Hasta La Gadget!

Following recent reports in the Wall Street Journal and Ars Technica , there’s been new interest in the government’s use of a relatively obscure law, the All Writs Act.

Read more…

Who said there’s no color at the poles? The crew of the HMS Protector visiting Port Lockroy, Antarctica surely didn’t—because this shot is far from white.

Read more…

It may not be the first time someone’s rename Pokémon for the Oculus Rift, but it’s probably the most exciting. By pairing the VR headset with a Leap Motion and Voice Attack, players of the Unofficial Pokémon Alpha Prototype can even pick up Pokéball…

PRIJEPOLJE, Serbia (AP) — Atifa Memovic last saw her husband two decades ago, but she remembers it as if it were yesterday. It was snowing, and Fikret, a railway worker, was wearing a jeans jacket with winter lining, a gray sweater over a checkered shirt, and on his wrist a Seiko watch. He kissed her and promised to be back on the afternoon train.

He never made it. On Friday, Serbia and Bosnia carried out a pre-dawn sweep of arrests in the massacre in which Fikret and 18 others were snatched off a train at the height of the Balkans conflict. The Associated Press obtained exclusive investigative documents showing how the two countries — bitter wartime enemies — worked together to crack the case of the Strpci massacre of Feb. 27, 1993, which has come to symbolize a culture of impunity that still shields death squads and their masters today.

The raids captured 15 suspects — five in Serbia and 10 in Bosnia — including the brother of a jailed warlord, ex-militia members and a former Bosnian Serb general who commanded the military in the area.

“We are now on the path to solve the murder that has been hidden for more than 20 years,” said Serbian war crimes prosecutor Bruno Vekaric. “We have to do it for the innocent victims.”

Bosnian State Prosecutor Goran Salihovic praised the cooperation between the two countries, saying “this message is very important: criminals have nowhere to hide and they cannot evade justice.”

There was no comment from the jailed suspects or from their lawyers.

The question now is whether the suspects will point to the men above them who ordered the killings, investigators say. If so, they could implicate some of Serbia’s top former and current officials, who were prominent in the war machine of the president at the time, Slobodan Milosevic. While the Serbian government now acknowledges Strpci as a war crime, the killers are still seen by some in Serbia as war heroes.

“Many war criminals are still influential in business, politics, police and the army,” said Salihovic, who compared probing war crimes in the Balkans to “reaching into a snake’s nest.”

The Associated Press obtained exclusive investigative documents in the probe, which is backed by the U.N. war crimes tribunal in The Hague, Netherlands. Together with witness testimony, they provide the first detailed account of a tragedy whose wounds fester even today because the killers were not identified and the victims’ families not compensated:

THE MASSACRE

On that day, Fikret Memovic was traveling back home to Prijepolje from the capital, Belgrade, where he had attended a railway workers’ meeting.

His train made an unscheduled stop at the station of Strpci, a remote outpost in eastern Bosnia on the border with Serbia. A group of Bosnian Serb militiamen stormed in to check passenger IDs.

They identified 18 Bosnian Muslims and one Croat through their names and carted them off. The train went on in silence.

The men, clutching their luggage, were herded into a military truck, which took off down a cobblestone road. Shouting and firing guns in the air, the troops took their captives to a village school. Inside the gym, they stripped the men. Then they beat them so hard with rifle butts that blood pooled on the wooden floor and splattered the walls.

Naked and drenched in blood, their hands tied with wire, the men were taken by truck to an empty, half-burnt red brick house near the Drina river. There, they were shot in the back of the head. Two prisoners who tried to escape were hunted down and their throats slashed with bayonets.

The killers shared the loot — cash, gold chains, bracelets, wedding rings, Memovic’s gilded Seiko watch. Clothes and luggage were burned down to the last button in a bonfire that lit up the evening sky.

The bodies were left scattered in and around an abandoned house. The next morning, they were dragged by tractors to the river and dumped in.

DEATHS FORETOLD

The Strpci massacre was part of a conflict that left more than 100,000 people dead and millions displaced. Although all sides have been accused of war crimes, Serbs in Bosnia and Croatia carried out the worst atrocities in an effort to create an ethnically pure territory, historians say.

Prosecutors have now identified Milan Lukic, one of the most feared Bosnian Serb warlords of the Balkans wars, as the ringleader of the massacre, which was carefully planned and meticulously executed. Lukic is already serving a life sentence handed down by the U.N. court for separate atrocities against Muslims in Bosnia. In a book written from his prison cell in 2011, Lukic claimed he protected Bosnian Muslims and denied committing any crimes against non-Serbs.

Those arrested in connection with the Strpci massacre include his brother Gojko Lukic; former close associate Boban Indjic; several ex-militia and former Bosnian Serb army general Luka Dragicevic who commanded the military in the border zone. The investigation also tackles the thorny issue of who knew what. Milan Lukic was suspected of being recruited by Serbian state security, which deployed paramilitary units in Serb-controlled areas to eliminate the Bosnian Muslim population, Serbian and Bosnian Serb security officials told AP on condition of anonymity because they were not authorized to discuss the case.

The Bosnian Serb army was financed from Belgrade and controlled by the military and political leadership of Yugoslavia, comprised at the time of Serbia and Montenegro, according to court documents and officials, including former Montenegro President Momir Bulatovic. He denied knowing about the massacre in advance but acknowledged to AP that senior officials, including himself, knew at once when it had been carried out.

“I knew about it right from the start,” said Bulatovic, who is no longer in politics. “Those were criminals and killers.”

PATTERN OF COLLUSION

A wartime document issued by the headquarters of Bosnian Serb warlord Gen. Ratko Mladic during the war, made available to the AP, points to a pattern of collusion between militias operating in the area and the Bosnian Serb leadership. The document ordered all troops in Bosnia to capture any Muslims passing through Serb-controlled territories, suggesting high-level responsibility in the Strpci abduction. Mladic has been charged with genocide by the U.N. war crimes tribunal in the Hague, along with Milosevic and Bosnian Serb leader Radovan Karadzic.

“There existed at least a tacit agreement on what happened in Strpci,” said Serbian Deputy War Crimes Prosecutor Bruno Vekaric. “When I say tacit agreement I mean that some state organs took part.”

Official state railway company documents also show that Yugoslav authorities had been warned in advance about the abduction. Railway security official Mitar Mandic wrote in the document dated nearly a month before the abduction that “members of the (Bosnian) Serb army will stop the train and take away the passengers.”

Railway security officials held meetings with the Serbian police, the state security and the defense ministry about the abduction plot. Serb-dominated Yugoslavia was in charge of guarding the entire railway — including the nearly 10-kilometer (6-mile) stretch through Bosnian territory that included Strpci.

“All those in positions who could have prevented the abduction had been informed,” lawyer Dragoljub Todorovic, who represented the victims’ families, wrote in a case analysis. “As the abduction still took place, that means all of them are suspects, because they knew everything, but did nothing.”

Threats to investigators, witness intimidation, attempts to plant false evidence and police foot-dragging — all prominent factors in the Strpci case — have continued to plague efforts to bring war criminals to justice, prosecutors say.

So far, the remains of only three victims have been found in Lake Perucac, on the border between Serbia and Bosnia, apparently carried there down the Drina River.

Atifa Memovic has given up hope on justice. Her mind returns obsessively to the carnage, and she says she can never be well again until the day she dies. For her, there is only one way to find a measure of peace.

“I wish I knew where his bones are,” she said. “I know that he is gone, but if they could just find his bones it would bring some relief.”

___

Aida Cerkez in Sarajevo, Bosnia, and Predrag Milic in Podgorica, Montenegro, contributed to this report.

The latest greatest swindlers in the cybercrime racket know you’re onto their digital three-card monte, and they’ve made a few adjustments, putting yet another wrinkle in the corporate-hacking game by targeting top-level employees for major profits.

These hackers appear to be based in North America or Western Europe, and they know a great deal about the companies and industries they’ve been cracking. They could be the cyber version of Gordon Gekko or just good studies of character. It really doesn’t matter. Here’s what counts: They are hatching schemes so nuanced you may not see the hack that takes out your company till the smoke clears.

These hackers may have worked for your company, or one like it. They are going to know how your teams communicate. They’ll use the lingo and shorthand that you see every day. Emails may be super simple, like, “I need another pair of eyes on this spreadsheet about [term of art only people in your business would know].” They may know what you are likely to be talking about after certain kinds of industry news releases, and they’ll have a good idea of what times of day get busy for you so that you are more distracted and less likely to think before you click.

“The attacks are becoming much more sophisticated than anything we’ve seen before,” says Jen Weedon, a threat intelligence officer at the Silicon Valley-based cybersecurity firm FireEye.

The New York Times reported this week about one such group of hackers targeting senior executives at biotech companies with a goal of garnering insider information to game the stock market.

FireEye has been tracking the group, which they call Fin4–for a year and a half. (The “Fin” designation is assigned by the company to indicate groups where the main goal is to monetize proprietary information.)

“Fin4 has reached a threshold of capability that sets them apart,” Weedon told me during a phone conversation. “They are very thoughtful about who they target. They go after specific companies and are a lot more scoped in their approach.”

Attacks of this kind may start with the studied e-impersonation of trusted colleagues, business associates or anyone from a constellation of contacts–compliance officers, regulators, legal or financial advisers–with the single purpose of getting someone in a senior position to personally, unwittingly hand over the keys to the castle. Once they are in, sensitive–potentially lucrative–information can be accessed and put to use.

“They will send a very convincing phishing email,” Weedon said. “It may prompt a link that looks just like Outlook.” The target enters their credentials to see the attachment, not realizing that they were not in Outlook at all. There may even be a legitimate document on the other side of that fake login page, but it’s a trap. Once the hacker gets into a key person’s inbox, Outlook settings have been reset to send any messages containing the words “hacked” or “malware” directly to the user’s trash folder, thereby giving the cyber-ninja more time in the system to collect information about mergers and acquisitions, compliance issues, press releases, non-public market-moving information–anything that can be used to make a smarter stock market trade.

According to Weedon, the group has been able to infiltrate email accounts at the CEO level.

Once they’ve gained access, the hackers may simply collect everything in the CEO’s inbox or take an attachment found there and plant malware that then spreads throughout the company thereby exposing still more information. The difference here is that the hack relies on legitimate credentials to gain access, so it’s a much lighter touch with potentially much more information being comprised. If the hackers forgo malware, there aren’t necessarily any traces at all of the compromise.

The “old” way these breaches worked–one still very much practiced by Chinese and Russian groups–involved the use of general information, kinda-sorta knowledge of the target’s business and hit-or-miss English. Because there is often less specificity and more variables in these kinds of softer attacks, the dodge is easier to spot. It’s more likely to find a lower-level employee falling for it. In most cases, these targets don’t have the kind of access to information that can cause major damage. Having gained whatever access is possible through their mark, old-school hackers move laterally into the organization’s environment, whether by recording keystrokes to exploit privileged employee credentials or blasting a hole in the company firewall. They might as well be Bonnie and Clyde robbing a bank. The goal is to siphon off information that can be turned into an easy profit, but the process leaves traces.

What’s so worrisome about Fin4 is that they can come and go–gaining access to everything and anything pertaining to your company–and you may never know it. For the numerous healthcare and biotech companies that they targeted, the only real-life consequence could be an advantageous trade that somehow anticipated the announcement of a new drug, or shorted a stock associated with a failed drug trial.

If you are the target of choice, you will have to be exceptionally well trained by a cutting-edge information security professional and completely tuned in to the subtleties of your workflow to avoid getting got. These fraudsters will have at their fingertips the kinds of information that only an insider should know, and the bait they dangle in front of you will be convincing.

While the art is very different, the basic mechanism is the same. Company-killing compromises require human error. While more common hacks rely on a weakest link that can be exploited, the more hackers evolve, the more we all must evolve with them.