The Importance of Internet Safety, Security, and Education

DR. JOANNA F. DEFRANCOSCHOOL OF GRADUATE & PROFESSIONAL STUDIESENGINEERING DIVISIONPENN STATE [email protected]

The Importance of Internet Safety, Security, and Education

PCEA - Cooperative Education Conference - 2010

Objectives of this presentation Bring awareness to the issues that

affect our kids, our future workforce, and us: Social engineering Predators Mobile phone Safety Viruses Privacy


Native or Immigrant?

Native: people who grew up with the Internet. Approximately people who are 30 and younger

Immigrant: people over the age of 30 who did not grow up with the Internet.

Challenge – the Immigrants are raising the natives………

Term coined by Marc Prensky


Some Positive Impacts of the Internet Education Communication Business Socializing


Why is it suddenly OK to talk to strangers? We tell our kids not to talk to

stranger but yet our kids are on the Internet doing just that.

Facebook has 500 million users 72 million are ages 0-17 54% of 13-14 year olds have

Facebook pages 15-17 year old Internet users spend

19.9 hours a week online


Burglars Social Networks18% of all social network users post

upcoming travel plans

*Dear Mr. Myers: In August, I innocently placed a note on my Facebook page that said our family would be taking an out-of-town vacation over Labor Day weekend.

When we returned we found that thieves had taken thousands of dollars in jewelry and electronics from our house.

*Bucks County Courier Times, 9/25/10


“If you don’t want your information to show up everywhere – don’t over share”


Geotags: A picture is NOT worth revealing your address!!! Photos taken from your smartphone will

reveal your location

You don’t even have to tell the criminal where you live – just post your picture on the web in front of your house. That will give them an exact latitude and longitude

Solution – TURN OFF GPS ON YOUR PHONE when taking photos

“Geotags in web photos reveal information about you”


Lawyers Social Networks Facebook is turning into the divorce

layers’ secret weapon. 1600 divorce lawyers from around the

country say Facebook was the primary source of evidence followed by MySpace and Twitter.

A printout of disparaging Facebook comments is powerful in a court.

Photos that are posted by your “friends”


Why do people do this??

Internet is very social place – but we access it in seclusion

Some treat the net as a personal diary and sometimes a confessional.

Some (especially kids) think the dangers “won’t happen to them”.

“The Internet should be treated more like a shopping mall or library”– WSJ 8/7/2010


Do we have a right to privacy?

There is a large population of people who either forgot or don’t find privacy important

9th amendment of the constitution:“The enumeration in the Constitution, of certain

rights, shall not be construed to deny or disparage others retained by the people.”

1st: Freedom of Religion, Press, Expression4th: Search and Seizure (need warrant)5th: …nor shall be compelled in any criminal case to be a

witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use ……


http://www.privacyrights.org/print/fs/fs1-surv.htm

*Be Aware *Be Assertive *Be an Advocate

1. Don’t send personal information through chat, email, instant messages, forums, online profile

2. Wipe your computer’s hard drive before your donate, sell or trash it

3. Protect your SS#4. Be careful of what you say on cordless

or mobile phones5. Read the fine print

Jobs - There Facebook page may be more important than their resume!! You say: “Be careful what you post because

a potential employer may look you up.”

“Whatever, I’ll just delete it

later…..”


Recovering deleted information File creation

OS finds free space not yet written to, write data, saves pointer to that file in a database.

File deletion OS eliminates the pointers to that file’s

location on the hard drive in the database.

The space that was used for the file becomes “unallocated”,


Social Engineering

Non-technical intrusion that relies on human interaction and often involves tricking other people into breaking normal security procedures.

Manipulate people into divulging confidential information


Social Engineering

by phone Online Social Engineering Reverse Social Engineering USB Drives


Phishing exampleFrom "Webmail Helpdesk" <[email protected]>"Webmail Helpdesk" <[email protected]> ⊕Attn: User, This message is from ITS message center to all account owners. We are currently

upgrading our email data base. We are deleting all unused account to create more space for new accounts.

We are currently performing maintenance for our Digital Webmail. We intend

upgrading our Digital Webmail Security Server for better online services.

CONFIRM YOUR ACCOUNT DETAILSUserid: PasswordDate of Birth: Warning!!! Any account owner that refuses to update his or her account within

Three days of this update notification will loose his or her account permanently and this procedure is attributed to a routine webmail softwareupdate.

Thank you for using our webmail!

ITS Support TeamWarning Code :IT67565434


EXAMPLE: Reverse Social Engineering Example: FakeAV AKA Fake Antivirus, Rogue Antivirus,

ScareWare From 1000 – 500,000 different variants Sent directly to the victim as an

attachment or as a link in a spam message.

Another form has been observed to deliver FakeAV, such as instant messaging applications including Google Talk.10


Social engineering

Takes advantage of trust relationships formed on social networking sites Steal personal data that will make them

$ Convince you to click on something that

is basically a virus.


Online Predators 3rd priority of the FBI1. Counterterrorism (international, domestic,

weapons of mass destruction2. Counterintelligence (espionage)3. Cyber Crime

Computer Intrusions Online predators Piracy/intellectual property theft Internet fraud

4. Public Corruption (government fraud, election crimes, foreign corrupt practices

5. Civil Rights (hate crime, human trafficking…..)



Is your child the target of a predator? Look for signals

Large amounts of time online Child receives phone calls from people

you don’t know Child turns computer monitor off when

you come into the room. Child becomes withdrawn from the

family Receiving gifts through the mail


Suggestions from the FBI Keep computer in a common room Communicate with your kids about

the dangers Maintain access to your child’s

account and randomly check his or her email


New generation of Mobile phones Use of 3G phones has increased illicit

activities.


Teens’ texting behavior*(surveyed 1017 teens and 1049 parents)

What teen

Admits to

Texting Practices What parents believe

41% Sent received or forwarded a text that said something sexual

11%

52% Read someone else’s texts or had their texts read by someone without permission

8%

43% Put someone down or insulted someone in a text

10%

45% Texted while driving 45%

* Philadelphia Inquirer, 7-22-2010


Sexting

Teens don’t realize the ramifications: Send to one person – that person sends

to friends – those friends send to friends – becomes viral.

Once you send it out – you can’t take it back.

Affect future careers (it won’t happen to them)


What can parents do?

Check your child’s mobile phone. Look at picture sent and received.

If your teen acts overly possessive of their phone – don’t back off. Find out what they are doing!!

TALK to your teen about the dangers of sexting and the potential legal consequences.


Texting while driving

Laws are not enough People can put the phone in there lap and text

Once the accident occurs the police will know Technology is already in the market

iZUP DriveAssist for Teens ZoomSafer

“INSIDE MOBILE: Using Mobile Technology to Prevent Texting While Driving” March, 2010


Viruses/Hackers

Sophistication of viruses

Ski

ll le

vel of

hack

er


Avoiding viruses

Practice careful Web browsing habits Don’t be so quick to click Don’t click on pop-up windows

Be careful of scams Especially coming through email – “Phishing” Avoid clicking on hyperlinks in e-mail messages

Be careful when downloading/installing applications Facebook (“FACEBOOK in PRIVACY BREACH”

WSJ 10/18/2010) Mobile phones


Phishing Example

From "C. Y. Ling"<[email protected]> ⊕ Subject PartnershipDate Sun, Oct 17, 2010 10:06 PMGood day, I am Mr. C.Y. Ling, alternate CEO of

the operations of CITIC Bank International, China. I have a proposal for you in the tune of One Hundred & Five Million EUR, after successful transfer, we shall share in the ratio of forty for you and sixty for me. Please reply for specifics. Yours, Mr. C.Y. Ling.


From "Disc Super Store"<[email protected]> ⊕

Subject iPhone Order ConfirmationDate Thu, Oct 14, 2010 11:41 PM

Hello, Your credit card has been successfully charged.

Please click on the link below and open it to view a copy of your receipt:

View The Receipt

Thank you for buying the new iPhone 4, we shall send you a shipping confirmation e-mail immediately your order has shipped out.

Sales Team,Disc Super Online Store

http://rwa-shop.de/components/receipt.scr

http://rwa-shop.de/components/receipt.scr


On-line Banking

80% US households have come to do their banking over the Internet

Surprisingly many customers believe online banking is every bit as safe as branch banking

2009 – 4,295 malicious software apps

2010 – 65,098 malicious software apps

2009 - 85% of big banks incurred losses stemming from cyber-attacks



Botnets Definition: multiple computers infected

with remote-controlled software that allows a single hacker to run automated programs on the botnet behind the users’ back.

“robot networks” Malware that makes your computer a robot Perpetuates phishing scams

*”Cyber-Threat Proliferation Today’s Truly Pervasive Global Epidemic” , Tom Kellermann, Security


On-Line Banking

“Banks seek HELP to stop online thieves”

HOW? “they urge CUSTOMERS to be vigilant

as threats rise”

*USA TODAY – Friday July 30, 2010


“Hackers Steal millions from British Bank Accounts” 9/29/2010 Police arrested 19 people over the

fraud Virus infected computers stealing

passwords and other sensitive details from the CUSTOMERS.

Then they siphon money from the accounts.

Customers need to Update their security systems/set

firewalls Look for unusual or different log on

experience

What is a firewall?

A combination hardware and software intended to prevent unauthorized access to a company’s internal computer resources of hardware and software

How does this happen? They look for security holes in a web browser

Online banking systems are at least one full generation behind the current techniques employed by cyber crooks.

News Flash: They don’t target big banks – they go after mid sized companies, and YOU!1. Zeus virus carried in an email2. Software installed 3. Captures passwords, account numbers and other

data used to log into online bank accounts

** STOLE $70 million ->


What to do:“ABA (American Bankers Association) is now

asking customers to “partner” with banks to keep cyber-robbers in check”

1. Monitor your own accounts for unauthorized transactions – on a continuous (daily) basis.

2. Check your contact information often3. Protect your password information.4. Don’t open emails from people you

don’t know – if you open it – don’t click on any attachments or web links.


“Cybercrooks use Web apps to infiltrate smartphones”-USA Today 8/3/2010 Smartphone shipments topped 54

million in the first 3 months this year (57% jump in one year)

Hackers took notice Virus for Droid will harvest phone

numbers and data that can be used to disclose your location.

There were 80 infected Droid web apps discovered last week


Smartphone

Smartphone apps harvest, spread personal information


“Take A Ways” Technology is great taken with a big dose of caution. The best way to protect your children is to teach them

to protect themselves. Lets teach our young adults the reasons why we need to

be paranoid while using technology. Job applications Privacy Identity Theft Banking Thieves http://www.Ic3.gov

http://www.ic3.gov/


Questions?


References

1. Plagiarism – Canelli, R., “Internet makes cheating easier”, Bucks County Courier Times August 22, 2010

2. Sexting – Steinberg, S., “Sexting surges nationwide, and it’s not just teens doing it”, Philadelphia Inquirer, July 22, 2010

3. Facebook – Schroeder, Laurie Mason, “Facebook turning into divorce lawyers’ secret weapon”, Courier Times, August 15, 2010.

4. http://www.netsmartz.org/safety/risks.htm5. Lawyers.com “Sexting: Pornography or High

Tech Flirting?”

http://www.netsmartz.org/safety/risks.htm


References continued

6.http://federalcriminaldefenseinvestigator.blogspot.com/2010/08/geotags-in-web-photos-reveal-secrets.html (retrieved 10/12/2010)

7. “Popularity of social networking sites leading to more home burglaries” Bucks County Courier Times 9/25/2010

8. “The Great Privacy Debate” , The wall street journal August 7th 2010

Documents

The Importance of Internet Safety, Security, and Education