Facebook Security

Facebook Safety Tips 

1. Add a mobile number to your account from the Mobile tab of your Account Settings page. This way we can help you get back into your account if you are locked out or compromised.
Pick a security question for your Facebook account. You can do this from the Account Settings page. If you don’t see the option to add a security question, this means that you already have one.

2. Become a fan of the Facebook Security Page for updates on new security features and information on how to protect yourself online.

3. Remember that you choose what you share. And whom you share with. Think before you post, especially if what you’re sharing is sensitive. You can learn more about how to control your information on Facebook, including how to choose an audience for each and every post you make, in our Privacy Guide. 

4. Be careful when accessing or sending information over an unsecured public wireless network. For extra protection when you browse, turn on Secure Browsing (https). From your Account Settings page, click the "Change" link next to Account Security, check the box under "Secure Browsing (https)" and then click the "Save" button.

5. Turn on login approvals. With login approvals, we text you a code anytime you log in from a new computer or mobile device. This way, no one can get into your account without access to your phone or one of your recognized devices (ex: the computer or phone you’ve saved on your Facebook account). Learn more about login approvals. 

6. Try a One-time Password when using public computers. If you’re ever worried about the security of the computer you’re using, we can text you a one-time password to use instead of your regular password. Once you add your mobile phone number to your account, simply text "otp" to 32665 (U.S. only) and we’ll send you a password that can be used only once.

7. Keep your security information updated. This information helps us verify who you are and get you back into your account quickly if you ever get locked out. You can update your security information at any time from this page.

8. Forgot to sign out of Facebook? You can now log out from anywhere. From the Account Security section of your Account Settings, you can see your recent activity (where and when you logged in) and log yourself out remotely by clicking “end activity.”

9. Make sure you're logging in from a legitimate Facebook page with the facebook.com domain. Phishers use fake sites with URLs that look like Facebook.com to try to trick you into entering your login information. When in doubt, you can always type "facebook.com" into your browser to get back to the real Facebook site.

10. Learn more about how Facebook keeps you safe with opt-in security features. 

Reference:

What Is A Botnet

The term bot is short for robot. Criminals distribute malicious software (also known as malware) that can turn your computer into a bot (also known as a zombie). When this occurs, your computer can perform automated tasks over the Internet, without you knowing it.Criminals typically use bots to infect large numbers of computers. These computers form a network, or a botnet.

Criminals use botnets to send out spam email messages, spread viruses, attack computers and servers, and commit other kinds of crime and fraud. If your computer becomes part of a botnet, your computer might slow down and you might inadvertently be helping criminals.

5 Easy Steps to Total Web Domination

1) Program.
Rogue developers assemble networked software agents, or bots, out of code downloaded from covert Web sites.

2) Distribute.
Once a bot is released onto the Internet, it seeks out vulnerable systems where it can proliferate.

3) Market.
Bot-herders approach customers through spam and chat channels, offering botnet bandwidth to carry out scams and attacks.

4) Activate.
A botnet remains dormant until it receives instructions issued through a command and control server. Then it strikes.

5) Profit.
Botnets install adware to collect per-install revenue, sell stolen passwords, and attack enterprises to extort funds.

Steps To Protect Yourself From Cyber Crime

1. Learn about cyber crime and talk to your family about how to identify scams. Never give out your personal information to anyone you do not know on the Web.
2. Use a firewall to protect your computer from hackers. Most security software comes with a firewall. Turn on the firewall that comes with your router as well.
3. Purchase and install anti-virus software such as McAfee or Norton Anti-Virus. AVG offers free anti-virus protection if you do not wish to purchase software.
4. Shop only at secure websites. Look for a Truste or VeriSign seal when checking out. Never give your credit card information to a website that looks suspicious or to someone you don't know.
5. Use strong passwords on your accounts that are difficult to guess. Include both letters and numerals in your passwords. Never use a word that is easy to guess -- like your wife's name.
6. Keep watch over your children and how they use the Internet. Install parental control software to limit where they can surf.

How to Protect Your Computer Systems from Viruses, Worms, Spyware and Malware

The number of malicious threats aimed at your computer networks and data have increased dramatically. These threats can cause major losses in productivity and can have a major impact on your company's profitability. There are four main types of computer viruses or threats: malware, spyware, phishing, and spam.

 Malware
This category includes viruses, worms and trojan horses. Basically, these are computer programs written by malicious operators that enter your system when you open email attachments, visit websites, during open instant messaging sessions or during file-sharing sessions. Malware hijacks your computer and uses it for malicious activities. Worms describe a program that attempts to replicate itself from computer to computer. Trojans disguise themselves as beneficial programs to gain entry into your computer. You typically will never know that you have malware on your machines until you begin to experience system degradations or crashes, if even then.

 Spyware
Spyware comes from sources similar to malware, but with a different intent. Spyware are programs that have taken a place on your computer system and are monitoring all your activities. Their goal is to capture personal data (passwords, financial data, etc.) and transmit that data (without your knowledge) back over the internet to a malicious source.

 Phishing
Phishing is the name for fraudulent proposals that exploit the internet as a communication channel to easily reach a large number of targets. You may receive emails saying "you've won a prize", or "urgent: second contact attempt", all asking for an immediate reply. It is just good common sense to ignore these types of fraudulent communcation, no matter the source.

 Spam
Spam is any unsolicited communication received electronically. Typically, we think of email, but instant messaging can also be a source of spam. Spam can be an entry point for spyware or malware.

Reference:

Prevention Tips

Protect Your Computer

Prevention Tips

1. By understanding and implementing a few simple tips, you can greatly reduce your exposure to viruses or other malicious threats.
2. Only open email or instant messaging (IM) attachments from trusted sources
3. Never click on a link within email text unless you are absolutely certain you recognize the URL
4. Delete all messages that appear to be spam before opening them
5. Install email filters so spam never enters your inbox
6. Never respond to request to "verify your account information". Call the company and verify the request.
7. Reject instant messages from anyone not on your buddy list
8. Disable preview mode in your email program so that you can delete messages without opening them
9. Be cautious about responding to any windows that pop up. For suspicious error dialogs, it can be helpful to research by opening a new browser window and use a cut/paste to google a snippet of the error dialog text.
10. Install security software that will scan all incoming files before copying them to your disk drives
11. Stay current on all Microsoft critical updates (install auto-update option so this happens automatically)
12. Avoid "free lunch" deals and surveys. It's probably the #1 source of spam.
13. Don't respond to email spam "opt-out" options. It's just an opportunity for them to identify you as a legitimate email address and send you lots more spam!
14. Consider using an alternate email address for placing internet orders. This will help keep your main email address clean from spam.

Reference:

3 Types Of Computer Malware

There are three major types of malware: spyware, adware, and computer viruses. Malware is just an overarching name for computer programs that are not built for the user. They exhibit similar qualities, which usually leads to major nuisances for computer users. But what exactly are the differences between the three and why does it matter?

Spyware  - does not intentionally harm your computer - it gains nothing from damaging a host system. This is because they create backdoors to let others in additional to the computer owner communicate with the computer. Usually, spyware records which web sites you visit; this information is then aggregated and sold to advertisers to allow them to send you unwanted emails and pop-ups.

As a result, spyware should be avoided as much as possible. It is much more intrusive than adware, sending private information to third parties. Spyware often exists as a separate executable program which allows them to scan files on your hard drive, record your keystrokes, and see information in other applications that you use. Some spyware even attempts to steal passwords and credit card numbers as you type them, then send them off to identity thieves.

Adware  - consists of advertising content which is surreptitiously packaged into a program, often without mention, and activated automatically once that particular program is installed into the computer. Then, the adware serves up the advertisements at will on your computer, leading to annoying distractions as you try to accomplish your work.

Signs of adware or spyware infections include pop-up ads that seem unrelated to the site you are viewing. Also, spyware pop-ups are frequently ads for adult content. If you notice your computer taking longer than usual to perform its usual tasks, there's a high probability that spyware has found its way to your computer. When the desktop takes forever to load on startup, your best bet is to scan your computer for potential spyware infections.

Viruses  - are a malicious form of software. They are programmed for one sole purpose - to destroy your computer, either by deleting important data, or replicating as many times as possible to fill up your hard drive, or worse! They also have systems in place to move onto other computers, thereby ensuring that they have more victims in the future.

Currently, many anti-virus programs also provide spyware and adware scanning and removal utilities. But regardless of whether your security suite is an anti-virus program or a anti-spyware scanner, they both search your computer and identify the malware installed on your system. After identification and isolation, they then remove any detected malware. It is wise to regularly update your virus or spyware scanner to ensure that your computer is protected from the hundreds of malware programs spawning everyday on the internet.

Don't be fooled by ads that claim their offering only contains adware as there are usually worse things inside. The adware may in fact be spyware in disguise and are just waiting to be installed to harvest your information. Learn to set up firewalls to block them from communicating with their master and always enable a pop-up blocker to minimize computer infection and ensure the safety of your files.

Reference:

Cyber-Crime In 2012

Date: January 20, 2012
Source: ITP.net


There will be five categories of key players at the top of the cyber-crime game in 2012, according to Costin Raiu, director, Global Research &Analysis, Kaspersky Lab.

At the top of the list of key players in the cyber-crime landscape, are hacktivist groups such as the Saudi and Israeli hacktivists.


"According to our research, the hacktivist groups are at the top, the best examples are the Israeli-Saudi hackers who are hacking each other for national pride reasons; the Anonymous group which will target pretty much anyone they think is worth their attention; the Lulzsec team; the poison team, there are quite a few hacktivist groups to be honest, they are not doing it for money or profit, but for fun and national pride," said Raiu.


The second group of key players is the big military superpowers, which are now using the internet to create a silent war.


"Big military superpowers have discovered the internet and the fact that they can not just fight each other on the internet, but can exploit the internet by doing a cold war silently with cloak and dagger activities, which at the moment, works well for some and not others," said Raiu.

Japan, a country not usually associated closely with cyber-crime activities, recently announced that they are developing a sophisticated virus which they will use, although they did not specify for what, according to Raiu.


The third group, according to Kapersky Lab's research is the big software companies such as Apple, Adobe and Microsoft, because they create the software which runs on all computers and they are the main target for hackers, because hackers need new zero-day exploits to break computers. Hackers can find new zero-day exploits by attacking the big software companies.


"The best example of such software companies is Adobe which was hacked in the Aurora attack. According to some information, the hackers got access to the source code for the Abode PDF reader and that can be used to find new zero-day exploits," said Raiu.


The fourth big player on the cyber-crime landscape is the security companies, because they provide the protection for the world's computers.


"The evolution of attacks in the future will follow the latest developments in security technologies," said Raiu.

Children's Identity Theft On The Rise

FTC says kids are an easy target
Laura Hutchinson & Jessica Stanley
22News Investigative Team

SPRINGFIELD, Mass. (WWLP) - A warning all parents need to hear. Protecting your child from identity theft. Some experts say children's identities are being stolen more than adults. It's something father of four, Douglas Langevin says he never thought to do, run his children's credit score. "Never thought that there'd be a problem. It's a shame that you have to worry about something like that," Langevin said. But, according to some experts, children's identity theft has become a real problem. The Federal Trade Commission says it's happening more and more because kids are an easy target. Identity theft in children is becoming more common because it can go undetected for years. 


Think about it, most people won't typically run their credit score until they're trying to buy a car, rent an apartment or buy a home. These kids are playing now but they may have loads of credit card debt no one knows about. "Who would think of that? they haven't done anything, they have no bills, why would you even think of it?" said Michael Cavanna, East Longmeadow. According to the Identity Theft Resource Center more than half of identity theft cases in Massachusetts last year involved children. Once a child's identity has been compromised, it's difficult to undo, some parents say they're not taking any chances. "Definitely, now that that's something that's been brought to my attention, I do think that is something that I will do," said Jenna Weed, Chicopee.

Anonymous As Serious Threat

IDG News Service - The majority of IT and security professionals believe that Anonymous and hacktivists are among the groups that are most likely to attack their organizations during the next six months, according to the results of a survey sponsored by security vendor Bit9.

Sixty-four percent of the nearly 2,000 IT professionals who participated in Bit9's 2012 Cyber Security Survey believe that their companies will suffer a cyberattack during the next six months and sixty-one percent of them chose hacktivists as the likely attackers.

Respondents had the option to select up to three groups of attackers who they believe are most likely to target their organizations. The choices were Anonymous/hacktivists, cybercriminals, nation states, corporate competitors and disgruntled employees.

Anonymous was chosen by the largest number of IT professionals overall, but there were some differences based on the type of organization. For example, nation states was the top choice for people working in the government sector, while those working in retail selected cybercriminals as the top threat.

Chinese Residents Charged With Selling $100M Worth Of Pirated Software

...Many times I am asked why are there so many Cyber criminals out there and my only answer is, being a criminal pays better than being honest.                              Butch Morton

IDG News Service - A grand jury in the U.S. has charged two residents of China with 46 criminal counts, including infringing software copyrights and illegally exporting technology to China, for allegedly operating a website that sold pirated software with a commercial value of more than $100 million.

Russian Cybercriminals Earned $4.5 Billion In 2011

...Many times I am asked why are there so many Cyber criminals out there and my only answer is, being a criminal pays better than being honest.                   Butch Morton

Russian-speaking hackers earned an estimated $4.5 billion globally using various online criminal tactics and are thus responsible for 36% of the estimated total of $12.5 billion earned globally by cybercriminals in 2011, Russian security analyst firm Group-IB said in a report published on Tuesday.

Check To See If Your Computer Is Infected

DNS Domain Name System is an Internet service that converts user-friendly domain names, such as www.fbi.gov, into numerical addresses that allow computers to talk to each other. Without DNS and the DNS servers operated by Internet Service Providers(ISP), computer users would not be able to browse web sites, send e-mail, or connect to any Internet services.

Criminals have infected millions of computers around the world with malware called DNSChanger which allows them to control DNS servers. As a result, the cyber thieves have forced unsuspecting users to fraudulent websites, interfered with their web browsing, and made their computers venerable to other kinds of malicious code.

Go to this link to check your computer:
http://dns-ok.us/

DNS Check

What Is Vishing

Vishing is the practice of leveraging IP-based voice messaging technologies (primarily Voice over Internet Protocol, or VoIP) to socially engineer the intended victim into providing personal, financial or other confidential information for the purpose of financial reward. The term “vishing” is derived from a combination of “voice” and “phishing.”

The use of landline telephony systems to persuade someone to perform unintended actions has existed since the birth of the telephone. Who didn’t make prank phone calls as a child? However, landline telephony services have traditionally terminated at a physical location known to the telephone company and could therefore be tracked back to a specific bill payer. The recent massive increase in IP telephony has meant that many telephone services can now start or terminate at a computer anywhere in the world. In addition, the cost of making a telephone call has dropped to a negligible amount.

This combination of factors has made it financially practical for Phishers to leverage VoIP in their attacks. Vishing is expected to have a much higher success rate than other phishing vectors because:

• Telephone systems have a much longer record of trust than newer, Internet-based messaging

• A greater percentage of the population can be reached via a phone call than through e-mail 

• There is widespread adoption and general acceptance of automated phone validation systems 

• The telephone makes certain population groups, such as the elderly, more reachable 

• Timing of message delivery can be leveraged to increase odds of success 

• The telephone allows greater personalization of the social engineering message

• Increased use of call centers means that the population is more accepting of strangers who may have accents asking for confidential information.

Valuable data

Although there are multiple vectors for the phisher to conduct a vishing attack, it is important to understand the types of data that are most easily gained by the attacker leveraging IP telephony services. Typically, numeric information is more easily submitted by the victim when responding to a vishing attack using a mobile handset.

The most valuable information to the phisher is likely to be:

• Credit card details (including expiration data and card security codes)
• Account numbers and their corresponding personal identification numbers (PINs)
• Birthdays
• Social Security numbers
• Customer loyalty card numbers

Passport numbers.The most profitable uses of the information gained through a vishing attack include:

• Controlling the victims’ financial accounts
• Purchasing luxury goods and services
• Identity theft
• Making applications for loans and credit cards
• Transferring funds, stocks and securities
• Hiding criminal activities, such as money laundering
• Obtaining personal travel documents
• Receiving government benefits.

A Close Look At Voice Phishing

Many of today’s widespread threats rely heavily on social engineering—techniques used to manipulate people into performing actions or divulging confidential information—to leverage and exploit technology weaknesses. For example, “phishing” is perhaps the most commonly exploited threat currently plaguing the Internet and its users. At one point, phishing referred exclusively to the use of e-mail to deliver messages whose purpose was to persuade recipients to visit a fake Web site designed to steal authentication details.

Phishing has increasingly developed into a broader category of threats that rely on social engineering to cause a message recipient to perform auxiliary activities that enable the phisher to conduct the second phase of the attack. Phishers rely on numerous Internet messaging systems to propagate their attacks. As such, many similar-sounding threats have been named based on the messaging system being used—each with its own nuances and target audiences. The following threats are all subcategories of the phishing threat:

“Pharming” is the manipulation of Domain Name Server (DNS) records to redirect victims.
“Spear phishing” consists of highly targeted attacks.
“Smishing” uses Short Message Service (SMS) on mobile phones.
“Vishing” leverages Internet Protocol (IP)-based voice calling.

Malware Analysis

The scope of the malware analysis lab can be defined by examining the processes that will occur within it. There are really two main tasks that occur within a malware analysis lab: behavioral analysis and code analysis.

Behavioral Analysis
Behavioral analysis involves executing a malware specimen in a controlled environment. Within this environment you should have all of the tools necessary to simulate the services the malware will try to interact with. This might include things such as a simple honeypot, an IRC server, or a web server. In addition to this, you should have tools in place to monitor the actions the malware takes when interacting with these services. This means file system, registry, and network monitoring software.

Code Analysis
Code analysis involves disassembling and reverse engineering the code of the malware. This can be done in a static state where the code is analyzed without being executed, or in a dynamic state where the code is examined as it is being processed by the system.

These phases are very different but are both essential for performing a thorough analysis. If you have more of a systems administration background you will most likely spend a great deal more time performing behavioral analysis, where as a programming background might tilt you towards spending more time doing code analysis. Your malware analysis lab will typically reflect your preferred analysis type.

War Of The Future

As we security analysts begin to find new ways to shine a light on hacker activities so they will find new ways to avoid us. In the case of user agents, hackers have not only found ways to avoid us, but to turn the tables on us as we search through user agent logs.

Your best adversary is well trained, possibly well funded and has time on their side. Your best defense is knowledge. Signature based defenses are cold war technology. We are fighting a modern war, where the enemy can create specific smart weapons targeted specifically at your organization. (E.g. Duqu and Stuxnet) The advanced persistent threat has shown that reliance on signature based detection and defenses are flawed.

It is fine for conventional attacks, but we have to think beyond signatures if we are to detect and defeat the enemy in the battlefields of the future.

®

Countries Brace For The Code War

The most infamous example is Stuxnet, a bug so sophisticated that it significantly delayed Iran's nuclear program. The worm, which was likely loaded into the system on a thumb drive, ordered the centrifuges in an Iranian nuclear facility to spin out of control, ultimately destroying it. While that was happening, Stuxnet made all the readings tell Iranian engineers that everything was normal.

"I am here to tell you, and you can quote me, the Stuxnet attack is the Rubicon of our future," said Black. "Physical destruction of a national resource is huge."

It might not just be nations sponsoring these attacks one day, however. Black said Al Qaeda's abilities to launch physical attacks against the United States have largely been neutralized, but the group's potential ability to commit cyber warfare could wreak havoc on our resources.

"The natural inclination for Al Qaeda would be to fall back and enter the cyber world," he argued.

Though nations are unlikely to attack our systems for fear of response from the United States, terrorists wouldn't hesitate. That's a worry, since our government is woefully unprepared for such an event.

"Like the terrorist threat before 9/11, our leaders hear it but they don't believe it," Black said to the room of about 8,500 hackers and security professionals. "We're counting on you. The Code War is your war."


By David Goldman @CNNMoneyTech August 4, 2011: 8:17 AM ET

Losing Your Privacy Might Not Be Your Fault

It's scary how much damage a Web page can do and how long those pages seem to stick around. But even scarier is the fundamental lack of control an individual has over his or her own page on a social networking site. Even if you're not in the network, your friends might be-and they might have published dirt on you without intending to.

The Internet is one of those damned-if-you-do, damned-if-you-don't places. Even if you've done nothing wrong, your friends and neighbors can put your private information out there and leave you vulnerable to people like me. They don't realize that they're doing any damage, you don't realize what's out there, and before you know it, the skip tracer or stalker or identity thief is at your door. Family and friends, corporations and nonprofits just throw your personal information up on the Web without a second thought to protecting your privacy.

If you don't believe me, just go to a Web site like Switchboard.com or Yahoo! People Search or BirthDatabase.com and see how much of your personal information is available there free of charge. Your address, your phone number, and probably your age are all there, if you haven't specifically asked those companies to take down your information.

Frank M. Ahearn;Eileen C. Horan. How to Disappear: Erase Your Digital Footprint, Leave False Trails, and Vanish without a Trace (Kindle Locations 335-337). Kindle Edition.

Facebook - Public Information

I have told you many times to be careful what you are putting on Facebook and other social sites. "What goes out there can never be brought back", and how you should not put any personal information about yourself or your family out there, not pictures, names, vacation dates, likes or dislikes, etc. It is all being recorded and could easily be used to commit a crime against you. Identity theft, extortion, profiling, just to name a few.

Facebook's Terms of Use specify that "the website is available for your personal, noncommercial use only," misleading some to believe that college administrators and police may not use the site for conducting investigations. 

Facebook spokespeople have made clear that Facebook is a public forum and all information published on the site should be presumed available to the general public, school administrators included. 

Legal experts agree that public information sources such as Facebook can be legally used in criminal or other investigations. (If lawyers say that Facebook is a good thing, that should be a Red Flag right there).

Facebook, a social network service, is increasingly being used by school administrations and law enforcement agencies as a source of evidence against student users. The site, a popular online destination for college students, allows users to create profile pages with personal details. In the early years of the site, these pages could be viewed by other registered users from the same school, including resident assistants, campus police, or others who signed up for the service. The user privileges and terms of service of the site have since been changed to allow users to control who has the ability to view their content.

Recent disciplinary actions against students based on information made available on Facebook has spurred debate over the legality and ethics of school administrators' harvesting such information.

People used to say that Apple computers, unlike Windows PCs, can't ever be infected — but it's a myth.

- Timur Tsoriev, Kaspursky Labs analyst

(NEWSER) – Are you a smug Mac user who assumes you can't possibly get a virus? Well, think again. A Russian anti-virus firm believes that about 600,000 Macs around the world have been infected with the Flashback Trojan virus—and about half of those are expected to be in the US. The virus may allow cybercriminals to take over infected computers en masse and use them as a "botnet," the BBC reports.

White Hat or Black Hat

White Hat and Black Hats use the same methods, technic and tools to do the same job. And at some point in their careers they have to make a choice. The differences between them are usually boil down to three key points:

1. Authorization
2. Motivation
3. Intent

The way to differentiate the difference is authorization.

Shawn Henry Tells It Like It Is

Sorry gang I have been trying to tell you us Cyber Security guys are fighting a losing battle. Now here is the FBI's Top Gun telling it like it is.

(NEWSER) – If US businesses are in a war with computer hackers, the FBI's top cyber cop has bad news: "We're not winning." In an interview with the Wall Street Journal, Shawn Henry, who is leaving the bureau for a private cybersecurity gig, says the nation's current strategy for fending off digital criminals isn't sustainable. "You never get ahead, never become secure, never have a reasonable expectation of privacy or security," he said.

Hackers are simply too smart for existing security measures, Henry said. "You can only build a fence so high, and what we've found is that the offense outpaces the defense, and the offense is better than the defense." He's urging companies to keep their most sensitive data off their networks entirely, and to hunt inside their network for intrusions. He says most companies don't have a proactive strategy, "and that is a frustrating thing for me."


... from Newser.

Is 35 Years For This Guy Long Enough?

3/5/2012


INDIANAPOLIS—Joseph H. Hogsett, United States Attorney, announced that Christopher Reid, age 37, of Saginaw, Michigan, has been sentenced to 420 months (35 years) in prison by U.S. District Judge Jane E. Magnus-Stinson following his guilty plea to conspiracy to distribute and receive child pornography, as well as production of child pornography.

“Investigators recognized early on that the e-mail group constituted an international conspiracy and seemed to contain numerous members who were actively sexually exploiting children here in Indiana and across the globe,” said Hogsett. “We focused our efforts on saving those children and bringing their abusers to justice, launching an investigation that has taken us from The Netherlands to New Albany and now to Michigan.”

“The rescue of 8-year-old Jane Doe from Mr. Reid’s ongoing sexual abuse, as well as the rescue of more than a dozen other children in this operation, represents a significant success by our Project Safe Childhood team,” Hogsett added.

Reid was a member of an e-mail group focused on the trading of child pornography images primarily depicting babies and toddlers. Among the co-conspirators was David R. Bostic, a Bloomington resident who was sentenced in November for his role in the conspiracy, as well as his production of child pornography images of five children under five years of age. Reid was captured and charged as part of the international operation to apprehend those involved with Bostic in the trafficking of child pornography that was announced in June 2011.

Reid also was convicted and sentenced for his production of child pornography images of an 8-year-old girl, named as “Jane Doe” in order to protect her identity. At least a dozen sexually explicit images depicting the child were produced on three separate dates beginning in early December 2011, and extending through March 23, 2011—only two weeks before Reid’s April 5, 2011 arrest in Michigan relating to his alleged connection to the e-mail group involving Bostic. Reid had remained in custody pending his sentencing today.

Operation Atlantic

03/01/12

On Wednesday, Europol released the results of its first joint operation with the FBI against international child predators, announcing the identification of eight child victims and the arrest of 17 individuals for child sexual molestation and production of pornography.

Operation Atlantic has led to the identification of 37 child sex offenders in France, Italy, the Netherlands, Spain, and the United Kingdom. The investigation, which began in December 2010, continues as individuals overseas are still being sought.

FBI's Top Cyber Official

Q: How has the cyber threat changed over time?

Henry: Early on, cyber intrusions such as website defacements and denial of service attacks were generally perceived to be pranks by teenagers. But even then, in the late 1990s, there were state actors sponsored by governments who were attacking networks. What received media attention was the teenage hacker and the defacements, but there were more significant types of attacks and a more substantial threat that was in the background. Also, those early attacks were much more intermittent. Now we are seeing literally thousands of attacks a day. The ones people hear about are often because victims are coming forward. And there are more substantial attacks that people don’t ever see or hear about.

Q: Where are the cyber threats coming from today?

Henry: We see three primary actors: organized crime groups that are primarily threatening the financial services sector, and they are expanding the scope of their attacks; state sponsors—foreign governments that are interested in pilfering data, including intellectual property and research and development data from major manufacturers, government agencies, and defense contractors; and increasingly there are terrorist groups who want to impact this country the same way they did on 9/11 by flying planes into buildings. They are seeking to use the network to challenge the United States by looking at critical infrastructure to disrupt or harm the viability of our way of life.

Read More About: Shawn Henry 

Teen Suicide Statistics

The statistics on bullying and suicide are alarming:

• Suicide is the third leading cause of death among young people, resulting in about 4,400 deaths per year, according to the CDC. For every suicide among young people, there are at least 100 suicide attempts. Over 14 percent of high school students have considered suicide, and almost 7 percent have attempted it. 
• Bully victims are between 2 to 9 times more likely to consider suicide than non-victims, according to studies by Yale University 
• A study in Britain found that at least half of suicides among young people are related to bullying 
• 10 to 14 year old girls may be at even higher risk for suicide, according to the study above.

• According to statistics reported by ABC News, nearly 30 percent of students are either bullies or victims of bullying, and 160,000 kids stay home from school every day because of fear of bullying

Digital Devastation

By Butch Morton


Would you give a child a loaded gun?
I would hope not!


But parents think nothing of giving their children computers, tablets and smart phone that are many times more times dangerous than a single firearm. These devices if left unguarded and unmonitored can easily ruin your children’s lives or other children’s lives.


I know, I know, your thinking, “aren’t you exaggerating a little”? I wish I were.


Today with every aspect of our lives being displayed on monitors both large and small. On social networks, blogs, massive uncontrolled databases and IM chat networks.


A irresponsible person can cause victims to commit suicide, permanently ruin reputations, cause cyber bullying and permanently ruining their own lives.


If you don’t believe me look up the stories of Phoebe Prince, Ryan Patrick Halligan, Alexis Pilkington, Tyler Clementi, Megan Taylor Meier, Daani Sanders, Amanda Cummings, Grace McComas, Hope Witsell and many, many more…


The definition of Cyberbullying is when a child or teenager is harassed, humiliated, embarrassed, threatened or tormented using digital technology.


When an adult is harassing children or teenagers, it is known as cyber harassment or cyber stalking.

Cyber bullying is often a systemic attempt to get another child or teen to feel bad about him or her self through electronic communication. It usually happens more than once, and includes leaving demeaning messages on someone’s Facebook page, uploading embarrassing photos, or spreading gossip or rumors through instant messaging and text messaging. 


There are a number of ways to humiliate and threaten children online. And because the damage is often psychological, and carries over into the real world, the threats posed by cyber bullying can be very real. There have been cases where cyber bullying has led to severe depression, self-harm and even suicide.


In some cases, it is possible to get law enforcement involved - especially if an adult becomes involved and brings the level of offence to cyber stalking or cyber harassment. It is vital that your child comes to you when cyber bullying takes place. It is usually possible to print the screen showing the offending action. Additionally, it is possible to trace the IP address of the user, and locate the computer from which the cyber bullying is taking place. This can help prevent further incidents.

Despite the potential damage of cyber bullying, it is alarmingly common among adolescents and teens. According to Cyber bullying statistics from the i-SAFE foundation:
1. Over half of adolescents and teens have been bullied online, and about the same number have engaged in cyber bullying.
2. More than 1 in 3 young people have experienced cyberthreats online.
3. Over 25 percent of adolescents and teens have been bullied repeatedly through their cell phones or the Internet.
4. Well over half of young people do not tell their parents when cyber bullying occurs.


The Harford County Examiner reported similarly concerning cyber bullying statistics:
1. Around half of teens have been the victims of cyber bullying
2. Only 1 in 10 teens tells a parent if they have been a cyber bully victim
3. Fewer than 1 in 5 cyber bullying incidents are reported to law enforcement
4. 1 in 10 adolescents or teens have had embarrassing or damaging pictures taken of themselves without their permission, often using cell phone cameras
5. About 1 in 5 teens have posted or sent sexually suggestive or nude pictures of themselves to others
6. Girls are somewhat more likely than boys to be involved in cyber bullying


The Cyberbullying Research Center also did a series of surveys that found these cyber bullying statistics:
1. Over 80 percent of teens use a cell phone regularly, making it the most popular form of technology and a common medium for cyber bullying
2. About half of young people have experienced some form of cyber bullying, and 10 to 20 percent experience it regularly
3. Mean, hurtful comments and spreading rumors are the most common type of cyber bullying
4. Girls are at least as likely as boys to be cyber bullies or their victims
5. Boys are more likely to be threatened by cyber bullies than girls
6. Cyber bullying affects all races
7. Cyber bullying victims are more likely to have low self-esteem and to consider suicide


Parents and teens can do some things that help reduce the cyber bullying statistics:
1. Talks to teens about cyber bullying, explaining that it is wrong and can have serious consequences. Make a rule that teens may not send mean or damaging messages, even if someone else started it, or suggestive pictures or messages or they will lose their cell phone and computer privileges for a time.
2. Encourage teens to tell an adult if cyber bullying is occurring. Tell them if they are the victims they will not be punished, and reassure them that being bullied is not their fault.
3. Teens should keep cyber bullying messages as proof that the cyber bullying is occurring. The teens' parents may want to talk to the parents of the cyber bully, to the bully's Internet or cell phone provider, and/or to the police about the messages, especially if they are threatening or sexual in nature.
4. Try blocking the person sending the messages. It may be necessary to get a new phone number or email address and to be more cautious about giving out the new number or address.
5. Teens should never tell their password to anyone except a parent, and should not write it down in a place where it could be found by others.
6. Teens should not share anything through text or instant messaging on their cell phone or the Internet that they would not want to be made public - remind teens that the person they are talking to in messages or online may not be who they think they are, and that things posted electronically may not be secure.
7. Encourage teens never to share personal information online or to meet someone they only know online.
8. Keep the computer in a shared space like the family room, and do not allow teens to have Internet access in their own rooms.
9. Encourage teens to have times when they turn off the technology, such as at family meals or after a certain time at night.
10. Parents may want to wait until high school to allow their teens to have their own email and cell phone accounts, and even then parents should still have access to the accounts.


If teens have been the victims or perpetuators of cyber bullying they may need to talk to a counselor or therapist to overcome depression or other harmful effects of cyber bullying.


Sources:

• Richard Webster, Harford County Examiner, "From cyber bullying to sexting: What on your kids' cell?" [online]
• i-SAFE Inc., "Cyber Bullying: Statistics and Tips" [online]
• Cyberbullying Research Center, "Summary of our cyberbullying research from 2004-2010" [online]
• National Crime Prevention Council, "Cyberbullying" [online]

15 Things You Should Not Do On Facebook

Be less annoying to your friends on Facebook by following these guidelines. People do things on Facebook that they’d never dream of doing in real life: Love them or hate them, social networking sites are here to stay. Facebook and MySpace are among the most popular destinations on the web. And even though they can be extremely annoying, there is one inescapable fact: the most irritating thing about Facebook is the 100m-strong army of people who use it. When was the last thing you looked at your feed without someone posting an embarrassing picture, or someone else saying something irritating in their status update? 


Here are the top 15 things you should never do on Facebook or MySpace:

1. Use Facebook mail instead of proper email

Are you silly? When you Facebook mail me, I have to log into my real email to find that I then have to go and log into my Facebook account to read and reply to your message. If you’ve got my real email address, please use it.

2. Add old friends and then forget about them
This is the biggest social networking crime of them all. How many times has it happened? You haven’t seen someone for 20 years; you vaguely recognize their name but not their face. They add you as a friend on Facebook and then after you accept them, you never hear from them again.

3. Adding people you don’t even know
It’s one thing to add an old friend and then never speak to them. It’s another to add anyone whose name you kind of vaguely sort of recognize. It’s like that old man in the pub who slaps everyone on the back as if they were old pals, when in actual fact he has no friends, largely because of this habit.

4. Adding single-serving holiday friends
Some people just don’t understand that the exchanging of email addresses at the end of a holiday is just a social ritual and is absolutely not an invitation to add you to Facebook and then turn up unannounced at your house three months later.

5. Accepting friend invitations from people you don’t know
It’s one thing to complain about irritating people adding you on Facebook, but if you accept those invites, you’ve only got yourself to blame. If you scan through your Facebook friends list, you’ll doubtless find a handful of people in there you barely know. It’s a horrible realization – like when you suddenly realise your hand is resting on a knob of someone else’s chewing gum underneath a desk.

6. Update Facebook profile when you’re supposedly ill
How many times have we seen it? Someone calls in sick in the morning and then updates their Facebook profile minute-by-minute throughout the day, documenting a day of ice cream, chips, video games and jumping on the bed. Get dressed and get to work you lazy hoodwink, or else you’ll probably be fired. And it’d be your own fault for adding your boss to be your Facebook friend.

7. Write on a wall instead of communicating privately
The driving force behind the success of Facebook is… vanity. People love the idea that others are watching what they’re doing. Tell me this: for what reason would you invite someone to a private party by writing on their wall, other than to show off to all the people on their friends list who you don’t want to come? It just makes you look like a tit, so don’t do it.

8. Moan in your Facebook status
The most annoying thing that people do on Facebook is to spray their walls with vanity-filled drivel, by posting self-indulgent awfulness in their status updates. “Kerry is sorry how it ended but it had to be done. I love you and will miss you, and I hope you can apologize one day”. Oh sod off. If you’ve got something to say to someone, say it. Don’t post it on your wall because no one else is interested, and people just think you’re a cry baby.

9. Other irritating status updates
No, “Dave is” is not an acceptable status update, nor is it original or in any way clever. “Dave just is…” is equally as inexcusable. And “Dave is Dave is Dave” is downright taking the piss. Oh, and song lyrics are also a no-no. “Sandra was happy in the haze of a drunken hour, but heaven knows she’s miserable now” will impress people about the same amount as Morrissey’s saggy, miserable face.

10. Upload drunken pictures the morning after
Have a little common sense. If you go out for a big one on a Wednesday night, posting humiliating, drunken photos of your friends on Thursday morning is a recipe for disaster. Because when I call in sick at 9am, the last thing I want my boss to say is: “I’ve seen the pictures of you crawling in the gutter last night. I’m not amused or impressed, now get to work!”

11. Joining ridiculous chain-mail groups
Why do people insist on joining groups such as “On the X of May, everyone has to panic buy carrots”? Come on people, how stupid are you? There’s one group on Facebook devoted to nullifying the vegetarian moral crusade, and it’s called: “For every animal you don’t eat, I’m going to eat three”. That’s a good group name. “I think Ryan Seacrest is the best presenter ever” is not.

12. Starting said groups
Enough said.

13. Lazy grammar and spelling mistakes
Reading Facebook is like perusing a six-year olds’ English copybook. Come on, people: ‘Your’ is ‘your’. ‘You are’ is ‘you’re’. It really isn’t hard to get that little one right. And understanding the difference between there, their and they’re surely isn’t too much of a challenge?

14. Upload photos to Facebook and deleting originals
Uploading photos to Facebook can be a very handy way of sharing your holiday snaps. But for the love of God, don’t lose your originals. Facebook is terrible at compressing and resizing images – it turns your 14MP panoramas into 14KB monstrosities. Facebook is not a suitable repository to store your precious photos!

15. Inviting me to be a Zombie Pirate Snot Monster
Please don’t do that ever, ever again


May 14, 2010

Written by James Rivington

Data Breach Costs For US Companies

When corporations are attacked, the costs are tremendous and rising fast.

This year, U.S. companies will spend more than $130 billion as a result of data breaches, according to the Ponemon Institute, a cybersecurity research organization. That's more than triple what companies spent combating breaches in 2006.

"The ability of bad guys to enter, steal, exit and do it in a way that's undetectable is rising," said Larry Ponemon, chairman of the Ponemon Institute. "It's a big problem and it is getting worse."


CNN Money

The Problem With Cyber Security

Most of the actual damage to businesses is caused by insiders, people who work in organizations (or are subcontracted in) and abuse the trust placed in them. It's much easier to walk out with sensitive information if you don't have to get past the firewalls/intrusion detection systems to get at it. The hard part is detecting when someone on the inside is doing something they shouldn't.

...cyberCMDR2

How To Report Cybercrime

Instructions

1. Get together as many details about the cyber crime as you can. The more information that you can give the authorities, the more helpful you can be to the case.
2. Contact the Internet Crime Complaint Center. This center was developed with the help of the FBI and makes reporting cyber crimes an easier task.
3. Fill out the complaint form on the Internet Crime Complaint Center's website. After you fill out the form, you'll be e-mailed a case number. The matter will be investigated through the center and they will update you on the status.
4. Call your local police department. If you are unsure of whom exactly you should report the cyber crime to, give the police a call and get their advice. If it is a criminal matter, they'll likely handle it.
5. See if the cyber crime that you are reporting is a FBI matter. Local FBI offices usually handle cases of Internet harassment, Internet bomb threats and cases of Internet child pornography.

Be Ever Vigilant

What should organizations do?

• Spending time avoiding the consequences and detecting the payload when it executes is a better use of resources and budget. Here are a few recommendations:

• Alert and monitor operations to sensitive information. Take for example the UBS PaineWebber incident where the code erases the disk. A solution should detect this type of sensitive activity – not only when performed from a left-over file, but also when performed by a logged on user, either intentionally or by mistake.

• Detecting suspicious behavior. As mentioned, the TSA uncovered the scheme when security cameras detected after-hours access. It’s this type of irregular access that should be applied to digital systems as well.

• Maintain a detailed audit trail. In the case of an incident, this type of audit may be invaluable for forensics purposes.

• Upon departure disable the employee’s access and continuously monitor dormant accounts. Many of these logic bomb cases are caused by disgruntled employees – within a short time frame after being let go. Fannie Mae did not terminate the contractor’s account until later that evening, given the contractor just enough time to write and deploy the code.

Facebook Security

Privacy Settings
The Privacy Settings let you make your entire page as private or as public as you wish. If you’re using Timeline, clicking on “editing your timeline info” takes you to the page that contains all of your personal information. You probably entered much of this information when you first signed up for Facebook, and it’s a good idea to check it periodically to make sure it’s up to date. You can edit your “Work and Education” or go into your “About Me” and “Basic Info” sections and play around with things like “Date of Birth,” “Religion,” “Relationship Status” and “Political Views.” If you leave a field blank, it doesn’t show up on your profile. Be sure to hit “Save” when you are done with a section so Facebook implements the changes you’ve made. One note: Facebook warns that even if your page is private, “the people you share with can always share your information with others, including apps.” It's always a good idea to post responsibly, no matter how you set your privacy options.
Under “learn more,” Facebook provides video instruction on most of its advanced features, such as tagging and location, features that can be very helpful when navigating the site. The "Help" section answers many questions regarding privacy.


Default Privacy Settings
You can set your Default Privacy setting and make decisions about “How You Connect.” (“Friends” is the default but you can chose to customize or go public as well.) This controls who can have access to locating your Facebook profile by doing a general online search. “Timeline and Tagging” lets you control who can tag you in posts and pictures without your permission and whether or not you want to be notified to approve or deny the tags. “Apps and Websites” allows you to restrict third party access to your information. “Limit the Audience for Past Posts” restricts how far back people can search into your online history. And “Blocked People and Apps” allows you to manage any people or apps you may have given restricted access. Being aware that these options exist and spending a little bit of time on them can give you peace of mind.


Individual Posts
Facebook gives you three choices when it comes to securing individual posts. The first is “Public,” which means that anyone with a Facebook account can see it. The second makes your post visible to “Friends,” meaning that all of your friends -- from Grandma to the EVP of your company -- can see the pictures you posted of karaoke night with the girls. If this worries you, you might want to try “Custom,” an option that lets you pick and choose who sees what. You can create lists by clicking the Friends icon. A good habit to get into is to start putting your friends and family into the lists provided or creating some of your own. That way, you can feel free to share girls' night with your “Close Friends” list and keep both your grandmother and the boss out of it. This filtering also works for photos and videos, and you can make adjustments to photos you’ve posted in the past. Taking a few minutes to go through your archive lets you feel comfortable with what all camps are seeing.


Account Settings
The security settings can be found under the same tab by clicking “Account Settings.” In this field you will find a set of options protecting your account itself from anyone who might try to access it without permission. You can designate devices, request notifications upon logins from unrecognized devices, monitor active sessions, and generally find out who has accessed your account and when.
Facebook is a powerful tool that has changed the way we communicate as a society. Most of the time it’s all in good fun, but it’s your face and your story. Presenting it with care and endless tact is the most effective way to avoid ending up in a sticky situation.

Tips To Stay Safe

General Tips

• Set secure passwords and don't share them with anyone. 
• Avoid using common words, phrases, or personal information and update regularly.
• Keep your operating system, browser, anti-virus and other critical software up to date. 
• Security updates and patches are available for free from major companies.
• Verify the authenticity of requests from companies or individuals by contacting them directly. 
• If you are being asked to provide personal information via email, you can independently contact the company directly to verify this request.
• Pay close attention to website URLs. Pay attention to the URLs of websites you visit. 
• Malicious websites sometimes use a variation in common spelling or a different domain (for example, .com instead of .net) to deceive unsuspecting computer users.

Cyber Tips - Email

Email

• Turn off the option to automatically download attachments.
• Save and scan any attachments before opening them. If you have to open an attachment before you can verify the source, take the following steps:Be sure your anti-virus software is up to date.
• Save the file to your computer or a disk.
• Run an anti-virus scan using your computer’s software.

Cyber Tips - Social Media, Video Games, Forums, Chat Sites and more.

Social Media, Video Games, Forums, Chat Sites and more.

• Limit the amount of personal information you post. Do not post information that would make you vulnerable, such as your address or information about your schedule or routine. If your friend posts information about you, make sure the information is something that you are comfortable sharing with strangers.
• Take advantage of privacy and security settings. Use site settings to limit the information you share with the general public online.
• Be wary of strangers and cautious of potentially misleading or false information.

Cyber Tips - Mobile

Mobile

• Only access the Internet over a secure network. Maintain the same vigilance you would on your computer with your mobile device.

• Be suspicious of unknown links or requests sent through email or text message. Do not click on unknown links or answer strange questions sent to your mobile device, regardless of who the sender appears to be.

• Download only trusted applications from reputable sources or marketplaces.

Cyber Tips - At Home

At Home 

• Talk to your children about Internet safety. Keep your family’s computer in an open area and talk to your children about what they are doing online, including who they’re talking to and what websites they’re visiting.

• Inform children of online risks. Discuss appropriate Internet behavior that is suitable for the child's age, knowledge, and maturity. Talk to children about the dangers and risks of the Internet so that they are able to recognize suspicious activity and secure their personal information.

Cyber Tips - At Work

At Work

• Restrict access and secure the personal information of employees and customers to prevent identity theft.
• Be suspicious of unsolicited contact from individuals seeking internal organizational data or personal information. Verify a request’s authenticity by contacting the requesting entity or company directly.
• Immediately report any suspect data or security breaches to your supervisor and/or authorities.