Online Safety for Youth Leaders: Common Cyber Threats

Ernest Staats Technology DirectorMS Information Assurance, CISSP, MCSE, CNA, CWNA, CCNA, Security+, I-Net+, Network+, Server+, A+

erstaats@gcasda.org Resources available @ http://www.es-es.net/2.html

Outline

• What Is the Big Deal?• Privacy Responsibilities • Identity Theft • Common Threats of the Cyber World• Cyber Predators• Cyber Bullying  • How Teens Bypass Your Filtering Systems• Spoof Card• Spyware• Recover Lost Files/Photos• Resources

What Is the Big Deal?-- Statistics

• 94% to 96% of youth are online• “…A child goes missing every 40 seconds in

the U.S, over 2,100 per day” (OJJDP)• In 2005 662,196 children were reported lost,

runaway, or kidnapped (ncmec)• 2/3 of all missing children reports were for youths

aged 15-17 (ncmec)• 2/5 missing children ages 15-17 are abducted

due to Internet activity (ICAC)• Do the math -- over 2 million teens age 15-17 are

abducted due to Internet activity

What Is the Big Deal? -- Digital Divide

• 93% of parents say they have established rules for their child’s Internet activity.*

• 37% of students report being given no rules from their parents on using the Internet.**

• 95% of parents say they know “some” or “a lot” about where their children go or what their children do on the Internet.*

• 41% of students do not share where they go or what they do on the Internet with their parents.**

* Based on a 2004–05 pre-assessment survey of 1,350 parents. ** Based on a 2005–06 pre-assessment survey of 12,650 students in grades

5 through 12.

What Is the Big Deal? -- CyberBullying

• 33.4% of U.S. teens have been a victim of cyberbullying (Profs. J.W. Patchin and S. Hinduja)

• At end of 2006, there were 20.6 million U.S. teens (Jupiter Research)

• 33.4% of 20.6 million = 6.9 million victims of cyberbullying

Youth Security issues COPPA

Children's Online Privacy Protection Act • The rule applies to:• Operators of commercial websites or online services

directed to children under 13 that collect personal information from children

• Operators of general audience sites that knowingly collect personal information from children under 13

• Operators of general audience sites that have a separate children's area and that collect personal information from children

COPPA Requires

• A site must obtain parental consent before collecting, using, or disclosing personal information about a child

• Exceptions to above– Respond to a one-time request from the child– Provide notice to the parent– Ensure the safety of the child or the site– Send a newsletter or other information on a

regular basis as long as parents can opt out

COPPA Requires

• Post a privacy policy on the homepage of the website and link to the privacy policy everywhere personal information is collected

• Allow parents to revoke their consent and delete information collected from their children

• Maintain the confidentiality, security, and integrity of the personal information collected from children

Privacy Policy Must Include

• Types of personal information they collect from kids—name, home address, e-mail address, or hobbies

• How the site will use the information—for example, to market to the child who supplied the information, to notify contest winners, or to make the information available through a child’s participation in a chat room

• Whether personal information is forwarded to advertisers or other third parties

• A contact person at the website

Security Considerations

• Make sure you have a written privacy policy

• Make sure you have a media release form as a part of your privacy policy

• Collect as little information as possible and make sure it is stored safely

• Be careful of what you post online and of what you say to youth online

• You are responsible for everything you POST or collect online

Identity Theft

• Any request for information that comes in e-mail is to be suspect. Call your bank or credit card company first, and do not click on the link. Do not use the phone number sent in the e-mail.

• Any phone request for more info is also suspect. So question them first and hang up. Then call the institution to make sure they were calling (be careful of any information given out).

• Check the website before you do business with them. Make sure the SSL connection is good.

Identity Theft Protection• Monitor your and your child’s credit report regularly

– Obtain your credit report at least once a year by phoning either Equifax, Experian, or Trans Union, and look carefully for any unusual or fraudulent activity. Their contact information is on the Internet. Check for FREE at www.annualcreditreport.com/

– Child ID theft is a large and growing market. CNN September 14, 2006

• Beware of all requests for your personal information online– Criminals copy logos perfectly to trick you. Legitimate

companies never send unsolicited requests for personal information. Never give out personal information unless you initiate the correspondence.

• Shred documents before putting them in the trash– Bank statements, credit card offers, utility bills, and

documents with Social Security or account numbers can be retrieved by ID thieves from your trash, so make a habit of tearing them up before tossing them.

Identity Theft Protection

• Install a locking mailbox or use the post office– Criminals often obtain the information they need by

intercepting mail in unlocked street mailboxes. Only send and receive bills, checks, or other personal correspondence from a secure location.

• Limit the amount of personal information you carry in your purse or wallet

• Protect your information online by using a firewall, virus protection, and secure Internet browser

• Place a fraud alert on your credit– If you have lost your wallet, purse, Social Security card,

or passport, or suspect you are a potential victim of ID theft, contact each of the three credit bureaus (Equifax, Experian, and Trans Union) for assistance.

Common Threats

• Predators

• Addiction

• Less interaction in real world

• Misunderstood

• Higher rates of depression

• “Cyber mentality”

Cyber Predators

• Befriend

• Lure

• Make contact- that is their goal

Easily tracked

Cyber Predators Statistics

• “…A child goes missing every 40 seconds in the U.S, over 2,100 per day” (OJJDP)

• In 2005 662,196 children were reported lost, runaway, or kidnapped (ncmec)

• 2/3 of all missing children reports were for youths aged 15-17 (ncmec)

• 2/5 missing children ages 15-17 are abducted due to Internet activity (ICAC)

• Do the math -- over 2 million teens age 15-17 are abducted due to Internet activity

Befriending Techniques

• Chat room, IM, networking sites, blogs

• Portrays same age, same likes, same dislikes

• Portrays age-typical awkwardness

• Begins to share some secrets

• E-mail

• Telephone (which can be faked)

• Webcamming (which can be faked)

• Verbal chat on Internet (which can be faked)

Eluding Internet Predators• Keep usernames and profiles generic and anonymous

– Discuss your child’s online screen name(s), profile(s), and activities. Many provide too much personal information. Ensure all screen names and profiles are non-specific, non-suggestive, and purposely vague.

• Avoid posting personal photos– Pictures can be altered to embarrass or humiliate. They

also provide personal information that can help an Internet predator to pretend to know you, your children, and/or their friends.

• Always keep private information private– With just three pieces of personal information,

specialized Internet search engines can be used to locate someone anywhere. Internet conversations should never include any personal information.

Youth Safety Sites

• Think Before You PostLearn how posting images and personal information can put you at risk.visit the website

• Don't Believe the TypeLearn how to better protect yourself from online sexual predators.visit the website

Finding “Youth” Information

• How Do You Discover It?– General search

• Google, Yahoo, MSN, etc.• Place name in quotation marks (use variations)

– “First (Jon) Last”– “Legal First (Jonathan) Last”– “First MI Last”

– Searching MySpace• Under “Finding someone you know,” enter the name or e-mail and

click find• Search school under Classmate Finder• Google’s advance search page

– Allows a search within a domain– site:myspace.com “Hate my parents” 31,100 hits

Internet Filters Bypass PeaceFire

• 1. First, try a circumvention site like https://www.StupidCensorship.com/. Be sure to type https at the beginning of the URL, not 'http‘

• 2. If that doesn't work, you can join our e-mail list, where we mail out new circumventor sites every 3 or 4 days

• 3. If you have a computer with an uncensored Internet connection, you can follow these easy steps to set up your own circumventor site. If you want to get around blocking software at school, and your home computer is uncensored, you can install the circumventor on your home computer.

• 4. If you're trying to get around blocking software that's installed on the local computer and not on the network, use these instructions to boot from the Ubuntu Live CD

Stealth Switch

• StealthSwitch™ Desktop Cloaking Device

• Protect Sensitive Information• Get Confidential Materials off your screen

… FAST!• Works with any application• Play Games but make others think you

are working $24.00• DEMO of device

Software Filtering Explained

• Software analysis– Keyword searches (usually) cannot interpret graphics

– Keyword searches cannot use contextual information

• Human analysis– The lists of filtered sites will always be incomplete

– “Bad” sites may not be blocked simply because they haven’t been added to the stop list yet

– Stop lists are vulnerable to personal biases

– “Good” sites may be blocked simply because of that site’s “politics”

• Site labeling Internet Content Rating Association (ICRA)– Site labels are determined by the site’s owners

– Owners can lie about their content or even refuse to rate their site

Securing Your Online Connections• Install and keep up-to-date anti-virus, anti-

spyware, and firewall– Microsoft Malicious Software Removal Tool

http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

– CCleaner (Free) http://www.ccleaner.com/download/

– Anti-Spyware – A-Squared (free) http://download5.emsisoft.com/a2FreeSetup.exe

– AVG Free http://free.grisoft.com/

• Use commercial Web filtering software– Free - http://www.k9webprotection.com/

– Net Nanny (2007 best) http://www.netnanny.com/

• Check Internet cache– @winspy (free) http://www.acesoft.net/winspy

• Spector Pro to track everything done on a PC http://www.spectorsoft.com/products/SpectorPro_Windows

• How to secure your wireless networks www.es-es.net/2.html

Spoof Card!

Spoof Cards

• Calling cards to hide identity

• Fake caller ID

• Voice changer

• Call recording

• Online at http://ww.spoofcard.com or cell phone dealers

Spoof Cards

• How do they work?– Call 1-800 number– Enter pin # of card– Enter phone number you want to call– Enter phone number to appear on caller ID– Change voice to male or female– Record call

Adware vs. Spyware

• Adware - Drain resources

• Adware - Slowed Internet connection

• Spyware difficult to uninstall/detect– Programs available to remove

• Various deployment methods– E-mail– Direct access– Downloaded

Lost Your Photos?

• Zero Assumption Digital Image Recovery– ZA Digital Image Recovery recovers Canon .CR2 files as TIFF. To open

recovered files, Jeff used Photoshop CS "Open With" feature, which allows to specify image format override.

– http://www.z-a-recovery.com/digital-image-recovery.htm

• Restoration– Restoration is an easy-to-use and straight forward tool to undelete files that

were removed from the recycle bin or directly deleted from within Windows– Also able to recover photos from a Flash card that has been formatted

http://www.snapfiles.com/get/restoration.html

• Free Undelete– http://www.pc-facile.com/download/recupero_eliminazione_dati/

drive_rescue/

• Drive Rescue– http://www.pc-facile.com/download/recupero_eliminazione_dati/

drive_rescue/

Cyber Predators and youth

RSA Security Show

My Space Video

Resources

• http://www.es-es.net/2.html