Online Safety for Youth Leaders: Common Cyber Threats

1
Online Safety for Youth Leaders Common Cyber
Threats

• Ernest Staats
• Technology Director
• MS Information Assurance, CISSP, MCSE, CNA, CWNA,
  CCNA, Security, I-Net, Network, Server, A
• erstaats_at_gcasda.org
• Resources available _at_ http//www.es-es.net/2.html

2
Outline

• What Is the Big Deal?
• Privacy Responsibilities
• Identity Theft
• Common Threats of the Cyber World
• Cyber Predators
• Cyber Bullying  
• How Teens Bypass Your Filtering Systems
• Spoof Card
• Spyware
• Recover Lost Files/Photos
• Resources

3
What Is the Big Deal?-- Statistics

• 94 to 96 of youth are online
• A child goes missing every 40 seconds in the
  U.S, over 2,100 per day (OJJDP)
• In 2005 662,196 children were reported lost,
  runaway, or kidnapped (ncmec)
• 2/3 of all missing children reports were for
  youths aged 15-17 (ncmec)
• 2/5 missing children ages 15-17 are abducted due
  to Internet activity (ICAC)
• Do the math -- over 2 million teens age 15-17 are
  abducted due to Internet activity

4
What Is the Big Deal? -- Digital Divide

• 93 of parents say they have established rules
  for their childs Internet activity.
• 37 of students report being given no rules from
  their parents on using the Internet.
• 95 of parents say they know some or a lot
  about where their children go or what their
  children do on the Internet.
• 41 of students do not share where they go or
  what they do on the Internet with their
  parents.
• Based on a 200405 pre-assessment survey of
  1,350 parents.
• Based on a 200506 pre-assessment survey of
  12,650 students in grades 5 through 12.

5
What Is the Big Deal? -- CyberBullying

• 33.4 of U.S. teens have been a victim of
  cyberbullying (Profs. J.W. Patchin and S.
  Hinduja)
• At end of 2006, there were 20.6 million U.S.
  teens (Jupiter Research)
• 33.4 of 20.6 million 6.9 million victims of
  cyberbullying

6
Youth Security issues COPPA

• Children's Online Privacy Protection Act
• The rule applies to
• Operators of commercial websites or online
  services directed to children under 13 that
  collect personal information from children
• Operators of general audience sites that
  knowingly collect personal information from
  children under 13
• Operators of general audience sites that have a
  separate children's area and that collect
  personal information from children

7
COPPA Requires

• A site must obtain parental consent before
  collecting, using, or disclosing personal
  information about a child
• Exceptions to above
• Respond to a one-time request from the child
• Provide notice to the parent
• Ensure the safety of the child or the site
• Send a newsletter or other information on a
  regular basis as long as parents can opt out

8
COPPA Requires

• Post a privacy policy on the homepage of the
  website and link to the privacy policy everywhere
  personal information is collected
• Allow parents to revoke their consent and delete
  information collected from their children
• Maintain the confidentiality, security, and
  integrity of the personal information collected
  from children

9
Privacy Policy Must Include

• Types of personal information they collect from
  kidsname, home address, e-mail address, or
  hobbies
• How the site will use the informationfor
  example, to market to the child who supplied the
  information, to notify contest winners, or to
  make the information available through a childs
  participation in a chat room
• Whether personal information is forwarded to
  advertisers or other third parties
• A contact person at the website

10
Security Considerations

• Make sure you have a written privacy policy
• Make sure you have a media release form as a part
  of your privacy policy
• Collect as little information as possible and
  make sure it is stored safely
• Be careful of what you post online and of what
  you say to youth online
• You are responsible for everything you POST or
  collect online

11
Identity Theft

• Any request for information that comes in e-mail
  is to be suspect. Call your bank or credit card
  company first, and do not click on the link. Do
  not use the phone number sent in the e-mail.
• Any phone request for more info is also suspect.
  So question them first and hang up. Then call the
  institution to make sure they were calling (be
  careful of any information given out).
• Check the website before you do business with
  them. Make sure the SSL connection is good.

12
Identity Theft Protection

• Monitor your and your childs credit report
  regularly
• Obtain your credit report at least once a year by
  phoning either Equifax, Experian, or Trans Union,
  and look carefully for any unusual or fraudulent
  activity. Their contact information is on the
  Internet. Check for FREE at www.annualcreditreport
  .com/
• Child ID theft is a large and growing market.
  CNN September 14, 2006
• Beware of all requests for your personal
  information online
• Criminals copy logos perfectly to trick you.
  Legitimate companies never send unsolicited
  requests for personal information. Never give out
  personal information unless you initiate the
  correspondence.
• Shred documents before putting them in the trash
• Bank statements, credit card offers, utility
  bills, and documents with Social Security or
  account numbers can be retrieved by ID thieves
  from your trash, so make a habit of tearing them
  up before tossing them.

13
Identity Theft Protection

• Install a locking mailbox or use the post office
• Criminals often obtain the information they need
  by intercepting mail in unlocked street
  mailboxes. Only send and receive bills, checks,
  or other personal correspondence from a secure
  location.
• Limit the amount of personal information you
  carry in your purse or wallet
• Protect your information online by using a
  firewall, virus protection, and secure Internet
  browser
• Place a fraud alert on your credit
• If you have lost your wallet, purse, Social
  Security card, or passport, or suspect you are a
  potential victim of ID theft, contact each of the
  three credit bureaus (Equifax, Experian, and
  Trans Union) for assistance.

14
Common Threats

• Predators
• Addiction
• Less interaction in real world
• Misunderstood
• Higher rates of depression
• Cyber mentality

15
Cyber Predators

• Befriend
• Lure
• Make contact- that is their goal
• Easily tracked

16
Cyber Predators Statistics

• A child goes missing every 40 seconds in the
  U.S, over 2,100 per day (OJJDP)
• In 2005 662,196 children were reported lost,
  runaway, or kidnapped (ncmec)
• 2/3 of all missing children reports were for
  youths aged 15-17 (ncmec)
• 2/5 missing children ages 15-17 are abducted due
  to Internet activity (ICAC)
• Do the math -- over 2 million teens age 15-17 are
  abducted due to Internet activity

17
Befriending Techniques

• Chat room, IM, networking sites, blogs
• Portrays same age, same likes, same dislikes
• Portrays age-typical awkwardness
• Begins to share some secrets
• E-mail
• Telephone (which can be faked)
• Webcamming (which can be faked)
• Verbal chat on Internet (which can be faked)

18
Eluding Internet Predators

• Keep usernames and profiles generic and anonymous
• Discuss your childs online screen name(s),
  profile(s), and activities. Many provide too much
  personal information. Ensure all screen names and
  profiles are non-specific, non-suggestive, and
  purposely vague.
• Avoid posting personal photos
• Pictures can be altered to embarrass or
  humiliate. They also provide personal information
  that can help an Internet predator to pretend to
  know you, your children, and/or their friends.
• Always keep private information private
• With just three pieces of personal information,
  specialized Internet search engines can be used
  to locate someone anywhere. Internet
  conversations should never include any personal
  information.

19
Youth Safety Sites

• Think Before You PostLearn how posting images
  and personal information can put you at
  risk.visit the website
• Don't Believe the TypeLearn how to better
  protect yourself from online sexual
  predators.visit the website

20
Finding Youth Information

• How Do You Discover It?
• General search
• Google, Yahoo, MSN, etc.
• Place name in quotation marks (use variations)
• First (Jon) Last
• Legal First (Jonathan) Last
• First MI Last
• Searching MySpace
• Under Finding someone you know, enter the name
  or e-mail and click find
• Search school under Classmate Finder
• Googles advance search page
• Allows a search within a domain
• sitemyspace.com Hate my parents 31,100 hits

21
Internet Filters Bypass PeaceFire

• 1. First, try a circumvention site like
  https//www.StupidCensorship.com/. Be sure to
  type https at the beginning of the URL, not
  'http
• 2. If that doesn't work, you can join our e-mail
  list, where we mail out new circumventor sites
  every 3 or 4 days
• 3. If you have a computer with an uncensored
  Internet connection, you can follow these easy
  steps to set up your own circumventor site. If
  you want to get around blocking software at
  school, and your home computer is uncensored, you
  can install the circumventor on your home
  computer.
• 4. If you're trying to get around blocking
  software that's installed on the local computer
  and not on the network, use these instructions to
  boot from the Ubuntu Live CD

22
Stealth Switch

• StealthSwitch Desktop Cloaking Device
• Protect Sensitive Information
• Get Confidential Materials off your screen
  FAST!
• Works with any application
• Play Games but make others think you are working
  24.00
• DEMO of device

23
Software Filtering Explained

• Software analysis
• Keyword searches (usually) cannot interpret
  graphics
• Keyword searches cannot use contextual
  information
• Human analysis
• The lists of filtered sites will always be
  incomplete
• Bad sites may not be blocked simply because
  they havent been added to the stop list yet
• Stop lists are vulnerable to personal biases
• Good sites may be blocked simply because of
  that sites politics
• Site labeling Internet Content Rating Association
  (ICRA)
• Site labels are determined by the sites owners
• Owners can lie about their content or even refuse
  to rate their site

24
Securing Your Online Connections

• Install and keep up-to-date anti-virus,
  anti-spyware, and firewall
• Microsoft Malicious Software Removal Tool
  http//www.microsoft.com/downloads/details.aspx?Fa
  milyIdAD724AE0-E72D-4F54-9AB3-75B8EB148356displa
  ylangen
• CCleaner (Free) http//www.ccleaner.com/download/
  
• Anti-Spyware A-Squared (free)
  http//download5.emsisoft.com/a2FreeSetup.exe
• AVG Free http//free.grisoft.com/
• Use commercial Web filtering software
• Free - http//www.k9webprotection.com/
• Net Nanny (2007 best) http//www.netnanny.com/
• Check Internet cache
• _at_winspy (free) http//www.acesoft.net/winspy
• Spector Pro to track everything done on a PC
  http//www.spectorsoft.com/products/SpectorPro_Win
  dows
• How to secure your wireless networks
  www.es-es.net/2.html

25
Spoof Card!
26
Spoof Cards

• Calling cards to hide identity
• Fake caller ID
• Voice changer
• Call recording
• Online at http//ww.spoofcard.com or cell phone
  dealers

27
Spoof Cards

• How do they work?
• Call 1-800 number
• Enter pin of card
• Enter phone number you want to call
• Enter phone number to appear on caller ID
• Change voice to male or female
• Record call

28
Adware vs. Spyware

• Adware - Drain resources
• Adware - Slowed Internet connection
• Spyware difficult to uninstall/detect
• Programs available to remove
• Various deployment methods
• E-mail
• Direct access
• Downloaded

29
Lost Your Photos?

• Zero Assumption Digital Image Recovery
• ZA Digital Image Recovery recovers Canon .CR2
  files as TIFF. To open recovered files, Jeff used
  Photoshop CS "Open With" feature, which allows to
  specify image format override.
• http//www.z-a-recovery.com/digital-image-recovery
  .htm
• Restoration
• Restoration is an easy-to-use and straight
  forward tool to undelete files that were removed
  from the recycle bin or directly deleted from
  within Windows
• Also able to recover photos from a Flash card
  that has been formatted http//www.snapfiles.com/g
  et/restoration.html
• Free Undelete
• http//www.pc-facile.com/download/recupero_elimina
  zione_dati/drive_rescue/
• Drive Rescue
• http//www.pc-facile.com/download/recupero_elimina
  zione_dati/drive_rescue/

30
Cyber Predators and youth
RSA Security Show
My Space Video
31
Resources

• http//www.es-es.net/2.html