Category Archives: Lost Property

CheckMEND officially adopted by phone recycling industry and Home Office code of practice

Today July 23rd it was officially agreed that CheckMEND would be the first approved due diligence service to be used and officially endorsed under a new Home Office/recycling industry code of practice.

The signing of the new code of practice by over 90% of the mobile phone recycling industry means that for the first time there are agreed guidelines for the checking of handsets offered for sale to the industry and this includes using the CheckMEND service to check the National Mobile Phone/Property Register.

Adrian Portlock CEO of Recipero the operator of CheckMEND said:

This is a major step forward for the industry and CheckMEND and we are really pleased the industry has recognised their responsibilities in checking products they are buying, this model needs to be extended to all handlers of used goods and retailers taking trade ins and we will be pushing for this to be the case, but this is an excellent start.

For more information please see the following sites:

CheckMEND leads Bristol Police to successful prosecution of stolen goods seller

Recipero’s CheckMEND service in conjunction with the Police’s NMPR system has proven to be a key tool in the identification and prosecution of crimes related to stolen goods.

On the 14th May, a man was sentenced to 18 months in prison for handling stolen goods. Alexander Smith, aged 40, was sentenced at Bristol Crown Court after a two year investigation conducted by Avon and Somerset Police’s burglary team and crime reduction unit in Bristol.

Officers were able to prove that Smith had been knowingly buying stolen mobile phones by utilising an online system known as CheckMEND. This system allows members of the public to check if a mobile phone is stolen before buying it.

Police searched a shop in East Street, Bedminster and identified more than 20 phones that were stolen from victims in both burglaries and robberies, many of which had occurred in the South Bristol area. A stolen pedal cycle was also found at Smith’s home address.

During one of these incidents, a female victim positively identified her stolen phone in Smith’s shop. Smith then demanded £40 from the victim before he would return her phone.
PC Frank Simonds, from Bristol Crime Reduction Unit, said:

The use of CheckMEND technology now allows the police to prove if stolen phones are being bought and sold by second hand retailers.

We will be relentless in our pursuit of those dealing in stolen goods.

Many phones that were proven to be stolen had been registered by owners on the Immobilise database. Registering phones enables the police to return them to their rightful owners.
Members of the public can register their phone for free by visiting www.immobilise.com

Members of the public can check if a mobile phone is stolen by visiting www.checkmend.com.

Retailers can receive advice on protecting their business from handling stolen goods as part of Operation Recover run by Avon and Somerset Police.

To read the source release in full please go to: Avon & Somerset Police

The pocket spy: Will your smartphone rat you out? – New Scientist

by Linda Geddes (New Scientist)

The pocket spy: Will your smartphone rat you out? – tech – 14 October 2009 – New Scientist.

THERE are certain things you do not want to share with strangers. In my case it was a stream of highly personal text messages from my husband, sent during the early days of our relationship. Etched on my phone’s SIM card – but invisible on my current handset and thus forgotten – here they now are, displayed in all their brazen glory on a stranger’s computer screen.

I’ve just walked into a windowless room on an industrial estate in Tamworth, UK, where three cellphone analysts in blue shirts sit at their terminals, scrutinising the contents of my phone and smirking. “If it’s any consolation, we would have found them even if you had deleted them,” says one.

Worse, it seems embarrassing text messages aren’t the only thing I have to worry about: “Is this a photo of your office?” another asks (the answer is yes). “And did you enjoy your pizza on Monday night? And why did you divert from your normal route to work to visit this address in Camberwell, London, on Saturday?”

I’m at DiskLabs, a company that handles cellphone forensic analysis for UK police forces, but also for private companies and individuals snooping on suspect employees or wayward spouses. Armed with four cellphones, which I have begged, borrowed and bought off friends and strangers, I’m curious to know just how much personal information can be gleaned from our used handsets and SIM cards.

A decade ago, our phones’ memories could just about handle text messages and a contacts book. These days, the latest smartphones incorporate GPS, Wi-Fi connectivity and motion sensors. They automatically download your emails and appointments from your office computer, and come with the ability to track other individuals in your immediate vicinity. And there’s a lot more to come. Among other things, you could be using the next generation of phones to keep tabs on your health, store cash and make small transactions – something that’s already happening in east Asia (see “Future phones“).

Gone phishing

These changes could well be exploited in much the same way that email and the internet can be used to “phish” for personal information such as bank details. Indeed, some phone-related scams are already emerging, including one that uses reprogrammed cellphones to intercept passwords for other people’s online bank accounts. “Mobile phones are becoming a bigger part of our lives,” says Andy Jones, head of information security research at British Telecommunications. “We trust and rely on them more. And as we rely on them more, the potential for fraud has got to increase.”

So just how secure is the data we store on our phones? If we are starting to use them as combined diaries and wallets, what happens if we lose them or they are stolen? And what if we simply trade in our phones for recycling?

According to the UK government’s Design and Technology Alliance Against Crime (DTAAC), 80 per cent of us carry information on our handsets that could be used to commit fraud – and about 16 per cent of us keep our bank details on our phones. I thought my Nokia N96 would hold few surprises, though, since I had only been using it for a few weeks when I submitted it to DiskLabs. Yet their analysts proved me wrong.

Aside from the text messages stored on my SIM card, the most detailed personal information that could be gleaned from my handset came from an application called Sports Tracker. It allows users to measure their athletic performance over time and I had been using it to measure how fast I could cycle to work across London. It records distance travelled, fastest speed at different points along the route, changes in altitude, and roughly how many calories I burn off. But when DiskLabs uploaded this data to their computer and ran it through Google

they were able to pull up images of the front of my office and my home – with the house number clearly displayed. Sports Tracker also recorded what time I normally leave the house in the morning and when I return from work. “If I wanted more information, then I could just stalk you,” says Neil Buck, a senior analyst at DiskLabs.

I had deliberately chosen to turn Sports Tracker on, and many people might not stop to consider how such programs could be used against them. In February, Google launched Latitude, networking software for smartphones that shares your location with friends. It can be turned off, but campaign group Privacy International is concerned by Latitude’s complex settings and says it is possible the program could broadcast your location to others without your knowledge. “Latitude could be a gift to stalkers, prying employers, jealous partners and obsessive friends,” the organisation warns.

It is possible your phone could broadcast your location to others without your knowledge

A phone-based calendar could also leave you vulnerable. Police in the UK have already identified burglaries that were committed after the thief stole a phone and then targeted the individual’s home because their calendar said they were away on holiday, says Joe McGeehan, head of Toshiba’s research lab in Europe and leader of DTAAC’s Design Out Crime project, which recently set UK designers the challenge of trying to make cellphones less attractive to people like hackers and identity thieves. “It’s largely opportunistic, but if you’ve got all your personal information on there, like bank details, social security details and credit card information, then you’re really asking for someone to ‘become’ you, or rob you, or invade your corporate life,” McGeehan says.

Code cracker

When Buck looked at my colleague’s iPhone, he found two 4-digit numbers stored in his address book under the names “M” and “V”. A search through his text messages revealed a few from Virgin informing him that a new credit card, ending in a specific number, had just been mailed to him. Buck guessed that “M” and “V” were PIN codes for the Virgin credit card and a Mastercard – and he proved to be correct on both counts.

“Out of context, an individual piece of information such as an SMS is almost meaningless,” says Jones. “But when you have a large volume of information – a person’s diary for the year, his emails, the plans he’s building – and you start to put them together, you can make some interesting discoveries.”

In this way the DiskLabs team also identified my colleague’s wife’s name, her passport number and its expiry date, and that she banks with Barclays. Ironically, Barclays had contacted her regarding fraud on her card and she had texted this to her husband. Buck’s team also discovered my colleague’s email address, his Facebook contacts, and their email addresses.

This kind of personal data is valuable and can fetch a high price online. It’s ideal for so-called 419 scams, for instance, in which you receive an email asking for help in exporting cash from a foreign country via your bank account, in exchange for a share of the profits. “What they need to launch a successful 419 scam is personal information,” says Jones.

A growing awareness of identity theft means that many people now destroy or wipe computer hard drives before throwing them away, but the same thing isn’t yet happening with cellphones, says Jones. At the same time, we are recycling ever greater numbers of handsets. According to market analysts ABI Research, by 2012 over 100 million cellphones will be recycled for reuse each year.

As part of a study to find better ways to protect cellphone data, Jones recently acquired 135 cellphones and 26 BlackBerry devices from volunteers, cellphone recycling companies and online auctioneers eBay. Around half of the devices couldn’t be accessed because they were faulty. In our own smartphone experiment, we were unable to retrieve any data from a BlackBerry, or the Samsung E590.

However, Jones’s team found 10 phones that contained enough personal data to identify previous users, and 12 had enough information for their owner’s employer to be identified – even though just three of the phones contained SIM cards.

Of the 26 BlackBerrys, four contained information from which the owner could be identified and seven contained enough to identify the owner’s employer. “The big surprise was the amount we got off the BlackBerry devices, which we had expected to be much more secure,” says Jones. While BlackBerry users have the option of encrypting their data or sending a message to purge data from their phones should it be sold or stolen, many had not done this. “Security is only any good if you turn the damned thing on,” says Jones.

Security is only any good if you turn the damned thing on

His team managed to trace one BlackBerry back to a senior sales director of a Japanese corporation. They recovered his call history, 249 address book entries, his diary, 90 email addresses and 291 emails. This enabled them to determine the structure of his organisation and responsibilities of individuals working within it; the organisation’s business plans for the next period; its main customers and the state of its relationships with them; travel and accommodation arrangements of the individual; his family details – including children, their occupations and movements, marital status, addresses, domestic arrangements, appointments and addresses for medical and dental care; his bank account numbers and sort codes, and his car registration index. Two further BlackBerrys “contained details of a personal nature about the owner and other individuals that would have caused embarrassment or distress if it had become publicly known”, says Jones.

Although his team used specialist forensic software to retrieve data from the phones, much of it could be obtained directly from the handsets themselves, or by using simple software of the kind that is sold with a phone. “This was not designed to be a sophisticated attack, it used simple techniques that anyone would have access to,” Jones says.

That’s bad news, considering that around 20 millions handsets were lost or stolen worldwide in 2008, according to UK data-security specialists Recipero. So how can people go about making their phones more secure? Turning on the security settings is an important first step, says McGeehan, as this may dissuade potential thieves from going to the effort of trying to crack the codes. Then make sure you delete anything you want to keep secret, while bearing in mind that it is often possible to recover it (see “Phone security Q & A“). “I work on the basis that anything I put on there I’ve got to be prepared for people to see,” says McGeehan.

As for me, I’ve taken to deleting potentially incriminating messages as soon as they arrive in my inbox – and reproving the sender in return. I have also passed my old handset to my husband for safekeeping. If those brazen messages must fall into someone else’s hands, I’d rather they were the hands of the Don Juan who composed them than a smirking IT geek in a distant windowless room.

To read the rest of this article please go to: New Scientist

Medication returned thanks to reportMyloss.com

On the 10th April a member of the public reported she had left her bag containing a range of personal items including some important medication on the roof of her car.

Within 24 hours the bag was handed in and a simple search of her name from one of the cards in the bag found her report in seconds and she was quickly contacted and the bag returned intact. Another great result for reportMyloss.com

First Success for reportMyloss.com – Less than a week after going live!

Nicola Spencer of Street lost her mobile and reported it to Avon and Somerset Police via Reportmyloss.com. A few days later the phone was handed into Street Police Station and the staff member who received the handset, Liz Tredwell, decided to run a check on the site to see if it had been reported,

I have read about reportmyloss.com said Liz and thought I would run a check on the phone even though the only details I had were the make, color and place it was found. It was only trial and error, but I was amazed to see that someone had lost a similar phone nearby. I thought it might be hers so I rang her and asked her to come down to the station to identify it. She was able to identify it by the photographs which is wonderful for her.

Nicola Spencer was naturally delighted to have her phone back;

I never thought I would see it again and now it’s turned up. The most upsetting thing about losing it was the photographs and personal stuff on the phone. I am really impressed with reportmyloss.com and will tell my friends about it. Thank you.

reportMyloss.com is so powerful it is able to match any searched field of information meaning the chances of matching lost and found reports is greatly increased as shown in this first case of recovery.