DarkNet and Cyber Security
The Darknet Simply put, the “darknet” is anything that cannot be accessed via a standard browser because it requires special software, and often special knowledge, to access. The darknet typically refers to sites on the Tor network that look and feel just like regular sites but require a special Tor browser to view.
The darknet, more broadly, includes other protocols and environments common users don’t know about, such as IRC (internet relay chat) channels and I2P (Invisible Internet Project) networks.
In addition, the darknet hasn't indexed the way surface websites are; virtually all of its sites’ addresses must be shared instead of searched for, and not everyone out there will be keen on sharing. This tutorial explains the DarkNet and Cyber Security in depth with the best examples.
A private place Not everything on the darknet is illegal. In fact, it was originally designed by the U.S. government to let their operatives and analysts anonymously explore the farthest reaches of the global internet, in search of information.
Privacy and anonymity are paramount to all users of the darknet, and many use it simply because they can communicate free from fear of online surveillance. Consider life in some countries where freedom of expression is not a right.
Learning about, for example, government abuses by accessing foreign websites blocked by your nation is now safely possible using the darknet, as is expressing hopes and dreams—and, yes, buying a pair of counterfeit Versace sunglasses. When you consider the arbitrary nature of laws being an extension of the arbitrary power of government, the beauty of the darknet is clear.
Going deeper into the first thing to know in getting your head around this topic is that the web is not the internet. While they may seem synonymous in daily life, the internet is far more than the World Wide Web.
The internet is the entire global set of computers connected to a giant public network that shares certain rules for communicating various types of information. The most familiar of these are web pages and emails, but there are in fact many other things you’d never notice or care about that run over this same global network. Here’s the basic breakdown.
The Surface Web Most of what you see online, from Facebook to eBay to Amazon to Twitter, is the surface web. It’s made up of all the various public websites that share content, sell goods, or otherwise want to be easily found.
They allow any guest to visit, and they invite search engines to index them so that users can find them through Google, Yahoo, and the like.
The Deep Web Millions of sites out there don’t appear in search engines, often because they don’t want to be found easily. These sites have no inbound links from any other site, and they block search engines.
You can still visit them using a standard browser, but only if you have some other way of knowing the address, for example, if a link is sent in private email to a specific list of recipients. This type of arrangement is often used to share content, such as hacked data or child pornography, with a closed community that wants no outsiders.
The bottom line is that, for average users, the deep and dark web may seem alluring or sexy thanks to television. In reality, what you’ll find there is malware, viruses, illegal content, and criminals ready to take advantage of the uninitiated. Unless you really know what you’re doing, keep out.
SHOPPING IN THE DARK
While it offers many legitimate uses to activists, whistleblowers, law enforcement, and political refugees, the darknet also supports an underground black-market economy that follows its own set of rules. Buyers and sellers have many reasons to trade outside normal open markets. These can include the following.
Illegal Goods Anyone looking for products or services that can’t be sold in the open, such as drugs, stolen identity data, or weapons.
Anonymity These transactions can be done without records, allowing the buyer and seller to remain anonymous, with (theoretically) no paper trail or electronic footprint.
Technology has made it easier for black-market buyers and sellers to safely connect and do business. In the constant back-and-forth between authorities and black markets, one black market is shut down, but another takes its place.
PEELING AWAY THE ONION
The largest and best-known element of the darknet is the Tor network. Tor, which stands for “The Onion Router,” was originally a project started by the U.S. Navy but has long since been turned over to a private nonprofit organization. The details are extremely technical, but, as an average user, you can think of the Tor network as three related technologies.
A Web Browser The Tor browser works like a normal web browser, but it routes users requests for web pages through the Tor network.
Safe Passage Tor anonymizes users’ activity by stripping identifying data from page requests, then sending the requests through multiple encrypted transfers between volunteer-run computers all over the world that run special Tor software, letting them act as transit points.
When a user with a Tor browser type in a standard web address, that request goes from the “normal” web into Tor, gets bounced through various intermediate relays, then reenters the normal web via a Tor “exit node” and arrives at the destination website. The site responds to the page request, and the content is sent back to the user by the Tor network through a similar process.
Hidden Websites Computers equipped with the right Tor software can also run websites (and other services, including IRC chat channels) accessible a via Tor browser.
So users with a Tor browser are able to not only anonymize their browsing of the standard web but can see a whole second “web” (albeit relatively small) made up of sites ending in. ONION that can’t be reached by a standard browser.
Using Tor means that internet traffic on the browser is routed through multiple layers of Tor user relays, like an onion—hence its name.
UNDERCOVER OPS While criminals lurk in the shadowy recesses of the darknet, so too do law enforcement officers from around the world. A colleague in the UK complained that he’d bought too many knives and drugs to know what to do with.
I spend countless hours surfing Tor sites looking for child pornography producers (distinct from distributors, who are often careless enough to use the surface web to exchange their unforgivable goods).
Shopping for Trouble The intrepid cyber-security reporter Brian Krebs has taken on so many darknet criminals that his local police department had to come up with a special procedure when someone calls to report a violent crime at Krebs’s house after SWAT teams, alerted by darknet thugs that there was a “hostage situation,” had converged several times on his house.
Krebs has also had criminals send heroin to his house, and then call authorities with the tip to search his mail.
“The darknet is where the bad guys are,” a high-ranking federal agent told me. “We’ve got to get good at being there and looking like we belong there because that’s the only way we get into the kinds of conversations and relationships that will enable us to get leads and stop plots.”
Reputation Matters This raises an important non-obvious point: In a world of anonymous users, reputation—based on common interests and sustained consistent activity—is the only measure of trustworthiness. That’s something that keeps academics busy.
Of course, reputation is how good reporters and journalists arrange to meet with sources to safely learn of corruption schemes and criminal gangs.
The work done by these journalists is important in helping law enforcement and academic researchers understand new trends, and reporters can sometimes break stories based on darknet trading patterns.
The authors recommend you have a look around if only to see for yourself the kinds of wares (and warez, aka pirated software) for sale, to educate yourselves about how the rest of this blog isn’t a bunch of people making stuff up. On the darknet, no one knows if you’re a dog, but they do know if you have bitcoin (more on this digital currency in a bit).
The darknet may be a place to find guns, drugs, and hit men, but here are some of the stranger things you can buy on the DL.
Fake Coupons Grocers and snack companies have lost millions on everything from discounted cereal to free bags of chips.
Social Media Followers Wanna feel popular? For the low price of $25 USD, you can get 2,500 “followers” on Twitter.
Immortality You too can learn how to live forever! As long as you believe what the people selling the formula tell you.
Original Red Bull The energy drink now found worldwide was adapted from a more… potent formula originally sold in Thailand.
A New Identity Want to disappear? There are lots of guides on changing your identity. Plastic surgery not included.
DREAD PIRATE ROBERTS AND SILK ROAD
The internet has enabled new business models that connect buyers and sellers from around the world for illegal transactions as well as legal ones. eBay was one of the first big online marketplaces, and it has carefully policed sellers to be sure no one is breaking the law.
So where’s an online shopper looking for something a little less conventional to go? It was only a matter of time before something arose to serve those interests.
The breakthrough for illicit online marketplaces came when bitcoin, a decentralized digital currency that works a lot like cash, was introduced. Word on the street was that bitcoin allowed you to make purchases online with perfect anonymity.
This turned out not to be the case, but it’s still a more stealthy way to operate than, say, using PayPal to purchase that shoulder-mounted grenade launcher you’ve had your eye on.
The first of the darknet markets, Silk Road was started in February 2011 by an anonymous self-taught administrator who later became known as the Dread Pirate Roberts, aka DPR. At the peak of Silk Road’s popularity, it was estimated that the operation was bringing in $10K–$13K USD a month.
Silk Road emerged at a perfect time. It was like eBay but for black-market goods—mostly drugs, both illicit and pharmaceutical. As with eBay listings, sellers were rated, and there was an escrow to increase trust in the transactions.
There were certain illicit goods that were prohibited. DPR’s philosophy was to hurt no one—thus child porn and stolen data were not allowed. DPR saw the Silk Road as a new brand that would challenge the government status quo.
“IT WAS LIKE EBAY BUT FOR BLACK-MARKET GOODS.”
Buyers and sellers know this too and therefore keep minimal funds on the sites, in case they are seized. Criminals are both clever and greedy, and it seems like every new technology can be bent to nefarious uses.
More tech-savvy criminals arise all the time, competing with laws and law enforcement—both sides aided by technology, which is itself value-agnostic. But how bad might it be, really, to have a clean, well-lit place for illicit transactions?
For knowing the quality of the products sold? Some might say “Better the devil you know…”
KEEP YOUR IDENTITY OFF THE DARKNET
With the increasing numbers of site hacks, it’s just a matter of time before your personal data is sold on the black market.
There’s not much you can do to protect yourself from someone else’s site getting hacked—that’s up to the site’s security technology. But you can use good account password hygiene.
Never reuse the same username/password combination on different sites. One of the first things hackers will do with freshly hacked data automatically checks the hacked username/password combos on numerous banking, social, and email websites.
If you use the same username and password combination at other sites, hackers could get into your accounts on those sites, even though those sites were not hacked. Use a complex but easy to remember password combination.
LET THE BUYER BEWARE
Until recently, the U.S. dollar, in cash, was the preferred currency for black-market transactions. Cash is untraceable and anonymous, but it’s difficult to use cash for online commerce. Credit cards and other common payment methods leave a paper trail. That’s why bitcoin is so ideal for shady shoppers.
While as noted above they’re not entirely anonymous, the use of bitcoin “tumblers” and anonymizing sites can obscure ones trail pretty well. Should you do this?
There is a legitimate reason to keep a light financial footprint, particularly if you subscribe to any number of concerns (or conspiracy theories, to unbelievers) about your government and its nosy ways.
Give It a (Careful) Go There are some reasons why a noncriminal user might consider these underground markets. For example, you might wish to rent access to the internet via another user’s computer elsewhere in the world where.
for example, Netflix shows first-run films not available to U.S. users, or you reside in a part of the world where freedom of expression is limited and you want to be able to communicate with others about civil rights or human rights issues.
Approach with Caution Small mistakes in your “operational security” can have massive consequences. It’s not enough to be careful. You must be very careful and follow a strict set of procedures every time you enter and leave the darknet and even the deep web.
First off, don’t use your own computer for this kind of exploration. In fact, you shouldn’t even use a real-world one. Instead, download a bootable Linux image and always be sure to load your Tor sessions through that path. You should also load tools such as PGP (Pretty Good Privacy) encryption onto that bootable drive.
This setup will allow you to load your entire browsing session in the host computer’s memory so that, when you finish, you restart the computer and there are no traces of the activity on your hard drive.
We don’t recommend doing any shopping of course, but if you do get curious, don’t just use Tor to access darknet sites. For extra anonymity, you’ll want to use an additional VPN (virtual private network) to completely anonymize your traffic.
All these techno-stealth measures may seem like a lot of work, but they’re really the only way to access the darknet with any degree of security. And that’s important once you think about the fact that almost everyone who gets caught doing something illicit gets caught because of security lapses.
We will even go so far as to recommend using a clean laptop—completely devoid of any personal data or links to legitimate online accounts such as banking—and thus dedicated only to your deep web and darknet adventures. You certainly don’t want to be playing around in these neighborhoods with a computer that, if breached, would reveal a lot about your activities.
The darknet is a fascinating place to spend a little time exploring, but dangers lurk everywhere, even if you’re not doing anything illicit. Take reasonable precautions.
Don’t engage in any kind of illegal or questionable activity on the Internet.
If you do any transactions on darknet sites, even perfectly legal ones, use encryption for everything.
Disable all scripts ion your browser before logging on to Tor.
Only use cryptocurrency for darknet transactions, and employ a tumbler to ensure optimal anonymity.
Change usernames and passwords frequently.
Minimize coin kept in escrow to avoid losing it in a bust or heist.
Use both Tor and a VPN to completely anonymize your traffic.
Keep your data on a thumb drive so that you can erase all traces from your regular machine.
THE FUTURE OF THE DARKNET
Since the darknet has come into being, multiple changes have already taken place, and things will continue to change. Specific marketplaces will come and go—they’re never going to go away entirely.
Regulatory changes may influence what is sold on the black market, and some goods (such as marijuana, in places where it has been legalized) may transition to white markets.
So what might we find on future black markets? In short: anything that is unregulated or highly regulated. This could be technology and drugs to augment the human body, government secrets, or new types of personal data, such as medical data collected by new consumer devices or household sensors.
One thing is for certain: Future systems will be more secure than the ones that we have today—but future hackers will be more sophisticated as well.
All these expenses mean that a loss can be devastating to the owner. And when home businesspeople, for example, conduct business on the same poorly protected Wi-Fi network on which their teenagers have access, tragedy is lurking just around the corner.
IMPROVE YOUR INSURANCE
You shouldn’t assume that your homeowner’s or renter’s policy will cover you and all of your equipment that’s related to your small business—quite often it won’t if you are genuinely running a business from home.
And it obviously won’t cover your data losses, no matter what. You’ll need some type of special business-related insurance rider to cover all the good stuff.
You’ll also do well to get your business set up with surveillance cameras that can store video in the cloud (off-site) and that will allow you to view the videos remotely.
Should you ever happen to become burglarized (or vandalized or worse), the first question the cops will ask you is, “Do you happen to have any surveillance video?” If you are able to answer their question with a yes, they will become noticeably more interested in their work.
One exciting way to meet some of the less scrupulous people in your neighborhood is to install a lot of expensive business equipment in your house.
The realities of life in America mean that computer gear provides thieves with tempting targets, but there are steps you should take to protect the most important assets: yourself, your family, your data, and your equipment—in that order.
Save the Data Next up is your data. As the veteran of an office that was burglarized by thieves who stole our computers and our backup drive, I heartily recommend a cloud-based backup. Don’t skimp on a backup solution, especially in an era of ransomware—your backups are what will save your company.
Consider turning on BitLocker for Windows or File Vault for Macs to stop thieves from harvesting data from your stolen goods. This feature for Windows requires the Professional version.
Work with Employees For those who are considering hiring other remote workers, your considerations will be all of the above, plus ensuring you maintain control over shared data.
And when you part ways, you’ll want to be sure to get your equipment back and “de-provision” them (lock them out of your network and third-party applications).
SMALL BUSINESSES AND HACKERS
Larger businesses and corporations may get a lot more visibility in the press when a hack happens, but that doesn’t mean criminals aren’t targeting small business every day.
In fact, smaller businesses occupy a certain sweet spot for cybercrime. That’s because they have more information and assets than a singular consumer, while also being unable to afford as much in terms of security as larger companies.
Just like real-world thieves, cybercriminals will happily take everything they can if they break in, including financial information and records that belong not just to you but to any consumer or client registered with your business—and all of those stolen identities can be used elsewhere.
Even your business machines can be locked up with ransomware or infected and drawn, zombie-like, into a botnet for other hacking misdeeds. So, what can you do to protect your business, its data, and your clients from the effects of a data breach? Quite a lot, actually.
Get Insured Aside from the various security measures we’ve already covered, cybersecurity insurance is an important part of covering all your bases.
Make sure that the policies you consider will cover first-party liability (costs from a breach, legal fees, interruption of business, customer notification, and public relations) and third-party liability (to protect you should your company be involved in a breach that exposes sensitive information about others).
Purge Regularly Never retain business data longer than you must. Once data is not needed, or older than, say, a year, delete it all. Credit card numbers are highly regulated: Understand your obligations under the Payment Card Industry Data Security Standard (PCI-DSS).
Stage a Drill Make it a practice to, well, practice your business’s response in the event of a breach. Take the time to formulate, review, and (with each drill) update your response plan as necessary. Perform these exercises at least quarterly, look for any errors or holes in your plan, and then fix them.
Prepare for the Worst Should your business end up the victim of a hack, get to work immediately to find out exactly what happened and put a stop to it, whether that means software patches or a complete takedown and cleanup of your system.
Restore any damaged software and documents from backups. Contact your insurer, and get legal advice if you must. Inform your clients as soon as possible of the breach and its nature as it relates to them.
BACK IT UP
Be rigorous about backing up data and storing it in separate places. The best bet is to store things locally, as well as in the cloud.
Small businesses can use commercial cloud solutions like Dropbox, SpiderOak, or Backblaze (about $100 USD for two years with unlimited data). Augment this with daily (or more frequent) snapshots of your environment stored elsewhere.
A good rule to remember for your business backups is 3-2-1: at least three total copies of your data, two of which are local but on different media (maybe a USB drive or a network-attached storage device) and at least one copy off-site.
And be aware the backing up is just your first step. At some point, you will want to test to see if you can restore files. Businesses have thought that they were backing up data only to have some level of corruption ultimately invalidate all the hard work they’d put in.
At last, your business has taken off. So, how do you scale up? The biggest problem for businesses as they grow is that they tend to continue using tools they have instead of reassessing their needs.
This is especially true with spending the money to upgrade computers because business owners don’t want to feel like they’re getting ripped off: “Why do I need a new firewall? The old one hasn’t burned up yet!”
Cyber incident responders see this all the time, even in publicly traded companies—especially ones that have grown quickly. Failures usually fall into two categories.
The first one is just that: a failure to properly scope technology requirements and scale technology purchases to match. The second is more insidious: its fast growth, during which executives make decisions to build now and scramble to secure later.
This is the most tempting thing in the world. I can tell you from the painful personal experience of having to break the news to senior executives at Fortune 500 companies that, because of decisions like that ten years previously, the cost to implement a fix is approximately 100 times what it would have been to do it right in the first place.
In the security industry, we call this “technical debt,” and it’s like using a high-interest credit card. You can go ahead and do it, but the day absolutely will come— we guarantee it—when the bank wants its money, and you find out about the wonders of compounding interest. Here’s how to avoid that pain.
Get Upgraded Find trustworthy, well-referenced security companies near you and ask them to help you review your needs and make recommendations.
These companies are generally easy to check out, and better firms have principals who regularly speak at security conferences, consistently publish articles and write blogs, and participate in the business community. Find two, and if they generally agree, then go with the one you like most.
Get Tough You’ll be looking at a beefed-up version of the secure home office we described. Seek out some kind of centralized authentication system, regular incremental backups and frequent snapshots of your environment, and encryption in every place it can fit.
You’ll need to hire a good information technology person to manage these systems or employ a company to manage your infrastructure as a service, an increasingly popular option.
You should also consider keeping your critical systems such as servers and firewalls under some form of maintenance support by the vendor. Vulnerabilities in hardware, firmware, and software are constantly disclosed, and having maintenance will keep you up to date without having to either buy new equipment or learn from technical debt bankruptcy.
Get Backup This should go without saying, but back up all your business data… and then create a second backup, preferably off-site in a cloud storage server, for example.
And then consider a third—just in case. This may sound a little paranoid, but if something goes drastically wrong and you need to restore data, you’ll be glad you did.
Get Outside Help Consider hiring a third party to monitor your firewalls and other security gear for signs of trouble. You should have your internal tech person run vulnerability scans regularly so that you keep complete lists of what you actually have and what connects to your network (you won’t believe how difficult this is for many companies).
Have that double-checked by an outside firm, either regularly as a service or at least once a year.
Get a Checkup Every eighteen months or so, perform a security architecture review. Take this opportunity to reexamine the single most vulnerable part of most business networks: your assumptions.
Although taking this step might mean having to pay a bit more up front, it’ll be well worth it for the peace of mind it’ll bring. As someone who sends his kid to a private boarding school, I can tell you that the alternative is dramatically more expensive in the long run.
BRICKS AND MORTAR
Any brick-and-mortar shop that has developed a great online presence get a great benefit from the fact that the cost of maintaining this infrastructure is much cheaper than it used to be: Now, you park the entirety of your business’s electronic infrastructure in the cloud instead of maintaining it on-site.
But “cloud” does not mean “secure.” Cloud infrastructure still has many of the issues of traditional infrastructure, and if you’re selling goods online, you have issues of payment card industry compliance to deal with as well. Fortunately, most of this can be outsourced, reducing costs even further.
However, it pays to have third-party firms provide you with vulnerability analyses, architecture reviews, and penetration tests—especially against your primary business applications— regularly.
BACK UP PROPERLY
If utilizing a Windows server, you can turn on shadow copies, which allows you to revert file changes made to the system. This can be done by starting the volume shadow copy service and changing the startup type to automatically via the services in the administrator control panel in the control panel.
You can then go to File Explorer, right-click on a drive, go to the shadow copies tab, and enable the option on the drive or on other drives on the system.
Shadow copies aren’t backups but a quick way to revert files or folders, such as when a user accidentally deletes a file or if a few files become encrypted by a crypto malware.
You’ll need professional help in setting this up, but on the day ransomware encrypts all your files, or all your machines get stolen, it will be worth every penny you spent and then some.
ONLINE BUSINESS BANKING
Business banking is where most companies get into trouble. The problem is that banks are not actually responsible for wire transfers and automated clearinghouse transfers made from your business account without your knowledge provided that those transfers were made using your credentials.
Business accounts are not protected in the same way that personal ones are. Most banks will still try and help you claw back the stolen money, but in some cases where the victim of fraudulent transfers sued the bank, the bank turned around and counter-sued that customer… and won.
Keep It Simple Unless you employ more than, say, 250 people, we recommend not using online business banking without an actual two-factor authentication login and a voice verification from the bank. Weirdly, the only banks that seem to offer this without any hassle are not the big guys but the boutique banks.
Get Personal We have found that these smaller banks—the ones that provide personal bankers who know you and your voice, and who ask about your family—are usually the banks with the best possible security you can get.
The argument about the availability of bank branches is absolutely valid—but with the security upside of the most common vector of attack (wire and ACH fraud) handled, the inconvenience may be worth it. Oh, and we have found that the costs are just about the same between the big banks and the boutiques.
No matter what kind of online banking you prefer, we recommend using a dedicated computer for it. The less that computer interacts with the public internet, the less of a chance there is of your credentials being hijacked.
A SECURE WEBSITE
A business without a website is simply not taken seriously. Where people get into trouble is trying to build an e-commerce website on the cheap.
That is a guaranteed disaster—note, I didn’t say almost a guarantee. It’s rock solid. If you want to sell things on your website, you need to understand that one of the internet’s most vulnerable things is the commercial web application.
The good news is that if you’re just looking for a basic web presence—a site consisting of a home page, contacts, information about your services or products, and that sort of thing—there are a lot of very cheap options out there that are in fact quite beautiful and professional looking.
Right now, I’m partial to Squarespace. They have designs you can personalize, and you pay a monthly charge for them to host it. They even make it very easy to buy your domain name—all these things that vexed your predecessors in the 1990s and aughts have been reduced to wizard-based menus.
Beyond any design aesthetics and good customer service you’ve built in, there are also some important guidelines to creating and maintaining a properly secure business website.
Stay Secure First, make sure your site itself, when built, is a secured one. This means your site’s address will have an https prefix instead of just HTTP, along with a small padlock icon. This adds a layer of encryption and makes it harder for hackers to break in.
Further layers of security, such as a web application firewall (WAF), will add to your protection. A “secure and verified” badge added to your site, when clicked on, will also provide full verification to visitors, including the date of the last security scan.
Keep It Up to Date Whether you build your site yourself or trust someone else to do it, keep your software updated. New exploits are found on a weekly basis, and you don’t want to become the latest victim of something like the 2017 WannaCry attack in which computers that hadn’t installed a basic security update was hijacked to attack hospitals, phone companies, and others in 150 nations.
Run a Tight Ship Change passwords often, and keep them strong. Hide and rename admin directories in your business website to thwart any hackers, as they invariably will go after files and folders with names such as “admin” and “login.”
Be Transparent Display your business’s privacy policies on your website, explaining what data is collected, how it is secured, and what is done in the event of a breach; update your policy as needed.
A STRONG DEFENSE IT security is best done in layers; the more there are, the harder it is to have unauthorized access. No matter the OS, no single silver bullet will keep you secure. So, what to do?
Turn on the firewall built into the OS. Inaccessible application port connections reduce security risk. Update software regularly, not just automatic updates, and keep antivirus software to protect your machine and data, including against malware.
Disable remote access if unneeded. Use 2FA and VPNs through a company firewall with support agreements (to add content filtering, remote access, constant updates, and malware protection).
Keep Wi-Fi separate and protected, and employ intrusion monitoring along with virtual LANs. Control with whom files are shared, consider security awareness training, and, last, keep all hardware in a secure room with restricted access.
Let’s say people are leaving bad reviews of your business on Yelp or Google. Instead of hiring services to try and “fix” your reputation, go online and answer questions and concerns. If a negative review on Yelp is followed by your side of the story and an offer to make things right, people tend to cut you some slack.
Real, useful content that shows your business in a positive light is often weighted more than complaints and slander by search engines. That said if you’re an executive who said something untoward on Twitter, for example, and the story is picked up by the press, you’re in for a few years of reputation building.
In this case, a reputation repair service might take some of the weight off of you. But there is no way to erase stuff from the internet: Work on new, relevant, accessible content that search engines will value more than the bad stuff.
LOSING IT BIG TIME
It’s hard to do a scientific ranking of corporate heists, partly because the information is rarely made public, and partly because it’s hard to attribute dollar values. That said, here are some major breaches.
ORGANIZED RETAIL CRIME
When people watch the news and see a breaking story announcing that say, fifty million peoples’ credit card data was stolen from Target or Home Depot, they sometimes wonder, “Just what the hell can you do with fifty million stolen credit card numbers?” The answer is simple: You can sell them to other criminals—in blocks of 1,000 card numbers at a time.
Criminal Coding Criminals can monetize stolen cards in any number of ways, but one popular method involves gangs of crooks who buy a bunch of stolen credit cards and a magnetic card encoder (similar to the kind used to make hotel room keys).
They pay people to obtain cards of all kinds with magnetic stripes: used gift cards, used hotel room keys, stolen credit cards —anything with a stripe. Then the perps re-encode them with the information from the stolen cards.
When they’re done at one mall, they drive to another. Soon, they have a truck full of swag. And at some point, the swag gets sold on eBay or other online outlets.
There’s big money to be made, and that’s one of the reasons banks and credit-card companies rolled out chip + PIN cards, designed to combat exactly this kind of point-of-sale scam. This development means that criminals will have to find some new way to rip of card-holders and businesses. I have faith in their ingenuity.
Encrypt, back up, and use strong passwords for data. Hire professionals to help set up systems.
Delete as much information as you can every week; you can’t lose data you don’t have.
Use a cloud-based service to back up your minimal set of business data.
Teach your employees the best security practices and policies.
Train any employee authorized to transfer money about inviolate procedures for wire transfers.
Employ two-factor authentication and do vulnerability and penetration tests regularly.
Take snapshots of all computers at least daily, if not more often, and store them encrypted in the cloud.
Have a plan in place in case any of your business- related devices are compromised, lost, or destroyed.
Run quarterly tabletop exercises to practice the plan and find problems with it.
Keep single-sign-on, forced-VPN, all-virtual desktops.
Run phishing awareness and other security programs like training for your staff.
Keep an incident-response company on retainer.
THE FUTURE OF MONEY
I used various apps on my mobile phone to pay for my transportation. Each of these apps had previously saved my payment details, so they automatically billed me in my native currency.
At one point, I actually needed cash for a purchase, but I just happened to have some U.S. dollars in my wallet, and the small-business merchant agreed to accept them. —Heather Vescent
In 2008, a pseudonymous developer operating under the name Satoshi Nakamoto released an open-source white paper describing a peer-to-peer method for creating a cryptocurrency called bitcoin.
In the beginning, the only attention it received was from a small group of crypto enthusiasts. Now, bitcoin has kicked off a currency revolution and re-envisioned money for the information age.
How Is Bitcoin Made? Unlike physical money, no one person or government owns the technology or concept behind bitcoin. New bitcoins are generated by people on the internet who competitively work to record and verify previous bitcoin transactions—starting from the very first transaction in 2009—in a process called mining.
Think of it as using your computer’s processing power to solve a complex puzzle. Whoever solves a step (or block) in the mining process is rewarded with a new amount of bitcoin.
Is Bitcoin Actually Money? The U.S. government sees bitcoin as a commodity rather than a currency, but many use it for transactions as if it were money.
Its value fluctuates, generally trending up as the number of new coins decreases, and acts like a stock at times, rising and falling based on perceived value. In 2009, the first bitcoin was valued at $0.07 USD, but it soared as high as $1,250 in 2017.
Will Bitcoin Replace Other Currency? Early on, many speculated that bitcoin could replace nation-state-backed money such as the U.S. dollar. Once it was released into the wild internet, it took on a life of its own and attracted a different set of users, forcing governments to react (with the U.S. government classifying it as a commodity, for example).
Nevertheless, it started a revolution—showing a viable new way of creating currency for the digital age.
Is Bitcoin Anonymous? One of the “features” of bitcoin is the ability to complete anonymous transactions. But this isn’t totally accurate.
Financial institutions require compliance with KYC (“know your customer”) regulation so if you buy bitcoins from an exchange where you have a connected financial institution, your wallet can be traced to your identity. However, there are ways to set up anonymous wallets. In either case, the transactions are recorded on the blockchain.
All bitcoin transactions that take place are recorded on the blockchain—a database that acts as a public ledger and helps to reinforce the cryptography behind the currency. Transactions are each recorded with a time stamp, the amount of transaction, the wallet address that sent the bitcoins, and the address that received it.
With cash transactions, no one knows the details of your actions. With bitcoin, a certain number of transactions are formalized into a “block.” When each new block is recorded on the previous block, the transaction data is set in stone and can’t be changed.
The blockchain is the ultimate tracking system—it’s decentralized, no one can manipulate it, and any information added to a blockchain is also permanently recorded. Because the blockchain records are set in stone, it reduces the bitcoin’s full anonymity.
Investing in Cryptocurrencies Those who are curious about bitcoin and other cryptocurrencies can acquire them in multiple ways. The original method is to join in the mining effort, which means using your own computer and a set of specialized software (and sometimes extra hardware) to work on the blockchain, and thus unlock the next set of bitcoins by solving it.
Don’t be surprised if it takes a while, though: Mining on your own is akin to playing the lottery, while mining in a group (or pool) means getting a return equal to the fraction of the pool’s computing power that you’ve put in. Multiple exchanges are online, and you can also purchase cryptocurrencies from other people.
No matter the method, you’ll have to use an address—a public string of numbers—to send or receive bitcoins, similar to the way that an email address handles messages.
A wallet is actually just a private string of code that corresponds to the address, and stores the cryptocurrency info, keeping the bitcoins safe and reached only to the person who has access to the wallet.
The wallet is not usually physical—although some people do indeed keep access to these digital wallets on a physical object, such as a USB stick, to reduce the risk of losing cryptocurrency in a hack.
For bitcoins or other cryptocurrencies to work in the market, they need a level of stability and buy-in. Here’s how that works.
Convenience or Anonymity? If you buy bitcoins from an online exchange, they will give you your own address and wallet. Once you have connected your bank account and once it’s been confirmed as yours, you can buy bitcoins from the exchange, storing them there on their in-house wallet, or you can export them to an outside address.
As an investment, bitcoin and all cryptocurrencies are high-risk. Bitcoins have been stolen, and legitimate exchanges have gone bankrupt and customers have lost their bitcoins.
In order to have a totally anonymous bitcoin wallet, you will have to resort to buying the bitcoins in person—yes, this means that you’ll have to physically hand someone cash.
They will then send bitcoins to your anonymous wallet. Since cash transactions are not tracked, you can have them transferred to a wallet that has no identity associated with it.
Bitcoin and Black Markets Up to this point we have discussed the legitimate uses for bitcoin. But plenty of people out there also utilize bitcoin for illicit transactions, money laundering, or moving money around in ways that can’t be easily tracked.
There are innumerable black markets, and the most popular and active ones are always changing as old ones are shut down and new ones pop up.
The first and most notorious online black market was called Silk Road, and it was started by the Dread Pirate Roberts in 2011. Functioning much like eBay, Silk Road offered illegal and prescription drugs, hacked data, fake IDs, and more.
Silk Road was shut down by the FBI in late 2013, and the Dread Pirate was unmasked as Ross William Ulbricht, who is now serving a lifetime prison sentence.
The Future of Cryptocurrency In all likelihood, bitcoin and other cryptocurrencies will stick around for some time to come. The way has been paved for modern digital currency experiments, putting pressure on the traditional financial transaction methods to reduce bank and transfer fees, while increasing transfer speeds.
Although we will see more characteristics of this technology as part of our existing currencies in the future, it won’t entirely replace the U.S. dollar for groceries and gas anytime soon.
Cryptocurrency values fluctuate too frequently, governments see them as commodities at best, and the technology will continue to be targeted for hacks.
YOU CAN LAUNDER MONEY WITH BITCOIN
TRUE When you use cash to buy bitcoins from someone in person, there is no trail. Bitcoin wallets are not required to have identifiable information.
An anonymous email address can be used to start a wallet, which can then hold bitcoins. If you end up with a large sum of bitcoins and want to cash out, you can find someone to exchange them.
The trick is to keep identity data away from these bitcoin wallets. Cash transactions aren’t recorded, so it makes using bitcoins to launder money appealing. There are also “tumblers,” programs or sites that mingle fractions of BTC in multiple transactions. After a time, the bitcoins come out clean—well, at least in theory.
MOBILE MINUTES AS MONEY
Currency is essentially a physical representation of value. Historically, gold and other precious metals and minerals have been used as a medium of exchange based on their rarity and perceived actual value. It makes sense that anything of mutual value between parties can be used as money.
Smartphones and Finances Anyone with a smartphone basically carries a tiny computer in their pocket and can connect to the global financial network.
Whether you are making a bank transfer, sending a PayPal payment, making a trade, buying a tomato at a farmers’ market, calling for rideshare, or paying with bitcoin through a QR code, today’s mobile phones are more sophisticated than the bank tellers of twenty years ago.
Credit Cards One of the money dreams of the future is the creation of a single global unified currency. We already have that today in a way, thanks to credit cards that are accepted almost everywhere and have excellent fraud protection.
But even with the best security system, sophisticated social hackers can successfully impersonate you despite the strictest precautions. Credit cards are never going away and are a de facto universal currency.
Blockchain Expansion While they may sometimes vary in perceived value between curiosity and commodity, cryptocurrencies aren’t going anywhere anytime soon—and neither is the blockchain.
In fact, the concept of the blockchain can be applied to other parts of the world’s economy, and not just for tracking of cryptocurrencies and the transactions they are used in.
As the transactions on a blockchain are set in stone once recorded, the technology could be used to create cheap, tamper-proof public registries of who owns various land or property, notarize documents without the need for a notary on-site, and even ensure the security and value of the stock market and other high-value trading systems and financial transactions.
In the end, the future of money must include more security and convenience while being easy to use. As technology continues to innovate, we will also have to keep up with bugs, flaws, and loopholes, fixing them as they arise.
KNOW YOUR CUSTOMER
Any financial institution out there has to have a degree of security, stability, and trustworthiness in order to operate, and that includes having stable customers.
Traditional banking regulations require banks to know their customers (called “KYC” in bank speak). To comply with these financing regulations, banks have to confirm the identities of all their account holders.
When you open some bitcoin wallets, especially any that are connected to traditional bank accounts, you may have to prove your identity. It’s not recommended to do illicit transactions or make black-market purchases with these accounts—unless you want to increase the chance of being busted.
However, there are other ways to acquire bitcoin that do keep the purchases anonymous and can also facilitate money laundering.
SMART MONEY, SMART THIEVES
You might think that increased surveillance and face-recognition software would help catch the guy who stole your wallet, especially with all the cameras out there. But the problem is accessing the data before it’s deleted and then taking action on it.
In the case of Quentin Hardy, whose wallet was stolen in San Francisco, the thief used his stolen credit card for Uber. The card was connected to an existing account, and since Uber keeps data on all its rides, it had info about the thief—including GPS data that might show where the thief lived.
The problem with this is getting the data, which often can only be legally released to the enforcement, and the infraction has to be big enough to warrant an investigation. Often, it is not. And even so, by the time the police get around to seeing the video footage, it may have already been deleted.
In the future, we won’t get to simply stash our cash in a safe or under a mattress. New forms of finance mean new protocols for keeping your money safe.
Keeping Online Integrity While many governments offer individual reimbursements from fraud, business accounts are not always guaranteed the same security, and online banking and fraud protection are not typically in the hands of the user.
Look for financial institutions that have good security—sometimes it’s hard to find out which ones have been hacked because no one wants to disclose that information.
Use robust passwords in online banking, change them often, and don’t reuse old passwords. Limit who you share banking authentication credentials to reduce the chance of unauthorized transfers or transactions.
Stay Secure with a Selfie Banks are motivated to use secure systems. Passwords can be difficult to enter on a mobile device, so banks have other secure authentication systems options: your fingerprint, a PIN, or facial (or even voice) recognition.
The secure selfie is even hacker proof—you must blink or make a facial gesture that you can’t duplicate with a photograph.
Be Safer with Biometrics Biometric verification has been thought of as the great fail-safe. The idea is that it’s near impossible to replicate someone’s fingerprint or iris or retina, although hackers (and Hollywood) have shown ways to duplicate a fingerprint. Unlike a password reset, it’s not that easy to get a new fingertip or eye.
Putting your money where your modem is opened you up to all kinds of new and exciting financial risks. Here are some methods of staying safer while spending online.
Monitor your accounts.
Set up alerts for your accounts and for purchases over a certain amount.
Use a strong password, and don’t use the same password for multiple accounts.
Use a stronger password for your financial accounts than anywhere else.
Use multifactor authentication.
Use credit cards that offer fraud protection and identity protection.
Monitor your credit score.
Use financial services that offer biometrics, or three- (or four-) factor authentication.
“Launder” your cryptocurrency by using services that obscure the source.
Use cryptocurrency like a one-time pad: buy the coin, launder it, make your purchase, and erase all records.
DEGREES OF DECEPTION
Fake college degrees are held by tens of thousands of deceptive doctors, lawyers, therapists, teachers, and others whom we count on to be well trained.
And that doesn’t include the thousands more noncriminal but naive degree holders who simply fell for a fast-talking salesperson who convinced them to lay down heaps of money for nothing more than a worthless piece of paper—one that may, in fact, be a lot worse than worthless.
A fake degree can be a career-ender if it should be exposed— and that’s to say nothing of the risk to others before the truth comes out.
3,300 Estimated number of fake or substandard universities worldwide
50,000 Number of fake PhDs bought each year in the United States (more than the 45,000 earned legitimately)
5,000 Number of fake medical doctors identified by a Congressional sub-committee
100,000 Estimated number of United States federal employees with fake degrees
$300,000,000 USD Value of worldwide sales of false degrees each year
$1 USD Lowest cost of a fake degree (excepting those thrown in as a bonus for larger orders)
0 Hours of study required for the average fake degree (if the check clears)
3 Number of James Bond movies students needed to watch to earn a degree from the late Eastern Caribbean University
BUYING FROM DIPLOMA MILLS
People purchase degrees for any number of reasons, but the following are the most common.
Employment Opportunities Many jobs will require that people in certain positions have a specific degree (or, sometimes, any degree), which can lead job hunters to fake it. Others believe that the esteem of an advanced degree will give them an advantage in the market.
One of the more frightening subsets of prestige, or being seen as an authority in a particular field, is the matter of expert witnesses in court cases. A lot of damage can be done—but the courts rarely seem to check the legitimacy of those witnesses.
The Case of the Fake Engineer One particular self-styled automotive engineer testified on the behalf of an auto manufacturer that the brakes on a vehicle involved in a fatal accident “could not have failed.” This man was later exposed on the witness stand as having bought his credentials from a notorious degree mill.
Not every nontraditional school out there is a bad one—some are just, well, not traditional. One thing to be aware of is that shady schools may well use the cover of one of these legitimate alternatives to disguise their own lack of a proper curriculum.
New Ideas Educational models change—not long ago the idea of earning a degree online was crazy. Now it’s standard. But beware of schools that claim that they are too innovative to be accredited.
Many totally legitimate and academically rigorous degree programs are offered online. So are a lot of worthless scams. Here’s how to tell the difference.
Check the school out in a reputable college directory.
Only deal with accredited universities—and don’t take it on faith that they’re accredited. Check.
If it sounds too good to be true, it probably is. If the only “work” required for your degree is giving them your credit card, be very skeptical.
Ask to speak with graduates of the program you’re interested in.
Ask if you can “audit” some online courses to assess the instruction and student engagement.
Scope it out on Google Earth.
Visit the school in person to check out their facilities.
If you can’t travel to the location, see if you can hire a local through TaskRabbit or Craigslist to play private detective and snap some images of the buildings and grounds.
SEX AND LOVE IN THE CYBER AGE
Almost from day one, the internet has helped those with lonely hearts (or other body parts) make connections with others, as well as providing a wealth of erotic entertainment to the home viewer who might never have ventured into a shady adult bookstore in real life.
As long as nothing illegal is taking place, and everyone involved is a consenting adult, you might ask what’s the problem? Unfortunately, there are still bad guys out there who are very much aware that we tend to act impulsively when we’re hot and bothered.
We might take more risks to get an immediate reward, such as clicking on a sexy link without thinking about the source. Sites promising illicit affairs and easy hookups could lead to personal data being compromised, and offers for easy money from online camming can prove to be a trap for the unwary.
From inadvertently downloading malware that cripples your computer along with those tempting sexy pictures, falling for a complicated cat phishing scam, or having those compromising pictures or videos used against you, a wide range of financial, technical, and emotional risks abound for an unwitting user. This blog will explore things to watch for and safety measures to take.
Have a Conversation Most online sites and dating apps work pretty much the same: you view potential dates’ pictures and profiles and then have a chance to message them.
If they find you equally interesting, a chat ensues. This is a great way to get a feel for who someone is. Be cautious about divulging personal information too soon, but do take the time to get acquainted, and pay attention to cues.
If someone pushes for your phone number, requests sexy pictures, or sends some to you unsolicited, these are major red flags. For better or worse, many potential dates will disqualify themselves early on through this sort of behavior.
Take It Offline Once you have a good feeling about a person you’re chatting with, you’ll probably want to suggest a meeting. It’s best to make that meetup a safe and low-key one, such as getting together for a cup of coffee during the daytime in a public location. This is another tip that will disqualify some unsavory types right away.
If the potential date comes up with excuses about why that’s impossible, they may be a scammer looking to steal from you once they’ve gotten your confidence, or they might be a jerk who won’t take “no” for an answer.
Broadly used to describe the practice of creating a false online profile to deceive people looking for genuine relationships, catfishing is sometimes done by bored trolls looking to mess with peoples’ minds.
In more malicious cases, the catfisher may request sexy photos or ask for cash (often a “loan” so that they have an excuse to meet the victim in person).
If you think you’re being led on—if those photos seem just a little too staged, or if your new friend won’t chat on the phone or meet in person—it may be catfishing. Many folks use stock photos or other peoples’ profile images.
Try dragging one of the pictures into Google image search and seeing what comes up. Your love interest may have also tried the same sweet words on other folks. Cut and paste a line or two from their come-ons, and see if anything shows up, perhaps in a post warning of this scammer.
Humans have been looking at sexy images for probably as long as we’ve been painting on cave walls. The availability of internet porn speaks to ancient desires—but with a whole host of modern considerations.
Certainly, not everyone views adult content on the internet, but many do, so without weighing in on the morality, here are some best practices and common concerns.
Financial Security Porn sites can’t use the same credit card systems that other sites use (because many banks deny merchant accounts to adult service providers), so they don’t have the same protections as other online retailers.
While there are some systems that are well known and secure, it’s recommended that you use anonymous prepaid credit cards for site access or purchases. Definitely, don’t use your regular debit or credit card.
It’s not uncommon for unscrupulous sites to add fraudulent charges on the assumption that consumers will be too embarrassed to complain to their bank if it means admitting what they’d been doing online. Don’t fall for this—customer service reps at your credit card company won’t mock you, and they’re familiar with these scams.
Malicious Invaders Anything you download could have malicious software. Use protective software, special browsers, or a virtual machine (or a combination of these factors) to keep the integrity of your software. In addition, avoid clicking on ads while browsing, as so-called “malvertising” can infect your computer with one click.
Data Mining Data is constantly being collected about your browsing behaviors, even if you’re using private browsing, and this data is then used to market to you.
Sometimes this “marketing” comes in the form of viruses packaged in a link that hackers have determined you might find hard to resist, given the kind of adult media you prefer to view.
And even cautious browsers can click impulsively if the promised images are intriguing enough. Again, protective software measures can help here, though they may not always reduce the data collection to zero entirely.
Normally your browser keeps track of information to make browsing the web easier: your browsing history, cookies for login credentials, and a cache of downloaded images.
When activating private browsing or incognito mode, these things are turned off. Dolphin is a Chrome extension that has an ad blocker incorporated and allows you to turn off all scripts, which protects you from self-executing malware.
The Firefox browser, meanwhile, offers the ability to install add-ons such as NoScript and Adblock Plus, as well as a private browsing mode, to reduce the chances of your computer being affected by scripts and malware as well.
This sort of software will ensure that your computer doesn’t retain your browsing history, but it doesn’t remove this information from the internet entirely. Your internet service provider and the sites can still monitor the traffic.
SECURE YOUR SELFIES
You might be wondering about your own personal flirty photos and whether you’re safe from having private images stolen or being surreptitiously spied upon.
Obviously, the simplest way to avoid either is to not take such images or share them, but if you do share sexy photos, be sure the recipients know what you expect of them in terms of respecting your privacy; don’t be afraid to ask for them to be deleted.
If you want to keep that data, consider storing it on a USB or other portable drive disconnected from any computer and the internet, with the images encrypted or otherwise secured.
As always, use strong passwords. And keep your webcam secured or cover up the lens with a sticker when you’re not using it. Also, avoid visiting any sketchy sites that might end up hijacking your webcam with malware.
One particularly disturbing result of the ease of taking and sharing of digital images is the rise of what’s commonly known as “revenge porn,” the public sharing of sexually graphic images without the consent of the subject, usually with the intent to harm.
The standard case involves vengeful ex-posting images that might have been taken consensually at a happier time but was never intended to be made public.
After a breakup, the ex-decides to try and hurt their former partner by publicly humiliating them or, even worse, opening them up to harassment, blackmail, or even attack.
Malicious culprits can also post images online, which means revealing personal information, such as someone’s name, address, or work details, which can bring cyberstalking offline and physical harassment to the victim.
According to the Cyber Civil Rights Initiative (CCRI), 45 percent of revenge porn victims are stalked and harassed online by people who have viewed these images, with 30 percent also stalked in person.
Some 77 percent of victims have faced social and occupational repercussions, and 48 percent say they have contemplated suicide. In the wake of suicides and lawsuits, 34 states have passed laws against revenge porn.
WHAT TO DO IF YOU ARE A VICTIM
Revenge porn is illegal, and if you are victimized, there are laws and nonprofits that can help. Many places have laws on the books, and cases have been successfully prosecuted.
Document the Violation For sites to remove images, you must have the original in order to prove you own the copyright. Document the usage. Don’t just save a link; take screenshots of the pages, especially if they are on 4chan, Reddit channels, or revenge-porn sites, or in Twitter direct messages. Be sure to include the URL bar or the name of the poster in the screenshot.
Identify the Perpetrator If you can identify the person who posted the information as the person you shared the image within the first place, you can likely press legal charges.
Remove the Images Many sites will remove the images through a Digital Millennium Copyright Act (DMCA) takedown if you can prove you own the copyright. Other sites explicitly extort money from victims to remove the images. Document all communications: Save emails, take screenshots of text messages, make notes of any phone calls.
If you own the image—for example, you were the one who took the picture—you own the copyright and can ask Google and other search engines to remove it from search results through a DCMA takedown notice. This won’t remove the image from the website where it is posted, but the image won’t show up in search results.
To begin the DMCA takedown process, you will need to submit a report to each search engine for each instance. This is why it is important to take screenshots. The search engine will require that you:
Give the URL of the website that is infringing on your copyright.
Prove you own the copyright by attaching the original image to identify the copyrighted work If you don’t have the original, you might not be able to prove you are the copyright owner.
Sign swore statements, and sign and date the submission.
Press Charges There are laws against revenge porn in thirty-four states as well as Washington, DC. Revenge porn laws fall under stalking and harassment, unlawful distribution of sexual images, disorderly conduct, violation, and invasion of privacy, nonconsensual pornography, and unlawful dissemination of sensitive images.
YOUR WEBCAM CAN BE HACKED
TRUE The good thing is that this is a bit complicated. Before hackers can take over your webcam, they have to convince you to install malware. How do they do that?
They could send you an email with a link to launch a script starting an installation process, or they can send the script hidden in a document, image, or video file.
Once the malware is installed on your computer, it takes some skill on the hacker’s part, but your cam can be compromised. How do you protect yourself from this scenario? Don’t open or download unusual documents from people you don’t know. Also, use a piece of tape or other webcam covering when it is not in use.
KEEPING YOUR MACHINE CLEAN
As with any online activity, use common sense when browsing sexy sites. Legit porn operators know their sites can be targeted for attacks and infiltrations, so they’re incentivized to catch problems fast in order for their customers to have a positive experience.
Research which is the safest porn sites online, and asks open-minded friends for recommendations. Here are some added levels of security you should employ.
Limit Your Devices Whatever device you use, be sure it’s secured. Update virus protection and run malware and spyware checks on a regular basis.
Clear your caches, too; your phone could be stolen, or your cloud account could be hacked, revealing your browser history, so delete images and clear your trash on a regular basis.
And consider keeping it to one device—some people choose to view porn only on certain devices to lower their risks. For example, only watch it on a computer with up-to-date security software.
Keep It out of the Office It should go without saying not to use work devices for porn or sexting, but news stories tell us that this advice hasn’t gotten through to everyone.
In fact, a recent UK study reported that 10 percent of office employees admitted to watching porn at work—and those are the ones who fessed up, so we can imagine the real numbers are much higher.
Depending on where you work, this can be a firing offense—and even if it’s not, you really don’t want to have that conversation with HR, especially if you’ve also infected your company’s network with malware.
Go Virtual A virtual machine is a separate environment that runs on top of your existing operating system. Running a virtual machine enables you to browse without putting your whole operating system at risk.
If you download malware or a virus, it infects the virtual machine, not your whole computer, and when you end the virtual session, everything in it disappears, including that infection.
Pay Safely Legitimate free porn sites do exist, many with limited material and incentives for membership. If you pay for content, be careful who you give your information to.
Some credit card companies will give you a virtual number; when used, it charges to your main account, but if stolen, it’s easy to turn it off without canceling the basic card. You can also use reloadable prepaid cards.
When looking for love on the internet, sending racy images to a special someone, or viewing racy images yourself, you’re vulnerable. Practice safe sexting!
Secure access to your devices (using PINs and lock codes) and use two-factor authentication.
Use different email addresses and anonymous accounts for dating or hookups. Never use your work email for anything dating-related.
Use a private SMS and voice call app to communicate with potential dates or hookups.
Watch free porn, or use prepaid credit cards and stop subscription payments after you cancel.
Use bitcoin for payment.
Hide your face and anything that would make you identifiable when taking sexy pictures.
Use secure apps only for sensitive messages and set a timed message delete.
Never send a photo or video that you wouldn’t want to have made public if it goes astray.
INTERNET VIGILANTES AND MOB RULES
The internet has decentralized everything, and harassment and mass protesting are no different. Online harassment can escalate to death or rape threats, prank calls to police departments, canceled speaking events, ruined careers—even driving some victims off the internet completely. Who are these trolls?
Some want to entertain themselves or get off on manipulation, but the majority are bored teenagers who have turned to the internet to create their own drama, to get back at their friends, or win one-upmanship points. Having said that, the same technology can also be used for positive ends—stopping animal abuse, shutting down spammers, and protesting unfair internet laws.
Technology brings out the best and the worst in humanity. Learn how to protect yourself when the worst of humanity unleashes itself on the internet.
MEET YOUR INNER TROLL
It used to be thought that mean people are born that way. But a new study from Stanford University suggests that, under the right conditions, anyone can be a troll.
The experiment exposed subjects to negative moods and/or comments and then asked participants to make their own comments.
Those exposed to either the negative mood or comments were more likely to post negative statements; subjects exposed to both negative mood and comments were even more likely.
Negative comments can have serious emotional power—causing a downward spiral, with users returning to defend their statements and dig in their heels deeper.
The negativity builds on itself and keeps growing. It’s true: Just like laughter, trolling is contagious. Next time you’re cranky and tempted to troll, pause, take a breath, then step away from the internet to cool off.
The word “troll” conjures up images of a monstrous figure lurking under a bridge, but its origins are a different beast altogether. The word comes from the verb “to troll,” which describes the fishing method of dragging a lure as bait. Internet trolls are similarly using “bait” when they post incendiary, hostile, and provocative information in order to lure others into having an argument with them.
Trolls love to provoke people to get a reaction, and they also enjoy keeping the game going as long as possible, indulging in all of the anger and frustration they evoke.
In internet-speak, lulz, derived from the slang term LOL (from “laugh out loud”), is laughter at the expense of others, a sort of modern schadenfreude. “Doing it for the lulz” means that trolls do what they do specifically so they can get an emotional rise out of their target.
Trolling, harassment, and bullying create emotional distress and can lead to offline violence and real-world crimes, such as stalking or swatting. Trolls pop up in video game chats, review sites, on forums (especially 4chan, 7chan, and Reddit), and social media sites, including Twitter and Facebook.
Trolls love all comment sections—in news stories and on YouTube, Tumblr, and even your blog if you’ve caught their attention. Companies have been trolled on Yelp, and individuals (including a White House spokesperson) have even been trolled on the payments platform Venmo. One thing is certain: Trolls are creative, and where they can troll, they will.
What They Do Online harassment includes sending nasty emails, sharing victims’ personal information online, and calling for violence against targets. Many women even receive death and rape threats.
Stay Clear Trolls have no rules and will contradict themselves. They aren’t logical, so don’t bother trying to reason with them. They start arguments, post negative and shocking comments, give wrong information, and get people riled up. They’re after angry reactions that keep the reprisals coming—they delight in creating chaos.
Trolls sometimes work together, posting targets in shared troll forums so that many of them go after the same target. These trolls get cred for participating in such ops.
GOOD TO KNOW
KNOW YOUR ENEMY Trolling takes a number of forms, including these common ones.
Dogpiling An internet cybermob descends on their target, trying to overwhelm, exhaust, and humiliate the victim.
Concern Trolling Someone gives “helpful” advice that’s actually meant to belittle and demean the target.
Gaslighting The act of manipulating victims to make them doubt their own perception, memory, and sanity. If an abuser says it’s not abuse, you are being gaslit.
As a way of discrediting targets, some trolls create fake social media accounts in their names and post provocative statements. Trolls might even take these false statements from the fake social media account and accuse the account holder of having made those statements.
Newbie Trolling There is always newcomers to online communities, and these folks can be taken advantage of by those sharing bad advice or giving misdirection.
RANDOM ACTS OF TROLLING
It’s theorized that the anonymity of the internet allows people to unleash their worst selves and hassle complete strangers. The facts as reported by victims of harassment online seem to bear this out.
KEEP CALM AND CLICK ON
Trolls poke at you in order to evoke an emotional reaction. The most important thing to remember is “don’t feed the troll.” Sure, it’s hard to control yourself when someone is pushing all your buttons, but that’s what the cyberbully is after.
Stop a moment, take your hands away from the keyboard, take a breath, and get up and go for a walk. If you don’t respond, the troll will get bored and go after an easier target.
Online communities have dealt with trolls from the beginning of the internet, and many have developed rules and software to keep trolls out. Soft banning is a technique that basically hides troll posts from everyone except the troll. If no one sees the post, it won’t get attention, so the troll gets bored and goes elsewhere.
You can’t predict whether you will be the target of online harassment. Women are typically harassed more than men, but anyone can be targeted for any reason, including political or religious beliefs. If you end up the victim of a troll or online harassment, here are some helpful responses.
Don’t Engage Do not respond or show emotion when provoked. If you show the slightest reaction, they will go in for the kill. They can be relentless, and sometimes when they don’t get a response, they will escalate further to provoke you into responding.
Document Everything Take screenshots of incendiary texts, tweets, and comments immediately, as they can be removed. Keep a harassment diary. If it’s too upsetting for you to do it yourself, have a friend take over for you.
Protect Yourself Use strong passwords, and turn on two-factor authentication to make it harder to hack your accounts. Remove your personal information from the internet to make it harder to be doxxed.
Take Legal Action Contact the appropriate authorities. Make the police the report, although officers may not be able to help much unless the harassment goes outside the internet.
Vent Safely Trolls delight in upsetting people on the internet; responding or complaining online reads them. Instead of venting online, talk to a friend or family member you trust about your frustration or anger.
Get some exercise, spend time with friends or loved ones, get out in nature, take care of yourself—eat well, drink water, and meditate to let the anger go. If it gets really stressful, seek the help of a professional.
Shut Them Out Unfriend, block, mute, and report trolls. Most systems have ways to block and report unsavory behavior—Twitter, YouTube, and Facebook, for example, all have block and reporting capabilities.
Give No Comment If you are posting an article or blog post that you think will be controversial, turn off comments. If a troll is responding to a blog post on your site or a Facebook post you started, you should feel free to turn off commenting midstream or to just delete the offending comment.
Disappear from Sight As a last-ditch option, consider creating a new identity for the forum or site on which you have been trolled.
And on some sites, your information comes up with a simple search. Recently passed laws, however, require these sites to remove you from their databases if you request to opt out.
Of course, there are companies, such as DeleteMe, looking to make a profit by doing this automatically for you. The reason you might want to remove your data from these databases is that this is where trolls get the information to doxx you and bring online harassment offline. Make it harder for trolls to find your information by removing as much of it as you can now.
MEET YOUR INNER TROLL
Everyone has a little bit of a dark side, and trolling can bring out the worst in our natures. Here are some of the personality factors that make a troll.
WHAT MAKES A TROLL? Just as there will always be some unpleasant or troublesome people in society, ultimately the same is true on the internet.
Trolling is unlikely to ever truly go away until humanity itself changes. A combination of distance, anonymity, and opportunity are a temptation that can sometimes bring out the worst in others, giving rise to their inner troll.
But there may be a higher predisposition in some people. Psychological studies on sociopathy and antisocial behavior have presented the concept of the dark triad, a combination of three personality characteristics, that when combined, paint a dark picture of a malevolent individual.
The nefarious traits that are referred to by the dark triad are Machiavellianism, narcissistic behavior, and psychopathy, which, when combined, create a personality that has low empathy, a thrill-seeking nature, enjoys manipulating other people, and is focused on ego gratification.
If you compare this to the activities of trolls—causing distress, doing it for the lulz, seeing victims as their source of entertainment, and “operations”—you can see how trolls fit this description. Given the opportunity, anyone has the potential to be a troll— but there are some people who may be born for it.
Remember the Good All this talk of trolls, vigilantes, 4chan, Anonymous, and Gamergate can, of course, paint a bleak picture that the internet is a foreboding place filled with potentially hostile figures waiting to bully or harass you for their own entertainment. But you should still keep in mind that there are also a lot of good people doing good things on the internet.
By taking measures to avoid becoming a victim of trolling—and not becoming a troll yourself—you can guarantee that there will always be more good people than bad on the internet.—Heather Vescent
Don’t let your internet experience be ruined by a bunch of creepy kids and sad puppies. Here’s how to avoid trolls or, if the worst happens, deal with them deftly.
Block, mute, hide and unsubscribe from troublemakers.
Stay away from the comments section below online articles.
Step away from social media if you start getting too worked up.
Don’t take even the worst attacks personally,
Lock down the privacy settings on all social media.
Use two-factor authentication for all accounts.
Ask site admins if comments are moderated and stay away from any sites where they’re not.
The only post under a pseudonym, don’t use your real name for any social media or forums.
Create an email account you only use for social media (or other high-risk functions, such as online dating or gaming). Make the name nothing like your own and don’t link it to anything else.
Document online harassment and take it to the police.
DOING TROLLING RIGHT
We can’t, in all good conscience, actually, tell you to go out there and troll others when you get bored. But we do know there are some people who can’t resist the urge. But you should really know what you’re getting into if you’re going to let your inner troll out. If you’re going to troll, do so with class.
Use wit and refined thought as much as possible to point out the issue you’ve taken exception to. Pick a proper target—this means, as they say in comedy circles, “punching up.”
Choose an organization that has been problematic or harmful to innocent victims rather than belittling someone smaller and weaker (“punching down”). And always, always, be prepared for the backlash. People out there will eventually decide they don’t like how you’ve expressed yourself. Hey, we never said trolling was easy.
SURVEILLANCE AND SECURITY
Snowden leaked as many as 1.7 documents on a wide range of NSA operations, far more than we could ever describe here. Just as a small sampling, here are 10 notable things we learned that the NSA did.
A former CIA employee, Edward Snowden rose to prominence in the public eye when, during his time as a contractor for the National Security Agency (NSA), he leaked over a million classified U.S. government documents to journalists.
In June 2013, the U.S. Department of Justice charged him with espionage and theft of government property. He subsequently fled to Russia, where he currently has been given asylum until 2020.
Snowden has claimed that he leaked the classified documents because he felt their contents were unconstitutional and that he had become disillusioned with his government.
The hardest thing to do on a network is classified data. Humans tend to overclassify data, and it’s particularly difficult to classify the information that is already on the network after it’s there (ex-post facto classification), as opposed to the classification of data that is being newly created.
As we said, Snowden was a systems administrator, so by the nature of his job, he would have had extensive access across the network; getting access to the data was fairly trivial for him at that point.
Getting the Goods The actual difficulty would have been getting the data out of the building. On TS/SCI systems, all removable media capabilities (like USB, CD, and DVD) are disabled, so there is no means for regular people to get information off the systems. There is an exception, though, for systems administrators.
Within a sysadmin shop, there are typically one or two systems that have the ability to write CDs or take a USB drive. Sometimes, there are completely legitimate reasons why one would have to transport data between non-networked systems.
For Snowden, the theft was not rocketed science but a matter of abusing his trusted position.
Two things could have been implemented but weren’t (and probably are now) to stop this: better internal data segmentation and two-person integrity controls (TPI) for systems administrators who want to use removable media—think of nuclear keys and you get the idea. It’s a pain in the ass and it’s inelegant, but it does work.
The fact is, getting that kind of access, despite how easy it may have looked, wasn’t easy. It may have taken him five minutes to steal the data, but it took him years to know which data to steal and to be placed in the position that enabled him to steal it.
It’s easy to look at the glamorous, freedom-loving aspect of whistleblowing without seeing the potential dark side or unintended consequences.
In addition to facts and figures, Snowden’s leaked documents also revealed the methods and capabilities of programs used by multiple governments to monitor covert communications on the internet—including methods to monitor those involved in child sex trafficking.
Once these programs were revealed, these kidnapping, slaving criminals changed their tactics, forcing international law enforcement to find new ways to intercept and decode these transmissions. On that basis, forgive me if I don’t refer to Snowden as a hero.