M-A-D Prison Ministry

Security and Hacking: Reporting Cyber Crime

http://www.blogherald.com/2009/04/09/security-and-hacking-reporting-cyber-crime/

 

Over the past few months, I’ve been writing a lot about cyber crime and security vulnerabilities, especially as it impacts social media and blogs. The April 1, 2009, expansion of theConficker/Downadup Worm Infectionworried many as the 1 in 16 ratio of infected computers increased dramatically around the globe and attacks were aimed at social media services like MySpace, Facebook, and Twitter.

 

With the increase in cyber crime and security issues, and the growing profit found in cyber crimes, where do you go to report cyber crime if you find it or are a victim of it?

 

The first step is prevention. As a rule, don’t open email and delete all blog comments that look suspicious. Never click on a link that looks suspicious. Keep your web browser upgraded and patched to ensure your protection from attacks from malicious websites.

Pay close attention to detail. Never give out passwords, usernames, or private information. Never publish your email, phone, or contact information unless you want to invite a response from anyone and anything.

If you won’t do it in your offline life, don’t do it online.

 

These simple steps will help you prevent a lot of cyber crime, but what happens when you experience it?

 

How to Report Cyber Crime or Security Issues

In Security and Hacking: Protect Thyself and Thy WordPress Blog, I wrote about how to protect yourself and your WordPress blog and how to report security vulnerabilities and bugs to WordPress. Let’s look beyond WordPress to how to report cyber crime in general.

If you spot unusual behavior on your blog, on other blogs, on social media tools, or elsewhere on the web, report it to the blog owner/webmaster or company immediately. It could be a simple problem with their design, code, Plugin or Theme, or it could be something worse. Report it to the person most likely to respond and take action.

 

Take care reporting security issues to the world before reporting them to the proper authorities. Know the difference between a bug and a security vulnerability. For WordPress users, bugs in WordPress are to be reported via the WordPress Bug Report, but security issues are to be made to security@wordpress.org. The same applies to other online applications and programs. Know the difference and report it appropriately.

 

The United States is part of the Council of Europe Convention on Cybercrime and other international agencies fighting against cybercrimes. To report a cyber crime, US citizens should read “How to Report Cyber and IP Crime” for information on cyber crime reporting within that country. In Canada, try the Reporting Economic Crime On-Line, and in London, the Metropolitan Police Service – Computer Crime Unit handles cyber crimes.

 

Other international organizations that track and help report cyber crimes include:

• Internet Watch Foundation (UK)-https://www.iwf.org.uk/

• INHOPE (European Internet Hotline Providers)-http://www.inhope.org/gns/home.aspx

• Safer Internet Action Plan (EU)-http://www.saferinternet.org/

• UNIRAS aka CPNI – Center for the Protection of National Infrastructure and the UK Government Computer Emergency Reponse Team

• The Internet Crime Complaint Center (IC3)

• US Federal Trade Commission (FTC) (FTC Complaints, tips and complaint form)

• United States Department of Justice (USDOJ)-http://www.onguardonline.gov/articles/0038-spam

• EC Safer Internet Action Plan

• CERT Coordination Center for Home Network Security.-http://www.cert.org/information-for/home_networks.cfm

• CERT/CC (US)

• US Government CERT (Computer Emergency Readiness Team)-https://www.us-cert.gov/

• EC Safer Internet Action Plan

• InSafe – European Network of e-Safety Awareness Nodes (EU)-http://www.saferinternet.org/

• US-CERT (United States Computer Emergency Readiness Team) – Current Activity on phishing, blog, and computer scams-https://www.us-cert.gov/current/index.html

• UK Council for Child Internet Safety-https://www.gov.uk/government/announcements?departments%5B%5D=department-for-education

• US Better Business Bureau-http://www.bbb.org/

• Reporting Economic Crime On-Line (Canada)-http://www.antifraudcentre-centreantifraude.ca/index.shtm

• Network Abuse Clearing House-http://www.abuse.net/

There are just a few of the locations for English speakers I found for reporting cyber crimes. Find out where to report them in your area and language.

Remember, comment spam and content theft are generally not yet considered a cyber crime, nor is most spam email. These are handled differently.

 

Cyber-stalking is a cyber crime, as is harassment. Misleading, fraud, theft, worms, viruses, computer infections, hacking, and online criminal activity are cyber crimes. The odds are that if it is illegal to do it offline, it’s illegal online.

 

Articles on Hacking, Cyber Crime, and Security on the Web

• Downadup Worm Infection: Cyber Attacks on the Rise in 2009

• Security and Hacking: The State of WordPress Blogs

• Security and Hacking: Protect Thyself and Thy WordPress Blog

• Downadup Spreads – Infects 1 in 16 PCs

• This is the Year of Original Content

• The Year of Original Content: How to Fight Back Against Abusers

• Exploring Social Media: Security and Monocultures

• Social Media Sites Risk Growing Threats and Attacks

http://www.blogherald.com/2009/03/26/social-media-sites-risk-growing-threats-and-attacks/

 

According to Investor’s Business Daily, evil is sweeping social networks, moving beyond email and blogs to where you like to virtually hang out and congregate:

 

Security experts last week warned that a new strain of the Koobface virus is hitting Facebook, MySpace and other social networking sites. It looks for links and passwords to other social networking sites.

 

Social networking site owners work actively to put a lid on nefarious activity. On Tuesday, a federal judge in northern California issued a temporary restraining order against three people accused of widespread spamming and phishing attacks on Facebook. It comes three months after Facebook won a suit that prevents another group of spammers from using or accessing Facebook data and applications.

Virus creators are increasingly targeting social networking sites and other Web 2.0 technologies such as the micro-blogging site Twitter and instant messaging services from Google, AOL and others. Virus writers are also creating fake profiles of celebrities, real friends or business associates hoping people will link with them. Users can be tricked into linking to the fake profile, which can be loaded with various forms of malicious software.

 

The article by Brian Deagon showcased Facebook users who responded to an email from a “friend on Facebook” to visit a link that initiated a program that “rifled through his hard drive, installed malicious software and sent the same e-mail to all of Daradics’ friends on his Facebook profile.”

 

Other attack targets included Google Talk, Yahoo and Microsoft Instant Messaging services, andTwitter users. They were sent a message to check out a video or link that required their login information.

 

The Business of Disrupting Your Business and Life is Big Business

Myspace, Facebook, LinkedIn, and other social media tools and networks are becoming the target of an increasing number of phishing and criminal activity. Unfortunately, many of us continue to fall for these misleading attacks, handing out passwords and personal information, risking our personal identity as well as our privacy and computer data.

 

Identity theft is on the rise, and it’s a lucrative business to disrupt your business and your online life.

 

More than 1.2 million people filed a complaint of fraud, identity theft or a related act to law enforcement or regulatory agencies in 2008, up 16% from a year ago, according to the Consumer Sentinel Network, a branch of the Federal Trade Commission. Financial losses came to $1.8 billion, or about $3,400 per victim reporting a financial loss. Losses of $1 million or more were reported by 257 people.

Identity theft was the top complaint, named by 26% of the complainants. Credit card fraud was the most common form of identity theft, at 20%. Most fraud victims said the initial contact with the crooks came through e-mail or Web site visits.

 

…According to research firm Javelin Strategy and Security, in 2008 about 9.9 million U.S. adults were victims of identity fraud, up 22% from the year before. It pegs the total loss at $48 billion. Most incidents were the result of lost or stolen wallets, checkbooks and credit cards, but online access accounted for 11% of the total.

 

In articles I wrote recently on the Downadup Worm Infection and increase in cyber attacks, F-Secure reported that the total amount of malware accumulated over the past 21 years “increased by 200% in the course of just one year” for the year ending in 2008.

 

With the big business of security attacks and identity theft come big losses. The financial impact of these cyber crimes is on the rise as well. In another article, I wrote that online fraud and phishingscams have increased to impact more than 3.5 million Americans falling victim to phishing schemes and online identity theft throughout the past year, up 57% increase from 2007, costing USD $3.2 billion dollars.

 

I’ve written a lot about blog scams including the danger of exaggerated claims, how to spot a scam and report them, web hoaxes, blog scams making money from your content and gulibility, get rich schemes, and the growing number of phishing, fake, and impostors out there on the web pretending to be something they aren’t.

 

I’ve declared this year to be the This is the Year of Original Content, a year where we fight back against those who steal our content for their own evil purposes without our permission. Don’t let your guard down against those who abuse us in other ways, too.

 

In general, the web and blogosphere is a very safe place to play and network. Just beware of those who enjoy the dark side of the force. We don’t want them to win either.