They’ll Be Watching You … Online
When Keri McMullen and her fiancé managed to get tickets to a much-coveted concert in March 2010, she was so excited that she decided to share the good news with her friends.
“I posted that on my Facebook page,” Keri said, “who the band was, where we were going. The band started at 8.” And so did the robbery. Keri came home to a near-empty house; more than $10,000 worth of items had been stolen. What the burglars didn’t know was that Keri’s fiancé had recently installed security cameras. He wanted to keep tabs on the house, which was on the market, after someone broke a wineglass during an open house for realtors. No one confessed to breaking the glass, so he installed the cameras.
This technology was definitely lucky for Keri but not so lucky for the burglars. She posted the video on Facebook of the burglars going through the house, rummaging through her purse and drawers, and dumping the laundry out of a basket so they could use it to transport the smaller items. Included in the heist were a plasma TV, a PlayStation, Xbox, laptop, and DVDs.
As fate would have it, one of Keri’s 500 Facebook friends actually recognized one of the burglars on the videotape, who turned out to be someone Keri hadn’t seen in more than 20 years. Keri had added him to her Facebook friends list just 6 months before.
“I will never ever again put that I’m going anywhere on Facebook,” Keri said. “You really don’t know who your friends are.”
Think you know all of your friends on your friends list and all of your followers? Think again. Criminals are watching what is being posted on walls, feeds, and blogs, and they are just waiting for the perfect opportunity to stop by your place when they know you’re not at home.
Just ask Matt Chapman, who tweeted that he was going camping in July 2009 and then posted the news on Facebook. He returned to find that his home had been robbed.
“I never considered the dangers or the ramifications until we were burglarized,” he said.
He posted about the experience on his blog:
Although it is a new trend to communicate “what you are doing” on twitter, or updating your status on facebook, I have a message of caution for everyone who enjoys using social networking sites … The robber broke into our house through a side window away from our street. Once inside, this jerk stole our Playstation 2 stuff, Game Cube stuff, Amies jewelry, some of my editing software, and worse of all … my Macbook Pro. My Macbook was loaded with several video projects including everything pertinent to my new business that is still in development called GurillaTV. Luckily I was able to recover everything missing, but it was a real setback. Not to mention the $8,000 of things taken away from us.
***
A webcam came in handy for 12-year-old Hallie Pritchard, who thought her sisters were taking items from her bedroom in November 2011. To catch the thief in the act, she tucked her laptop under the pillows on her bed, positioning the webcam so it would film the entire room.
Hours later when Hallie watched the video, she was shocked. The video showed an unidentified man rifling through her dresser drawers. The video had captured the surprising events when no one had been at home. The man had gained access to her parents’ house in Orinda, California, which had been up for sale. With the video as proof, she showed the footage to her parents, and they immediately contacted police. It didn’t take long for the police to apprehend the suspect. Douglas John Calandrella, a former real estate agent, was arrested for stealing jewelry from Hallie’s residence. But this wasn’t the first time Calandrella had been arrested for such a scheme. The year before, he had taken the keys from several real estate lockboxes, stolen more than 50 items from a number of different houses on the market, and then sold the goods on eBay.
***
In England, Gordon Rayner, a milkman, was convinced that Google Street View helped criminals target his house in a robbery from April 2010. Google Street View included a photo of Gordon’s home with the garage door wide open. The image was clear enough that you could see a washing machine and a mountain bike inside.
“When you look at the photograph, my face is blacked out, the windows of my house are blacked out, but because the garage door was left open, you can clearly see everything in there,” Gordon said. “I would argue that they should have blacked that out. It is just an invitation for any criminal to take what they like.”
The first time the thieves came, they took Gordon’s mountain bike. Two days later, the thieves returned but couldn’t get into the garage due to a newly installed lock. Gordon has since taken everything out of his garage for safekeeping, except his car.
***
The internet has become a new playground for criminals, who can be some of your so-called friends and fans.
“I’m amazed at how many people get on there and say they’re going on vacation,” said Lee Struble, head of security at Monroe Community College in Rochester, New York. “Some of these people you haven’t seen in 20 or 30 years. But they know where you live or can find out pretty easily; they can do a Google Maps search and can get directions to your house, and you’re telling them that you’re going to be gone.”
The “Digital Criminal Report,” which Michael Fraser prepared and released in late 2009, points to social networking and other parts of the internet as vehicles that criminals are using for quick access to easy offerings. Fraser, himself a former thief and now the star of BBC’s Beat the Burglar, wasn’t surprised by any of the findings in the report.
“There is absolutely no doubt in my mind that burglars are using social networks to identify likely targets,” Fraser said.
The report surveyed 2,000 social network users and found that nearly two-fifths of the respondents had posted details of holiday/vacation plans, and nearly two-thirds of the 16- to 24-year-old group reportedly posted plenty of details, too. Almost half the respondents reported that they were unconcerned about social networking security. As an experiment, 100 friend requests were issued to random strangers. Nine in 10 Twitter users accepted the stranger as a friend, and more than one in 10 Facebook users did the same, all without asking if they really knew this new person.
“[The criminals] gain confidence by learning more about them, what they are likely to own and when they are likely to be out of the house. I call it ‘internet shopping for burglars,’” said Fraser. “It is incredibly easy to use social networking sites to target people, and then scope out more information on their actual home using other internet sites like Google Street View, all from the comfort of the sofa.”
Web security firms that have been tracking criminal activity via Twitter and Facebook agree about the correlation between burglaries and social media. “Our research shows that 41 percent of people are divulging personal and private information to complete strangers on Facebook, such as their date of birth, where they worked, where they lived and what they were doing,” according to Graham Cluely, senior technology consultant at Sophos, a web security firm. “People are boasting about how they are having a fantastic time on a beach in Mexico on a webpage that has their home address.”
***
The FBI has also posted a warning on its website about a new scam that involves momentarily monopolizing phone lines and stealing money from personal bank accounts in the process. These criminals are patient and usually launch the scam weeks or sometimes months before the actual “pounce.” There are three primary ways they can gain useful information about a user’s financial institution: one, by making phone calls posing as an employee of the institution; two, when the user replies to a phishing email (a typical message advises the user that he must respond to avoid account closure); and three, when the user posts sensitive information in his online profiles.
Equipped with account information and a phone number (business, home, or cell), a savvy thief is able to launch an automatic dialing program that immobilizes the user’s phone line, making it appear to be constantly busy. The user suddenly gets a series of unexplained phone calls, or sometimes dead air, or a seemingly random recorded message.
While the target is busy answering these random phone calls, the scammer will either contact the user’s financial institution pretending to be the user or access the user’s bank account online in order to transfer the money elsewhere. A thief will sometimes log in to an account, change the phone number to the one they’re using (most likely for a throwaway cell phone), and then wait for the financial institution to call them to verify the transfer.
In 2009, a Florida periodontist lost nearly $400,000 from his retirement account through such a scam. Robert Thousand Jr. of St. Augustine began receiving hundreds of phone calls from a sex hotline every day for almost a month on his office, home, and cell phone lines in a ploy called a targeted denial of service (TDOS).
“If you are gay, press 1. If you are a lesbian, press 2,” a sultry voice said, continuing with other options to choose from for 30 seconds.
“The calls came in so fast that call rollover couldn’t handle it,” Robert said. “Nobody could get through. The hospital couldn’t call me. [Patients] couldn’t get through. AT&T’s solution was ‘just change your number.’ Not exactly easy to do for an office.”
The doctor traced the events to a business trip he took to the Bahamas just weeks before the phone calls began. He believes someone put a Trojan horse (a destructive program that masquerades as a benign application) on his laptop to obtain private information about his finances and his accounts.
While Robert was answering the calls, withdrawals were being made from his TD Ameritrade account that ranged from $18,000 to $100,000 for a total of $399,000. When he found out, he put a freeze on all of his accounts.
“They knew all my phone numbers, all my credit card numbers,” Robert said. “I’ve been saving for 30 years of working and they wipe me out in a matter of weeks.”
Authorities were able to trace the withdrawals to New York City, but the doctor was told that he would probably never see his money again. Robert also discovered that he might have to pay taxes on the money because of the early withdrawal penalty from his retirement account. But he was lucky: In May 2010, all of his money was miraculously returned.
“Following that first incident in November 2009 [Robert’s scam], we’ve seen an increase in this activity targeting our customers across the country,” said Adam Panagia, associate director of global fraud management for AT&T. “We urge anyone who suspects they may be the target of a TDOS attack to immediately contact their telephone provider after notifying their financial institutions.”
The FBI joined forces with the Communications Fraud Control Association in June 2010 “to analyze the patterns and trends of telephone denial-of-service attacks, educate the public, and identify the perpetrators and bring them to justice.”
Law enforcement is using the same tech tools the scammers are using to apprehend these internet-savvy criminals. If the FBI has an unsolved crime where photos or surveillance camera footage is available, many police departments are posting them on Twitter, Facebook, and Myspace along with the question, “Can you ID this armed robbery suspect?” The Boynton (FL) Police Department tried this tactic in June 2009, using social networking to find criminals.
“It’s an easy way to reach people very quickly,” said Seamus Condron, community manager of Mediabistro.com, an online media and training website. “This is a really large set of eyes and ears that police can call into action.”
The police in Boca Raton, Florida, credit social networking with providing an anonymous tip that led to the arrest of 20-year-old Darrien Downey for grand theft. The tipster recognized a photo posted on the police department’s Facebook and Myspace pages of a man in a black-and-white-checked flannel shirt stealing a $600 TV from a local mall in February 2009. The tipster’s information led police to Downey’s Myspace page, where he was wearing the same shirt in many of the photos.
If it hadn’t been for Myspace and Facebook, “that kid would probably be out there watching (the stolen) TV right now,” said Boca Raton police spokesman Mark Economou.
In June 2010, after the Los Angeles Lakers became NBA champs, police were dealing with citywide property damage from overzealous fans. The police force posted surveillance video from local businesses and TV coverage on Twitter, YouTube, and Facebook. By the end of the first day, the YouTube video had been viewed nearly 250,000 times, and as a result, dozens of people were recognized, identified, and arrested on vandalism charges.
“In the age of phone cameras and digital video devices, it has in essence deputized the public in fighting crime,” Lt. Paul Vernon told the Contra Costa Times. “It has added to the maxim that police are the public and the public are the police.”
Other law enforcement agencies also keep track of Twitter feeds as well as Myspace and Facebook posts from gang members.
“You find out about people you never would have known about before,” said Dean Johnston of the California Bureau of Narcotics Enforcement, which helps police investigate gangs. “You build this little tree of people.”
In February 2010, a gang member was released from prison and other gang members believed he had cut a deal with police. Posts and tweets appeared warning that there was a snitch among them. Authorities watched these messages and gathered enough incriminating evidence to arrest three gang members on drug charges. Many gang members and criminals enjoy bragging online about their crimes, making threats, and sharing information about rival gangs.
“We are seeing a lot more of it,” Johnston said. “They will even go out and brag about doing shootings. Once you get into a Facebook group, it’s relatively easy. You have a rolling commentary.”
Keri McMullen and her now husband, who shared their vacation plans on Facebook, resulting in the robbery of their home [Courtesy of Keri McMullen Pendleton]
Surveillance footage of the burglary of Keri’s home [Courtesy of Keri McMullen Pendleton]
Darrien Downey, a thief captured thanks to social media [Courtesy of Boca Raton Police Department]
Matt Chapman, also a robbery victim after revealing on Facebook that he would be out of town [Courtesy of Matt Chapman]