launched special initiatives and teams to curb mobile crime in response to the influx of thefts.

But what about carriers?

The contention seems to be that carriers should be doing more to identify stolen phones as they enter the underground resale market, often on auction sites like eBay, and are activated by new owners. Carriers have established a national stolen phone database that works by tracking stolen phones’ IMEI numbers, a International Mobile Station Equipment Identity that identifies a mobile device independently of the owner and can be used to block network access to a device that has been reported stolen.

One problem, however, is that full integration is not scheduled to take place until November. Australia, for example, had similar technology in place country-wide a full decade ago, in 2003. In addition, many Verizon and Sprint devices don’t yet have IMEI numbers.

Carriers say that the full database will help prevent crime, that they do care about cell phone theft, and that it is not just an excuse to sell another phone or register another subscriber.

Image credit: Dave Hosford/Flickr

Sept. 9 - 10, 2013
San Francisco, CA

Early Bird Tickets on Sale

The hottest enterprise startups will take investment from In-Q-Tel, regardless of whether or not they need the cash.

Today, a well-funded enterprise company called Apigee revealed it has taken a highly-strategic investment from the firm. But the details of the deal have deliberately been kept under wraps. It’s a similar story to Huddle, the cloud collaboration startup that had just closed a sizable funding round when In-Q-Tel offered to invest. For the founders and board of directors, it was a no brainer to take the additional check.

Why is In-Q-Tel treated with such reverence by business software providers? It is the investment arm of the CIA and specializes in funding technology that is secure enough for government agencies. It was founded during the dotcom boom when the agency was drowning in data that it needed a secure technology to manage.

Huddle’s exec team took “purely strategic” investment from In-Q-Tel.

“In-Q-Tel is a great stamp of approval on any company, and opens up a huge market,” said Alistair Mitchell, Huddle’s CEO, in an interview. As a direct result of the In-Q-Tel investment, Huddle gained two large customers: the Department of Homeland Security and the National Geospatial-Intelligence Agency.

It’s an ego boost to get a phone call from In-Q-Tel, but more importantly, it’s a direct path to major government customers. In-Q-Tel has had its hands in virtually every enterprise success story, and has invested in a lot of the technology we use in our daily lives.

“Much of the touch-screen technology used now in iPads and other things came out of various companies that In-Q-Tel identified,” said Jeffrey Smith, the former general counsel of the CIA, in a rare interview with NPR. Google Maps is another example of In-Q-Tel-backed tech.

Don’t miss the shortlist of In-Q-Tel’s portfolio investments in the gallery below.

Government customers are also a strong indicator of a company’s commitment to security. According to Mitchell, Huddle won new clients in the health and financial sectors, who viewed the In-Q-Tel investment as proof the product was sufficiently “vetted and accepted by the best.”

In-Q-Tel has invested in cool tech, like this pen that can expedite data entry.

When pressed, Apigee wouldn’t reveal much about its relationship with In-Q-Tel, or the amount of funding it received. The company’s head of marketing Dave Jordan said little more in an interview than they were “thrilled” about the investment and “looked forward to expanding our relationship with In-Q-Tel and its government partners.”

Jordan and the Apigee team view this investment as a sign that it’s core product, an API management platform, will become more of a priority in Washington D.C. Developers can use the platform to build applications that will prove useful to the various government agencies.

Curious about In-Q-Tel’s current portfolio? Here are some of the firm’s most cutting edge investments.

Top image via Adapx

If you decide to steal someone’s smart TV or smartphone, you’d think disconnecting all the accounts on it would be a smart first thing to do. Well, an alleged thief in Raleigh, N.C. wasn’t that bright and let a Netflix account lead police to his doorstep.

A Raleigh detective had already been investigating a string of car break-ins and many items that had been taken from those vehicles. But the case really heated up when a man whose smart TV had been stolen on Jan. 22 notified the police after his connected Netflix account was used by another person. Many smart TVs let you login to services like Netflix or Hulu Plus to easily watch content from the web.

The police showed up to the house of the man who unwittingly used the Netflix account. That person said he had purchased the stolen TV from someone else, and started naming people associated with the purchase. This led the police to eventually arrest 36-year-old Tchannen Hall, search his house, and charge him with three drug offenses and for stealing goods.

Hall’s house contained several TVs, eight GPS units, 34 watches, 17 power tools, and other items from assorted robberies.

Who knew a Netflix account could be so dangerous?

Via the Raleigh News & Observer

Illustration by Tom Cheredar/VentureBeat

Nextdoor, a private social network for neighborhoods, has secured $21.6 million in new funding from Greylock Partners. This round closely follows the $18.6 million Nextdoor raised in 2012, meaning it has raised over $40 million to protect homes in less time than it takes to build one.

In addition to the funding, the company announced its 2.0 version and revealed some impressive numbers surrounding its growth.

When VentureBeat spoke with founder and CEO Nirav Tolia in July, Next Door had 3,600 communities on the platform. Today, Nextdoor is active in 8075 neighborhoods in all 50 states and launches in 40 new neighborhoods a day. Tolia connects the rapid adoption to technological and cultural shifts happening across America.

“There are trends enabled by the intersection of social media and local content,” he said in an interview. “People want to come together to create safer neighborhoods, whether it is to track down a lost dog or warn neighbors against suspicious activity. We are helping neighbors help themselves when it comes to crime and safety.”

Nextdoor is an online place for real-world neighbors to connect. People use the site for anything from discussing crime concerns to asking for babysitter recommendations. The overarching goal is to bring communities together. Tolia cited reports from the Pew Data Institute and Harvard Professor Robert Putnam which found that 30% of Americans do not know their neighbors by name, and yet the strength of a community is linked to the overall wellbeing of its inhabitants.

“Unfortunately, in America we have lost touch with our neighborhoods,” Tolia said. “Everyone lives in a neighborhood and wants it to be stronger. Safety is a universal concern.”

The updated platform focuses on crime and safety. Based on user feedback, Nextdoor funneled more resources into security tools such as urgent alerts pushed to mobile devices and integrations with police and fire departments. These features help form virtual neighborhood watches, where residents can collectively keep watch, communicate, and mobilize when necessary.

Another new feature is the ability to connect with nearby neighborhoods. Privacy was, and continues to be, a foundational principal of the network. People won’t post personal information or trust the site unless they believe it is protected. Membership to a Nextdoor neighborhood is only allowed after establishing proof of residence, and members only have access to their specific community. However, certain scenarios call for broader communication. For example, as a resident of the Mission, a string of robberies in Potrero Hill affects me. The redesign allows for expanded sharing in cases like these.

Even though 8,000 communities is an impressive accomplishment, Nextdoor won’t stop until it has a deep presence in neighborhoods around the world. Most of this hefty investment will expand the platforms and create dedicated mobile apps on iOS and Android. It will also fuel international expansion.

Greylock Partners is the lead investor of this round, contributing $15 million of the $21.6 million. Managing director of Greylock David Sze will join the board, and Tolia said this is the largest investment Sze has made in his 13 year career. Benchmark, which led the first round, is contributing along with fellow existing investors DAG Ventures, Shasta Ventures, Allen & Company and Pinnacle Venture. New investors Bezos Expeditions and Google Ventures joined this round as well. Nextdoor is based in San Francisco.

This is a guest post by Stephen Ebbett

If you have a new iPhone 5, Android smartphone or other mobile device, watch out — you may be targeted by electronic device thieves. It’s a growing problem: The FCC reports that 30 to 40 percent of robberies in several major U.S. cities now involve mobile phones, and the spike in thefts of Apple products like the iPhone and iPad has inspired a new nickname for the crime: “Apple picking.”

Related: Our reporter was mugged in San Francisco. Read her safety tips here.

There’s a growing black market for stolen mobile devices, with crooks following supply and demand trends just as legitimate merchants do. But there are ways to safeguard your investment in mobile devices like the iPhone 5 — and protect the vital personal data stored on your smartphone.

Here are five tips to help you prevent thefts and beat mobile device thieves at their own game:

1. Don’t leave your smartphone unattended: No one would leave $700 on the table while going to the coffee shop counter to pick up an order, but people leave their shiny new mobile devices unattended all the time, providing a golden opportunity for thieves. Don’t make that mistake.

2. Install a tracking app: Both Android and Apple smartphones offer free tracking apps you can install to help you recover your device if someone steals it. The apps allow you to log onto another device like a laptop or tablet and track your missing device’s current location.

3. Be aware of your surroundings: Treat your iPhone 5 or other smartphone like you would a wallet – chances are it is more valuable than the contents of your billfold! Avoid handling it in unsafe areas, and keep both hands on the device to thwart thieves when you do have to display it in public.

4. Make sure you set a passcode: You probably have a lot of personal data on your smartphone – including private messages, contact information and even mobile banking data. This can be a bonanza for thieves, but you can stop them in their tracks with a simple passcode.

5. Ask your carrier for help: If your smartphone goes missing and you are unable to track it through a GPS app, your wireless carrier may be able to help. Contact customer service immediately and ask them to help you recover your phone and protect your personal data.

As long as there’s a black market for stolen smartphones, thieves will target them, so it pays to be prepared. Your new iPhone 5 or Android device is a big-ticket item, and if you are protected by a warranty only, theft may not be covered at all, and it’s likely you’ll have to pay much more out of pocket to replace your device than the original purchase price.

Stephen Ebbett is President of Protect Your Bubble, a new kind of insurance brand that understands that 21st century lives are busy and complicated and offers an online service that makes insurance simple and uncomplicated. The company offers a range of insurance products, such as iPhone 5 insurance, that has been specifically tailored to offer protection in a fast changing, modern world, so that customers are prepared if the unexpected happens, with the coverage and support they need in place and immediately available. 

Stolen cell phone image // Innershadows Photography, Shutterstock

Last night, amid New Year’s Eve revelry, armed and masked robbers looted Apple’s Paris store, taking more than one million euros’ worth of merchandise.

According to French daily Le Monde, the burglary involved four men, who overpowered and injured an Apple store janitor during the break-in.

The robbers entered the store at 9 p.m., forcing their way into a back entrance as the janitor was leaving. The store was closed but remained lit.

Store staff and the prefect of police are still taking inventory and assessing the total damages, including how much was stolen. So far, we know that display units were left untouched; the robbers spent around a half hour loading up boxes of inventory from the stockroom into a nearby truck.

Unfortunately, New Year’s Eve turned out to be the perfect time for such a crime. As Christophe Crépin, a representative of the French police, told press, “Since the essential bulk of police forces were mobilized to patrol the Champs-Elysées, the thieves clearly profited from the opportunity to make their move.”

Another high-profile Apple heist occurred just before the holidays. On November 12, a few pallets of iPad minis were stolen from a cargo building at JFK Airport in New York. The haul was worth around $1.5 million; police suspected it was an inside job and arrested a JFK worker a few days later.

Image credit: pcruciatti/Shutterstock

I must have appeared to be the safe target: In one hand, I carried an expensive-looking tote bag, and in another, a pair of strappy sandals I had planned to wear to a holiday party that evening.

Within minutes of ascending from the BART station, the small gang approached me. From the corner of my eye, I caught the glint of a small metal object. The oldest in the group, a skinny teenage boy in a wool beanie, demanded my cellphone. To his unabashed delight, I handed over a brand-new iPhone 5; satisfied, he and his pals scuttled off into the night.

In San Francisco, a city filled with commuters and tourists, iPhone owners are walking targets for thieves. According to the National Mobile Phone Crime Unit, a cellphone is involved in over half the street crime in the United States, a statistic that is likely far higher in the Bay Area. We frequently pull out our smartphones to check email, get directions, or play music, totally oblivious that we’re putting ourselves at risk for petty and violent crime. These devices are so ubiquitous, and we rely on them so much, that we often forget basic safety protocols.

I recall racing down the city streets after my muggers, screaming profanities, enraged about the loss of my most prized possession. It sounds crazy, but I half-believed that one look at my mascara-streaked face and they would understand that all my music, contacts, sensitive work information — my life – was contained on that candy-colored device.

The two cops who subsequently showed up to take my statement were nonchalant. My story is far from unique. Police estimate that cellphone theft is becoming more prevalent in the run-up to the holiday season. People are unknowingly purchasing stolen phones as gifts, and buses are brimming with easy targets, such as drunken holiday partygoers and shoppers laden with heavy bags.

The most common robberies are the “snatch and grab” kind, where cellphones are pried from the hands of commuters. In San Francisco, police launched a transit ad campaign, warning folks to “be smart with your smartphone.” Similar warnings went out in Oakland, where the police reported nearly 1,300 cell phone robberies this year alone.

“iPad and iPhone theft is the most common because there is a market for it,” said Jason Hui, an San Francisco Police Department patrolman working in one of the city’s residential districts. Given the prevalence of iPhone theft, Hui and many of his colleagues have become self-taught experts on cellphone tracking. Many smartphones are equipped with cloud-based GPS technology that helps the police track stolen devices, wipe sensitive data, and even set off an alarm.

Hui points out that there is a thriving underground market for these devices, but many stolen phones are sold on legitimate sites online. On Craigslist, perform a simple search for “iPhone 5″ and you’ll find dozens of listings for new and nearly new devices that sell at close to retail prices. My barely-used phone will likely net over $600. And for deal-seekers who purchase a phone on a site like eBay and Amazon, there’s almost no way to discern whether it’s a stolen device.

“Many of these phones [sold online] change hands multiple times,” said Hui, who explained that you’d need a search warrant to track the phone’s electronic serial number to determine its original owner. If you’re considering buying online, one user guide post on eBay advises the following: 

 Many sellers, especially those with little or no feedback, will say, “I can’t display or tell you the phone for security reasons.” That’s nonsense — you need the ESN [electronic serial number] to make sure the phone is not stolen or lost and found (which many of them are). Phones that are stolen or reported as lost have the same effect: they can’t be activated; that ESN is dead. If they (the seller) refuse to give you the ESN then don’t bid or buy.

San Francisco’s authorities view cellphone theft as a grave — but resolvable — problem. On Tuesday, the police will launch a committee hearing to discuss ways the public can protect itself. Scott Wiener, a member of the San Francisco Board of Supervisors, will lead the hearing.

Wiener revealed to SF Appeal that he was particularly concerned about a spike in thefts in residential neighborhoods during daylight hours — “very scary incidents,” he said. “I often use the analogy that you wouldn’t walk down the street carrying two, three hundred dollars withdrawn from an ATM,” SFPD police chief Greg Suhr said in a recent media interview.

Suhr stressed that the silver lining is that, with tracking technologies and the aid of the general public, the police “often get [cellphones] back.”

Feeling skeptical and somewhat cynical, I tweeted to an audience of several thousand Twitter followers, asking about lost or stolen phones that were subsequently returned. Within minutes, I received dozens of short stories about how lost phones eventually made their way home (see a snapshot of the responses, left). San Francisco resident Ashley Mayer told me she was able to retrieve a stolen phone when a random taxi driver went into “Hollywood car chase mode,” and followed her muggers through South San Francisco’s bustling streets. It’s a thrilling story — read Mayer’s blog post here.

Miracles and random acts of kindness aside, there are several ways to recover a lost or stolen smartphone, or at least limit your damages.

Ways to wipe data, track, or disable a lost or stolen phone

Apple users: Sign up with iCloud and use the “Find my iPhone feature” to search for a device as it moves through the city. If your phone is missing, do this immediately as GPS tracking will not work if the phone is switched off.

Android users: LookOut Mobile lets you remotely lock your phone from the web to keep out prying eyes. Cool features include a “scream” button designed to help you find a missing phone (and freak out robbers) and a signal flare that automatically saves its last location when the battery was low. The “wipe” capability will ensure that sensitive corporate data never sees the light of day.

Lose a company-issued phone? Zenprise, a red-hot mobile security company acquired by Citrix, works with large organizations like the Boston Red Sox to ensure its employees won’t jeopardize sensitive data. IT departments will be alerted if an employee’s phone gets hacked, and they can wipe data from any device remotely.

Pick one of the leading wireless carriers: The big four — AT&T, Verizon, Sprint, and T-Mobile — launched a database in November to track, report, and block stolen devices. They claim this will prevent stolen phones from being used on these carriers’ networks.

Safety measures

In the aftermath of my mugging, police relayed to me the following precautions:

• Keep expensive items hidden: Make sure your cellphone isn’t visible when you’re walking down the street, especially if it’s an iPhone or tablet.
• Set a passcode: This will ensure that thieves won’t be able to access your personal data or rack up charges for long-distance calls.
• Buy gadget-specific insurance: This will ensure you can avoid the headache of arguing with your insurance company. A company called Protect Your Bubble claims it can replace a stolen or lost phone within 24 hours.
• Be street smart. This piece of advice is an oldie but a goodie: Don’t walk home alone through a dangerous neighborhood!
• Let your iPhone work for you: Write down your iCloud username and password on a piece of paper and pass it on to a family-member or trusted friend. If you are abducted or go missing, this will allow them to track your device.

The only way to stop the demand for stolen smartphones is for the major carriers to render such phones as useless as an empty wallet and for the police to continue cracking down on crime. In Europe, stolen phones are blacklisted based on their 15-digit International Mobile Equipment Identity number. Read more here about phone blacklisting, and why it’s a losing proposition in the United States.

In the meantime, stay vigilant this holiday season, San Francisco.

Stolen cell phone image // Innershadows Photography, Shutterstock

We love our gadgets. Unfortunately, so do thieves.

That’s why Gazelle, a leading gadget trade-in site that has already bought more than a million phones, laptops, and tablets from consumers, is implementing CheckMEND, a service that compiles 150 billion digital records on stolen devices from carriers, police, the FBI, and more.

“Essentially, we’ll check whether a smartphone or tablet has been reported lost or stolen,” Gazelle’s Sarah Welch told me yesterday. “When we receive an item we’re checking it against the database, and if it’s been reported stolel we won’t pay the sender.”

Thieves’ problem, of course, is turning plastic, glass, metal, and electrons into cash. That’s where, too often reseller sites come along — sites where anyone can send electronics in exchange for cash. Now, however, that’s going to be harder, if not impossible.

Gazelle is the first consumer electronics trade-in site to implement CheckMEND. The system isn’t perfect — potentially stolen devices will be returned to senders, not sent to police — but it’s a good start at making crime pay less.

I asked Welch why Gazelle is doing this, and whether this wouldn’t actually hurt business.

“There will be some transactions that we’re saying no to, and it may be a small revenue hit in the short term,” she answered. “But we think this is the right thing to do. We pioneered this space and we think this should be standard … and from a longer-term brand effect it will be a positive.”

I wondered aloud what Gazelle actually does with all the phones it buys from people.

Apparently the company, which provides a free data wipe service so customers’ data isn’t compromised, sells a few of its phones via eBay, but most to wholesalers who refurb them and re-sell them domestically and abroad. In fact, chances are if you’ve ever been compensated by an insurance agency with a replacement for a lost device,  it may have come from Gazelle or another trade-in site.

The new CheckMEND service is provided by a UK-based company, Recipero, which has recently expanded to the U.S. Despite its relatively recent introduction to the market, Recipero says its already “the largest U.S. consumer electronics background report service.”

In the future, CheckMEND review may actually take place on the front end of the transaction, online or via an app, which would address the stolen-or-not issue before the device shows up at Gazelle’s offices. For now, that’s a little too complex a solution.

photo credit: West Midlands Police via photopin cc

July 9-10, 2013
San Francisco, CA

Early Bird Tickets on Sale

The San Francisco police department has announced the development of its very own crime-fighting “bat computer” to help keep officers on the streets for longer.

In the nation’s technological capital, it is striking how the city’s institutions have been hindered by 1970s-era technology. “Remember, we just got e-mail last year,” San Francisco police chief Greg Suhr joked in a press conference Monday. “We’ve left the Post-it days behind.”

Kidding aside, this news marks the beginning of a budding relationship between the SFPD and the city’s tech community. The San Francisco Citizens Initiative for Technology & Innovation, aka sf.citi, founded by Silicon Valley investor Ron Conway, is contributing $100,000 to the development of the field reporting app.

“We thought it would be very apropos for sf.citi to get involved in helping San Francisco’s police department leapfrog technology and be a national showcase for the use of technology,” said Conway in an interview with the Bay Citizen. 

The SFPD is working closely with ArcTouch, a local app development studio, to help police officers gain access to all their crime data without having to return to the station. The mobile app will allow the next generation of cadets to spend more time in the streets and less time filing out paperwork.

Previously, officers had to use a variety of low-tech methods in their reporting, including paper logs and handheld recorders. “The idea is to use mobile technologies to do a lot of this automatically and passively to capture a much richer set of information,” said Adam Fingerman, ArcTouch’s chief operations officer, in an interview with VentureBeat.

Fingerman uses the example of an officer taking a photograph to record a crime scene. The app will immediately tag the longitude and latitude of where the officer was at that exact moment.

“The overall goals are to reduce typing wherever possible by capturing information from tapping and talking,” he added. The hope is that the mobile app will reduce the time police officers need to leave the streets by 40 percent.

The app will not be in use for 3-6 months but Fingerman said he has already been contacted by municipal groups in Canada, Florida and the Peninsula to develop a similar pilot service.

A targeted and sustained cyber attack that ended up compromising hundreds of computers belonging to military personnel, aerospace engineers, activists and others has been traced back to a Chinese hacker.

The cyber criminal in question is Gu Kaiyuan, once a graduate student at a Chinese university that receives government financial support for its computer security program and currently an employee at Chinese portal Tencent. Before Kaiyuan initiated the exploits, collectively called the Luckycat campaign, he was involved in recruiting students for his school’s computer security and defense research. In short, he was the perfect person to conduct a campaign of this importance.

A report on the campaign from cloud security company Trend Micro shows that the Luckycat perpetrators began around June 2011, targeting military research in India and “sensitive entities” in Japan, as well as heavily focusing on Tibetan activists. The attacked computers were also tracked with unique codes to measure the success of the campaign. All told, 233 computers were hacked.

“The attackers behind this campaign maintain a variety of command-and-control infrastructures and leverage anonymity tools to obfuscate their operations,” wrote the Trend Micro team, which finally reported, “Careful monitoring allowed us to capitalize on some mistakes made by the attackers, and give us a glimpse of their identities and capabilities. We were able to track elements of this campaign to hackers based in China.”

Kaiyuan used a particular email address to register one of the Luckycat command and control servers. Based on that address, Trend Micro was able to deduce more and more about his identity. The email address led them to an IM account number, which in turn led them to the hacker forums where Kaiyuan had posted, the research university where he had studied, even magazine articles he had written about computer security.

Also, Trend Micro was able to find a set of campaign codes used to monitor compromised systems. “The campaign codes often contain dates that indicate when each malware attack was launched. This demonstrates how actively and frequently the attackers launched attacks,” the report reads. “The campaign codes also reveal the attackers’ intent, as some of these referenced the intended targets.”

Finally, Trend Micro wrote in the report’s conclusion that the Luckycat campaign, a sophisticated and highly targeted attack on important individuals, is also linked to similar attacks around the world. “The people behind it used or provided infrastructure for other campaigns that have also been linked to past targeted attacks such as the previously documented ShadowNet campaign,” the report reads.

To reduce risk of attack — especially in the enterprise, where high-profile targets abound — Trend Micro recommends good intelligence on threats, a set strategy for threat mitigation and attack cleanup, a data-centric security strategy, and educating employees about the danger of socially engineered cyber crime.

Anonymous hacker via Flickr commons

It’s the sort of gamesmanship that keeps readers turning the pages in a spy novel. The FBI says that Anonymous, the loose-knit collective of global hackers, intercepted a highly sensitive call between American cybercrime experts and their counterparts at Scotland Yard discussing, what else, Anonymous.

“The FBI might be curious how we’re able to continuously read their internal comms for some time now,” Anonymous teased in a Twitter message.

The 15 minute recording was released on Pastebin and then posted to Youtube. “I’m not sure if we’re the only two on here right now,” says an American agent named Bruce.

“Don’t say anything too bad, I’m on here with Matt,” replied his counterpart from Scotland yard. The group has a chuckle, unaware of the irony.

Anonymous also released an email with the time and password for the conference call, so they may have simply dialed in, rather than using more sophisticated techniques to intercept the conversation.

During the call the investigators discuss how they might proceed against Ryan Cleary and Jake Davis, two British suspects who are set to appear in court as suspected members of Anonymous. Highly sensitive tactics are discussed for when Scotland Yard might move to make further arrests and the evidence they are planning to bring to the trial.

Dotcom (pictured) and several other Megaupload employees were named in a 72-page indictment issued last Thursday by the Department of Justice. The indictment against Megaupload alleges it is connected to a vast criminal enterprise that has caused more than $500 million in harm to copyright owners. If convicted, the company and its executives could serve many years in prison and forfeit $175 million in assets, including 15 Mercedes, a Maserati, a Lamborghini and a Rolls-Royce.

New Zealand Judge David McNaughton denied bail to Dotcom, saying he is flight risk. “With sufficient determination and financial resources, flight risk remains a real and significant possibility which I cannot discount and bail is declined,” Judge David McNaughton said, according to Reuters.

Dotcom has said he is innocent of charges and is not a flight risk because the government has seized his assets and because his wife is pregnant with twins. Dotcom will remain in custody until Feb. 22, when he will face an extadition hearing that could bring him to the United States for trial.

Megaupload lawyer Ira Rothken told VentureBeat this past Friday that the company would “be assembling a worldwide team of top-notch lawyers, intellectual property lawyers and tech lawyers to defend this. There’s a good chance Megaupload will prevail in this case.” Since then however, one of MegaUpload’s high-profile lawyers, Robert Bennett, has withdrawn, citing conflict of interest.

The DOJ indictment alleges that a vast criminal enterprise led by Kim Dotcom has caused more than $500 million in harm to copyright owners, while generating more than $175 million in criminal proceeds. Dotcom founded Megaupload Limited, and has vigoursly defended Megaupload as a legitimate website and said previously that the site took down piracy violators in accordance with DMCA rules.

Megaupload was at one time the 13th most popular website on the Internet. Similar sites to Megaupload like MediaFire, YouSendIt and Rapidshare provide file-sharing services, so we wonder if the government intends to target them as well.

The government has also charged the following individuals in the indictment:

• Finn Batato, 38, a citizen and resident of Germany, who is the chief marketing officer;
• Julius Bencko, 35, a citizen and resident of Slovakia, who is the graphic designer;
• Sven Echternach, 39, a citizen and resident of Germany, who is the head of business development;
• Mathias Ortmann, 40, a citizen of Germany and resident of both Germany and Hong Kong, who is the chief technical officer, co-founder and director;
• Andrus Nomm, 32, a citizen of Estonia and resident of both Turkey and Estonia, who is a software programmer and head of the development software division;
• Bram van der Kolk, aka Bramos, 29, a Dutch citizen and resident of both the Netherlands and New Zealand, who oversees programming and the underlying network structure for the Mega conspiracy websites.

Dotcom, Batato, Ortmann and van der Kolk were arrested today in Auckland, New Zealand.

Also coming out today is the surprising fact that musician and producer (and Alicia Keys’ husband) Swiss Beatz is actually the CEO of Megaupload. The New York Post “outed” Beatz yesterday, and said Beatz got his musician friends in hot water for making a music video promoting the service. Beatz was not named in the federal indictment.

Personally, I blame Megaupload for bringing scrutiny upon itself with this awful music video:

The judge in the case sentenced the guilty parties to a $21.1 million fine.

The two companies’ joint venture has been under investigation for the past several years due to concerns about price-fixing collusion on optical disk drives — that is, drives for DVD players, CD players and Blu-ray players, particularly those found in laptops and desktop computers.

The collusion has been going on since at least 2004. At that time, representatives of Hitachi-LG stated in court, the company was working with others to fix prices on optical disk drives sold to companies including HP, Dell and Microsoft.

Although collusion and price fixing of this nature and scale involve more parties than just the joint venture of two electronics manufacturers, Hitachi-LG Data Storage is so far the only company that has been charged by U.S. prosecutors in this particular investigation.

Hitachi-LG was additionally charged with attempting to defraud HP in 2009 during a procurement event.

Hitachi-LG Data Storage, Inc., was founded in late 2000 and shipped its first product during the summer of 2001. The venture does not sell directly to consumers.

The U.S. Justice Department began issuing subpoenas in 2009 to companies such as Sony, Toshiba and even Hitachi itself.

The $21 million fine is small potatoes for a joint venture so amply backed. However, the Justice Department noted in a court filing that Hitachi-LG merited the smaller punitive fine because it had cooperated fully with the investigation, giving “substantial assistance” to government investigators.

Image courtesy of afsart.

Goodman knows a thing or two about crime. He started off as an LAPD streetcop before starting the service’s first Internet crime unit in the mid-1990s. After spending a decade working with Interpol he founded the Future Crimes Institute to track how criminals use technology.

Cybercrime is already an agile, globalised and outsourced business. “Anything that would motivate a startup employee would motivate a criminal,” explains Goodman. “They want money, they want shares in the business, they want a challenge, they don’t want a 9-5 environment. They want to respect of their peers, and they are engaged in a game of us against them.”

Cybercriminals use malware like viruses, worms and trojans to harvest personal data. “There are 268 million pieces of computer malware which have been identified in the wild,” Goodman reports. They also use social engineering techniques such as fishing emails using data gleaned from social networks to trick people into providing further details.

Technology has allowed cybercriminals to become more like high-growth startups. “Datacrime can be scripted and automated and it scales. If you take a gun or a knife and stand on a street corner, there’s only so many people you can rob. You have to do the robbery, run away from the scene of the crime, worry about the police, so you can’t really rob that many. You can’t walk into Wembley stadium with a gun and say ‘everybody put your hands up’. But you can do that from a cybercrime perspective.”

Organized crime breaks crime down into its component parts and outsources, or more accurately crimesources, it to specialised technical teams. There are people who write the malware, people who deploy it, who control and rent the botnets, receive goods bought with stolen credit cards and do the money laundering. Criminals even offer SLAs (service level agreements) and technical support lines. The crime market also obeys the laws of supply and demand. After the Sony PSP attack in which Sony lost the details of almost 100 million customers, including 20 million credit cards etails, there was so much stolen credit card information available that prices dropped.

Cybercrime has also become a totally globalized business. “One of the reasons that cybercrime thrives is that it’s totally international whereas law enforcement is totally national,” says Goodman. “Now the person attacking you can be sitting in New York or Tokyo or Botswana. The ability to conduct business without getting on a plane is an awesome advantage that International organized crime uses.”

Criminals constantly pioneer new business practices. “They are probably ahead of the curve on cooperating with their competition. I think it will be a long time before Pepsi has a serious conversation with Coke, but surprisingly Japanese Yakuza will talk to Chinese triads, one cartel may talk to another if it has a specific area of expertise. Specialities are also regional. If you want a hit man you go to Serbia. If you want to do money laundering you find someone in Dubai.”

Like the porn industry, organized crime continues to be an early adopter of new technology. “Cybercriminals are highly innovative and adaptive,” Goodman observes. “They have so many ways of being clever and imaginative because they never take the straight-on approach. They always find the side way to go about something that the good person would never have considered”

Senators Charles Schumer and Joe Manchin are pressing officials to take action against Bitcoin, which Gawker recently claimed is being used on underground black markets to purchase illegal drugs. The senators expressed their concerns in a letter to Attorney General Eric Holder and Drug Enforcement Administration chief Michele Leonhart, Reuters reports.

Unlike other currencies, Bitcoin uses a peer-to-peer technology to manage transactions and validate payments. Since no bank is involved, purchases don’t leave a paper trail for law enforcement agencies to track criminal activity.

“The only method of payment for these illegal purchases is an untraceable peer-to-peer currency known as Bitcoins. After purchasing Bitcoins through an exchange, a user can create an account on Silk Road and start purchasing illegal drugs from individuals around the world and have them delivered to their homes within days,” the senators wrote.

The senators neglected to mention the much larger negative implications of Bitcoin usage in the letter. If the currency became popular enough to compete with a national currency, it could have the power to undermine that government’s authority far beyond regulating drugs — something China realized and outlawed in 2009.

However, finding black markets like Silk Road that promote the use of Bitcoin won’t be easy. The only lead investigators have is tracking transaction patterns that may suggest the exchange of real money for Bitcoin, according to the report.

According to comments posted on a Bitcoin public forum, many Bitcoin supporters doubt any authoritative body could truly eliminate the currency.

However, the U.S. government successfully shut down other online cash alternatives, such as E-Gold, when it discovered that they were being used in illegal trade, such as the sale of stolen credit card numbers. Some former customers of that cash alternative are still waiting to get their money out of their E-Gold accounts, more than two years after the service suspended trading activity.

The bill makes it a crime for anyone other than account holders to log into services like Netflix, Hulu Plus, Rdio, or Rhapsody. It also empowers streaming media companies that identify illegal sharing to contact law enforcement authorities to press charges.

So, a college student who gives access of his Netflix streaming account to half the residents in a dormitory can now be punished, according to the bill’s sponsor Gerald McCormick.

But while the new bill allows for greater legal penalties, it’s unclear if streaming services will acknowledge the state law over its official terms and conditions.

“Netflix applauds any efforts to stave off video piracy. However, Netflix already has provisions in its Terms of Use that restrict passwords to the member’s household,” the company stated in regards to the state bill.

According to the terms of use, sharing an account password outside of a household will result in termination of the user’s subscription. Beyond that, the company can choose to terminate a subscription any time it chooses.

But even if Netflix did choose to exercise its right to press charges under the new state law, the streaming service’s restrictions don’t allow multiple streams to load on the same account. (The only exception to this is if a user subscribes to a plan that allows for multiple DVDs to be rented out at the same time. So, if a subscriber can rent up to five DVDs, his or her account is able to load up to five separate video streams before the restrictions kick in).

The state legislation seems to ignore the notion that the burden of preventing account sharing should be the responsibility of the streaming service and instead gives those companies more of an incentive to police the service for wrong doing. That approach is similar to the strategy most commonly used by the Recording Industry Association of America (RIAA).

So, it’s not surprising that the legislation was pushed by recording industry officials who want to put an end to the billions of dollars in losses they attribute to illegal file sharing. Tennessee’s capital is home to many of the major record labels, including Sony Music Entertainment, BMI, Warner Music Group and EMI.

While the bill doesn’t make very much sense for video streaming services, it could cause headaches for Tennesseans who plan to use a music streaming service. Apple, Amazon and Google have all announced plans to launch cloud-based music services, which record labels will have some degree of authority over.

The holiday season is critical to any customer-focused business – this year, more than ever. For start-ups, it can literally be a matter of life and death. Online shopping is expected to grow notably this year – so if you find yourself a victim of hackers, the fate of your company is very much in the balance.

When critical customer data (such as credit card information) is compromised, you have a 48 hour window that’s critical to getting your business back online, on track, and on safe ground.

Should your company fall victim to hackers this year, there are two important things to remember: Transparency and communication. It’s not just about restoring your Web site to a secure state but restoring your customer’s confidence to continue to shop with you.

Here’s how to handle things:

Step 1: Announce and assess (Timeframe: Immediately – 12 hours after the breach is discovered)

Immediately, get your site offline. Google has some specific recommendations regarding the best way to accomplish this.

Customers appreciate being notified as soon as possible, and they would rather hear it from you first. Plus, being the first to report the cyber crime lets you control the message. Concurrently, make a general public statement about what has happened and instruct all individuals (or companies) who have done business with your company to monitor their credit report and banking statements for inconsistencies.

Deliver the statement to all concerned parties via email and make sure to train all customer-facing representatives with the appropriate dialogue. Here’s a concise and effective example from Balmar Incorporated.

Step 2: Conduct a deeper investigation (Timeframe: 12 hours – 36 hours+)

Computer forensic auditors, PCI representatives, governmental agencies and others may be involved in the process depending on the nature of your business.

Start by interviewing all personnel responsible for securing your environment and find out if they are aware of any known vulnerabilities. Next, begin reviewing log files with the following specific goals in mind: Identifying the date(s) of the breach, how many customers were compromised and what information was stolen.

Step 3: Notifications and remediation (Timeframe: 36 hours – 48 hours – or as soon as you’ve pinpointed the problem)

Contact the police, FBI, and Attorney General with all the details you’ve compiled about the situation. This may sound severe, but forty-five states have enacted legislature that dictates who should be notified, and how, when personally identifiable information is leaked, and these governmental agencies will direct you on what information to divulge and what to keep private for their investigation. Government agencies are taking cybercrime very seriously these days. They want to help businesses curtail these events, so don’t feel silly bringing in the agents.

Concurrently, start technically remediating the breach. The exact steps you take will depend on the nature of the compromise, however these general rules of thumb almost always apply.

• Remove customer data from the compromised area of the database and move it to a separate, secure location.
• Back up your site, database and all log files. If possible, backup your entire server including all operating system files. This help forensics determine the breach.
• Perform a complete reinstall of the OS and your Web applications, and make sure to use the most updated software versions available.
• Reintroduce your Web site files to the hosting environment using a clean backup, free of any hacked content. Keep in mind, the only way to be 100 percent sure all affected code, links, comments, etc have been removed is to rebuild the site from scratch. If speed is of the essence, restore from an encrypted site version saved prior to the breach.
• Change your password scheme. Believe it. Most hacks result from weak or conspicuous user logins and password credentials, so start fresh with a new scheme and separate logins for each service – FTP, control panel, software admin, email.
• Run third-party vulnerability scans on your site. WhiteHat Security offers a SaaS solution that will uncover vulnerabilities that need to be shored up before re-launching your site.

Step 4: Relaunch

When you’re confident the site is secure and all vulnerabilities have been patched, launch and resubmit your site to search engines in the appropriate way so it’s crawled again ASAP.

Step 5: Communicate

You’ve worked hard to get your site secure and back online. It’s now time to tell your customers the efforts taken to ensure the security of their information is your number one priority. Not only do you need to honestly and transparently communicate the breach but confidently affirm that their information is protected to the best of your abilities. This final communication is what determines if your customers are going to ever buy from you again.

Step 6: Prevention – and “the aftermath”

Even after your Web site is back online and business has returned to normal, your work is not done.

You’ll be facing fines, payment card industry probation, forensic audits and remediation. It’s not uncommon for even the smallest of businesses to rack up five or six digit expenses between penalties and legal fees. Forrester Research estimates that mitigation will cost an average of $200 for each person/credit card account that is compromised.

In reality, the unanticipated financial expense and “negative time” invested in remediating a security breach (especially during a peak selling period like the holidays) could be enough to squelch your start-ups chance of ever becoming a successful medium-size or large enterprise. That’s why it’s extremely important to focus your limited and precious resources wisely.

Protecting your Web site may seem like a hefty cost up front, but if it’s where you do business, it could be a life-saving investment. Get your site prepared for the worst-case scenario, so you have one less stress weighing on you this holiday season.

Photo by Don Hankins via Flickr.