A rash of cases in which men use their hacking skills to extort sexually explicit images from women and girls is bringing new attention to the risks of storing sensitive data on social networks and internet-connected devices. The most recent “sextortion” plot to be detailed in a court of law is that of George Samuel Bronk, a 23 …
There's a bit of a difference between that latest case and most of the others in that he hijacked facebook accounts. Apparently some people do store sexually explicit pictures of presumably themselves /on facebook/.
I mean, storing stuff on your own pc and having it burglarised through malware s one thing, but giving away stuff to a spotty youf milliardaire and trusting him on his pimply face that he won't use the data, then have it stolen through account hijacking is another. At least to me, it does make a difference.
With more "cloud" this issue will pop up more often. Do we need "entrustment" laws? Or rather better technology, with crypto keys and things? What would either look like? Discuss.
Nothing to do with the actual story...
But I salute your use of milliard, sir. Give us back our billion!
re: would do well to keep them on drives that aren't attached to the net at all.
Maybe I am just paranoid - but I tend to think similar about cloud computing
You seem to be blaming the victims
Nice job on the "They were asking for it" defence. Don't forget to plead "My client did wrong, but they were no angels either" in mitigation.
"California Highway Patrol's Computer Crimes Division" ?
I will give you 2 reasons.
1. who else could patrol the information superhighway?
2. computer CHiPs (1970's tv showbwith Eric Estrada).
I did't say they were good reasons.
I mean - really?
Empire building for the win!
The CHP incorporated the California State Police. Despite the name, it's not just highway patrol.
You'll be telling me next...
...that it's not just in California!!
Honestly - is there anything you can rely on these days!?!?!
How camp he looks now, looking back those TV show stills!
And they weren't allowed to ride the bikes...
Seriously - it was too much risk for the insurers.
This proved awkward when they had him move the bike a few feet cos the script said "no helmet on", and he ran himself over. There is a scene shot afterwards where Estrada was in a hospital bed, and yes indeed he was, a real one!
Paris - cos she never falls off when she gets her leg over...
"Many of the victims' accounts were compromised by by correctly guessing the security questions used when an account holder forgets her password. "
It happened to that man called "Barak Obama" and to that woman called "Sarah Palin". A man named "Bill Clintion" bound some nuclear launch codes of a certain military power to his credit card and lost them.
It seems Mr Zuckerberg had a real insight when he called his users Dumb Fs
Most people are simply ignorants with zero capability to think security issues through. And they start bitching if you want to help them improve their security.
Picture of an ignorant's toy.
I believe it's less zero capacity to think security issues through than it is zero motivation. When's the last time you saw anything in the kind of news media Joe and Jane Average Citizen watch or read that could grab their attention enough take time away from Wheel of Fortune to think security issues through--or at all?
We who read about and often deal directly with security problems every day to the point that they seem obvious to us often have a hard time placing ourselves into the minds of people who never hear two words in a row about security. You don't get concerned about much of anything until you at least hear about it.
I see ads now and then on TV for a provider or service that offers to clean your computer of malware. Every time, they promise it will speed up the system. That's it. No mention of backdoors or key loggers or any other security issue--just speed. Who's going to know better if nobody tells them?
Then add to that the teenage factor:
1. Teens tend to think they are invincible and above danger. Thousands of kids are killed or maimed every year driving dangerously because they have not grown up enough to appreciate the fact of their mortality. If it's true of cars, why not computers?
2. From that follows the normal naivete of the young who are just beginning to learn how wicked the world can be. It takes just a little time and thought to see how people can impersonate others on the net, but not until something motivates you to think about it. For these kids, nothing has, and same goes for Mom and Dad.
3. The sex factor: Beyond the often logic-blinding hormonal drives that need no explication here, there is that tantalizing lure of doing something wild and wicked, something that breaks the rules and defies the strictures of the society as they know it. That can drown out the inner voices of caution. It might take only a few minutes to explain to a young lady what danger lies in "sexting" and other frolics, once you have her attention--but until they get those few minutes of enlightenment, or learn from someone else's misfortune, you can't expect them to figure it out on their own.
If schools are doing their jobs they are are already teaching kids the dangers of other kinds of ill-advised behavior. This needs to be added to the curriculum. There's nothing partisan or ideological or religious about it, no reason not to.
As long as security information remains confined to the world of IT professionals, hobby geeks and readers of ElReg, we can't in good conscience go blasting the intelligence of people who didn't figure it all out themselves.
This isn't GIGO, it's NITO: Nothing In, Trouble Out.
got to be having a giraffe..
"convinced the girls to undress in front of their webcams" which THEY then WILLINGLY did..
No smoke without fire and the "hapless" (READ: thick as a whale omlette) victims now all cry foul..
Not quite a Mup, not quite a Pet.
You're perfect I take it?
So you never did anything stupid when you were growing up? I know I did, despite my parents constant nagging to use my common sense. I take it you don't have kids? I am mental about common sense and always nagging my kids to use their noggins, but once in a while they still do something that makes you wonder what the hell went wrong!
Kids are quite dopey at times, it's called learning about life. Sadly in this day and age they don't get a chance to learn from their mistakes, put them behind them and move on, that's the real crime here.
I second you. Sure kids can be dumb, but it is OUR JOB as adults to help educate them. Sadly, a lot of people who should be doing this (i.e. the parents) are not knowledgeable enough to do so, and are also more likely to be ignored by the kids.
Nude pictures are really nothing in the grand scheme of things (save for the current paedo-finder general approach to making it a crime to posses by the teens who created them), but the difference now is it won't be erased from t'Internet once its out there.
It is the ease of being dumb, and eternally damned for it, that is the new problem. Education is the answer, but I don't see much happening.
you don't suppose it makes a difference if
you're posing in the nuddy for your bf rather than some random perve.
If you have a partner, you may undress in front of them. There's no difference in your mind between that and someone watching you through the window?
at NO point in my younger teenage days did i EVER de-robe in front of a camera or complete stranger and its a bit odd you seem to equate nicking apples on the same scale as enticing youngsters to get naked.
Admittedly, there was no internet when i was a teenager, but lets not argue semantics here.
No, i don't have kids as i have the social responsibilty not to have them as i dont want them.
Hey...you must be a real hit with the ladies.
"No, i don't have kids as i have the social responsibilty not to have them as i dont want them."
You'll need somewhere to grow them first. Good luck with that ;0)
Obviously this guy is a perv and needs the book throwing at him...
...BUT ...who the hell posts explicit pictures of themselves on Facebook (or indeed ANYWHERE on the internet) that they don't mind being distributed more widely than they would expect?
Even if no actual hacking is taking place, you are uploading stuff to a computer based in goodness-knows-where run by goodness-knows-who and adminstered by who-knows-who with (as far as you know) unlimited access to the stuff you post!! And this doesn't just go for Facebook of course.
Just how stupid do you need to be to do this?
It's not that they don't mind
It's just that they never gave any thought to the consequences of a breach.
To security-minded people, like many that post here, it's an obvious issue. One which easily explains the amount of scorn and scrutiny that Facebook regularly gets on this site and on others.
But people who have not understood the implications of computer security simply cannot imagine the negative consequences for themselves until they've had their face shoved into it.
Don't blame them. Educate them.
Yeah, Let's Educate 'em
1.) Only run as Administrator when installing stuff
2.) Forget Virus Scanners. That's a scam to make money. Only slows down your machine. Does not help against the latest/greatest threat. Does not help against spearphishing.
3.) Install Software only from the original supplier's website
4.) Have everything patched as quickly as possible. Even if that includes logging in as Admin, doing the install and then switching to the "surf user" again. Firefox needs exactly that. Mozilla sits in the shithouse, still.
5.) Never install stuff send you by "someone" over Email
6.) Separate "surf user" from "small business accounting/netbanking user".
7.) Create periodic backups of all important files on CD/DVD.
8.) Write down passwords and lock that piece of paper in a safe place
9.) Never store passwords in the browser
10.) User passwords for everything
11.) Create un-guessable passwords. Don't use your birthday, pet name, gradma's name etc for passwords.
12.) purge cookies at least once a week.
13.) Never trust email source addresses. Verify by phone callback if important.
14.) Don't use the "surf user" to access critical stuff in your corporate intranet. (Well, that's something I also don't do. But I don't break security regulations of my employer. Everybody does it. Rogue JS could download all source of my employer and perform a ton of other reconnaissance.)
Now, please try that with the Computer Illiterate Next To You. As soon as he/she will start rolling their eyes or change the subject YOU will have learnt a lesson.
99% of laypersons will think you are "doing computer-geek-speak" and they should better think about the way they plan to convince the bank manager of handing the next credit to them tomorrow at a good rate. Not that many people have gone bankrupt yet from computer security issues.
Chinese Industry has not yet destroyed a sufficient number of non-Chinese companies by computer-based espionage to make the pointy-haired halfbrains take notice. I recently worked at a major institution making about 2000 million Euros revenue/year doing quite critical transactions and their PC security was horrible. Unpatched Firefox, unpatched Java, unpatched Flash. Certainly we browsed the net while being logged into the system having complete source of that entity.
If the local financial press found out I guess it could cost the job of the CEO, but I don't think it is worth the trouble to play the whistleblower and pay the cost for that.
Don't put something on the internet that you don't want others to see....
Don't put something on a computer that you don't want others to see....
Why have a password?
"Many of the victims' accounts were compromised by by correctly guessing the security questions used when an account holder forgets her password"
What is the point in having a password if it can be overridden by guessing the name of your pet? The social networking sites share a huge part of the blame here.
Also, how can these sites store indecent images of children on their servers and not get prosecuted?
If your teenage daughter....
"Also, how can these sites store indecent images of children on their servers and not get prosecuted?"
If your teenage daughter stores images of herself in Eve's custome on her Facebook page, the Facebook admins better not look for such images lest they be pulled in themselves by the long arm of the law. Ignorance is the only way out here.
On the other hand, the lass herself might get pulled in for auto-child-pornography, at least in some jurisdictions.
Safe harbour provisions. They're immune to prosecution so long as they acted to take the content in question down immediately when they became aware of it.
This helps protect web hosts and sites like Facebook from legal liability for things their users post on their website.
"threatened to make the images public unless they supplied him with more nude pictures"
Giving an attacker more ammo to use against you has never helped any victim of extortion or blackmail. The best policy is to log but not respond to the abuse, and notify relevant authorities. It's worth mentioning as it can be easy to give in to demands made in this way. Maybe they should teach this in schools, but nah I guess that would actually help people.
"Police ultimately fingered Bronk by linking his IP address to the woman's hacked Facebook and email accounts."
Luckily then this asshole was also an idiot.
Obviously sensitive data of any type should be stored using (strong) encryption and shared only with select people using a safe encrypted method. Obviously not doing so doesn't excuse the crimes of scumbags who enjoy blackmailing people. But it does leave your data open to them regardless, and at that point, there is nothing you can do to stop them spreading it around. Giving them more sensitive data will always, without exception, make things worse. Put down the laptop and go to the police station.
Have someone technical talk to you about security on your computer and the internet if you have any concern at all about your private data falling into the wrong hands (unless you're one of those weirdos that insist you have nothing to hide, in which case you're either impossibly boring or impossibly dim and no technical person would ever talk to you in the first place). Assume that all computers and networks are compromised unless you or someone trustworthy (and competent) can personally attest to their safety.
a lotta belt tightening going on..
yes, and its the companies too!!! many times I have forgotten my pwd, and find it TOO easy to get in... my bank has it right, they NEVER give or ask, they just send it to your registered address...
just like some good websites, that never tell you what email it will be sent to, not even what your username is - YOU know that, you do not want to give the hacker a clue...
a few websites have sent my 'login details' in plaintext, but its only a chat forum...
as for facebook, even the police can see everything, resulting in some rather stupid assumptions, and costly waste of helicopters, squadcars, etc for what is only a large family gathering...
I remind people that the Internet is the same as walking /sitting in a public place, many things you do on the Internet, you would not think of doing in public!!!
eg loudly talking on your phone, telling them your email, where the key is, your medical details... (yes, I have heard this on a train!!!)
<insert witty title>
If you don't want it shared defo don't post on facebook.
"Many of the victims' accounts were compromised by by correctly guessing the security questions used when an account holder forgets her password."
As happened when Harriet Harman's blog was hacked and her resignation announced. The hacker found that the log in was "Harriet" and the password "Harman".
what worries me about this is not so much the stupidity of using such a login/password combo, it's that whoever set it up for her probably thought that's all she'd be able to remember.
I've a sloution
I have worked with these male types - no really I have and after many years of painful work and considered reflection the only real cure is to cut their goolies off.
No testosterone, no problem.
Then the offender will develop an amazing skill for growing perfect tomatoes, thus enhancing the community experience.
Possibly he may join a choir and sing a amazing castrato solo,
its all win win you see?
One thing that might well chill this kind of thing is for the FBI (here in the Colonies) or equivalent agencies elsewhere to set up stings, impersonating just the kinds of victims these perverts look for. After a good-sized setup and catching a number of them, splash two or three good examples all over the news, at that time letting it be known that these stings are going on in goodly numbers and that the perv will never know if the nubile lass he thinks is in his net isn't really an agent getting a big laugh from his gullibility--and soon, a warrant.
It is well known that during a police interrogation, the questioner is free to give the interviewee false information when useful (typical case: two baddies nabbed for a crime and interviewed separately, in which case each is told that the other ratted him out). I'm pretty sure that if these stings are set up properly they won't be considered entrapment and they'll sail through the legal system just fine.