More Retailers Change Store Layouts to Combat Surging Theft
'This Safeway is getting weirder and weirder': How one store is redesigning itself to halt shoplifting
The automatic gates, added to the Safeway at 2020 Market St., let customers easily enter the store but swing quickly shut behind them, preventing would-be thieves from dashing out with shopping carts full of stolen items.

The supermarket also has added barriers around its self-checkout area, funneling customers through only one exit. Checkout aisles that aren't staffed are blocked with large physical barriers rather than just a cord, and the entire side entrance to the store has been closed and blocked off by a large display of plastic water bottles.

Safeway executives said that the new security measures were a response to what it says is increased shoplifting at the locale.

"Like other local businesses, we are working on ways to curtail escalating theft to ensure the wellbeing of our employees and to foster a welcoming environment for our customers. Their safety remains our top priority," Wendy Gutshall, director of public and government affairs for Safeway's Northern California Division, said in an emailed statement. "These long-planned security improvements were implemented with those goals in mind."

The company did not respond to queries on whether it plans to roll out the security barriers and other anti-shoplifting measures at other stores in San Francisco or the Bay Area.

Safeway's move comes after the same market cut its hours in October - now closing at 9 p.m, the earliest of any of the chain's locations in San Francisco - again due to shoplifting, the store said. It also comes amid fierce public debate over retail theft and property crime in San Francisco, as large chain stores such as Walgreens and Target are closing stores or cutting hours due to alleged increases in theft, and after stores across the Bay Area suffered from a series of high-profile smash-and-grab robberies in November.

San Francisco Supervisor Rafael Mandelman, whose district includes the Market Street Safeway, said that theft at the store is "out of control" and "absolutely" on the rise.

The gates and barriers are far from the only security measures at the Safeway - like many other retailers in the city, the store has long had guards by the entrance, and it keeps items like toiletries, air fresheners, candles and some alcohol locked behind plexiglass barriers, requiring customers to ring a button for a staffer to retrieve items. sfchronicle.com

Law Enforcement Calls On Retailers to Beef Up Security
Austin police give safety advice after rise in retail crime gangs
Recent videos of brazen burglaries across the country show thieves breaking into retail stores and taking off with thousands of dollars worth of goods within a matter of minutes.

Designer clothes, laundry detergent, razors and designer handbags were among the top items stolen by organized retail gangs in 2020. The National Retail Federation created the list after a survey of 61 businesses across the country targeted by organized retail criminals.

"We can't be everywhere at one time," said Sgt. Joshua Griggers with the Austin Police Department's Robbery Unit.

In his 13 years with APD, "we've had organized theft rings here in the past. We've had some this year as well, but not to the scale of 30 to 40 cars rolling in and burglarizing some of these places," said Griggers.

With Austin's recent spike in homicides and aggravated robberies, Griggers said it's important police, businesses and customers be prepared for a possible rise in organized retail crime with the following advice.

"For the businesses out there, if you don't have surveillance video, consider getting it. Make sure the video retention is set long enough to where if an incident occurs, we have plenty of time to get that video before it falls off the server."

"To any employees or patrons inside, I would say be a good witness. What I mean by that is not put yourself in harm's way. Do not confront these people if they have weapons or threats that they have weapons. If you can, take video discretely. Get a good detailed description of the suspect's vehicle or anything that seems out of the norm."

Griggers also stressed witnesses call 911 and not 311 for a burglary in progress. kxan.com

Retail Crime & Safety Concerns in Cities Across the Country
Georgia retail organization voices concern for safety after fatal robbery
A local group of businessmen are speaking out about safety concerns in light of the fatal robbery that occurred on Monday. These men own local gas stations and liquor stores. They are part of the Columbus Retail Organization.

They say they don't feel safe in the Fountain City considering one of their own was shot and robbed in a bank parking lot right next to a police precinct.

News Leader 9 caught up with them at Warehouse 9 on 9th Street in Columbus as they met this afternoon and talked about the sad reality of losing Amit Patel and how they can move forward as business owners and remain safe.

"As business owners we need to be more careful based on the incidents that have happened today and in the past. We do feel strongly there may be a role that police can step up and investigate some of the cases a little more closely," said one of the members of the Columbus Retail Organization.

You may recall on November 19, another Columbus business owner was shot in the arm during a robbery. Like Amit Patel, he too was trying to make a business deposit at the Suntrust Bank, now Truist on Auburn Avenue. He survived. wtvm.com

Double Whammy of Rampant Retail Theft & Inflation
Convenience store owner warns frequent thefts are driving prices up

Convenience store owners are well beyond weary of the ceaseless thieves plaguing their stores.

"It's insane," said Nagra. "The impact for us only means higher prices for us all. That's why we should all be concerned on top of this inflation, costs additionally go up to cover theft losses."

He's hoping that Proposition 47, which changed several felonies to misdemeanors, will be repealed. There was an effort to effectively do that in 2020 with Proposition 20, but voters didn't approve the measure.

Store owners, law enforcement officers, and prosecutors have blamed an emboldening of criminals on Propositions 47 and 57, along with AB-109. Governor Newsom recently said Proposition 47 has actually reduced crime, and that law enforcement officers and prosecutors are to blame for crime rates. kmph.com

Philly's Progressive DA Shrugs Off Crime Amid Deadliest Year in City's History
'We don't have a crisis of crime.' DA Larry Krasner says Philly tourists should feel safe despite a record number of killings

The prosecutor blamed news coverage and stressed non-gun violence is down.

Philadelphia District Attorney Larry Krasner on Monday pushed back on the notion that the city is gripped by a violent crime crisis, despite a record number of homicides in what has become the most deadly year in its history.

Krasner insisted that while gun violence is up, other violent crime categories are down.

"We don't have a crisis of lawlessness, we don't have a crisis of crime, we don't have a crisis of violence," the district attorney said at his weekly news briefing in South Philadelphia, noting that violent crimes committed without guns are down. "It's important that we don't let this become mushy and bleed into the notion that there is some kind of big spike in crime."

As of Monday morning, the city had recorded 521 homicides, up from 462 at this time last year, according to the police department. Shooting incidents are up 4.4% while robberies with guns are up 24.7%.

But other robberies are down 13.8%, rapes are down 11%; aggravated assaults are down 7.1%. And while household burglaries are up 1%, commercial burglaries are down 55.1%, according to the police department.

Krasner said it was important to recognize the distinctions between rising gun violence and all other violent crimes. inquirer.com

U.S. Attorney's Office Provides Update on Federal Prosecutions and Ongoing Strategies To Combat Violent Crime in Chicago
John R. Lausch, Jr., United States Attorney for the Northern District of Illinois, today provided an update on federal prosecutions and strategies to combat violent crime in Chicago and the surrounding area.

The centerpiece of the Department of Justice's violent crime reduction efforts continues to be Project Safe Neighborhoods (PSN). PSN is an evidence-based program proven to be effective at reducing violent crime.

The Department of Justice this summer announced the formation of five cross-jurisdictional strike forces, one of which is based in Chicago and led by the U.S. Attorney Lausch, to help reduce gun violence by disrupting illegal firearms trafficking. As part of the Chicago strike force, the U.S. Attorney's Office collaborates with the U.S. Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF) and other federal, state, and local law enforcement partners in the Northern District of Illinois and across the country to help stem the supply of illegally trafficked firearms and identify patterns, leads, and potential suspects in violent gun crimes. The Chicago strike force's efforts have been substantially enhanced by the Chicago Police Department's (CPD's) recently created Gun Investigations Team.

In addition to a sustained focus on prosecutions of federal firearm offenses, the U.S. Attorney's Office endeavors to disrupt violent crime by seeking pre-trial detention for defendants who pose a danger to the community and pursuing appropriate prison sentences to deter dangerous individuals from continuing to cause violence in their communities. justice.gov

5-Minute Audio Story
LISTEN: How online markets may be contributing to organized retail crime
Brazen shoplifting is caught on video, but hard numbers for shoplifting don't really exist. Nonetheless, merchants say it's growing fast and online retailers are partly to blame.

Oceanside PD Launches Task Force Amid Rising Smash-and-Grab Thefts

Amid rise in homicides, Ohio proposes $250M of COVID relief aid for police, first responders

Waging War on Ransomware Groups - Literally
US Military Has Acted Against Ransomware Groups: Report

Gen. Paul Nakasoke, head of US Cyber Command and director of the NSA, said the military has taken offensive action against ransomware groups.

The US military has taken offensive action against ransomware groups, said Gen. Paul Nakasone, head of US Cyber Command and director of the National Security Agency (NSA), according to new reports.

His comments indicate the military is willing to take steps in fighting cybercriminal groups that launch ransomware attacks on US businesses, and not just nation-state actors. Attacks such as those on Colonial Pipeline and JBS show that criminal groups can affect critical infrastructure, Gen. Nakasone said in comments reported by the New York Times this weekend.

To fight these types of attacks, Cyber Command, the NSA, and other agencies have focused on collecting intelligence on ransomware attackers and sharing it with both the government and international partners, says the report, which calls this "a more aggressive, better coordinated approach" against the ransomware threat.

While he did not specify which offensive actions were taken, or the groups they were taken against, Gen. Nakasone did say one goal was to "impose costs," which is "an important piece that we should always be mindful of." darkreading.com

From Russia With Love
Russian Actors Behind SolarWinds Attack Hit Global Business & Government Targets

Clusters of activity associated with the attack group behind last year's supply chain breach reveal novel techniques, researchers say.

One year after the discovery of the 2021 SolarWinds supply chain compromise, security researchers report two clusters of suspected Russian attack activity targeting global businesses and governments. Both are associated with the group behind the SolarWinds attack campaign.

The findings come from Mandiant, which has been tracking the activity in 2021 and reports "an adaptable and evolving threat" using novel tactics, techniques, and procedures (TTPs) to breach victims, collect data, and move laterally. The attackers associated with the SolarWinds incident have breached multiple entities, including cloud service providers (CSPs), and they continue to evolve.

Mandiant tracks the two clusters of activity as UNC3004 and UNC2652; it says both are linked to the group it tracks as UNC2452, also referred to as Nobelium by Microsoft.

"We are confident in saying that these clusters - maybe it means there are different teams or units, we don't really know - they are all associated with [the] SolarWinds threat actor," says Doug Bienstock, manager of incident response at Mandiant, in an interview with Dark Reading.

In most cases, post-compromise activity included theft of data relevant to Russian interests, Mandiant researchers wrote in a blog post. In some, the theft seemed primarily meant to create routes to access other victim environments. Targets included NGOs, government entities, and consulting organizations that are involved with, or could align with, Russian interests. So far, Mandiant is aware of two to three dozen targets compromised by this activity in 2021.

When they accessed service provider environments, and downstream customers to a lesser degree, they were interested in credentials that would allow continued high-level permissions in both of those environments, Bienstock says. When targeting service providers, they sought credentials that would allow them to move from the service provider's network down into their customers' networks.

Once successfully in a customer environment, they were after confidential data that aligned with Russian interests or could help them further those interests, Bienstock explained. darkreading.com

2022 and the Threat Landscape
The Top 5 Future Cybersecurity Challenges
Digital adoption has rapidly accelerated and as a result, the threat surface has also expanded. As we look ahead to 2022, there will be new and evolving cybersecurity challenges on the horizon for CISOs.

There are five big trends that I see defining the market in 2022 that security professionals should pay attention to:

1. The rise of the "assume-breach" mindset

Digital transformation has been a major priority for business over the last few years. More recently, part of this journey has included the adoption of a hybrid work approach. This is a trend that I see continuing into the coming year and beyond as more organizations explore "work from anywhere" scenarios.

2. Innovation and new risk in 5G

Over the next year, more organizations will be looking to invest in 5G technology to gain greater connectivity capabilities. 5G adoption will enable them to create new value from existing core network assets and put their businesses on the digital transformation roadmap. Organizations need to ensure they are protected from all 5G associated risk. Otherwise, they face losing out on the benefits of a connected future.

3. Customization, personalization and getting personal with phishing tactics

Organizations have increased staff training and awareness as phishing scams have become more of a common occurrence. As a result, users now have a greater vigilance and can detect the most common phishing scams. To overcome this, attackers are evolving their strategies to make their attempts appear more authentic.

4. Hackers will go for gold at the Beijing Olympics

Hackers will use the upcoming Beijing Olympics as an opportunity to breach the personal accounts of athletes and find incriminating email exchanges that can be leveraged in blackmail attempts.

5. The enterprise API ecosystem will show its vulnerabilities

Throughout 2022, hackers will increase the number of attacks that involve the lateral movement concept. They will use this concept for internal networks and apply it to an entire partner network using misconfigured enterprise APIs. This will enable threat actors to gain access into a company's extended ecosystem. helpnetsecurity.com

"Access-as-a-Service"
Cybercrime supply chain: Fueling the rise in ransomware
Trend Micro released a research detailing the murky cybercrime supply chain behind much of the recent surge in ransomware attacks. Demand has increased so much over the past two years that many cybercriminal markets now have their own "Access-as-a-Service" sections.

"Media and corporate cybersecurity attention have been focused only on the ransomware payload when we need to focus first on mitigating the activity of initial access brokers," said David Sancho, senior threat researcher for Trend Micro.

"Incident responders often need to investigate two or more overlapping attack chains to identify the root cause of a ransomware attack, which often complicates the overall IR process. Teams could get ahead of this issue by monitoring for activity by access brokers who steal and sell enterprise network access - essentially cutting off the supply for ransomware actors."

The research is based on an analysis of over 900 access broker listings from January through August 2021 across multiple English and Russian language-based cybercrime forums.

Education was the most frequently featured sector, accounting for 36% of advertisements-more than triple the second and third most targeted industries, manufacturing, and professional services, which both account for 11%. helpnetsecurity.com

Microsoft Seizes Malicious Websites Used by Prolific Chinese APT Group
 

Online Shopping Bots
Politicians want to ban bot-fueled online shopping. Experts agree.
You have to start somewhere, even if that occasionally means right back at square one. That seems to be the thinking of a coalition of U.S. lawmakers who, on Monday, reintroduced proposed legislation seeking to prevent automated bot accounts from dominating online sales. Dubbed the Stopping Grinch Bots Act, the measure aims to prevent what are in effect scalpers for physical goods ahead of the holiday season.

"New tools are needed to block cyber scammers who snap up supplies of popular toys and resell them at astronomic prices," Senator Richard Blumenthal of Connecticut, one of the bill's four Democratic sponsors, is quoted as saying in an accompanying press release.

And while the spirit of the Stopping Grinch Bots Act may be in the right place, as it was the first time it was introduced in 2019 before dying in the House, experts who support the effort caution that, without strong follow-through from officials like the Federal Trade Commission, it may not be enough to combat a problem exemplified by sold-out Nintendo Switches and impossible-to-score PS5s.

So observed John Breyault, the vice president of public policy, telecommunications, and fraud at the consumer advocacy-focused National Consumers League, over email. Speaking of the similar 2016 Better Online Ticket Sales (BOTS) Act, which was signed into law by former President Barack Obama and seeks to prevent automated ticket scalping, Breyault acknowledged the difficult task of preventing bot-powered scalping and markups.

Indeed, without proper enforcement mechanisms measures like the Stopping Grinch Bots Act are destined to languish - that's assuming they even get signed into law in the first place. mashable.com

E-Commerce Boom Fuels 'By Now, Pay Later'
Buy now pay later boom shows no signs of slowing this holiday season

The credit card alternative has exploded in popularity as online shopping has boomed during the pandemic and more retailers and payment providers have adopted it.

Shoppers have flocked to the option over the last year as online shopping has surged amid the pandemic, benefiting fintech companies like Affirm, Klarna, and Square's Afterpay, while also prompting other payment platforms like PayPal to move further in that direction and threatening banks and credit card companies.

Use of BNPL poised to grow this holiday season, according to a recent CNBC survey.

Seven percent of shoppers said they will be using BNPL for holiday purchases this year, according to the CNBC/Momentive Small Business Survey for Small Business Saturday. The survey was conducted by Momentive from Nov. 10 to Nov. 12 and included 2,744 respondents.

While that 7% still pares in comparison to other traditional payment methods - 55% of shoppers say that will use debit cards, 51% will pay with credit cards, and 43% say they will use cash - experts say that percentage could easily be doubled or tripled in the next year. cnbc.com

DOJ: Former Netflix engineer gets 2 yrs. prison for $3M insider trading
Seattle - A former Netflix software engineer, and his best friend and co-conspirator were sentenced today in U.S. District Court in Seattle for securities fraud for their roles in an insider trading ring that generated more than $3 million in illegal proceeds, announced U.S. Attorney Nick Brown. Sung Mo Jun, 49, of Bellevue, Washington, was sentenced to 2 years in prison and a $15,000 fine. His friend and co-conspirator Junwoo Chon, 50, of Bellevue, Washington, was sentenced to 14 months in prison and a $10,000 fine. justice.gov

DOJ: Brooklyn Man Arrested, Charged With Hacking Into Online Accounts Of Wegmans Customers
ROCHESTER, N.Y.-Maurice Sheftall, 23, of Brooklyn, NY, was arrested and charged by criminal complaint with fraud and related activity in connection with computers and wire fraud. The charges carry a maximum penalty of 20 years in prison and a $250,000 fine.

The defendant is accused of obtaining the credentials, including logins and passwords, of customers who had accounts on the wegmans.com website. Sheftall attempted to access approximately 74 different customer accounts, with approximately 59 of these attempts proving successful. Subsequently, the defendant placed approximately 25 fraudulent orders of groceries and other goods, totaling approximately $10,000. justice.gov

Amazon makes own shipping containers & waiting as little as 2 days outside ports

DOJ: Baltimore Man Gets 1 Yr Fed. Prison for Conspiring to Sell Stolen Goods & Tax Fraud

Selling Stolen Apple Products Intended for Under Privileged Children;
Allowed Friends to Sell More Than $3M in Stolen Goods on His eBay Account

James Bender, age 36, of Baltimore, Maryland to one year and one day in federal prison, six months of home detention, and three years of supervised release, for federal conspiracy and tax fraud charges.

According to his guilty plea, from 2014 through August 2019, Bender controlled three eBay accounts, in the names of HiddenGemFurniture (HGF), EddiesAffordableGear (EAG), and AffordableGoodies4You (AG). EAG and AG offered sports-related merchandise for sale, including jerseys and shirts. Bender also used, operated, and controlled related PayPal account.

Bender admitted that beginning in 2014 he agreed to allow a good friend and co-defendant, Saurabh Chawla, and a relative of Chawla's, SC2, to sell goods and merchandise through Bender's eBay accounts. Chawla's eBay account had previously been suspended due to security concerns. From May 2014 through August 2019, Bender and Chawla conspired so Chawla could use Bender's eBay and PayPal accounts to sell stolen goods and merchandise. Bender made over $10,000 a year from the scheme.

More than $3 million of these goods and merchandise had been stolen, including more than $125,000 of iPods that had been stolen from a New Mexico school district and intended for underprivileged children. In 2018, Chawla and Bender sold more than $550,000 of goods and merchandise that had been stolen from a Delaware FedEx facility.

Co-defendants Saurabh Chawla, age 36, of Aurora, Colorado and Joseph Kukta, age 45 of Laurel, Delaware, were sentenced to 66 months and 42 months in federal prison; respectively. justice.gov

DOJ: Hartford Man Gets 15 Months Federal Prison for Role in Northeast "Grab and Go" Theft Scheme
ANDRES BARCLETT, also known as "Coolie," 27, of Hartford, was sentenced to 15 months of imprisonment, followed by two years of supervised release, for participating in an extensive commercial larceny spree.

Barclett was part of a network of individuals who in 2019 and 2020 committed more than 50 grab and go thefts from Polo Ralph Lauren, T.J. Maxx, Balenciaga, Burberry, Macy's, Marshalls, Dick's Sporting Goods, Tommy Hilfiger, Sephora and other stores in Connecticut, Massachusetts, New Hampshire, Vermont, and New York. They then transported the stolen merchandise to Connecticut and sold the items on the internet or the street.

Barclett participated in at least 13 thefts resulting in losses of more than $50,000. Judge Bryant ordered Barclett to pay $19,968.85 in restitution. justice.gov

DOJ: California Man Charged in Scheme Involving Over $300,000 in Fraudulent Purchases from Home Depot
JONATHAN orPilla SINLAO, age 36, a resident of San Jose, California, was charged on November 12, 2021 in an eight-count indictment arising out of a scheme to make numerous unauthorized credit card purchases at Home Depot stores.

According to Court documents, SINLAO conspired with others to conduct over $300,000 in unauthorized purchases of gift cards and products at Home Depot stores using customers' Citibank credit card numbers. These transactions occurred between at least February of 2019 and July of 2019 at Home Depot stores in Louisiana, Florida, Texas, Arizona, California, New York, and Oklahoma. justice.gov

Update: Redondo Beach, CA: 2 Arrested In Redondo Beach Thefts; Video Released Of Bear Spray Attack On Security Guard At Topanga Mall
Police agencies in Southern California working overtime to crackdown on the rash of retail thefts that have recently plagued Southern California's shopping malls. Redondo Beach police say they've made two arrests in connection with recent thefts at the Galleria mall. Malik Trevon Oaks, 23, and 26-year-old Khristian Jamol Clayton Phillips were arrested Saturday while allegedly leaving a store on Hawthorne Boulevard with approximately $2,400 in stolen merchandise. Investigators say they've connected the two men with a group that has targeted a specific retailer on several occasions and have stolen in excess of $15,000 in merchandise since Nov. 5. The same group is believed to have committed similar thefts in Los Angeles and Orange County. losangeles.cbslocal.com

Clovis, CA: Police looking for 2 suspects who robbed ULTA Beauty store
Police are searching for a man and woman who stole thousands of dollars worth of goods from an ULTA Beauty store in Clovis. Officers say just before 2 pm on Sunday, the pair entered the ULTA on Herndon and Sunnyside. They walked in with garbage bags and began filling them with whatever they could get their hands on. They left the store in a hurry and police have not released any other description of them at this time. abc30.com

Mesquite, TX: Fuel theft ring shut down by Mesquite Police
Police in Mesquite arrested three men Monday, Nov. 29 they say were caught in the act of credit card fraud at a local gas station. Police say the men were using stolen credit card information and a mobile credit card forgery lab to pump large quantities of gas into modified trucks. Police arrested 41-year-old Dayner Martin Fuentes, 41-year-old Silvio Ramos Fernandez, and 30-year-old Danilo Valdes Berbes on multiple felony charges including conspiracy to commit burglary. All three men are from Las Vegas. It was an observant gas station employee who noticed the same three men fueling the same trucks with large amounts of gas. The employee called police and officers arrived and caught the men at the gas station. Mesquite Police Chief MaQuade Chesley said, "Because of an observant gas station employee, three more felons are out of Mesquite and not victimizing hard-working people and businesses. This incident showcases the incredible cooperation we have with the public and the dedication and considerable effort our officers and detectives put into protecting our great city." 8newsnow.com

DOJ: Essex County Postal Employee Arrested for Mail Theft
NEWARK, N.J. - A U.S. Postal Service (USPS) employee was arrested today for stealing mail, including stealing credit cards and stimulus checks. Parrish Brookins, 29, of East Orange, New Jersey.

From January 2021 to July 2021, certain credit cards addressed to third-party victims and mailed to addresses on postal routes in Verona and Montclair, New Jersey, were stolen on or about the same dates that Brookins was delivering mail on those routes. These credit cards subsequently were activated by Brookins and others and used to make and attempt to make fraudulent purchases in New Jersey and elsewhere. justice.gov

Royal Oak, MI: $60K computer taken in burglary
Someone broke into the Synergies Tech, a computer and mobile phone service and repair store, and stole a computer worth $60,000. Police said the owner was still doing an inventory to determine what other items were missing. Other items taken in the heist, reported Nov. 26, included tools and equipment. Someone got into the business after drilling through locks to the computer store, police said. dailytribune.com

Levittown, NY: Police investigate $5,000 theft
A total of $5,100 worth of merchandise was stolen from the Dicks Sporting Goods on Commerce Boulevard. The four suspects fled in a silver sedan with a New Jersey temporary tag. A second vehicle with temporary New Jersey tags was involved. levittownnow.com

Royal Oak, MI: Ulta Beauty cologne thief may be a repeater
Royal Oak police are investigating whether a woman arrested in October for stealing cologne at Ulta Beauty returned last week and stole another $760 worth of fragrances. A woman was arrested Oct. 12 for stealing cologne at the store, 27844 Woodward Ave. Employees at the store told police Nov. 29 that a woman matching the description of the suspect in the October theft returned and stole hundreds of dollars worth of fragrances and fled. dailytribune.com

Danville, CA: Ace Hardware employee injured as shoplifter fleeing with $1100 of merchandise

San Francisco, CA: Woman charged with stealing $40,000 in merchandise from an S.F. Target arrested again for theft