Beware the SMS Premium Number Scam

By | November 22, 2011
0 Comment

An Indian phone company is warning users against a variation on the premium rate phone scam, whereby users are contacted by email or mail and asked to call a number to confirm winning a prize. The number is a premium number—either local or international—and the user has to sit through several expensive minutes of canned music before finding they haven’t won anything.

The Indian variation is that victims are sent an SMS containing the phone number they should call. They’re then charged Rs500 ($10) a minute as they navigate their way through an automated phone tree.

Control Enter » Blog Archive » Beware of false lottery winning claims via SMS

Traffic Light Scam II

By | November 22, 2011
1 Comment

More on the Italian traffic light scam. I wrote to Mr. Arrighetti asking for comment, and received this from Silvia Guelpa, who says she is a consultant to the company. In summary, she’s arguing that the company, and its founder Stefano Arrighetti, haven’t done anything wrong and that if anyone has broken the law it’s the companies and police who have been responsible for changing the settings which created the huge volume of tickets.

She makes the points that

  • KRIA is a manufacturer and does not sell to the City Councils but to Companies who rent the T-RED to the Police with contracts based on the number of ticket (about 30%).
  • T-RED—the system–does not actually control the traffic lights, which are managed by a controller.
  • T-RED can be configured to detect immediately after the red phase begins or after a configured delay (0-10.000ms). Local Police and Companies renting the systems set the yellow on the controller for as short a period as possible and reset to zero the above mentioned delay, in order to increase the number of tickets.

This, she says, is what is causing the abnormal number of tickets.

She also says there has already been one investigation, by Milan’s attorney, which concluded after one year that KRIA is “absolutely innocent and out of any private interest.” That investigation, she says, resulted in the arrest of “bosses of the companies buying and renting T-RED and they admitted that they forced and won many tenders incorrectly.”

But with public outcry still strong—three million tickets still had to be paid—Verona’s attorney started investigating KRIA’s certification—whether or not its system had all the right paperwork. The idea, she says, was to find an excuse to cancel all the tickets.

KRIA believes it has all the right certification, arguing that the only parts which need to be certified are “the fixed, immutable components of the device”–cameras, lighting systems, PC and PCI board. But Ms Guelpa says the attorney’s power “is unlimited during the investigation phase. They can even arrest people.”

Her argument is basically that Mr. Arrighetti is being made a scapegoat on a technicality.

Lesson from this? I guess I’m still reeling from the idea that police forces would fiddle the system to fill their coffers, not just in Italy but elsewhere. But I guess the bigger point is that all kinds of technology are susceptible to this kind of manipulation, which raises the question: Quis custodiet ipsos custodes?

The Traffic Light Scam

By | November 22, 2011
1 Comment

image

If true, this is a scam that is going to fuel the conspiracy theories of every driver who feels they were fined unfairly for crossing a red light. Police in Italy have arrested the inventor of a smart traffic light system, and are investigating another 108 people, on suspicion of tampering with the software to speed up the transition from amber to to red, netting the local police and others in on the scam millions of dollars of extra fines.

The question is: Is this kind of thing limited only to Italy?

The Independent writes:

Stefano Arrighetti, 45, an engineering graduate from Genoa who created the “T-Redspeed” system, is under house arrest, and 108 other people are under investigation after it was alleged that his intelligent lights were programmed to turn from amber to red in half the regulation time. The technology, which was adopted all over Italy, employs three cameras designed to assess the three-dimensional placement of vehicles passing a red light and store their number plates on a connected computer system.

Those now under investigation include 63 municipal police commanders, 39 local government officials and the managers of seven private companies.

The fraud, The Independent says, was uncovered by Roberto Franzini, police chief of Lerici, on the Ligurian coast, who – in February 2007 – noticed the abnormal number of fines being issued for jumping red lights. “There were 1,439 for the previous two months,” he said. “It seemed too much: at the most our patrols catch 15 per day.” He went to check the lights and found that they were changing to red after three seconds instead of the five seconds that had been normal.

Unanswered, of course, is why it’s taken two years for the fraud to be stopped and investigated. The inventor’s lawyer has said he is innocent. Mr Arrighetti’s LinkedIn page is here. He is described as the owner of Kria, a Milan-based company which sells the T-Redspeed and other traffic monitoring systems.

image

Image of Arrighetti from Insight24 webcast

The T-Redspeed system is described in the company literature as “the newest and most innovative digital system for vehicle speed and red light violation detection. Based on special video cameras, it doesn’t require additional sensors (inductive loops, radars or lasers). It measures the speed of the vehicles (instantaneous and average) up to 300 km/h.”

Some forum posters have suggested a system used by British authorities, RedSpeed, is the same, but on first glance it doesn’t look like it. That said, reducing the amber phase seems to be a widespread source of extra revenue: The National Motorists Association of America has found six cities that have shortened the amber phase beyond the legal amount, apparently as a way to increase revenue.

Illustration from Kria brochure (PDF)

The End of the Reply All Button

By | November 22, 2011
2 Comments

I did a piece for the BBC World Service on the Reply All button the other day (MP3 to follow). I’m not saying there’s a causal link, but now Nielsen have issued a memo: 

We have noticed that the “Reply to All” functionality results in unnecessary inbox clutter. Beginning Thursday we will eliminate this function, allowing you to reply only to the sender. Responders who want to copy all can do so by selecting the names or using a distribution list.

Apparently they’re not the first to do this: Standard Chartered have done it some time back, according to comments on Techcrunch.

There’s a lot of people who don’t like this; they think it’s a dumb move. I’d tend to agree, but for maybe different reasons. Why not try to understand why the Reply All button is there, and try to find another way for staff to disseminate information?

All I can imagine from this is the time wasted as employees add email addresses one by one for fear they leave someone out of a message. There’s got to be a better way. Wikis, blogs, RSS, twitter, Yammer, anyone?

Dunder Mifflin Alert! Nielsen to Disable Employees’ ‘Reply to All’ E-mail Functionality – Dylan Stableford – Blogs B2B @ FolioMag.com

The Hazards of Recommending

By | November 22, 2011
0 Comment

image

Think twice before you agree to recommend someone on LinkedIn. They may be a logic bomber.

You may have already read about the fired Fannie Mae sysadmin who allegedly placed a virus in the mortgage giant’s software. The virus was a bad one: it

was set to execute at 9 a.m. Jan. 31, first disabling Fannie Mae’s computer monitoring system and then cutting all access to the company’s 4,000 servers, Nye wrote. Anyone trying to log in would receive a message saying “Server Graveyard.”

From there, the virus would wipe out all Fannie Mae data, replacing it with zeros, Nye wrote. Finally, the virus would shut down the servers.

Luckily the virus was found and removed. But what has yet to be removed is the suspect’s LinkedIn page which shows that since he was fired he has been working at Bank of America, something I’ve not seen mentioned in news covering the alleged incident.

(Apparently this piece mentions this fact but the information has since been removed. This raises other interesting points: What way is there for a company to police claims by people on networks like LinkedIn that they indeed worked at that company? Why was this information removed from the story or comments?)

image

What must also be a bit awkward is that the suspect, Rajendrasinh Makwana, has a recommendation on his LinkedIn profile from a project manager at AT&T, who says that

he was much more knowledgable at the subject matter than I was. He demonstrated leadership at times of crisis. He helped me learn the ropes. I would love to work with Raj again.

The recommendation is a mutual one; the person in question gets a recommendation from Makwana as well. But what adds to the awkwardness is that the recommendation was posted on October 25, 2008, which was, according to an affidavit filed by FBI Special Agent Jessica Nye, the day after Makwana’s last day of work—which was when he allegedly planted the virus:

“On October 24, 2008, at 2:53 pm, a successful SSH (secure shell) login from IP address 172.17.38.29, with user ID s9urbm, assigned to Makwana, gained root access to dsysadmin01, the development server. … IP address 172.17.38.29 was last assigned to the computer named rs12h-Lap22, which was [a Fannie Mae] laptop assigned to Makwana. … The laptop and Unix workstation where Makwana was able to gain root access and create the malicious script were located in his cubicle.”

Ouch. If the FBI is right, the suspect was buffing his CV, seeking recommendations from former colleagues right after planting a script that could have deleted all of Fannie Mae’s data.

Lesson: Think hard before you recommend someone on LinkedIn. How well do you know this person?