Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
Safer Social Networking
Information Security & Privacy Office
Agenda
• About social networking
• Risks
– Things you can’t control
• Malware, privacy policies
– Things you can control – TMI and over sharing
• Reputation and lifestyle, personal safety, burglary
risk
• Protecting your family
– TMI, “the talk”, cyber bullying
Why Social Networking
• To connect
• To share
• To keep in
contact
Mind-Boggling Facebook Stats
• Almost 600 million active users
• 50% of active users log on to
Facebook in any given day
• Average user has 130 friends
• People spend over 700 billion minutes
per month on Facebook
Twitter Stats
• Twitter has over 175 million users
• Twitters users tweet 95 million times per day
• People read about 3 billion tweets daily
Social Networking Is
Here To Stay
• Americans spend
nearly 25% of their
time online on social
networking sites and
blogs
– Up from 15.8 percent
just a year ago
(43 percent increase)
Pop Quiz
• Why do thieves rob banks?
Pop Quiz
• Why do thieves rob banks?
• That’s where the money is!
– Willie Sutton
Pop Quiz
• Why do bad guys attack Facebook and
Twitter?
Pop Quiz
• Why do bad guys attack Facebook and
Twitter?
• That’s where the people are!
What Do Bad Guys Want?
• Money
– From ID theft / fraud
– From sending spam
– From selling ads or info about you to marketers
What Do Bad Guys Need?
• For ID theft / fraud
– Your personal info
– Your account credentials
– Your money (by tricking you into giving)
• For sending spam
– Your email account / credentials
– Control of your PC
• For ads and marketing
– Info about you – demographics, likes, hobbies, friends, location
How Do Bad Guys Get It?
• Your personal info and/or
account credentials
– Keystroke loggers
– Phishing scams
• We lost your password,
please give it to us
– Hack attack / password
crack
• Control of your PC
– Virus / worm
• Your money
– Scam
• I’m stuck in Canada, please
wire money
• I’m a Nigerian prince, help me
get money out of my country
• Info about you
– Spyware
– Info you provide (posts,
mail lists, location)
– Info collected (sites visited,
items purchased)
Passwords
• 75% individuals use same password for social
networking and email
• What’s the risk?
– Social networking sites are notorious for
being hacked (passwords stolen)
• Use one password only for social networking
– Learn more: attend Password Cracking 101, Friday 10/22
Bad Guys Using Social Nets
• Abusing features
– Like using bogus accounts to send massive amounts of friend
requests
• Creating malicious apps
– Likes ones that send spam in your name
• Example: January 2010, bad guys set up a Facebook
group protesting a rumor that Facebook was going to
begin charging for its services
– Group appeared to be a legitimate forum for users unhappy with
the proposal, but was actually a vehicle for spreading malware
It’s Not Just
Facebook • October 2010 – LinkedIn fake contact requests
– Email appears to be a contact request sent from
LinkedIn – “click to view the request”
– Users who click on the link are routed to an
intermediary website with the notification “Please wait
... 4 seconds”
– Then users are redirected to Google
– Malware Bugat is downloaded to PC in the 4 seconds
• Bugat harvests info during online banking sessions
Twitter Hack – Sept 21, 2010
• A flaw allowed pop-ups
and third-party websites
to open just by mousing
over a link
• Wife of the former British
Prime Minister, Sarah
Brown’s Twitter page
attempted to redirect
visitors to a Japanese
hardcore porn site
How Are Social Nets
Using Your Info?
Facebook Privacy Policy –
Verbatims • Facebook is designed to make it easy for you to find and connect with
others. For this reason, your name and profile picture do not have privacy
settings. If you are uncomfortable with sharing your profile picture, you
should delete it (or not add one).
• Some of the content you share and the actions you take will show up on
your friends’ home pages and other pages they visit.
• Information set to “everyone” is publicly available information, just like your
name, profile picture, and connections. Such information may, for example,
be accessed by everyone on the Internet (including people not logged into
Facebook), be indexed by third party search engines, and be imported,
exported, distributed, and redistributed by us and others without privacy
limitations. Such information may also be associated with you, including
your name and profile picture, even outside of Facebook, such as on public
search engines and when you visit other sites on the internet. The default
privacy setting for certain types of information you post on Facebook is set
to “everyone.”
Oops!
• A 14-year-old from Hertfordshire, UK invited 15 Facebook friends to
her birthday party
– She included her address on the Facebook invitation
• She got 21,000 RSVPs from Facebook users around the globe
• Teen forgot to mark the Facebook event as private
• Mom canceled the party, revoked the girl’s Internet privileges, and
called the police in case strangers decided to show up
• If you plan to use Facebook to invite friends, uncheck the little box
next to the “anyone can view and RSVP” setting before clicking the
“Create Event” button
Facebook Privacy Policy –
Ilene’s Opinions • Facebook’s privacy policies are confusing
• Facebook’s privacy settings are confusing
• Facebook changes its privacy policies without warning (and has
been known to reset some settings to “everyone”)
• Facebook shares info about you with its partners
• You cannot control privacy policies – but you can control what info
your provide
– Just consider everything you post available to the world
Late Breaking News –
10/7/2010
Things You Can Control
Reputation and Lifestyle
• Millersville University refused to give Stacy
Snyder a teaching credential
– Stacy was weeks away from graduating
• School officials saw Stacy’s photo on
MySpace
– Labeled “drunken pirate”
– School accused her of
promoting underage drinking
Reputation and Lifestyle
• CA company, Social Intelligence, searches
social networks to help companies decide if they
want to hire you
– Systematically trolls social networks for evidence of
bad character
– Looks for racy photos, comments about drugs and
alcohol…
• Evaluates you in categories
– Poor judgment, gangs, drugs and drug lingo,
demonstrating potentially violent behavior…
Reputation and Lifestyle
• On Facebook, wife learns of husband’s
2nd wedding
Think Before You Post
Pop Quiz
• What key piece of info do these folks want
to know about you?
– Stalkers
– Potential dates
– Bullies
– Curious
– Predators
– Muggers
– Marketers
Pop Quiz
• What key piece of info do these folks
want to know about you?
– Stalkers
– Potential dates
– Bullies
– Curious
– Predators
– Muggers
– Marketers Lo
ca
tio
n
So, where are you?
• I’m on vacation! • This concert’s amazing!
So, where aren’t you?
Yes – It Really Happens
• Nashua, NH: 50 home
burglaries in August 2010
• Suspects used social networking
sites to identify victims who
posted online that they would not
be home at a certain time
• Police recovered between
$100,000 and $200,000 worth of
stolen property
Think Before You Post
Kids’ Pictures Online
• 80% of children under the age of two have their pictures
online via sites like Facebook
• 33% have their photos online at just a few weeks of age
• Risk?
– Privacy, reputation, ID theft, predator, and pedophilia concerns
• Imagine: Kids today have an online presence by the
time they are two years old – a presence that will be built
on throughout their whole lives
Protecting Your Family
• Only 9% of 16–24 year olds are concerned
about security
• 92% of parents are concerned that their kids
share too much information online
Definition: Internet Meme
• Concept that spreads rapidly via the Internet (goes viral)
Memes and Internet Cruelty
• Tweens post rumors online about 11-year old Jessi’s sexual
activities
• Jessi posts a video response to refute the rumors and threatens to
kill her online tormentors
• Furor builds – people begin playing pranks on Jessi and causing her
parents to become aware of the problem
– Receive phone calls that are recorded and posted to the Internet
– Parents film an “emotional” response and post it on YouTube
• Goes viral – people create spoof videos, fake photos…
• State police investigate the alleged bullying and insist Jessi be sent
to mental heath facility because they believe she might be suicidal
• Jessi and parents are interviewed on CBS
• July 10–22, 2010, Florida
Sexting
• Sexting: Texting a racy photo of yourself (or just a body
part) from your cell phone to another phone, emailing it
to a friend, or posting it to your online profile page
• Percentage of teens who have posted nude or semi-
nude pictures or videos of themselves:
– 20% of teens overall
– 22% of teen girls
– 18% of teen boys
– 11% of young teen girls
13-16
Sexting: It’s not just for kids
Tiger Woods Brett Favre
Serious Consequences:
Internet Cruelty Kills • 13-year old Hope sexted a photo of her breasts to her boyfriend
• A girl from school got her hands on the photo and sent it to students
at six different schools in the area
• Before Hope could do anything to stop it, the photo went viral
• The school alerted Hope’s parents
• 11-, 12-, and 13-year-olds bullied Hope and wrote horrible things
about her on a MySpace page called the “Shields Middle School
Burn Book” and started a “Hope Hater Page”
– Burn book: Like a diary, but you write mean things about people who are
supposed to be your friends (from movie “Mean Girls”)
• Hope used her favorite scarves to hang herself from her canopy bed
Cyber Bullying
• Definition – Using Internet email, instant messaging, chat
rooms, pagers, cell phones, or other technologies to
deliberately and repeatedly hurt, taunt, ridicule, threaten
or intimidate someone
• Nearly half of American tweens and teens are being
impacted by it
• Seven in 10 teens surveyed who have experienced
cyber bullying don’t tell parents about it
Responding to Cyber Bullying
• Don’t delete (may need evidence)
• Don’t escalate – don’t respond
• Do tell parents, school, and/or
authorities
• Use email filters to block
messages from bullies
• Set firm limits on cell phone
and internet use
• Outline your expectations and have consequences
#1 Technical Control
(Protection Strategy)
Put the family PC in the middle of the living room
#1 Soft Control – The “Talk”
• Have “The Talk” with kids (and spouse!)
– Make it a conversation, not a lecture
• Key points
– Online actions have real-world consequences
– Be careful when posting – you can’t take it back
• They can’t hide behind what they post
– Trust their gut if they’re suspicious
• Predators are out there
– Some info should stay private
• Full name, address, picture, location…
• Never meet an online contact alone and without
your knowledge
Warn Family about Scams
• Example: iTunes Phish
– You get email that says
you made expensive
iTunes purchase
– “Click here” to see or
dispute the purchase
– Malware is loaded to your device (usually to
steal banking info / credentials)
#2 Take Inventory
• Review all gadgets that can take / store photos or videos
– Cell phones, webcams, video consoles (XBox, Wii), iPods, mp3
players...
• View saved images
– Promise you won’t hit the roof if
you find something bad
• Watch what you buy
– Don’t purchase devices that can take
or send messages
– Drop texting and/or image-sending capability from cell service
• Consider blocking/monitoring/parental control software
#3 Teach Family
Think Before You Post
Fed Protection: COPPA
• Children’s Online Privacy Protection Act
• Commercial websites
that collect information
from kids under 13
must get “Verifiable
Parental Consent”
Summary
• Be vigilant online and be skeptical about giving up personal info
• Talk to family about good online safety and security habits, including
protecting their personal information and their reputation
– Know what sites your family visits online
• Make sure your family knows they can come to you if something
online makes them uncomfortable, including what others are posting
about them, unwanted contacts, and questions they have about
staying safe online
• Verify privacy settings and don’t over share
Resources
• Wired Safety
– http://www.wiredsafety.org/index.html
• FTC’s OnGuard Online
– http://www.onguardonline.gov/
• Kamaron Institute Cyber Bullying Solutions
– http://kamaron.org/Bullying-Solutions
• Microsoft’s Page on Online Predators (with link to Parental Controls)
– http://www.microsoft.com/protect/parents/social/predators.aspx
• PC Magazine’s review of parental control software
– http://www.pcmag.com/article2/0,2817,2346997,00.asp
• Electronic Privacy Information Center (EPIC)
– http://epic.org/