A Warning: Social Networking Tied to Recent Kidnapping

May 2011

We have talked to you before about monitoring what your kids post on Facebook or check in location software like Foursquare to protect them from cyberstalking and child predators.  Well now, we have news tonight of a recent attempted kidnapping where police believe that the kid’s social networking activities made him a target.

It is a parent’s worst nightmare, your child does not come home on time or arrives home late saying someone tried to follow them home, or worse, they go missing.  This horrible scenario happened to a security experts 20 year old son.

Eugene Kaspersky is a legend in the security field.  His son Vanya, also known as “Ivan” is 20 years old and was kidnapped on his way to work.  The overall story is terrible but it has a happy ending – Ivan is alive and home safe and sound.  When police started investigating, they and his Dad, Eugene, believe that the kidnappers were tracking his son using social networking.

The kidnappers were actively using social networks, gleaning ever detail possible about their potential victims and mapping out their daily routines.  They used this information to plan their crimes, including kidnapping Ivan.

We know that sometimes young people lie about their ages online but since the age they type in is all we have to work with, conside these statistics from InsideFacebook.com:

Over 46% of Facebook users are UNDER 25

Roughly 1 in 5 of every Facebook account belongs to someone UNDER 17 years old.

OnGuardOnline.gov did a recent study and said that over 1/5 of 16-24  year olds admit they don’t know all the people they share their information with on social networks.

Here are 4 tips to start the conversation with your kid, to hopefully avoid a situation like this in your family:

TIPS TO PROTECT YOURSELF:
1. DON’T TALK TO STRANGERS:  Tell kids to assume that strangers on the internet can read posts only intended for close friends.  With that in mind, don’t post you daily routine any place online.
2. GEOCODING:  Every time your kid posts a photo with geocodes they are broadcasting where they have been which makes it easier to map out routines.
3. LOCATION CHECK IN SERVICES:  Your kids might think it is fun to be Mayor of Starbucks but talk to them about the dangers of linking their social networking and location check in services together creating a more complete picture of their routines
4. PRIVACY CHECK:  Check all settings, addresses, phone numbers, and email addresses that show on internet profiles.

Now, for our word of the week, it is:
TETWRIST:  It’s a techie term for that sore wrist you get after playing an addictive game.  The term first started when the game TETRIS first hit the cell phone gaming scene calling it a TETWRIST but now can apply to games like FruitNinja, AngryBirds, Doodle Jump and any other addictive games!

WEB RESOURCES:
To read about what happened in the Dad’s own words, go to Eugene Kaspersky’s Facebook page at:
https://www.facebook.com/notes/eugene-kaspersky/talk-to-your-children-about-privacy-in-social-networks-now/10150169499355998
www.OnGuardOnline.gov has great resources for kids and families.  They provide tips and even games to test your online know how.  A great place to start to reinforce safety lessons for kids and adults.
Kaspersky Lab has an educational program at:  http://www.kasperskyacademy.com/en/
If you want to see how social media and networks are changing the way we think, act and react, check out the infographics at:  http://www.pamorama.net/2011/01/30/65-terrific-social-media-infographics/

Coming to a bank account near you...cyberattacks

Some recent surveys caught my attention as I was preparing to address the Business Innovation Growth council to discuss cyberattacks and what businesses should do to protect themselves.

Symantec released their Internet Security Threat Report in April providing analysis of what happened in 2009 and a look forward to help businesses prepare for the next cyber threats.  From their site:  "Symantec estimates that the top 10 bot networks now control at least 5 million compromised computers. Throughout 2009, Symantec saw botnet-infected computers being advertised in the underground economy for as little as 3 cents per computer."  These are staggering numbers.

Verizon and the United States Secret Service collaborated on a review of approximately 900 cyber breaches.  One of their findings was astonishing - 94% of the breaches they reviewed could have been caught if the victims had implemented existing tools and best practices.

The security firm, Kindsight, firm talked to 1200 people aged 18 through 55 about security.  81% of those surveyed said they were victims of computer infections.  Almost a third of those infections were in the last 90 days.

Panda Security, which provides security software, did a survey of 1,500 U.S. based businesses and 13% of the companies said they do not use anti virus protection.  A different survey indicates that 20% of small businesses do not use antivirus software.

The consequences for businesses that suffer an attack can be devastating:
1.  Business banking accounts hacked

Talk to Hillary Machinery Inc and you will feel their pain.  Cybercriminals stolen over $800,000 from their bank account.  Their bank could only recover $600,000 leaving Hillary Machinery Inc with a gap of $200,000!  They have filed a lawsuit against their bank.

2.  Losing your customer's data & confidence

3.  Theft of intellectual property - I call this the carbon monoxide of cybercrimes - silent, stealthy, and deadly

4.  Loss of equipment & productivity after an infection

As we have discussed before, if you are a business customer, your bank account is not offered the same regulatory protections that consumers have for fraud (Regulation E).

Cyberwarfare - The Debate

Two security leaders - two quotes - two positions?
1.  “There is no cyberwar,” Quote from Howard Schmidt, White House Cybersecurity Director for President Obama.
Or, 
2.  "The United States is fighting a cyberwar today, and we are losing," Quote from  Michael McConnell, the former Director of the National Security Agency, written in a Washington Post article.




You will read a post by Fortalice intern, Steven Elliott, about Cyberwarfare shortly.

It has been an interesting debate out there about the term, "Cyberwarfare".

Ask anyone in law enforcement or even a small business who has been hacked and they may tell you that they feel they are at war with cybercriminals.

The term cyberwarfare has been used and critiqued by leaders in the security community.

Critics: "Warfare" in the traditional sense implies a level of involvement from Department of Defense.  You cannot label trojans, viruses, and other malware that steals identities or helps criminals commit fraud as "warfare".

Supporters of Warfare:  Typically use the term "Warfare" in a broader sense.  A focus on the larger picture sees fraud as a potential source to fund criminal activities that fund terrorists.  An assault on our critical infrastructure that creates a lack of confidence in the infrastructure is also seen as "warfare".

Whatever your position on the debate, I hope you will enjoy Steven's posts.

As always, we are open to ideas, suggestions, and feedback.

Guest Post - Nick Volpe - Skimming, we're not talking about milk, we're talking about ATM $$ theft

Nick Volpe is at student at Immaculata University.  He is also a cybersecurity research analyst intern for Fortalice®, LLC.

Here is his guest post regarding ATM Skimming

Research Outline  

Topic: ATM Skimming
Date: 2/23/10 

TEASER/TITLE: ATM Skimming is among the top forms of fraud 

SUMMARY PARAGRAPH: There are more than 360,000 ATMs in America. Some belong to banks and others belong to malls, stores, hotels, and airports. Despite the fact that most ATM skimming crimes happen at an ATM machine, the crime can also be committed at restaurants and retail establishments where ATM/debit or credit cards can be used. There are skimming devices that can read cards in retail points-of-sale or with a manual swipe by any person that comes in contact with your card.  

KEY FINDINGS

• 2 types of ATM skimming
• Devices that interact with ATM machine
• Causes ATM to malfunction and not dispense cash
• Devices that do not interact with ATM machine
• Allows ATM to function normally
• Using skimmed ATM card information, scammers can create fake duplicates and use them in ATM machines to withdraw money very quickly and easily
• Many times ATM skimming scammers will using a card-skimming device in conjunction with a hidden camera to record the users PIN number when it is typed on the ATM keypad

BACKGROUND
 Crimes at ATMs started around 20 years ago when a person would be injured and their money stolen after using the ATM. As the crime got more sophisticated, it would be a person looking over another person’s shoulder to get their ATM card number and PIN. ATM Skimming has been a problem since the 90s. It has recently became a much more massive problem because of smaller and more mobile computing devices that allow the criminals to store lots of data they need to steal and sell many ATM cards and PINs.


There are 2 common types of ATM skimming. The first type interferes with the operation of the ATM machine and the other type does not interfere with it. The second type is simply a device that records the card and PIN information from the magnetic strip of the card without being suspicious. The first type, however, interferes with the ATM by replacing it’s built in card reader thus not allowing the ATM user to get their money which is much more suspicious.  

STRATEGIC PLANNING ASSUMPTIONS:

•  Jitter is a new technology being utilized in brand new motorized card readers in ATMs. The technology ultimately randomizes the speed and direction of the card insertion/ejection which confuses or nullifies skimming devices that may be in use.
• Criminals will bypass card readers to collect ATM card and bank account information by hacking into payment processing databases or other databases that store the same information

   
ANALYSIS:
Recent cases of ATM skimming include an Australian fast-food chain’s point of sale system which compromised about AU$2.5 million in October 2009. In November 2009, some new high-tech skimmers were discovered with Bluetooth transmitters to steal the stolen information. A terminal in a 


New Zealand car park was compromised and potentially exposed about 100,000 people in a short time period. Some co-operation has existed between USA and Europe to prosecute suspects in an earlier compromise of major US processor, RBS WorldPay.


Although much of the crime of ATM skimming started and is occurring in the UK and parts of Europe and Asia, much of the crime is happening right here in the US where stand-alone ATM machines are very common in many venues around the country. There are many tactics that criminals use to skim necessary information to perform the crime including cameras, wireless pin pads, Bluetooth transmitters, laptops, mobile devices, external card readers, skimmers, etc. At the same time ATM manufacturers, banks, and authorities are using their own tactics to combat the criminal activity including swipe card readers versus manual card readers, surveillance cameras, PIN encryption, etc. 

IMPLICATIONS:

•  Avoid ATMs in public locations such as malls, hotels, and airports. Stick with ATMs in bank lobbies and ATMs monitor with security surveillance.
• ATM skimming will continue to be on the rise as the crime becomes more and more lucrative with bigger and bigger amounts of money being scammed.
• ATM card readers will get more and more advanced with emerging technologies but criminals will use other methods to steal ATM card information such as hacking into databases of payment processors that contain that necessary information.

   
RECOMMENDATIONS:

•  Safeguard your ATM pin at all times
• Never let a stranger give you assistance at an ATM
• Always check statements to beware of fraudulent activity on the account
• Inspect the machine before use and if the machine has any visual defects or something seems odd, don’t use it
• Beware of people around you that may be able to see your information
• If your ATM card is not returned after your transaction, contact your financial institution immediately
• Never use an ATM that exhibits a sticky substance such as glue which is sometimes used to trap cards

SOURCES:

1. "ATM Camera." Snopes.com. 01 Feb 2010. Web. <http://www.snopes.com/fraud/atm/atmcamera.asp>.
2. Bruce, Laura. "Skimming the cash out of your account." Bankrate.com. Bankrate, Web. <http://www.bankrate.com/finance/checking/skimming-the-cash-out-of-your-account-1.aspx>.
3. "ATM Skimming is on the Rise." Complaints Board. Consumer Complaints Board, Web. <http://www.complaintsboard.com/news-stories/atm-skimming-is-on-the-rise.html>.
4. Russell, Douglas. "2009 - Skimming Review." ATMSecurity.com. 19 Jan 2010. DFR Risk Management, Web. <http://www.atmsecurity.com/monthly-digest/atm-security-monthly-digest/2009-skimming-review.html>.
5. "How to Protect Against ATM Skimming." eHow. Demand Media, Web. <http://www.ehow.com/how_5025049_protect-against-atm-skimming.html>.

APPENDIX 
Timeline of 2009’s biggest data breaches at major financial institutions (including major skimming crimes): http://www.bankinfosecurity.com/articles.php?art_id=1766&pg=1

Guest Post - Nick Volpe

Nick Volpe is at student at Immaculata University.  He is also a cybersecurity research analyst intern for Fortalice®, LLC.

Here is his guest post regarding some key headlines:  1.  VISA  2.  TOP 10 THREATS FOR 2010 3.  GOOGLE


Credit Giant Visa Acquires Payment Security Firm


Credit card giant Visa has announced plans to acquire a provider of electronic payment, risk management, and payment security solutions for online services. The company, CyberSource, processes just about 25% of all online transactions in the US including on Facebook, Home Depot, and Google among others.  Once combined, Visa will have a better advantage at helping companies minimize loss of dollars in fraud. Joseph W. Saunders, Chairman and CEO of Visa said in regards to the news, "Online commerce continues to grow rapidly and this acquisition will enable Visa to offer new and enhanced services that will better meet the growing demand among merchants globally for robust, secure online payment processing capabilities which in turn will grow the entire eCommerce category."  The transaction still has to be approved by stockholders and regulators but looks promising.

Source: “Visa Inc. to Acquire CyberSource to Accelerate eCommerce Growth”  http://corporate.visa.com/media-center/press-releases/press1010.jsp

Inside Tech’s Top Info Security Threats of 2010

Malware is a very serious and escalating threat that tops Inside Tech’s list. Many software vulnerabilities still exist today and will continue to exist but another major component of getting malware is human error. IBM reported that during the first half of 2009, malicious links on sites increased 508%.

Also, that same year, the FBI reported that cybercrime cost more than $1 billion in profits, surpassing drug trafficking as the most lucrative illegal business.

Malicious Insiders come usually in the form of disgruntled employees. Fannie Mae and United Way are two cited cases where former employees disrupted operation of the company soon after leaving the company.

Exploited Vulnerabilities are a major issue separate from malware because many consumers and organizations are not patching their systems properly. Microsoft’s Security Intelligence Report notes Conficker as the top threat to enterprise during the first half of the year 2009.

Careless Employees can be a major threat to an organization. Sometimes, people do not realize they can fall victim to social engineering attacks and other malicious attacks intended to steal information important or insignificant. According to research done by RSA, 52% of respondents admitted to accidental data loss while 19% admitted to deliberate data loss.

Mobile Devices are easy ways for people to obtain information from corporate network remotely. Some malicious software target these type of devices because they are not usually protected from such types of software and can be a means of access to these pools of valuable data. A USB drive infected with
Conficker shut down a town council for a few days costing them just short of a million dollars.

According to the CTO of SMobile Systems, over 400 mobile viruses and malware are known.

Social Networking compromises personal data because malicious software can be designed to specifically target these users. More and more employees are also accessing these sites from company systems which increase the threat against the organization.

Social Engineering takes place on just about every medium. As security software and hardware gets more and more sophisticated, hackers depend on social engineering increasingly.

Zero-Day Exploits happen when hackers exploit vulnerability before a patch or fix exists. This is especially bad for companies depending on software vendors to develop the fix hence putting the company at risk in the meantime. These exploits are an ongoing and steady risk. Microsoft alone has 3 exploits in IE 6, 7, and Windows 7.

Cloud Computing Security Threats is a problem in that web-based services aren’t necessarily secured in the way we would normally expect. Many use encryption for security and some use no security which puts a lot of information at risk. Many exploits are also designed to attack web services like a recent Yahoo Mail incident that exposed accounts to hackers.

Cyber Espionage is occurring more and more. This mostly happens in government organizations but is still a major threat to us all. The U.S. Department of Defense has seen an about 60% increase over 2008 in targeted cyber attacks.

Sources: “The Top 10 Information Security Threats of 2010”

http://insidetech.monster.com/careers/articles/8056-the-top-10-information-security-threats-of-2010 page=11&utm_content=artmini&utm_source=nlet

“Incompetence a bigger IT security threat than malign insiders” http://www.theregister.co.uk/2009/08/25/rsa_accidental_security_breach_survey

CNET Reports Google Systems Attacked by China, Passwords Stolen


Google’s Gaia system, which allows users to sign in to their services, was compromised in December when a Google employee clicked on a link in an IM in China which gave access to the company’s headquarters in California. As a result, Google revealed some information to the public about the attack including that it would cease to censor Chinese search results and that some intellectual property of theirs was stolen along with that of other organizations by the country. Gaia is still in use at this time and Google now gives Chinese visitors to its site, unrestricted access to search results.

Source: “Report: Google password system attacked” http://news.cnet.com/8301-1009_3-20002890-83.html?part=rss&subj=news&tag=2547-1_3-0-20

Big Brother Has the Power to...turn off your car

Turn off your car?  What?

As our world becomes more automated and every day gadgets are infused with computer machinery, you are more at risk of a glitch, or worse.

Over 100 car owners in Austin, TX had the worst surprise ever recently.   Cars began behaving badly - they would not turn on or the horns were honking.

How could this happen?

Many consumers have no idea that their dealerships are installing a little black box on cars.  This little black box allows the dealerships to disable YOUR car if you fall behind on payments.  It is the modern day alternative to the Repo Man.

The culprit? Not a technology glitch but a ticked off employee who had been fired.  Police in Austin's High Tech Crime Unit arrested 20 year old, Omar Ramos-Lopez.  Police tracked him down using access logs and then tracing the traffic back to his IP address.

Martin Garcia, Texas Auto Center manager where Omar worked said, "Omar was pretty good with computers".  Really?  Maybe Mr. Garcia was taken out of context, let's hope so.

I have said it before, sometimes the greatest risk in cybersecurity is the INSIDER THREAT - from the model employee to the displaced employee.

They can put Ramos in jail but until businesses address the risk of insider threat, Ramos will not be the last.

This leaves another question open, if Ramos was able to access the system using another employee's account, what could someone with a real plan have done to immobilize drivers?

Who needs an EMP (electomagnetic pulse) to take out computer systems when you can just hack into devices?

Comments?  Questions?  Please send me your reaction to this story.

Avoid the nightmare of losing your address book. Helpful tips.

Link the WBTV Video


n the US, over 12 million cell phones are lost each year and 700,000 are stolen.

This is a nightmare scenario.  You need to make a phone call and find out that your address book is suddenly empty or your cell phone is missing.  If your job counts on you having a large rolodex this situation can be overwhelming.

What would happen to you if your contacts were lost?

Former White House Cyber Security Expert, Theresa Payton has some options for saving your contacts to a safe place and recovery options in the event something happens to your cell phone.

How to avoid a BAD situation:

B - Back up files.  Most smart phones and cell phones come with software that you can use on your computer so you can create a back up file.

A - Access to your contacts may be available another way.  You may have files on your computer or Mac that you could use.  For example:

 ."ipd" at the end, that file has BlackBerry contacts.

."csv" at the end, that file can be imported into most address book and email programs and then synchronized to your phone.

vCard files can be imported into most contact programs.

D - Don't rely on just having your contacts on your phone or computer.  Keep a copy in multiple places.  Have a hard copy of the 5 most important contacts in the event of an emergency.

The following are resources that can help you build or re-build your list of contacts on your phone and computer.

See this link for helpful resources on how to back up your contacts:  Website Tips & Resources

As always. please make comments and suggestions on what you want to hear about!

Thank you!

Looking for a job? Don't work for a Botnet Herder! Criminals are posting help wanted ads online.

HOW TO AVOID THE BOTNET HERDERS
Would you know if your child was a botnet herder?

There’s a new game in town offering jobs to anyone with a home office and a computer.   Be careful what you or your kids accept when applying for jobs online.  You or your kids may be accepting a job working for a Cybercriminal outfit.

Cybercriminals are posting help wanted ads on the internet and they are hiring people to help them infect computers across the Carolinas and even across the globe.

The going rate?  $180 for every 1,000 PCs infected.

Link to TV segment:  http://www.wbtv.com/Global/story.asp?S=11980960

YOU NEED TO PROTECT YOURSELF AND YOUR KIDS FROM THIS SCAM:
Some of the ads are obvious and you know you are infecting computers.  Some, are not so obvious and may sound more like you are working for a marketing company.  Kids looking to earn money over spring break and summer months could fall into a trap and they may not realize they are doing something wrong.

HOW TO SPOT THE ADS:
In the more obvious ads, Cybercriminals are hiring individuals willing to infect people’s computers with malicious software. In the less obvious, the ads may look like you are doing marketing and you just need to get the message out through emails and web pages.

The job duties may include:
  Send spam or socially engineered emails
  Include a link to malicious software
  Job performance is determined by how many PCs they can infect.
  PCs in the UK and the US are considered the target group.
  They will even pay your wages to you via services such as PayPal and Western Union.
  Once the PC is infected, the cybercriminals can come in after that and do what they want.

They may provide you with:
-A kit or directs you to places where you can buy a kit to create your web page or emails.
-Instructions on how to hide their software behind the link.

HOW TO AVOID THE SCAM
One way to avoid this scam is to check in with your Better Business Bureau.
Remind your kids not to apply for jobs online without discussing it with you first.
Follow the rule:  If it sounds to good to be true, it probably is.

WORD FOR THE WEEK
Botnet Herder
A botnet herder is a person that has installed software on thousands of machines and has them in their control.  They may use the herd of machines, which they call zombies, for attacks on other machines.  Like to create mail sent to people in your address book that looks like it is from you, or to steal your information.  Botnet herders will also rent out their herd to cybercriminals to use.


SIGNS THAT YOUR PC MAY BE UNDER THE CONTROL OF A BOTNET HERDER
  Computer programs taking longer than usual to load
  Computer locks up or reboots itself
  Odd error messages
  Peripheral devices such as printers and scanners are not recognized
  Lots of internal noise such as disk writing or beeping or clicking
  Computer seems to be running tasks even when you have no programs open
  Files corrupted or missing
  Friends call or email to tell you they are getting a lot of strange email traffic from your account
  Your antivirus software runs too quickly or not at all

WHAT TO DO IF YOUR COMPUTER HAS THESE SYMPTOMS
If your computer has any of these symptoms, run your Antivirus software.  If it continues, contact your antivirus software provider and the company that services your machine for professional assistance.

HOW TO SPOT THESE JOB SITES:
Where are some of these criminal jobsites?  Many of them change their names to avoid detection.  The key is to check site history on your computer and look up any companies your kids may be visiting online.

The more obvious sites describe “Pay Per Install” as part of their payment model on their website.

Two of the more recent sites that you want to check for and block are:
Pay-Per-Install.org
earning4u.com. (formerly known as InstallsCash)

WHAT TO DO IF YOU SPOT ONE OF THESE COMPANIES:
If you think you have received an email solicitation, you can report it to at least two places:
The Federal Trade Commission at spam@uce.gov.
The FBI’s Internet Crime Center at www.ic3.gov.

If you believe you or your kid was duped and that you might be working for a Botnet herder, please contact your Local Law Enforcement immediately and send information to the FBI Internet Crime Center listed above.

Gangs Are Targeting Your Kids Via the Internet - Quick Quiz to test your Cyber Banging Saavy

Word for the Week:  Cyber Banging
Also called Net Banging - This refers to the internet recruiting process that gangs use to target kids.  Gangs typically target high school and middle school kids but there are cases where kids as young as 8 have been recruited.

1.6 Million, that’s the number of employees, across the globe that support Walmart.

1 Million and growing, that’s the number of gang members in the United States.

Are your kids looking at gang propaganda online?  Chances are you would not know, a recent study says that 62% of kids lie to their parents about what they do online.

As a parent, you protect your kids by teaching them safety rules, checking on their friends, and keeping tabs on their activities.  Gangs know this to so they have a new recruiting tool to get around you and directly to your kids – the internet.

Link to WBTV segment:  Gangs Targeting Your Kids Via The Internet
One example of how glorified gang life is can be seen on YouTube.com.  Lil Slim’s “Getting $” music video, which glorifies gang activities, has over 30,000 views.

Think you know how Gangs target their new recruits?
Test your knowledge with this quick quiz:
1) Q:  What are the colors worn by the MS-13 gang?
A:  Blue and White

2) Q:  Gang Identifiers Include which of the following:
a) Wearing a specific color or colors regularly
b) 5-Pointed Star
c) Star of David
d) Playboy bunny
e) None of the Above
f) All of the above

A:  All of the above

3) True or False:  If you see someone wearing Charlotte Hornets gear they might be a member of a gang.

True.  Don’t jump to conclusions that everyone that wears Charlotte Hornets gear is a gang member but this logo is popular with the Spanish Cobras and the 4 Corner Hustlers.

4) True or False:  If you see a cap that looks like a NY Yankee’s cap but the tail of the Y is off so it looks like VN instead of NY, that’s just a kid having fun.

Most likely False.  This is what the LA gang called Van Nuys is doing to mark their members.  You can see this NY Yankee-like symbol touted on Facebook and YouTube.  You may seen this worn by a gang member or a wannabe.

5) True or False:  Your kid would not go to gang music sites to download songs.

Could be True or False.  You should check.  Kids are downloading gang songs from places such as 818 Gangland Musik Page for free.


GANGS HAVE NEW RECRUITING TOOLS:
The Bait:  Social networking via the internet is the new recruiting tool for MS-13 and other gangs and they ARE targeting your kids.

The Hook:  Young people that are surfing online may come across pictures, music, or videos about gangs.  Of course kids are curious so they click and see something that glorifies gang life…That’s when a gang member may strike up a chat with them online and try to lure them into their club.

GANG STATISTICS:
Think this is an overplayed issue?  Here are some startling statistics from a recent survey:
70% of gang members say it is easier to make friends online
89% of kids say they are the major user of technology at their house
41% of kids say they do not share with their parents what they are doing on the internet

HOW TO PROTECT YOUR CHILD:
TALK:  Talk with your child about the places they visit while online.  Look at some of the gang propaganda together and talk about why it is false or glorified.
TEACH:  Keep your home PC in a central location so you can keep an eye on what they search.  Teach your kids that where they go online is just as important as the rules you have for them offline.
TELL:  Be familiar with what your local gangs wear, such as certain colors, jewelry, or logos, to show they are a member.  Tell your kids not to dress like gang wannabes so they will not be targeted while at school or play.

WARNING SIGNS:
APPEARANCE:  Your kid’s clothing preferences change dramatically.  Your kid suddenly insists on wearing a specific color or a logo.  A new tattoo, permanent or henna.  Unexplained injuries.  Begins using gang slang.
SOCIAL:  Starts withdrawing from school, family, and possibly even their friends.  Talks about gang life in an idolized way.
INTERESTS:  Gang music or gang insignias on their phones and music lists.  Likes to watch gang related movies.



RESOURCES:
FBI Gang Threat Site:  http://www.fbi.gov/page2/feb09/ngta_020609.html

Department of Justice – Community Services:  www.cops.usdoj.gov

Violence Prevention Institute:  http://www.violencepreventioninstitute.org/youngpeople.html

National Youth Gang Prevention Center:  http://ojjdp.ncjrs.gov/pubs/gun_violence/sect08-f.html

NC Gang Awareness:
http://www.ncgangcops.org/NCGangAwareness.pdf

Parents Universal Resource Experts (PURE™):
http://www.helpyourteens.com/index.php

Parent Advocate Sue Scheff on Avoiding the Gangs:
http://www.suescheff.info/

Organization focused on consumer safety, security, and privacy:
http://ilookbothways.com/

Dr. Michele Borba, Child Expert Talks About Kids and Conflict:
http://www.micheleborba.com/blog/

Mary Kay Hoal, Internet Safety Expert, Offers Advice About Social Networks and Gang Exposure:
http://internet-safety.yoursphere.com/tips/can-social-networking-expose-your-children-to-gangs

Social Networks and Your Kids – The Risks from SchooGo:
http://www.schoogo.com/blog/it-safe-9-10-11-year-olds-be-social-networking-websites

Cybercreeps Grab Your Stash, Hide the Cash, While Using Bogus Bank Statements

Cybercrooks have a new trick up their sleeve! 

Cybercriminals are rewriting your bank statement so it looks like small transfers have been taken out and your balance looks okay.

A Security firm called, Finjan, found that cybercriminals stole $440K from online banking customers in Germany last year.

To fake out the customer and the bank, the cybercreeps transacted small transfers.   They used money mules to help them move the money out.  (More on money mules in another post but they are usually good people doing "work at home" and have no idea that they are a pawn in this scheme).

To continue the fake out, these cybercreeps displayed altered statements showing only a small amount transferred. 

 “They successfully evaded the banks' anti-fraud systems," says Ben-Itzhak. "We dubbed it anti anti-fraud."

Link to original USA Today story:  http://blogs.usatoday.com/technologylive/2009/09/cybercriminals-rewriting-bank-statements.html


Follow us on Twitter:  twitter.com/fortalicellc


Fan us on Facebook:  FortaliceLLC


Website:  Company Website

President Barack Obama has declared January - National Slavery and Human Trafficking Prevention Month

How CyberTraffickers Target Their Victims:

It is hard to believe that, in America, we have people trapped and forced to work as laborers or prostitutes as slaves of human traffickers.  North Carolina has been ranked in the top 8 most common sites for human trafficking.  One of the reasons we are so popular is I85 and I95.

The problem in the U.S. is so serious, that President Barack Obama has declared January - National
Slavery and Human Trafficking Prevention Month

Human trafficking is the modern day version of slavery.  These criminals force their victims into labor and it can be in any industry.  The most common forms of enslavement include labor, such as farming or working in a sweatshop, and sex trade.

Human traffickers love the I85 and I95 highways in North Carolina and they also use another highspeed highway to recruit, enslave, and find new customers-the internet.

Human traffickers target those who are society’s most vulnerable, have the quietest voices and find it hard to fight back.  Often, victims include immigrants and children.  Children who are loners or runaways are also a popular target of cybertraffickers.

North Carolina passed a bill in 2007 which makes human trafficking a felony and offers state assistance to victims.

In the last several months there were several cases in human trafficking uncovered in North Carolina.

One recent case was a spa in Union County who was using Craiglist to advertise services and the clients had no idea the staff there had been coerced into a human trafficking scheme.

We also had the tragic case of Shaniya Davis who was allegedly sold into sex trafficking via the internet by her mother.

Human trafficking via the internet to enable their crime rings has long been on the radar of the law enforcement community.

Statistics:
2,300 Arrests:  The FBI has been diligently fighting this evil crime resulting in 2,300 arrests.  They have also recovered 170 kids during sting operations.

15,000-18,000:  The number of people drafted into slavery each year in the U.S.  (Source:  U.S. Department of Health and Human Services)

2 Million:  Estimated number of people worldwide drafted into slavery via Human Trafficking

A Few Recent NC Cases:

Sex Ring:
April 2009, a man was sentenced to 24 years in prison for operating a human trafficking sex trade between Charlotte and Washington.  Girls were as young as 16 and smuggled in from Mexico.

Child Sex Case – Internet Sting:
June 2009, a Duke University official, was arrested after an Internet sting.  He was charged with trafficking a 5 year old boy for sex.  His name was provided by a defendant in a different trafficking case.

Spa case in Monroe – Ads on Craigslist:
In 2008, a spa in Union County was using Craiglist to advertise services that were offered by people who had been coerced into a human trafficking scheme.

Shaniya Davis – Mother allegedly sold her into sex trade via internet:
In NC we have the pending case and trial regarding the alleged human trafficking of Shaniya Davis.  Her own mother alledgedly sold her daughter into the sex trade using the internet to find a buyer and to send messages.  This case should be a wake up call to parents,  teachers, and all caregivers.    

THE DIRTY TOOLKIT THAT CYBERTRAFFICKERS USE:
Online Ads:  Ads offering great jobs at high pay in big cities.  Often they hide behind ads for modeling, singing, or acting.  Sometimes they will offer to fly the person to the other city for the “interview”.

Online Auctions: Craigslist is considered a magnet for international sex trade of children via the adult services section.  

Photo Sharing Sites: Bypasses printing photos and allows operations to disseminate photos online for viewing by prospective buyers.

Social Media:  Cybercreeps will use Chatrooms, social sites such as Facebook and MySpace, to recruit or trick kids into joining their trafficking scheme.  They use these sites and blogs to connect to other cybercreeps to barter, trade, and sell their victims.

HOW TO SPOT THE WARNING SIGNS:
Many of the warning signs that a child is a victim of trafficking, or is being recruited, are similar to signs that the child is being cyberbullied or being groomed by a pedophile.  They may include one or more of the following:
Unexplained absences
Runs away or discusses running away from home
Exhibits bruises, suddenly withdraws from social gatherings, displays depression
Demonstrates a sudden change in attire
Behavior becomes erratic, severe mood swings
Suddenly has material possessions given to them by a “friend”
Hides emails, text messages, or other online posts
Extreme change in online behavior – suddenly online all the time or suddenly not interested in
        being online


PUT AN END TO TRAFFICKING:
E:  Engage your kids in a conversation about trafficking.  Targets start as young at 12 years old.  

N:  Notify and advocate for change.  Notify your elected officials and ask what they are doing to improve awareness, catching cybertraffickers, and convicting them.

D:  Don’t fuel the criminal economy.  Where possible, research and choose free trade or slave-free certified products.

HOW TO REPORT SUSPECTED TRAFFICKING:
1. Contact local law enforcement
2. If you are unsure and want to talk through the situation first, you can start with the National 24/7 Human Trafficking Resource Center at 1-888-373-7888.
3. If you want to report an incident, you can do so at the National Center’s CyberTipline at 1-800-the-lost or online at www.CyberTipLine.org
4. The FBI Human Trafficking Hotline is open 24 hours:  866.252.6850.

OTHER RESOURCES:
There are several websites that provide helpful information about Human trafficking.  We have highlighted a few of them below:

Organizations:
Global Awareness, Outreach, and Victim Services:  Polaris Project at www.PolarisProject.org

Check Your Chain Store’s Policies and write them letters about Human Trafficking at www.ChainStoreReaction.com

Sites that include tips plus blogs that cover human trafficking:
http://www.veritate-et-virtute.com/
http://ilookbothways.com

Information on Global and U.S. Issues:  FightSlaveryNow.org

North Carolina Focus:
NC Stop Human Trafficking:   http://ncstophumantrafficking.wordpress.com/
Triad Ladder of Hope: http://www.triadladderofhope.org/
Government Sites:
U.S. Department of Justice Web site: 
http://www.usdoj.gov/whatwedo/whatwedo_ctip.html.
U.S. Department of State, Office to Monitor and Combat Trafficking in Persons
http://www.state.gov/g/tip

U.S. Department of Health and Human Services, Campaign to Rescue and Restore Victims of Human Trafficking
http://www.acf.hhs.gov/trafficking/index.html

National Center for Missing and Exploited Children
http://www.ncmec.org

United Nations Office on Drugs and Crime http://www.unodc.org/unodc/en/human-trafficking/what-is-human-trafficking.html


Presidential Proclamation:

The White House
Office of the Press Secretary
For Immediate Release
January 04, 2010

Presidential Proclamation - National Slavery and Human Trafficking Prevention Month

A PROCLAMATION
The United States was founded on the principle that all people are born with an unalienable right to freedom -- an ideal that has driven the engine of American progress throughout our history. As a Nation, we have known moments of great darkness and greater light; and dim years of chattel slavery illuminated and brought to an end by President Lincoln's actions and a painful Civil War. Yet even today, the darkness and inhumanity of enslavement exists. Millions of people worldwide are held in compelled service, as well as thousands within the United States. During National Slavery and Human Trafficking Prevention Month, we acknowledge that forms of slavery still exist in the modern era, and we recommit ourselves to stopping the human traffickers who ply this horrific trade.
As we continue our fight to deliver on the promise of freedom, we commemorate the Emancipation Proclamation, which became effective on January 1, 1863, and the 13th Amendment, which was sent to the States for ratification on February 1, 1865. Throughout the month of January, we highlight the many fronts in the ongoing battle for civil rights -- including the efforts of our Federal agencies; State, local, and tribal law enforcement partners; international partners; nonprofit social service providers; private industry and nongovernmental organizations around the world who are working to end human trafficking.
The victims of modern slavery have many faces. They are men and women, adults and children. Yet, all are denied basic human dignity and freedom. Victims can be abused in their own countries, or find themselves far from home and vulnerable. Whether they are trapped in forced sexual or labor exploitation, human trafficking victims cannot walk away, but are held in service through force, threats, and fear. All too often suffering from horrible physical and sexual abuse, it is hard for them to imagine that there might be a place of refuge.
We must join together as a Nation and global community to provide that safe haven by protecting victims and prosecuting traffickers. With improved victim identification, medical and social services, training for first responders, and increased public awareness, the men, women, and children who have suffered this scourge can overcome the bonds of modern slavery, receive protection and justice, and successfully reclaim their rightful independence.
Fighting modern slavery and human trafficking is a shared responsibility. This month, I urge all Americans to educate themselves about all forms of modern slavery and the signs and consequences of human trafficking. Together, we can and must end this most serious, ongoing criminal civil rights violation.
NOW, THEREFORE, I, BARACK OBAMA, President of the United States of America, by virtue of the authority vested in me by the Constitution and the laws of the United States, do hereby proclaim January 2010 as National Slavery and Human Trafficking Prevention Month, culminating in the annual celebration of National Freedom Day on February 1. I call upon the people of the United States to recognize the vital role we can play in ending modern slavery, and to observe this month with appropriate programs and activities.
IN WITNESS WHEREOF, I have hereunto set my hand this fourth day of January, in the year of our Lord two thousand ten, and of the Independence of the United States of America the two hundred and thirty-fourth.
BARACK OBAMA

Holiday Shopping: How to Get the Best Bargains Without the Boobytraps

You want to fill everyone’s Christmas stocking with good cheer but be careful of cybercriminals.  We can help you find the best bargains without the boobytraps!

Some of the best deals of the season are online this year.  

47% of merchants said they will use social media such as Twitter and Facebook to advertise the best deals.  

This year offers some fantastic ways to find where the best bargains are and you can shop at home in your pajamas, while stuck at the airport, or even on your lunch break all with the touch of your finger!
Some companies are creating online exclusive offers.  One example is Sears.  Sears gave out fan only deals and a drawing for a gift card exclusively to their Facebook fans this year.

Here are 4 tips to find the best deals without the boobytraps!

1.  One card:  Use a specific credit card for your online purchases.  Set up alerts to be sent to your phone and email so you know every time your card is used.

2. Keep a record:  Save a screen shot or print out all receipts and hold for at least 90 days, longer if there is a warranty.

3. Be A Secure Shopper with CIS:  Computer, Internet, Secure

Computer:  Know the computer – do not use a communal computer or one that is not up to date on antivirus protection

Internet:  Check your internet access – know how you access the internet – only make a purchase if you know your connection is safe

Secure:  Secure Sites only - Check the Webname – it should include HTTPS: the S stands for secure.  The website should include an icon of a padlock

4.  Instant Access to Deals:  Sign up for email alerts from your favorite stores.  If you use social media sites such as, Twitter or Facebook, there are a lot of great deals posted on those sites.

Finding the Best Bargains:
There are several wonderful sites that you can use to help you find the best online bargains without tripping on the cybercriminal booby traps.

We have highlighted several sites that you may want to check out this year:
Etsy.com
RetailMeNot.com
Dealio.com
Offers.com
Cheaptweet.com
Savings.com
Extrabux.com
PriceGrabber.com
Shop.org
Dealnews.com
Fatwallet.com
SlickDeals.net
Amazon.com
Walmart.com
Target.com

Social Media:
Facebook:
On Facebook, you will find many vendors with pages you can become a fan of.  Some are offering EXCLUSIVE deals for their Facebook fans.
Some highlights include:
ToysRUs
Best Buy
Sears
Macy’s
JCPenney

Twitter offers some great tips about upcoming sales and special offers.
Some Twitter accounts you may want to follow include:
@ToysRUs
-
@SearsDeals
-
@AmazonDeals

@WalmartSpecials

@NeweggHotDeals

@DellOutlet

Cyber Crime has become a more popular & lucrative moneymaker than illegal drug trafficking!

4 Easy Tips on How to stay SAFE!



Some Sobering Statistics:

According to recent reports, every three seconds an identity is stolen online.

Nearly 10,512,000 identities each year are stolen online.

One study indicates that cyber crime has become a more popular and lucrative moneymaker than illegal drug trafficking.  It is critical to know what to do to protect yourself from the cybercreeps trying to pick your pocket online.

It is estimated that as many as 1 in 5 people could become a victim of online identity theft.

If you believe your PC may have a virus or that your online credit information has been compromised, follow our SAFE steps to protecting your identity.

What to do if you think cyberthieves are after you:


S:  Seek help.  Call your PC support desk or seek out a local expert to assist you with your computer to find and isolate the virus.

Microsoft provides free virus and spyware removal support to Windows customers who think they have an infected computer.

Call:   1-866-PC Safety for phone support.
Online:           Microsoft customers can also visit http://safety.live.com for
free online virus and spyware removal.

Apple provides help to computers users that believe their Mac may be infected.

Call:   1-800-APL-CARE (1-800-275-2273)
Online:         Set up a phone appointment
http://www.apple.com/support/expert/ or,
request an in-person appointment at your closest
Apple Store’s Genius Bar:
http://www.apple.com/retail/geniusbar/ .

A:  Actively monitor your bank and credit card accounts.  Look for suspicious charges, even if they are for very small amounts.

Tip:  Most banks offer online alert services where you can set up alerts to notify you if a transaction takes place or if a transaction is over a certain amount.  Go to your online banking page for more information.

F:  Freeze Fraud:  request alerts on your credit reports. Ask if your credit file can be frozen.

You are entitled to a free credit report once a year from all three agencies, Equifax, Experian, and TransUnion.   Experts recommend that you space out your requests so you can have one from each at different times during the year.

Online:
Equifax:         http://www.equifax.com
Experian:   http://www.experian.com/
TransUnion: http://www.transunion.com/

North Carolina offers a free credit freeze for victims of identity theft and a nominal fee for people that want to request a freeze.  Go to the following website for more information:
http://www.ncdoj.gov/News-and-Alerts/Alerts/Freeze-your-credit-for-free.aspx.

E:  Engage authorities.  If a theft has occurred, file a police report with your local police and file a theft form with the Federal Trade Commission.

Federal Trade Commission:
Call:   877-IDTHEFT or 877-438-4338
Online:         http://www.consumer.gov/idtheft

A fantastic resource to use is the Privacy Rights Clearinghouse which is a nonprofit organization that provides in-depth information on your legal rights and how to cope with the aftermath of being a victim.

Online: http://www.privacyrights.org/

WORD FOR THE WEEK: HONEYPOT!

HONEYPOT:


It is a trap set for cybercriminals by companies.  Example: your bank puts out a "honeypot" that looks enticing to cybercriminals.  The cybercriminals think they are getting into the honeypot to sneak away with customer data.  Instead, they get nothing or phony data and that leaves honey footprints behind to help the good guys know what the bad guys were trying to do.   


Think of it as a decoy so crooks run after the decoy and the bank keeps your information safe.


Just another tool in the arsenal of companies and the government to keep your data safe.