Security

It's Their Life!

Predators are now using cell phones and text messaging to reach their intended victims. Preteens and teens are more likely to respond to an unknown text message than an e-mail or IM online. How do they find their number, though? Easy! Teens post their cell number on their away messages and give it out on their social networking profiles. (18% of the teen profiles in a study conducted by WiredSafety had their cell phones open to their network or the public from their profiles. And 26% linked from their profile to another website, profile or online post that contained their cell number.) They also lose their cell phones that have their friends' numbers and contact info and pics on it. But not all "lost" phones are really lost. Predators look for unattended cell phones to grab for lists of preteens and young teens to contact.

In a recent poll conducted by Harris Interactive for the CTIA (the wireless trade association) [http://files.ctia.org/pdf/HI_TeenMobileStudy_ResearchReport.pdf], 80% of teens said they want a more secure phone, where they are the only ones who can access their data. They also said that almost half use the cell phone primarily for making calls, and almost 40% said they use it for texting. Almost 20% of them to take or send pictures to each other. Only 28% have web-capability on their phones. And when they do, they use it for e-mail, checking weather, social networking and for sports scores.

About half of the teens polled said that their cell phone has improved the quality of their lives, improved their communication with friends by making it a richer experience and improved their social lives. Almost all of them said that their cell phone is how they stay in touch and 78% of them said it made them feel safer. Most have used it to get a ride when they needed it and 1/3 used it to help someone else in need.

Out of the top four things teens said help determine their social status (clothes, jewelry, shoes and cell phones), cell phones ranked second. And more females between the ages of 13 and 17 texted more than talked on their cell phones. And half of the teens said they could text blindfolded!

In polls conducted by WiredSafety, 24% teens sleep with their cell phones so they won't miss a text message or call. (Some use it as an alarm clock, with parental permission.) And 12% know of someone whose boyfriend broke up with them by text message. Sixty-five percent have sent a text message that was misunderstood by the recipient or sent to the wrong person. Forty percent received a text message from someone they didn't recognize or didn't know and 52% have received a text message promoting a product, service or website. And more than 80% have gotten into trouble for high cell phone bills or for losing or breaking their phone.

The more you know about why your kids, tweens and teens want a cell phone and why you want them to have one (or don't), the better choices you can make. Finding the right fit of device, plan and rules for each of your children isn't an art. But in the end, you have to be comfortable with the choices. Just remember, one of those choices is "not yet!"

Wired Safety Security

We are an all-volunteer help program, and can give you information about how to avoid becoming a cyberstalking victim, and how to surf more safely. You should always, though, in addition to seeking our help or the help of other groups, contact your local law enforcement agency directly, and immediately. Cyberstalkers can become offline stalkers, and this is all about your safety. If there is an indication that the stalker has your home address or telephone number, or perhaps other information that would allow them to find you offline, you should report this immediately to your local law enforcement agency. We will not agree to help you, until you have confirmed that you have done that.

WiredSafety's Security Tutorial

So everybody in the Wired Safety environment has to be vigilant on our systems. Like it or not, everybody's PC is now part of the Wired Safety network. We need to practice what we preach. Here are some common threats to look out for.

Message from Parry: We are negotiating with leading security software providers to get a donation of security suite products for all active volunteers receiving official communications for WS. In the meantime, you can download McAfee's security suite without charge for 6 months from Facebook,com/mcafee if you have a FB account.

We ask that all volunteers run a thorough security scan as well. In addition to your regular security scanner, it's always good to run a 3rd party scanner also. Here's a link to a good one and it's free -http://www.malwarebytes.org/products/malwarebytes_free

If something is detected, you should assume your password has been compromised. Scanners eliminate threats depending on how you set them up. Keep cleaning and scanning until you get a clean machine. Then change your password.

Since so many of our problems involve Facebook, you should check out the security feature that allows FB users to authenticate specific devices. This is not a perfect solution and while it does prevent unauthorized logins, it can also limit access to legitimate users. You can check out the pros and cons HERE and HERE.

System Threats

It's hard to believe that the Internet as we know it is less than 20 years old. Even though the Internet has been around since the late 1960's, it wasn't available to the public until 1993. The first crude browser, called Mosaic, came out in 1994 and the public Internet was off and running.

The original Internet was designed by academics for academics. It was conceived and implemented to provide a communications network that could survive a nuclear war and allow a re-constituted government to communicate with the military, academia and other key players. To accomplish this, the system had to be dispersed and redundant so that the destruction of nodes wouldn't disrupt the entire system. That dispersion and redundancy is the great strength of the Internet. Witness protestors in the Middle East "tweeting" what's happening in their countries even as their governments attempt to shut down the Internet.

That dispersion and redundancy are also the Internet's greatest weaknesses. There was never any intention to have the public on the Internet and there was never any security built into it. The original Internet implementation assumed a benign environment where willing group collaboration was the norm.

Well, it didn't take long for that model to disintegrate and threats have been with us ever since. Every security feature built into the Internet is an add-on, usually in response to some detected vulnerability somewhere. So if you view the Internet as the big lash up that it really is, it's a wonder we don't have more problems than we do.

Back in the good ole days, networks were a lot easier to secure because their boundaries were easily defined. Your network was where your hardware and wiring were. Then along came ATM's, cell phones, USB sticks, I-pods and other kinds of network capable external devices that could be plugged into a "secure" network and interact with it any time and anywhere. Now your network is where your data is, whether it be on a locked server, a virtual machine, the cloud or somebody's thumb drive.

So the security of any network can be compromised by the innocent actions of one person, such as plugging in some outside device or using some external program. If the device or program are infected and compromise the system, that is called an "inside job". It's almost impossible to defend against and very difficult to trace. It is, however, relatively easy to prevent.

As network security has improved over the years, getting in through the perimeter has become tougher to do. That's why the inside job has become so prevalent in today's security environment. Innocent people are unwittingly recruited for this through "social engineering". This is where someone is enticed or fooled into clicking something that loads an attack payload on their hardware. These socially engineered inside jobs are the preferred attack vector now for the bad guys.

The malware associated with these types of attacks typically has three components - a keystroke logger, a mail contact harvester and a remote control agent. Called a blended threat, they allow a malicious program to gather passwords, send itself to other emails and stand by for further instructions from a central server.

The bad guys have also evolved. Teenaged script kiddies are still around, but the dominant force in malware is organized crime syndicates, with Russia and eastern Europe being the main centers of this. Malware is big business with a lot of money involved. Likewise, nation-states engage in their own brand of cyber warfare. The Iranian nuclear program has been set back years by the STUXNET worm - and nobody knows for sure where it came from or how it got into their system.

Digital Self-Defense Overview

Digital Self-Defense

Many cases of cyberbullying, cyberstalking and other kinds of cyberabuse can be avoided if you practice digital self-defense. It is much harder to stop cyberharassment once it has begun than to prevent it in the first place. The actions you can take fall into five major categories:

  1. Digital Hygiene;
  2. ThinkB4uClick;
  3. Just Say No!;
  4. Act Fast; and,
  5. Keep an Eye Out.

1. Digital Hygiene

No, this isn't about new electric toothbrushes and better flossing. This is about keeping your digital devices secure and controlling unwanted access. A big part of digital hygiene is keeping your computer free of spyware. You can pick up spyware by clicking on a link, downloading something or accepting a file. They can be hidden inside another file, posing as a picture or application, as well. And if someone has access to your device, they can be installed directly to your computer when you aren't looking.

Spyware. There are several different kinds of technologies that can be used to "spy" on you using your computer and other digital devices. Some ("keystroke loggers") report back to the person who sent it to you with everything you type, including your passwords, login information, pictures, posts, emails, instant messages, chat logs and credit card numbers. Others ("Trojan horses") can give someone else access to your computer by remote control, allowing them to access everything you have on your hard drive, erase files, control your webcam and audio recording technologies and reach out to anyone on your contact list. A good security suite offered by a well-known security software provider will help spot and remove most spyware.

Passwords. Use passwords to lock your computer when you are not sitting at your keyboard, too. You never know who will access it when you aren't looking and install spyware or just sneak a peek. Cell phones and other handheld devices often permit you to set a password or a "lock code" that will prevent someone from accessing your contacts, photos, reading your messages or being able to use your cell or mobile device.

Settings. As important as preventing spyware and computer intrusions is keeping the "bad guys" from harassing you or being able to contact you. Each device or program has privacy, security and personal settings. They can limit those who can see your profile, pics or personal information, like Facebook's privacy settings (facebook.com/privacy). They can also either block certain people or accounts. These include the "ignore", "block sender" or "block user" settings and work to block specific people. Others limit everyone except for those you want to hear from. If the person isn't on your friends list or buddy list, they can't call you, text you, IM you or poke you.

Cell Phone Security. Check and see if your cell phone service provider or manufacturer (Verizon Wireless and AT&T Wireless are service providers, and Apple and LG are cell phone manufacturers) offer settings, blocks or report abuse options. Ask them if they have privacy settings that allow you to block all incoming calls and texts except for those on a pre-approved friends list or features that help you handle digital abuse.

2. ThinkB4uClick

We send tons if IMs and texts at the same time we are talking to friends in RL (real life). It's understandable that we will end up sending a message to the wrong person by accident, or leave out words or emoticons that let them know what we really meant. And a misunderstood message or a message in the wrong hands can lead to a cyber world war three.

Slow Down a Bit. Try and slow down long enough to reread what you are planning to send. Did you send it to the right person? Are you willing to stand behind what you said? (Sending something when you are upset isn't a good idea. You may do something you will regret tomorrow. Better to not send it than wish you hadn't.) Did you leave something important out? Will they understand what you meant? If not, take a second longer and make it right.

The Person on the Other Side. Think about the person on the other side. Is what you are sending hurtful or sarcastic? Might they take offense because they are extra sensitive about something? Do they understand enough about the context of the message to understand it? Are you sending too many messages too often? Being a pest or a stalker? Are they on a limited text plan and need to limit texting?

Don't Waste Their Time. Are you wasting their time and bandwidth? Is that joke being passed around worth passing further, or do you know if the person your forwarding it to wants to get joke forwards? Perhaps their employer will object to their receiving non-business communications during work hours. You may find yourself put into the junk email folder more often than you would like.

The Right Medium for the Message. Should you be using a different medium for the message? Some messages are better delivered in person (like breaking up), others can be done better by phone (complicated discussions) or status updates on Facebook (where you are, what you're doing, something fast and quick to share) and some are just fine in texts and IMs (quick updates, sending a phone number, address or schedule, communications that are pretty straight forward). Some are public. Some are more private. You should decide which is better in this case. Text and IM are easy. But are they the right medium to deliver the message the right way You should think about it before you choose the wrong one and hurt someone's feelings.

For more ThinkB4uClick pointers, read "ThinkB4uClick!".

3. Just Say No!

Passwords are the root of most digital abuses. Most teens share them with at least one other person. And they rarely use different passwords for different sites or purposes. There are 20 questions that are most often used by teens and adults alike to choose their passwords - middle name, street name, date of graduation, birthdate, favorite sports team, etc. The students in your class can easily guess the answers to these questions about you. That means they can easily guess your password.

Sharing Passwords. Giving your password out is like locking your door, but giving someone the key and burglar alarm code, or giving someone the pin number for your debit card. It's not very smart. If someone asks you for your password, tell them you don't give it out. Sharing it is not evidence that you love someone or trust them or don't have secrets. It's just smarter to protect your files, communications and your digital world. Just say no! You can be nice about it. But make it a hard and fast rule.

Sexting. A second area where teens, especially girls, need to learn to say "no is when someone asks for a "sext" image. You love and trust each other And he just wants something to look at when you're not together. You're beautiful. And you're sexy. And he wants proof that you care. It's easy to be talked into doing you didn't want to do. If he pleads with you for a pic, just this once "If you love me..." remind him that if he loved you he wouldn't put you into that kind of a situation where it could get out and ruin your life. No matter how trustworthy he is, he can't guarantee that his brother or sister, parents or friends won't check out his pics. Or if his computer has to be repaired, who knows what the repairman will find? He might click on the wrong pic when updating his Facebook profile or share it by accident on Limewire. Show him how much you love him in other ways. Bake him cookies. Knit him a sweater. Cuddle up in front of a crackling fire. Just don't do something stupid you can't control or take back. Sometimes you just have to be smart enough and certain enough to stand up for yourself. He doesn't need a pic to remind him what you look like. You're there in real life. That you can control.

Don't Be Desperate and Respect Yourself! And don't offer one. Sometimes you think sending a sext will get (and keep) their attention. It might. But sending an unsolicited sext of yourself may get you the kind of attention you don't want - like from parents, your principal or even the police. While girls and boys send these, more teen boys send them than girls. They may want to let the girls know what they're missing. Or they were having a "bored and have nothing better to do" moment. Girls tell us that no matter how buff he is, sending a "check me out" unsolicited sext tags him as a "loser".

4. Act Fast

If you and your boyfriend or girlfriend break up, before you cry yourself to sleep or check the dating ads, change your password. If you get into a fight with your best friend turned enemy, change your password. Make sure you choose one that is easy to remember but hard to guess. And while you're at it, defriend them and remove them from any private groups. The faster you act to lock out others from your accounts and groups, the better. You should also block their number from your cell phone, your IM, e-mail, profile and all your user-accounts. They can always reach you in person if they have to, or through a friend. If you see cyberbullying, report it right away. Many huge cyberbullying campaigns could have been avoided if Facebook knew about it early enough. The longer you wait, the faster it grows. (Make sure you know how to report abuses on every network/site/game you use.)

Received a "sext"? Delete it. Do not pass it along, copy it, save it or print it. Get rid of it as fast as you can. Possession of child pornography is a serious crime. And if the pic is of someone under the age of 18, in the US you can be charged as a sex offender for just having some of the images on your cell, computer or Xbox.If you took a sext image, think before sending it. The faster you engage your brain cells the safer you'll be. Delete it from your phone and destroy all digital or printed copies. Someone can easily grab your phone when you're not looking and broadcast it to everyone or send it to themselves to hurt you later. Many sexts are taken and sent when teens have been drinking. If you see someone at a party putting themselves at risk after drinking too much, try to talk them out of making it digital (and permanent!). Just like collecting car keys to avoid drunk driving, consider collecting cell phones with cameras to prevent drunk sexting.

Keep An Eye Out

Google yourself. (You can Bing or Yahoo! yourself too. Learn how at Google Yourself! [link]) Search for your whole name (in quotes to search as a phrase). Search for your cell number, screen names and email addresses. Search for your nicknames and home address. Then set a Google Alert. That will send you an email any time Google finds this information online. The faster you know about something that is posted about you that shouldn't be, the faster you can do something about it. Make sure you check blogs, pictures and video searches too, by clicking on these options on the main search engine page. Search Facebook, myYearbook or MySpace as well. Some posts on social networks don't get picked up by search engines, so double checking there can help. Consider it an early warning system. While you're at it, keep any eye out to protect your friends and family members too. Set alerts for them too.

Never let your cell phone or other devices out of your sight! Often others grab our cell phones when they are unattended. Not to place long distance alls, but to change settings, forward private images or texts or to pose as the cell phone owner when harassing their friends. Teens have named more than seventy different ways they can use a cell phone to cyberbully someone else. Many are conducted when they grab the phone lying unattended on the cafeteria table or in the gym locker room. Laptops, library community desktop computers, home gaming devices and handhelds can be abused just as easily when unattended and unprotected by passwords that cannot be guessed or when the password is saved on the device. Forgot to log off at work? Anyone from an unhappy workmate to a disgruntled subordinate or even the cleaning crew can do what they want, and have you take the blame.

Spyware can easily be installed on an unattended and open device, as can GPS features. And, an unattended and open device can be just what a younger or older sibling is looking for to exact justice for a past embarassment.