OPSEC and Social Engineering for Kids

advertisement
What are social networking sites? *
Social networking sites, sometimes referred to as “friend-of-afriend” sites, build upon the concept of traditional social
networks where you are connected to new people through
people you already know.
The purpose of some sites may be purely social, allowing users
to establish friendships, while others focus on establishing
business connections.
Although the features of social networking sites differ, they
allow users to provide information about themselves and offer
some type of communication mechanism (forums, chat rooms,
email, instant messenger) that enables a user to connect with
other users.
* Credit in part to Mindi McDowell, US-CERT
Social Networking Sites and Children
Many of these sites have become a mainstream medium for teens.
Some sites even attract pre-teens—even kids as young as 5 or 6.*
These days, many kids draw little distinction between real life and
online life. They may use social Web sites designed (specifically)
for children such as Webkinz or Club Penguin, or social Web sites
designed for adults such as Windows Live Spaces, YouTube,
MySpace, Flickr, Twitter, Facebook, and others. **
Whatever they’re doing, they should understand that many of
these Web pages can be viewed by anyone with access to the
Internet.**
• OnGuard Online ™ Sep 07
** Microsoft, 03 Dec 08
What security implications do these sites present? *
Social networking sites rely on connections and communication, so they
encourage users to provide a certain amount of personal information.
When deciding how much information to reveal, children may not exercise
the same amount of caution as they would when meeting someone in
person, because:
the internet provides a sense of anonymity
the lack of physical interaction provides a false sense of security
(social network) users tailor the info for their friends to read,
forgetting that other may see it, too
they want to offer personal insights to impress potential friends or
associates. Sometimes it may be a case of “bragging rights” (look at what I
can do), bravado or in response to a dare.
* Credit in part to Mindi McDowell, US-CERT
What security implications do these sites present? *
While the majority of children using these sites may not pose a
threat to each other, there are malicious people who are drawn to
them because of the accessibility and amount of (personal)
information that’s available.
The more information a (stranger) has about your children, the
easier it is for them to take advantage of them.
Using information that children freely post about their location,
home life, school, hobbies, interests, photos, videos, likes/dislikes
and friends, a malicious person could impersonate a trusted friend,
convince them to provide more personal information, coerce them
into committing an act that parents or friends wouldn’t otherwise
endorse, commit cyberbullying, or entice them into a dangerous
liaison.
* Credit in part to Mindi McDowell, US-CERT
The Good, the Bad and the Ugly:
Facebook and other social networking sites have some positives:
immediacy, quick linkage to people one wants to stay in touch
with, and a sense of constant togetherness that is otherwise
impossible.* Social networking is hugely popular and it is also
big business.
However, anything your children put on social networking sites
can be compromised. Hackers may use information your children
post as well as their picture in a non-flattering, detrimental, or
hurtful way.*
Presently, child molesters, sexual predators, scam artists and
cyberbullies have been discovering that these sites can also be
exploited to find victims.**
* credit in part to Dr. Yvonne Fournier, News Blaze, 01 Jul 09
** credit in part to Tony Bradley, About.com, undated
“Facebook is the new playground for phishers*”
Why? Facebook has made things relatively easy for computer
criminals.
“Behind every successful criminal computer hack a simple two-step
process: gain trust, then exploit that trust with an attack. Computer
criminals will tell you that gaining trust is the hard part. Consider a
real-world parallel: Breaking into a bank is difficult. But if you
befriend a guard, he’ll eventually let you walk right in through the
front door.“
“Facebook users assume a level of trust they just should not assume
when using the site. Phishing attacks have been popping up nearly
every week on Facebook and other social sites like Twitter. Victims
receive e-mails from friends with innocent-sounding messages, such
as ‘click on this video.’ Those who are duped then surrender their
login information on a rogue Web site, and then a criminal is off to the
races with their identity.”
* Credit in part to Bob Sullivan, 02 Jun 09
Experiences of children regarding social media and on-line use* --
9 out of 10 children have been accidentally exposed to
pornography
20% of teens say they have sent/posted nude or semi-nude photos
or videos of themselves
39% of teens say they send or post sexually suggestive messages
48% of teens say they have received sexually suggestive
messages
44% of teens say it is common for sexually suggestive messages
to get shared with people other than the intended recipient
33% of on-line solicitations of minors is via social networking
sites; and,
32% of on-line teens have been contacted by strangers on-line
* Kathy Peel, “Family Manager,” 2009
NBC News Dateline* –
(Social Networks) “It’s a world where the kids next door can play
any role they want. They may not realize everyone with Internet
access, including sexual predators, may see the pictures and
personal information they post.
“When ‘Dateline’ surfed MySpace, we found scenes of binge
drinking, apparent drug use, teens posing in underwear, and other
members simulating sex, and in some cases even having it. We
also found less provocative pages ….. but potentially even more
dangerous: teens listed not only their names, and addresses, but
even cell phone numbers and after school schedules.”
* Reported by Rob Stafford, Correspondent, NBC News, Apr 06
Photo sharing sites are used by thousands to post and share
photos. Child molesters and sexual deviants can search these
sites and bookmark their favorite photos of young boys and girls.
•Credit in part to Tony Bradley, About.com, (undated)
•Photo courtesy NBC Dateline
The Ugly Side of Social Networks – Cyberbullying*
Cyberbullying is one of the fastest growing problems facing
parents, school administrators and local governments around the
world.
“Cyberbullying” is defined as using the computer or other
electronic devices to intimidate, threaten or humiliate another
individual. It commonly takes place on the Internet among
students from a given school or neighborhood and can involve
adults as well as teens.
It has become a worldwide problem because of the difficulty in
tracking occurrences. In some cases, it may be accepted as
humor; but in many others, it may go too far.
When a child takes her/his own life because she or he was
cyberbullied, it has gone too far.
* Cyberbullyalert.com, 13 Oct 08
What is OPSEC and how does it apply to your children and
these Social Network sites?
“OPSEC” stands for Operations Security. It is a security program
that tries to protect unclassified sensitive information from
disclosure to people who might use that information against you.
While OPSEC has been a Department of Defense program for
over 30-years, only recently has the Army realized that the
concepts of this program can be applied to the personal
information of military personnel, civilian employees and
contractors, as well as their families.
At home, OPSEC helps protect personal information that could
be misused by malicious persons, hackers or criminals.
THERE ARE FIVE STEPS IN THE OPSEC PROCESS
STEP 1. Identify Critical (sensitive) Information
Help your children understand what information should be
kept private* – full name, social security number, street
address, phone number, bank or credit card account
numbers, pins, photos that show background information
that might reveal their location, passwords, and screen
names that could give away their real identity.
STEP 2. Analyze the Threats on the Internet
Let your child know about phishers, hackers, criminals, scam
artists, child molesters, sexual predators, and cyberbullies
(who might be someone they know), and how these people
can harm them and their family.
* OnGuard Online ™ Sep 2007
STEP 3. Analyze the Vulnerabilities
What are the privacy rules for the social network sites that
your child is visiting? What security controls are there to
prevent someone who is not on their friends’ list from logging
on and defacing their page or adding disparaging comments
to their blog. Are there any parental controls where you can
protect what your child can do online, what they can
download , and when they can log on.*
STEP 4. Assess the Risks
Discuss the possibilities for someone to misuse information
your child posts on a social network site for identity theft,
cyberbullying, acts that could place them in danger or other
types of misuse.
* OnGuard Online ™ Sep 2007
STEP 5. Apply COUNTERMEASURES to guard against
those threats, vulnerabilities and risks that have been
identified for your child’s social networks:
Use privacy settings to restrict who can access and post
blogs, photos, or pages on your child’s website.*
Explain that kids should post only information that both they
and you are comfortable with strangers seeing.*
Remind your kids that, once they post information online,
they can’t take it back (Even if they delete information from a
site, older versions may exist on someone else’s computer
and could still be circulated on-line).*
* OnGuard Online ™ Sep 2007
STEP 5. COUNTERMEASURES cont.
Know how your kids are getting online (more and more, kids are
accessing the Internet through cell phones. Find out what limits,
if any, you can place on your child’s cell phone).*
Talk to your kids about bullying (online bullying can take many
forms, from spreading rumors online and posting or forwarding
private messages without the sender’s OK, to sending threats).*
Discuss why they should avoid sex talk online (research shows
that teens who don’t talk about sex with strangers are less likely
to come in contact with a sexual predator).*
Advise your kids to trust their gut instinct if they have
suspicions. Encourage them to tell you if they feel anxious,
threatened, or aren’t comfortable because of something
happening online.*
* OnGuard Online ™ Sep 2007
STEP 5. COUNTERMEASURES cont.
Review your kids’ social networks’ Privacy Policies, FAQs, and
parent sections to understand its features and privacy controls.*
Take extra steps to protect preteens and younger children, such
as keeping the computer in an open area like the kitchen or
family room. Use the Internet with them to help develop safe
surfing habits. Take advantage of parental controls on some
operating systems that let you manage your kids’ computer use,
what sites they can visit, what they can download, and when
they can go online.*
Go where your preteens and younger children go online. Sign
up for—and use—the social network sites that they visit and let
them know you are there.*
Review your child’s friends list. You may want to limit your
child’s online friends to people your child actually knows and is
friendly with in real life.*
* OnGuard Online ™ Sep 2007
Online Sources for more Information/Reporting*:
Federal Trade Commission – www.OnGuardOnline.gov
the FTC works for consumers to prevent fraudulent, deceptive and
unfair practices in the marketplace, and provide information to help
consumers spot, stop, and avoid them.
http://www.ftc.gov/bcp/consumer.shtm
the FTC also offers the latest educational information and ways to
protect yourself and your children from the latest scams.
ConnectSafely – www.connectsafely.org
A forum for parents, teens, educators, and advocates to discuss
youth online safety.
Cyberbully411 – www.cyberbully411.org
provides resources and opportunities for discussion and sharing
for youth—and their parents– who are or may be targets for online
harassment.
* OnGuard Online ™ Sep 07; ISSA Alamo Chapter 2009; and 1st IO Command, Jun 09
More Online Sources for Information/Reporting*:
GetNetWise – www.getnetwise.org
a public service sponsored by Internet industry organizations and
public interest organizations who work to provide Internet users with
resources that will help them make informed decisions about their and their
family’s use of the Internet.
Internet Keep Safe Coalition – www.iKeepSafe.org
a coalition of 49 governors/first spouses, law enforcements,
American Medical Association, American Academy of Pediatrics, and other
associations by providing tools and guidelines that help promote safe
Internet and technology use among children.
Staysafe – www.staysafe.org
an educational site intended to help consumers understand both
the positive of the Internet as well as how to manage a variety of safety
and security issues online.
* OnGuard Online ™ Sep 07 and ISSA Alamo Chapter 2009
More Online Sources for Information/Reporting*:
Wired Safety – www.wiredsafety.org
an Internet safety and help group that provides education,
assistance and awareness on cybercrime and abuse, privacy, security, and
responsible technology use.
Cyberstalking, Cyberbullying and Harassment Report Form –
https://www.wiredsafety.org/forms/stalking.html
Family Manager – www.familymanager.com
Jan Peel offers many tips on many issues to include facts and
figures about the dangers for children on social networks.
National Center for Missing and Exploited Children –
www.missingkids.com, www.netsmartz.org
a private, non-profit organization that helps find missing children,
prevent child abduction and (online) sexual exploitation.
* OnGuard Online ™ Sep 07 and ISSA Alamo Chapter 2009
More Online Sources for Information/Reporting*:
Cybertipline (child pornography/online solicitation) –
https://secure.missingkids.com/missingkids/servlet/Cybertip
Servlet?LanguageCountry=en_US
provides a reporting form that, when completed, will be forwarded
to local law enforcement. For immediate threats, call 911.
Norton Family Online Safety Guide http://www.symantec.com/norton/familyresources/resources.
jsp?title=online_safety_guide
Webroot Software – Protecting Children Online –
http://www.webroot.com/En_US/csc/malware-kids-online.html
Isafe – http://www.isafe.org/
a leader in Internet safety education
Kidsmart - http://www.kidsmartearlylearning.org/EN/index.html
provides a guide to early childhood learning and technology
* OnGuard Online ™ Sep 07 and ISSA Alamo Chapter 2009
More Online Sources for Information/Reporting*:
FBI – http://www.fbi.gov/publications/pguide/pguidee.htm
provides a parent’s guide to Internet safety
Parentalsoftware.org – http://www.parentalsoftware.org/
provides information on parental control software that
allows parents to see everything their children are doing online
Bexar County District Attorney – http://www.bexar.org/da2/
provides information on identity theft, child pornography
and sex offender database
If your child becomes a victim of a phishing incident, forward the
phishing e-mail to
www.IFCCFBI.gov, or
REPORTPHISHING@ANTIPHISHING.ORG
* OnGuard Online ™ Sep 07; ISSA Alamo Chapter 2009; and 1st IO Command, Jun 09
Websites for young children:
www.whyville.net
www.clubpenguin.com
http://kids.nationalgeographic.com/
www.kidswirl.com
www.disney.com
www.webkinz.com
www.there.com
www.smoogies.com
www.woogieworld.com
www.dizzywood.com
www.fantage.com
www.neopets.com
These websites are not endorsed by the U.S. Army, but are
offered as a sample of what is available. Check for reviews of
these websites for their educational value, language, and security.
STAY AWARE OF THE THREAT THAT SOCIAL NETWORKS
CAN POSE FOR YOUR CHILDREN!
IF YOU HAVE QUESTIONS, USE THE ONLINE SOURCES
FOR FURTHER INFORMATION; OR, CONTACT YOUR UNIT
OPSEC OFFICER, YOUR FAMILY READINESS
SUPPORT ASSISTANT, OR THE BASE/BRIGADE SJA.
presented by
Download