Underground Information Trade Tops Global Drug Trade
Public relations is going viral. A tweet from a recent #journchat session on Twitter said, more or less, “If you’re not practicing PR 2.0, you’re not effectively practicing PR.” Shifting to online communications and personal profiles, every day we are creating a more concise, digital version of our human selves. If we’re going to put our lives out there (wherever the Internet is), we must first consider who else is out there with us and what they’re capable of.
We’ve all heard of social networking. We’ve all heard of identity theft. We’ve all heard of the issues surrounding Internet scams, frauds and cyber crimes. We’ve all heard of privacy settings. We’ve all heard of common sense. What do all of these terms have in common?
Think back to the last time you forgot your password – any password to any account. When you tried to reset your password, you were most likely prompted with a “security question.” Can you remember what that question was? Was it specific to your knowledge? Was it a question that only you could answer? Was it a question that ensured you were the only one capable of reseting your password and accessing your information?
Now think Facebook. “Which witch are you?” Home, wall, info, pictures, video. “Which movie pair are you and your BFF?” Status updates daily, hourly, mobile – constant status updates. “Which celebrity are you compatible with?” Suggested ads. Sponsored ads. “How well do you know me?” How many hundreds of friends do you have? How many networks do those hundreds of friends connect you to? Are you the only one who can access your information in your Facebook account? Do you follow where I’m heading?
Whenever a Facebook application is given access to your account, sponsored ads tailored to your interests start appearing on the sidebar. As distracting as invitations to join friend’s Mafia Wars or Farmville legions are, the potential for carelessness to leak information increases. The more personalized your Facebook account ads are, the more of your information has reached third party sites. Facebook does a good job of controlling its users information, but nothing is perfect and this is one of the more visible examples.
For each question listed, ask yourself if the answer could be found in the information available on your social networking sites and online profiles:
- What is your Mother’s maiden name?
- What was the make of your first car?
- What is your favorite movie?
- What was your first cat’s name?
- What is your father’s middle name?
- What elementary school did you attend?
- Where did you honeymoon?
Each one of the questions listed above is considered a “security question.” Using common sense, the relationship between the two should be getting clearer. Personalized security questions are only as secure as the information about the person in question.
The University of Alabama’s Office of Information Technology hosted “Get online. Stay in bounds.”, an Internet and cyber safety seminar, to inform the student body of online threats, risks and strategies to avoid them. Speakers at the seminar included a cyber crime specialist from McAfee and a cyber security strategist from Symantec. But allow me to introduce you to the term introduced during the seminar instead: social engineering.
For a more detailed explanation, SearchSecurity.com, a security-specific information resource for enterprise IT professionals, defines social engineering as a “non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures.” The site also said, “Social engineers rely on the fact that people are not aware of the value of the information they possess and are careless about protecting it.”
The McAfee representative said that Web 2.0 is crucial as it is the main target of social engineers and that “we facilitate cyber crimes.” She explained that MySpace and Facebook are not security vetted, they’re network focused, and blind acceptance through friendship is one of the easiest ways to access otherwise private information. She stressed common sense and challenged users to question anything suspicious.
The Symantec representative spoke about malware, malicious computer software, making up 65% of online content, exceeding good content on the Web. One slide showed statistics of malicious sites growing five times faster per day than in the entire year 2007. The Symantec representative even admitted that “antiviruses aren’t going to be good enough as we turn this bad corner.” Again, common sense was the focus of his closing statements.
Here are some facts and suggestions from both representatives to consider the next time you fill out a quiz, load a photo album or let that hot avatar persuade you:
- More money is in the Russian underground information trade than the global drug trade.
- One identity only costs $15 on the information market.
- 90% of all threats are financially motivated.
- One in 10 laptops are stolen.
- Yearly credit checks are vital and FREE! Don’t ever pay for one.
- Jobs run credit checks too.
- Presume criminals will take advantage of anything hot and new.
- Mistyped Web sites are set up as vicious links by criminals in hopes you’ll mess up.
- Being unaware of how information is marketed or gathered puts you at risk.
- Common-sense security questions are common information answers.
- 18- to 24-year-olds are the demographic hardest hit.
The University of Alabama’s student body is exposed to as many threats as the rest of the Internet’s users, but may be at a higher risk level due to increased demand for work being done online. Remember how Mom always said, “Better safe than sorry”? Whether you are a student, educator or PR practitioner, please help promote UA’s OIT Cyber Safety Awareness by being aware, being safe and remembering cyber safety is personal.
By Josh Morris