Motivated Cops Chase Down Oregon Man Who Stole Pastry-Packed Donut Land Delivery Van

0

After leading police on a two-mile chase, an Oregon man who stole a delivery van packed with doughnuts pulled the vehicle over and placed his hands out the window as a pastry fell from his grip, according to cops.

johansen0930The 2004 Chevrolet Astro van was stolen around 2 AM today when its driver stopped to make a delivery in Portland. The vehicle is owned by Donut Land, a business headquarted in Tualatin, a Portland suburb.

Investigators allege that Peter Leon Johansen, 34, got into the unlocked vehicle and drove off. But soon after the van was boosted, a cop spotted the vehicle and gave chase.

Johansen eventually pulled over and complied with an officer’s demands to put his hands out the van’s window. “The suspect put his hands out the window and the officer observed a pastry fall from the suspect’s hand,” according to a Portland Police Bureau report.

Pictured above, Johansen was arrested and charged with stealing the van and fleeing from police. He was booked into the Multnomah County jail, where he is locked up in lieu of $15,000 bail.

While the Donut Land vehicle was not damaged during the chase, “there were donuts all over the inside of the van,” investigators noted. It is unlear whether cops had to impound any of the pastries for evidentiary purposes.

Man Accused Of Trading Stolen $160,000 Diamond For $20 Of Weed

0

Accusations like this can really harsh a dude’s mellow.

n-DIAMOND-WEED-large300A former UPS employee in Arizona is accused of stealing a package containing a $160,000 diamond and trading it for $20 worth of weed, ABC-15 reports.

Walter Earl Morrison, 20, thought that the package he allegedly swiped while unloading cargo at Sky Harbor Airport in Phoenix contained cash, according to a probable cause statement obtained by The Smoking Gun. In fact, the package contained one pricey stone.

Authorities say the “half-baked bandit” traded the diamond for the equivalent of two joints of marijuana.

The diamond was later recovered and returned to its intended recipient.

Arkansas Eye Shadow Enthusiast, 31, Arrested For Attempted Eye Shadow Heist

0

eyeshadowAn Arkansas woman with an obvious affinity for eye shadow was arrested yesterday for allegedly trying to steal $144 worth of the makeup from a beauty store.

Brandy Allen, 31, was collared Monday afternoon at a Fayetteville store after she stuffed the cosmetics in her purse. Cops say that a female acquaintance sought to distract store workers while Allen swiped the eye shadow,

A manager at the Ulta Beauty Store detained Allen (seen in the above mug shot) until a Fayetteville Police Department cop arrived at the business and arrested her for shoplifting and disorderly conduct.

After posting $830 bond, Allen was released late last night from the Washington county jail. She is scheduled for a September 26 District Court hearing on the misdemeanor counts.

Did a bug in iCloud’s ‘Find My iPhone’ function help 4chan hacker steal nude photos of Jennifer Lawrence and 100 other celebrities?

0

A flaw in the ‘Find My iPhone’ function of Apple’s iCloud service may have helped a hacker to steal nude photos of Jennifer Lawrence and ‘100 other celebrities’, it today emerged.

article-2739215-20F5B99300000578-995_634x887The hacker claims he or she broke into stars’ iCloud accounts, including those of the Hunger Games actress, Kate Upton and Rihanna, before publishing them on 4chan, the image-sharing forum.

A list of the alleged victims of the hack – a staggering 101 in total – has also been posted online; most of whom have not seen any photographs leaked by the hacker.

A spokesman for Oscar winner Lawrence confirmed to MailOnline the photos of her are genuine.

‘This is a flagrant violation of privacy. The authorities have been contacted and will prosecute anyone who posts the stolen photos of Jennifer Lawrence,’ the emailed statement read.

Following the publication of the images of Sunday night, experts have voiced their concerns over how the hacker managed to access them. Now, reports suggest that a specific flaw in the ‘Find My iPhone’ service may have been to blame.

Despite the story breaking last night, Apple is still yet to confirm or deny whether its software was the target of the hacking. However, in the meantime, it has quietly issued a ‘patch’, or fix, for the bug.

The firm’s iCloud service, which was launched in October 2011 and is used by more than 320million people worldwide, secures data by encrypting it when it is sent over the web, storing it in an encrypted format when kept on server, and using secure tokens for authentication.

This means that data is protected from hackers while it is being sent to devices and stored online.

This suggests the hackers were able to obtain the login credentials of the accounts, and therefore pretend to be the user, in order to bypass this encryption.

HOW COULD A HACKER HAVE ACCESSED PHOTOS VIA ICLOUD?

Apple’s iCloud service allows users to access their music, photos, documents, contacts and email online.

When activated, the service automatically stores users’ photos, emails, documents and other information in a ‘cloud’, allowing them to sync the data across a range of platforms. These include iPhones, iPads and MacBooks.

Users can then access their information from any internet-connected device using a log-in and password.

Reports suggest a specific flaw in the service’s ‘Find My iPhone’ service may have allowed a hacker to access celebrities’ private images.

Code was spotted on software development site Github, that would have allowed malicious users to use ‘brute force’ to gain an account’s password on iCloud.

A message has since appeared saying that Apple has issued a ‘patch’, or fix, for the bug.

It is possible for users to enhance the security of their documents by turning off iCloud through Settings > iCloud on their device when they are not using it.

They can also turn on two-step verification for their iCloud account, meaning if someone tries to log into their account from elsewhere then they will need to supply a four-digit security code.

At present, iCloud has more than 320 million users. Those who wish to change their Apple ID can go to appleid.apple.com and follow the steps to reset their password.

Apple is yet to confirm or deny whether iCloud was involved in the hacking.

Despite the claims, it is possible that the photos were not taken via iCloud, but another platform. Theories include:

Social engineering

The hackers may have also used ‘social engineering’ techniques to obtain Apple IDs and passwords based on other information.

This includes email address, a mother’s maiden name, a date of birth, and more – all of which is easier to find out about celebrities than the everyday user.

If a celebrity uses the same password across accounts, this would be then make it relatively easy for someone to hack if they had the right information.

This theory would account for Mary Elizabeth Winstead’s claims that the leaked photos of her were taken with her husband ‘years ago’.

This amount of time exceeds iCloud’s Photo Stream facility, which keeps images for a maximum of 30 days before they are deleted.

Google Drive hack

In June, Google announced its Drive service had a flaw that meant private information was at risk from hackers.

Google patched the flaw in June, but the large number of victims in the 4chan leak also suggests that the hack may have begun months ago – at the time of this flaw.

Dropbox flaw

Similarly, in May, a flaw was found in Dropbox accounts that could have given unauthorised access to accounts

article-2739215-20F44D3F00000578-54_306x423Earlier today, The Next Web spotted code on software development site Github, that would have allowed malicious users to use ‘brute force’ to gain an account’s password on Apple iCloud, and in particular its Find my iPhone service.

A message has since appeared saying that Apple has issued a fix for the bug. ‘The end of the fun, Apple has just patched,’ read an update on the post.

Brute force, also known as ‘brute force cracking’, is a trial-and-error method used to get plain-text passwords from encrypted data.

Just as a criminal might break into, or ‘crack’ a safe by trying many possible combinations, a brute-force cracking attempt goes through all possible combinations of characters in sequence.

In a six-letter attack, the hacker will start at ‘a’ and end at ‘//////’

Owen Williams from The Next Web, who discovered the bug, said: ‘The Python script found on GitHub appears to have allowed a malicious user to repeatedly guess passwords on Apple’s “Find my iPhone” service without alerting the user or locking out the attacker.

‘Given enough patience and the apparent hole being open long enough, the attacker could use password dictionaries to guess common passwords rapidly. Many users use simple passwords that are the same across services so it’s entirely possible to guess passwords using a tool like this.

‘If the attacker was successful and gets a match by guessing passwords against Find my iPhone, they would be able to, in theory, use this to log into iCloud and sync the iCloud Photo Stream with another Mac or iPhone in a few minutes, again, without the attacked user’s knowledge.

‘We can’t be sure that this is related to the leaked photos, but the timing suggests a possible correlation.’

Rob Cotton, CEO at web security experts NCC Group added: ‘Cyber security is not just a technology problem, humans are very much key to its success. In our day-to-day work we see too many cases of employees divulging sensitive information without first verifying the legitimacy of the request.

‘People often point the finger at technology when they’ve been the victim of a cyber attack, but poor password choices or naivety in the face of a seemingly innocent email is regularly to blame.’

Human error, in a variety of ways, said Mr Cotton, often played a part.

Find My iPhone helps users locate and protect their iPhone, iPad, iPod touch, or Mac – if it’s ever lost or stolen.

Despite the claims, it is possible that the photos were not taken via iCloud, but as a result of ‘social engineering’.

This form of hacking works by studying which online services your target uses, before compiling as much information on them as possible, such as their email address, a mother’s maiden name, a date of birth, and more.

This data can then be used to trick them into handing over their details or guess their password. If a celebrity uses the same password across accounts, this would be then make it relatively easy for someone to hack if they had the right information.

But the sheer number of names on the list makes this unlikely – unless a large number of hackers were taking part, and a large number of celebrities had poor password management.

WHAT IS 4CHAN?

4Chan is an image-based forum where users can post photos and videos anonymously, as well as comment on others’ posts.

Registration is not required, nor possible.

The site is split into various boards, each with their own specific content and guidelines.

These include content on music, photography, gaming, comics, fashion and images of celebrities, such as Jennifer Lawrence.

Its main board, called ‘Random’, features minimal rules on what can be posted. It is often where controversial images and videos are uploaded by users.

When it launched in 2003, the site was used to post photos and discuss Japanese anime.

However, it quickly expanded, and is now linked to various internet subcultures and activism.

It has also been linked to a number of high-profile hacks.

In 2006, users of 4chan and other websites ‘raided’ American white nationalist Hal Turner by launching multiple attacks and prank calling his phone-in radio show.

Meanwhile, in 2008, the Yahoo email account of Sarah Palin was hacked by an anonymous 4chan user, before posting her password and screenshots on Wikileaks.

This followed criticism of Palin supposedly using private email accounts for governmental work.

And in May 2009, members of the site attacked YouTube, posting pornographic videos on the site

Other notable services to allow users to access files remotely include Dropbox and Google Drive, which enable users to keep more of their files close to hand without taking up huge amounts of memory on their devices.

When activated, iCloud automatically stores users’ photos, emails, documents and other information in a ‘cloud’, allowing them to sync the data across a range of platforms. These include iPhones, iPads and MacBooks.

Users can then access their information from any internet-connected device using a log-in and password.

On Sunday, the hacker wrote that he or she is accepting Paypal donations for a video which allegedly shows Lawrence performing a sex act.

The hacker also wrote, ‘I know no one will believe me, but i have a short lawrence video

‘Is way too short, a little over 2 minutes and you only get to see her boobs

‘Anyways, if somebody wants it let me know how i can upload it anonymously (i dont want the FBI over me, and you dont wanna know how I got this video.)’

‘Jennifer Lawrence’ became a Twitter trend on Sunday afternoon.

Meanwhile, Perez Hilton has apologised on Twitter for posting some of the naked photos of Lawrence on his blog, saying he feels ‘awful’.

The celebrity blogger, who has since deleted the photos from the site, told his followers: ‘I acted in haste just to get the post up and didn’t really think things through. I’m sorry.’

He added: ‘Upon further reflection and just sitting with my actions, I don’t feel comfortable even keeping the censored photos up. I am removing them.’

A spokesman for Kate Upton sent MailOnline a statement from her attorney, Lawrence Shire, about the leaked photos. ‘This is obviously an outrageous violation of our client Kate Upton’s privacy,’ the statement said.

iCloud secures data by encrypting it when it is sent over the web, storing it in an encrypted format when kept on server, and using secure tokens for authentication (explained above). This suggests the hackers were able to obtain the login credentials of the accounts, and pretend to be the user, in order to bypass this encryption

‘We intend to pursue anyone disseminating or duplicating these illegally obtained images to the fullest extent possible.’

Actress Mary Elizabeth Winstead, who confirmed she was a hacking victim, wrote on Twitter ‘To those of you looking at photos I took with my husband years ago in the privacy of our home, hope you feel great about yourselves.’

She also expressed sympathy for others, tweeting: ‘Knowing those photos were deleted long ago, I can only imagine the creepy effort that went into this. Feeling for everyone who got hacked.’

Winstead implied she was facing difficulties on Twitter on Sunday, when she tweeted ‘Great day for the block button!’

WHAT IS A BRUTE FORCE ATTACK?

Earlier today The Next Web spotted code on Github that would have allowed malicious users to ‘brute force’ an account’s password on Apple iCloud, and in particular its Find my iPhone service.

Brute force, also known as brute force cracking, is a trial-and-error method used by to get plain-text passwords from encrypted data.

Just as a criminal might break into, or ‘crack’ a safe by trying many possible combinations, a brute-force cracking attempt goes through all possible combinations of characters in sequence.

In a six-letter attack, the hacker will start at ‘a’ and end at ‘//////’.

The hackers may have also used ‘social engineering’ techniques to obtain Apple IDs and passwords based on other information they could find.

This includes email address, a mother’s maiden name, a date of birth, and more – all of which is easier to find out about celebrities than the everyday user.

If a celebrity uses the same password across accounts, this would be relatively easy for someone to hack if they had the right information.

Twitter is shutting down accounts that are disseminating the pictures. In response to a request for comment from MailOnline, a Twitter spokesman said: ‘We do not comment on individual accounts, for privacy and security reasons,’ and referred MailOnline to the company’s content boundaries web page.

Photographs that allegedly show Kaley Cuoco-Sweeting, Lea Michele, Brie Larson, Kirsten Dunst, Becca Tobin, Hope Solo, Teresa Palmer, Krysten Ritter, McKayla Maroney, Jessica Brown-Findlay, Ali Michael, and Yvonne Strahovski appeared online.

Some of the women named as alleged victims – but who have not had any of their supposedly nude photographs leaked – include Aubrey Plaza, Candice Swanepoel, Cara Delevingne, Cat Deeley, Hillary Duff, Kelly Brook, Michelle Keegan, Selena Gomez, Rihanna and Vanessa Hudgens.

A spokesman for Keegan, the former Coronation Street actress, said there was no evidence she had been hacked and nothing had appeared online to suggest so.

A rep for Keke Palmer – who was mentioned on the list but whose allegedly ‘nude’ photographs were not leaked – told MailOnline ‘Obviously there is no truth to this list and no nude photos of Ms. Palmer.’

Model Gabi Grecko – also named on the list but of whom, no photographs have been published – told Daily Mail Australia: ‘I feel like anything I didn’t release myself that was accessed without my permission is shameful.’

‘Some people are very private and maybe hugely affected and feel violated because of this. There have also been many suicides connected to non consented photos being released.’

Not all of the nude photographs that have been published are genuine, however.

A spokesman for Ariana Grande told MailOnline photos that claim to show her are fake. Similarly, Nickelodeon star Victoria Justice wrote on Twitter that her image was faked. She tweeted, ‘These so called nudes of me are FAKE people. Let me nip this in the bud right now. *pun intended.*’

Yesterday, Perez Hilton apologied on Twitter for posting some of the naked photos of Lawrence on his blog. The celebrity blogger, who has since deleted the photos, told his followers: ‘I acted in haste to get the post up’

Seth Rogen criticized the hacker on Twitter, writing ‘Posting pics hacked from a cell phone is really no different than selling stolen merchandise.’

‘I obviously am not comparing women to merchandise. Just legally speaking, it shouldn’t be tolerated to repost stolen pics,’ Rogen also tweeted.

A representative of Brazilian model Lisalla Montenegro said: ‘Regrettably Lisalla Montenegro’s name is on the list of hacked celebrities. Thankfully nothing has surfaced.

‘In precaution, the authorities have been informed and Lisalla’s lawyer will pursue anyone duplicating or distributing these stolen images.’

A spokesman for Kelly Brook refused to comment on the hack.

0

Three women are accused of stealing two Rolex watches from a pair of male tourists by hiding the timepieces in two of the suspects’ sex organs.

n-TRIGGS-WARREN-KENNARD-largeThe alleged robberies took place Aug. 17 at the Encore Hotel in Las Vegas. Two of the suspects, Charmella Triggs and Bryanna Warren met one of the victims at a hotel bar.

After some conversation, the group returned to a hotel room that the man was sharing with his friend. The group was soon joined by another suspect, Trinity Kennard. The man’s friend arrived a short time later, according to the Las Vegas Sun.

The victims and suspects then started to have sex, according to the police report. Sometime during the sex, the victims were persuaded to remove their Rolex watches, one valued at $12,000 and the other worth around $4,000.

A short time later, the victims realized their watches were missing.

One of the men chased the suspects down the hall, but backed off when Triggs activated a stun gun near the elevator.

According to the police report, surveillance video shows two of the women hiking up their dresses inside the elevator and inserting foreign objects into their vaginal areas.

Meanwhile, the victims notified security and the women were arrested by Las Vegas Police at the taxi pick-up area of the Encore.

While the women were detained at the hotel, officers recovered a stun gun and one of the watches. Kennard later produced a watch from her sex organ during a strip search at Clark County Detention Center, KPTV TV reports.

The three women were booked on counts of burglary, conspiracy to commit grand larceny and conspiracy to commit robbery, according to KMOV.com.

They are due in court Sept. 3.

Trinity Kennard seems surprised to be behind bars, according to a jailhouse interview she gave to KNTV.

“I thought when stuff like this happens it’s just like a personal thing. I didn’t think police would get involved and I could go to jail,” she said.

This is actually the second vagina smuggling case reported in Las Vegas this year.

In January, Las Vegas masseuse Christina Lafave was accused of snatching a customer’s $35,000 Rolex at the Wynn Las Vegas and concealing it in her vagina.

Pro-tip: When you are meeting your probation officer, do not meet the officer in a stolen electric shopping cart

0

An Albuquerque man was being held in the Bernalillo County Jail Tuesday after police said he drove a stolen electric shopping cart to meet with this probation officer.

Martcart_XtiCourt Documents say Michael Johnson, 18, arrived to meet with his probation officer on Monday at the Metropolitan Courthouse on an electric shopping cart from Walmart.

The probation officer asked Johnson where he got the cart, to which Johnson said he “took it from the Walmart on San Mateo and Zuni,” the documents say.

Johnson was arrested and charged with larceny and receiving stolen property. He violated his probation when he was arrested and is being held on a $500 bond.

Albuquerque police made the arrest and said Tuesday that the cart could have been put to better use.

“The cart was worth over $1,800, and certainly it could have been used by those who needed it more than this man,” APD spokesman Tanner Tixier said.

World’s worst thief? Suspect nets $2 in 4 robbery tries, police say

0

Police have arrested an Edison man in connection with a series of knife-wielding attempted robberies at businesses in Woodbridge last week.

20140806-131104-gJoshua James Pawlak, 27, is accused of entering three businesses armed with a knife, demanding money but fleeing with little or nothing, police said.

Police also have accused Pawlak of entering a fourth business without a weapon and stealing $2.

According to police reports:

A man entered the Forge Inn on Route 9 shortly after 12 p.m. on July 27 and asked how much it cost to rent a room. After being told, he left the business but later returned with a knife and attempted to rob the clerk. He ran off without money, police said.

Later, at about 6:39 p.m., the same suspect entered the La Bonbonniere bakery on Amboy Avenue several times, stealing $2 from a tip jar during his last visit, according to police.

At 4:20 a.m. the next day, the same knife-wielding suspect attempted to rob the Hess Gas Station on West Pond Road but fled without money, police said.

At 10:06 a.m. the same day, the same suspect used a knife during an attempted robbery of a 7-11 Store, also on West Pond Road. He again fled with no money, police said.

Police arrested Pawlak a short time after the last attempted robbery.

Pawlak was charged with three counts of attempted robbery, several weapons possession violations and one count of theft by unlawful taking or disposition.

He was held Tuesday night at the Middlesex County jail on $50,000 bail, no 10 percent option.