It's Their Life!
Predators are now using cell phones and text messaging to reach their intended victims. Preteens and teens are more likely to respond to an unknown text message than an e-mail or IM online. How do they find their number, though? Easy! Teens post their cell number on their away messages and give it out on their social networking profiles. (18% of the teen profiles in a study conducted by WiredSafety had their cell phones open to their network or the public from their profiles. And 26% linked from their profile to another website, profile or online post that contained their cell number.) They also lose their cell phones that have their friends' numbers and contact info and pics on it. But not all "lost" phones are really lost. Predators look for unattended cell phones to grab for lists of preteens and young teens to contact.
In a recent poll conducted by Harris Interactive for the CTIA (the wireless trade association) [http://files.ctia.org/pdf/HI_TeenMobileStudy_ResearchReport.pdf], 80% of teens said they want a more secure phone, where they are the only ones who can access their data. They also said that almost half use the cell phone primarily for making calls, and almost 40% said they use it for texting. Almost 20% of them to take or send pictures to each other. Only 28% have web-capability on their phones. And when they do, they use it for e-mail, checking weather, social networking and for sports scores.
About half of the teens polled said that their cell phone has improved the quality of their lives, improved their communication with friends by making it a richer experience and improved their social lives. Almost all of them said that their cell phone is how they stay in touch and 78% of them said it made them feel safer. Most have used it to get a ride when they needed it and 1/3 used it to help someone else in need.
Out of the top four things teens said help determine their social status (clothes, jewelry, shoes and cell phones), cell phones ranked second. And more females between the ages of 13 and 17 texted more than talked on their cell phones. And half of the teens said they could text blindfolded!
In polls conducted by WiredSafety, 24% teens sleep with their cell phones so they won't miss a text message or call. (Some use it as an alarm clock, with parental permission.) And 12% know of someone whose boyfriend broke up with them by text message. Sixty-five percent have sent a text message that was misunderstood by the recipient or sent to the wrong person. Forty percent received a text message from someone they didn't recognize or didn't know and 52% have received a text message promoting a product, service or website. And more than 80% have gotten into trouble for high cell phone bills or for losing or breaking their phone.
The more you know about why your kids, tweens and teens want a cell phone and why you want them to have one (or don't), the better choices you can make. Finding the right fit of device, plan and rules for each of your children isn't an art. But in the end, you have to be comfortable with the choices. Just remember, one of those choices is "not yet!"
Wired Safety Security
We are an all-volunteer help program, and can give you information about how to avoid becoming a cyberstalking victim, and how to surf more safely. You should always, though, in addition to seeking our help or the help of other groups, contact your local law enforcement agency directly, and immediately. Cyberstalkers can become offline stalkers, and this is all about your safety. If there is an indication that the stalker has your home address or telephone number, or perhaps other information that would allow them to find you offline, you should report this immediately to your local law enforcement agency. We will not agree to help you, until you have confirmed that you have done that.
WiredSafety's Security Tutorial
So everybody in the Wired Safety environment has to be vigilant on our systems. Like it or not, everybody's PC is now part of the Wired Safety network. We need to practice what we preach. Here are some common threats to look out for.
- Maintain physical security. If untrusted people can sit at your computer, plug in external media and access the Internet, there is no security. That's why commercial servers are locked in cages with limited access. Sometime they are kept in a dark room without monitors or keyboards. You don't have to go to those extremes, but be alert to who is on the computer and what they are doing. For kids, create regular user accounts. That way, if they click on something bad, it won't work, since you must have admin permissions to install software or make system changes. If there are strangers coming, if you are leaving for a while or any other scenario that involves computer use in your absence, make sure you aren't leaving a big hole for something to drive through.
- Be password smart. I know everybody has heard it, but it continues to be a problem everywhere. In most cases, the password is the only security you have. Use strong passwords, have different ones for different accounts and keep them to yourself. If there are multiple users on the machine, don't stay logged in. Hacking a strong password is easier said than done. When a victim comes to us and says their e-mail or Facebook password has been hacked, that means they have a weak password or they shared it with someone or they have their life story on the Internet or they have a keystroke logger on their machine. A strong password is at least eight characters and contains upper and lower case letters, numbers and special (ASCII) symbols like & and #.
- Use the best and most advanced security suite you can find. The line between viruses, worms. trojans, etc has become increasing blurred. So have attack vectors. Modern security suites have evolved to meet this blended threat. Increasingly, these security suites are offered for free or are very reasonably priced. Even if you have a security suite already, you should consider updating to a new one if it's more than a couple of years old. Updating older versions can only carry protection so far and will rarely be as aggressive and effective as the newest stuff because of new detection algorithms.
Message from Parry: We are negotiating with leading security software providers to get a donation of security suite products for all active volunteers receiving official communications for WS. In the meantime, you can download McAfee's security suite without charge for 6 months from Facebook,com/mcafee if you have a FB account.
We ask that all volunteers run a thorough security scan as well. In addition to your regular security scanner, it's always good to run a 3rd party scanner also. Here's a link to a good one and it's free -http://www.malwarebytes.org/products/malwarebytes_free
If something is detected, you should assume your password has been compromised. Scanners eliminate threats depending on how you set them up. Keep cleaning and scanning until you get a clean machine. Then change your password.
Since so many of our problems involve Facebook, you should check out the security feature that allows FB users to authenticate specific devices. This is not a perfect solution and while it does prevent unauthorized logins, it can also limit access to legitimate users. You can check out the pros and cons HERE and HERE.
- Limit personal information in the Internet. If you put your life story out there, you can't be shocked or surprised when somebody uses it against you. This is the single biggest cause of problems on the Internet. The lower the profile, the better. Limit the amount and types of information out there and who can see it. Obviously, there are going to be varying degrees of this. Parry, in her position as the head of Wired Safety, is going to have a lot more than I do. If you are going to work cases, especially some of the dicey ones, you need to cover your tracks. This is the first step.
- Keep patches up to date. This is the single most effective security measure you can take. Plus it's free and can be completely automated. Be sure to patch and update applications as well as your operating system. These patches close holes created by the vulnerabilities mentioned a few paragraphs up. It can save you a lot of misery. Code Red, Melissa and I Love You are examples of malware that wreaked havoc world-wide by exploiting holes that had patches issued weeks before. Now instead of weeks, the exploits are coming in days - sometime even on the same day. Timely patching is critical.
- Use the security features built into software and hardware. Software developers and hardware manufacturers have come a long way in incorporating security into their products. However, there's no such thing as set and forget out-of-the-box security and there probably never will be. If you are going to use Facebook or wireless routers or wifi hotspots or gmail or shop online or IM or Twitter or Norton Anti-virus, you need to learn the security tools and features that come with those programs and use them. Again, we have to practice what we preach. If you have a question about how something works, Google it. To work cases and help people, you must become proficient on the most commonly used/abused platforms.
- Don't trust anything. The obvious ones are easy - hot Russian babes, Viagra, Rolex watches. But what about something that shows up with your name on it? Or from someone you know? Or has some official sounding subject line? Or so-and-so has sent you an e-card? My personal practice and my recommendation to you - permanently delete it using SHIFT+DEL. If it's someone you know, they'll get back to you. No legitimate organization will ever use e-mail to request confirmation of personal information like passwords and account numbers. Nor will they use it to send official correspondence, like audit notifications or license violations. Those carrot-and-stick approaches are called phishing or spear-phishing and they are rampant on the Internet, just waiting for someone to get sucked in and open a Pandora's Box. With e-mail, you have a safety valve. You can usually open an e-mail without getting into trouble. It's clicking on a link that does the damage. On other platforms, like IM and Twitter, that safety valve is gone. Never accept or click on links from P2P or social networking sites - even from your friends. You don't know where it came from. Better to copy it down, enter it into a Google search line and see where it goes. Occasionally, I've had to investigate a bad link to confirm its source or coding. I do that in a virtual machine that I use once and instead of clicking, I open it in Notepad with an EDIT function. That way, it doesn't execute. You will not have to go to those lengths in Wired Safety, at least not alone. Suffice it to say for our purposes as practitioners of security best practices, if it looks fishy, sounds fishy or is too good to be true, error on the side of caution and dump it.
It's hard to believe that the Internet as we know it is less than 20 years old. Even though the Internet has been around since the late 1960's, it wasn't available to the public until 1993. The first crude browser, called Mosaic, came out in 1994 and the public Internet was off and running.
The original Internet was designed by academics for academics. It was conceived and implemented to provide a communications network that could survive a nuclear war and allow a re-constituted government to communicate with the military, academia and other key players. To accomplish this, the system had to be dispersed and redundant so that the destruction of nodes wouldn't disrupt the entire system. That dispersion and redundancy is the great strength of the Internet. Witness protestors in the Middle East "tweeting" what's happening in their countries even as their governments attempt to shut down the Internet.
That dispersion and redundancy are also the Internet's greatest weaknesses. There was never any intention to have the public on the Internet and there was never any security built into it. The original Internet implementation assumed a benign environment where willing group collaboration was the norm.
Well, it didn't take long for that model to disintegrate and threats have been with us ever since. Every security feature built into the Internet is an add-on, usually in response to some detected vulnerability somewhere. So if you view the Internet as the big lash up that it really is, it's a wonder we don't have more problems than we do.
Back in the good ole days, networks were a lot easier to secure because their boundaries were easily defined. Your network was where your hardware and wiring were. Then along came ATM's, cell phones, USB sticks, I-pods and other kinds of network capable external devices that could be plugged into a "secure" network and interact with it any time and anywhere. Now your network is where your data is, whether it be on a locked server, a virtual machine, the cloud or somebody's thumb drive.
So the security of any network can be compromised by the innocent actions of one person, such as plugging in some outside device or using some external program. If the device or program are infected and compromise the system, that is called an "inside job". It's almost impossible to defend against and very difficult to trace. It is, however, relatively easy to prevent.
As network security has improved over the years, getting in through the perimeter has become tougher to do. That's why the inside job has become so prevalent in today's security environment. Innocent people are unwittingly recruited for this through "social engineering". This is where someone is enticed or fooled into clicking something that loads an attack payload on their hardware. These socially engineered inside jobs are the preferred attack vector now for the bad guys.
The malware associated with these types of attacks typically has three components - a keystroke logger, a mail contact harvester and a remote control agent. Called a blended threat, they allow a malicious program to gather passwords, send itself to other emails and stand by for further instructions from a central server.
The bad guys have also evolved. Teenaged script kiddies are still around, but the dominant force in malware is organized crime syndicates, with Russia and eastern Europe being the main centers of this. Malware is big business with a lot of money involved. Likewise, nation-states engage in their own brand of cyber warfare. The Iranian nuclear program has been set back years by the STUXNET worm - and nobody knows for sure where it came from or how it got into their system.
Digital Self-Defense Overview
Many cases of cyberbullying, cyberstalking and other kinds of cyberabuse can be avoided if you practice digital self-defense. It is much harder to stop cyberharassment once it has begun than to prevent it in the first place. The actions you can take fall into five major categories:
- Digital Hygiene;
- Just Say No!;
- Act Fast; and,
- Keep an Eye Out.
1. Digital Hygiene
No, this isn't about new electric toothbrushes and better flossing. This is about keeping your digital devices secure and controlling unwanted access. A big part of digital hygiene is keeping your computer free of spyware. You can pick up spyware by clicking on a link, downloading something or accepting a file. They can be hidden inside another file, posing as a picture or application, as well. And if someone has access to your device, they can be installed directly to your computer when you aren't looking.
Spyware. There are several different kinds of technologies that can be used to "spy" on you using your computer and other digital devices. Some ("keystroke loggers") report back to the person who sent it to you with everything you type, including your passwords, login information, pictures, posts, emails, instant messages, chat logs and credit card numbers. Others ("Trojan horses") can give someone else access to your computer by remote control, allowing them to access everything you have on your hard drive, erase files, control your webcam and audio recording technologies and reach out to anyone on your contact list. A good security suite offered by a well-known security software provider will help spot and remove most spyware.
Passwords. Use passwords to lock your computer when you are not sitting at your keyboard, too. You never know who will access it when you aren't looking and install spyware or just sneak a peek. Cell phones and other handheld devices often permit you to set a password or a "lock code" that will prevent someone from accessing your contacts, photos, reading your messages or being able to use your cell or mobile device.
Settings. As important as preventing spyware and computer intrusions is keeping the "bad guys" from harassing you or being able to contact you. Each device or program has privacy, security and personal settings. They can limit those who can see your profile, pics or personal information, like Facebook's privacy settings (facebook.com/privacy). They can also either block certain people or accounts. These include the "ignore", "block sender" or "block user" settings and work to block specific people. Others limit everyone except for those you want to hear from. If the person isn't on your friends list or buddy list, they can't call you, text you, IM you or poke you.
Cell Phone Security. Check and see if your cell phone service provider or manufacturer (Verizon Wireless and AT&T Wireless are service providers, and Apple and LG are cell phone manufacturers) offer settings, blocks or report abuse options. Ask them if they have privacy settings that allow you to block all incoming calls and texts except for those on a pre-approved friends list or features that help you handle digital abuse.
We send tons if IMs and texts at the same time we are talking to friends in RL (real life). It's understandable that we will end up sending a message to the wrong person by accident, or leave out words or emoticons that let them know what we really meant. And a misunderstood message or a message in the wrong hands can lead to a cyber world war three.
Slow Down a Bit. Try and slow down long enough to reread what you are planning to send. Did you send it to the right person? Are you willing to stand behind what you said? (Sending something when you are upset isn't a good idea. You may do something you will regret tomorrow. Better to not send it than wish you hadn't.) Did you leave something important out? Will they understand what you meant? If not, take a second longer and make it right.
The Person on the Other Side. Think about the person on the other side. Is what you are sending hurtful or sarcastic? Might they take offense because they are extra sensitive about something? Do they understand enough about the context of the message to understand it? Are you sending too many messages too often? Being a pest or a stalker? Are they on a limited text plan and need to limit texting?
Don't Waste Their Time. Are you wasting their time and bandwidth? Is that joke being passed around worth passing further, or do you know if the person your forwarding it to wants to get joke forwards? Perhaps their employer will object to their receiving non-business communications during work hours. You may find yourself put into the junk email folder more often than you would like.
The Right Medium for the Message. Should you be using a different medium for the message? Some messages are better delivered in person (like breaking up), others can be done better by phone (complicated discussions) or status updates on Facebook (where you are, what you're doing, something fast and quick to share) and some are just fine in texts and IMs (quick updates, sending a phone number, address or schedule, communications that are pretty straight forward). Some are public. Some are more private. You should decide which is better in this case. Text and IM are easy. But are they the right medium to deliver the message the right way You should think about it before you choose the wrong one and hurt someone's feelings.
For more ThinkB4uClick pointers, read "ThinkB4uClick!".
3. Just Say No!
Passwords are the root of most digital abuses. Most teens share them with at least one other person. And they rarely use different passwords for different sites or purposes. There are 20 questions that are most often used by teens and adults alike to choose their passwords - middle name, street name, date of graduation, birthdate, favorite sports team, etc. The students in your class can easily guess the answers to these questions about you. That means they can easily guess your password.
Sharing Passwords. Giving your password out is like locking your door, but giving someone the key and burglar alarm code, or giving someone the pin number for your debit card. It's not very smart. If someone asks you for your password, tell them you don't give it out. Sharing it is not evidence that you love someone or trust them or don't have secrets. It's just smarter to protect your files, communications and your digital world. Just say no! You can be nice about it. But make it a hard and fast rule.
Sexting. A second area where teens, especially girls, need to learn to say "no is when someone asks for a "sext" image. You love and trust each other And he just wants something to look at when you're not together. You're beautiful. And you're sexy. And he wants proof that you care. It's easy to be talked into doing you didn't want to do. If he pleads with you for a pic, just this once "If you love me..." remind him that if he loved you he wouldn't put you into that kind of a situation where it could get out and ruin your life. No matter how trustworthy he is, he can't guarantee that his brother or sister, parents or friends won't check out his pics. Or if his computer has to be repaired, who knows what the repairman will find? He might click on the wrong pic when updating his Facebook profile or share it by accident on Limewire. Show him how much you love him in other ways. Bake him cookies. Knit him a sweater. Cuddle up in front of a crackling fire. Just don't do something stupid you can't control or take back. Sometimes you just have to be smart enough and certain enough to stand up for yourself. He doesn't need a pic to remind him what you look like. You're there in real life. That you can control.
Don't Be Desperate and Respect Yourself! And don't offer one. Sometimes you think sending a sext will get (and keep) their attention. It might. But sending an unsolicited sext of yourself may get you the kind of attention you don't want - like from parents, your principal or even the police. While girls and boys send these, more teen boys send them than girls. They may want to let the girls know what they're missing. Or they were having a "bored and have nothing better to do" moment. Girls tell us that no matter how buff he is, sending a "check me out" unsolicited sext tags him as a "loser".
4. Act Fast
If you and your boyfriend or girlfriend break up, before you cry yourself to sleep or check the dating ads, change your password. If you get into a fight with your best friend turned enemy, change your password. Make sure you choose one that is easy to remember but hard to guess. And while you're at it, defriend them and remove them from any private groups. The faster you act to lock out others from your accounts and groups, the better. You should also block their number from your cell phone, your IM, e-mail, profile and all your user-accounts. They can always reach you in person if they have to, or through a friend. If you see cyberbullying, report it right away. Many huge cyberbullying campaigns could have been avoided if Facebook knew about it early enough. The longer you wait, the faster it grows. (Make sure you know how to report abuses on every network/site/game you use.)
Received a "sext"? Delete it. Do not pass it along, copy it, save it or print it. Get rid of it as fast as you can. Possession of child pornography is a serious crime. And if the pic is of someone under the age of 18, in the US you can be charged as a sex offender for just having some of the images on your cell, computer or Xbox.If you took a sext image, think before sending it. The faster you engage your brain cells the safer you'll be. Delete it from your phone and destroy all digital or printed copies. Someone can easily grab your phone when you're not looking and broadcast it to everyone or send it to themselves to hurt you later. Many sexts are taken and sent when teens have been drinking. If you see someone at a party putting themselves at risk after drinking too much, try to talk them out of making it digital (and permanent!). Just like collecting car keys to avoid drunk driving, consider collecting cell phones with cameras to prevent drunk sexting.
Keep An Eye Out
Google yourself. (You can Bing or Yahoo! yourself too. Learn how at Google Yourself! [link]) Search for your whole name (in quotes to search as a phrase). Search for your cell number, screen names and email addresses. Search for your nicknames and home address. Then set a Google Alert. That will send you an email any time Google finds this information online. The faster you know about something that is posted about you that shouldn't be, the faster you can do something about it. Make sure you check blogs, pictures and video searches too, by clicking on these options on the main search engine page. Search Facebook, myYearbook or MySpace as well. Some posts on social networks don't get picked up by search engines, so double checking there can help. Consider it an early warning system. While you're at it, keep any eye out to protect your friends and family members too. Set alerts for them too.
Never let your cell phone or other devices out of your sight! Often others grab our cell phones when they are unattended. Not to place long distance alls, but to change settings, forward private images or texts or to pose as the cell phone owner when harassing their friends. Teens have named more than seventy different ways they can use a cell phone to cyberbully someone else. Many are conducted when they grab the phone lying unattended on the cafeteria table or in the gym locker room. Laptops, library community desktop computers, home gaming devices and handhelds can be abused just as easily when unattended and unprotected by passwords that cannot be guessed or when the password is saved on the device. Forgot to log off at work? Anyone from an unhappy workmate to a disgruntled subordinate or even the cleaning crew can do what they want, and have you take the blame.
Spyware can easily be installed on an unattended and open device, as can GPS features. And, an unattended and open device can be just what a younger or older sibling is looking for to exact justice for a past embarassment.