By: Brian Scott Luke, MBA
December 20, 2017
Online Security: Always be Humble, Kind, and Smart
By: Brian Scott Luke, MBA
December 20, 2017
Annually, internet-based criminal activity costs the American public billions of dollars and businesses due to the necessity to repair computer systems hit by cyber-attacks. When cyber-attacks and ID theft occur the costs may be passed down to consumers, systems and additional authentication may be required to counter various types of criminal activity, such additional verification can take away from the consumer experience.
In addition, internet-based, criminal activity can lead to identity theft, human trafficking, and loss of capital, in some cases, identity, cash or time. There have also been documented cases where some cyber-based criminal activity can disable mission-critical systems such as hospitals, banks, and emergency communications systems such as E-911 systems.
Why does this happen?
Fundamentals / Equality / Political
In some cases, individuals may have a vendetta against an organization; these individuals may believe that one group is being exploited, or given special privileges or rights that others are not. In the case where a specific internet-based group sent supporters to a specific church to protest there was an allegation as to why should these individuals retain their tax-exempt status, and the basis of their belief system was called into question.
There may be an income-based reason, the buying and selling of identity-based information can be profitable on the dark web, but the same information can be traded, bought and sold on the traditional social media sites such as Facebook, Yahoo Messager or any other medium. This activity may have an organized and commercial base in nature.
There may be an element of an achievement based reason as to why an individual or group makes a move against an individual or organization. This may increase an individuals’ “stret cred” within the individual’s peer group for acceptance and trust.
You disrespected someone or something
For the general concept of leadership within a small group dynamic and normal social codes and morale, there are rules and expectations that are present. These are the spoken and unspoken rules that you live by. For instance, in the blockbuster hit, and cult favorite “Fight Club” there were rules that were set forth by the lead character, “You don’t talk about fight club” was rule number one. One of the issues that can spark a complete destruction of an individual’s online and social media life has been the abuse of animals and especially cats. The victimization of an animal, something that cannot fight back or defend itself, in a sense can trigger the same type of backlash as a “hacktivist” rushing to the aid of an individual or group who requires or requests, social justice.
Social Engineering and Experimentation
The internet, as a social and communications medium, is still growing and the ability to create crowdsourcing, and communal-based action, crowdfunding, or getting many people to do something, anything and achieve a goal is something that was not achieved until recently, and the activity can be something as benign and goofy as an internet-based flash mob, to an actual one at a shopping center or location not expecting it. The fact that many people who have never met would get together for any activity demonstrates the communication and the social impact that the new media can have, for good or bad results.
Government or Nation State
When internet-based criminal activity is done as a weapon of war, it is usually kept under wraps, classified and no one finds out. The issue is, anti-virus companies and private sector security companies may catch wind of the issue and start working on the solutions.
Nation states, may be developing cyber-based weapons to disable and interrupt commerce and communications the solution, is to have the best defenses and research to keep the infrastructure safe. The simple fact of the matter is there are technical support/phone based help and then there are engineers and penetration testers among us. Usually, you can tell which one you are with a few simple questions. Have you ever used Python and how many MCSE Textbooks do you own? Implying that the individual has never actually used Unix and
While there are bad guys known as “Black Hats”, and good guys “White Hats” and there are “Gray Hats” individuals who walk the line between, usually for their own interests, financial or other reasons, there are individuals who are just about capitalism and stealing whatever they can. This can be done with the practice of cyberpiracy, intellectual data piracy and theft of intellectual company information.
· Theft of intellectual plans, concepts, trade secrets.
· Theft of competitive data from companies
· Theft of intellectual materials, piracy, royalties and copyright
This can range from something as surveillance, social media monitoring for information to be used later for a “Whaling” attempt, where an individual at a corporation is targeted to actually penetrating a system for negative reasons. This is the difference between a “Black” and a “White” hat. This, some believe, goes back to the old “Spy vs. Spy”, “Mad Magazine” example.
A white hat may be a penetration tester that tests systems by written contract or responds to an attack and is not directly employed by a victim. The person that runs a network that is employed by a victim is usually called an “Admin”.
A “gray hat”, falls somewhere in-between, an individual whom is technically savvy and has the knowledge to cause harm, but also has a moral code, which may be known to no one but him or herself, usually a lone wolf, or a business person with commercial interest that is trying to compete.
When you take a form of media, and send a message across it, meant to cause harm, is fraudulent, or criminal in nature it may be a criminal act. The form of media is not specifically at fault, with the exception that the host (social media company, internet hosting provider, or internet board operator) should have policies and mechanics in place to censor, manage and respond to messages and postings that are suspicious. The fact that the postings are called suspicious, is because messages are just that messages, until the matter is investigated and the true intent is discovered. The bad thing about communication, is that it can be misinterpreted from time to time, or accounts can be hijacked, IP numbers and email addresses can be cloaked and disguised. So before someone at the admin level can truly know how to respond they must, absolutely be confident, to the level of “Will this stand up in court?” and do I feel comfortable staking my career on a statement?
So what do you do if you see something suspicious? See something say something?
If you feel the need and are security conscious, it would be wise to report the issue.
How does one report an issue? Well that depends on many things. Within the service agreement, that no one ever reads, that regulates the use and terms of service of the platform you are using, there may be an email, website or item that is clicked on to submit suspicious material to an administrator. The simple fact of the matter is, if a Community Standards policy is so vague or a third party call center is not trained to deal with or properly interpret a Community Standards policy then unequal or harmful response can occur. Training is required. On the other hand, a Security Manager will want to analyze and review the number of complaints, submissions and types of complaints to better manage their systems and security, if for publicity and governmental reporting, a third party call center or internal controls show that there are a low level of security issues, the matter may be inaccurate or skewed, causing a good reflection on the company, as a safe and consumer friendly platform, when the opposite may be true. An example of this is the creation of fake personal accounts on social media. This is documented in the media and can be a cause and instrument of cybercrime. The mere fact that there are fake accounts on a platform that is used for the sales of advertising ca be an issue because it skews the number of audience members for a cume audience measurement and can throw off the demographics of a media buy for internet based advertising. If this is known, and the practice of sales of advertising continues could that be a known fraud? How would this change the valuation of the company’s stock and investments? Identifying fake social media accounts is simple and may be illustrated in a future article.
If you receive a suspicious email.
You can close to not open it and delete it.
You can open the email and click on the origin email and check the headers. If the email is allegedly from ITunes and the email in the header, or return address is a different domain, that is obviously a spam or a phishing attempt designed to steal money or identity.
When you have the return domain, you can use online tools such as Who.is to determine who the administrator for that domain is, and who the hosting company is. Once you know the name of the hosting company, there may be an abuse reporting link on the website of the hosting company or other tool or phone number. Offering enough information, time of email, content, the actual email and who the individuals are claiming to be is all good information to have at the time you report the issue.
There may also be a tool based within the social media platform to report issues, it depends on the platform. Do not expect to hear back from the administration of the website or social media company as the matter is usually confidential if no actual crime has been committed yet and the media platform has a reputation to hold up. The volume of material that is submitted is high and there may not be time ro resources to respond to every one’s submission.
Things to NOT post on social media.
Do not post any form or controlled document, including driver’s license, birth certificate, work ID, check, credit card, benefit card, or automobile (because of the license plate). It would be easy for someone to call into the DMV or police to complain about your driving, or someone could impersonate you with your address, phone number date of birth, license plate and mother’s maiden name and cancel your automobile insurance policy. The next time you drive – congratulations the information from your social media profile can cancel your policy and cause you to have a suspended license, and imprisonment. Always be internet wise, humble and kind.
Sources: FBI Cyber Crimes, Facebook postings, BING Keyword Rule Zero,