cyber-security – a parental responsibility
TRANSCRIPT
Cyber-Security – A Parental Responsibility
J-F Sauriol, SecurityJF Inc.
Cyber Security Expert © 2017 - SecurityJF Inc.
JL Couroux
March 2017
Good Day
• J-F Sauriol • Canadian Forces, Foreign Affairs, Treasury Board • SecurityJF, President and Chief Security Advisor • Information Security consultant for over 25 years
• Experience – Over 400 Workshops for parents and kids (3rd to 12th gr) in last 6 yrs
• Cyber-Security: a Parental Responsibility • Cyber-Bullying in our Techno-kids Lives • Being a Parent in the Era of Social Media
– Invited speaker at Cyber-Security and Cyber-Bullying Conferences
• Small Survey – Number & age of kids? – Are you « techies »? – Number of computers at home? – Types of Smart Phone? – External Backup disk? – Wireless network at home? Protected?
2
Our Time Together
3
• Security 101 – Main Threats
– Essential safeguards at home
• Risk for our Kids
• Guided tour of some essential websites
• Tips: – What to do?
– What not to do?
• Resource websites
Internet – Really Cool … BUT!
4
Almost infinite number of amazing resources
With the arrival of home high-speed Internet, we see an explosion of corporate and personal attacks
Since 9 or 10 years, attacks are aimed at relieving you of your money! Sophos Threat Report and 10 predictions
» https://blogs.sophos.com/2015/12/11/our-cybersecurity-predictions-for-2016/
• Symantec Threat report 2015 » http://www.symantec.com/fr/ca/security_response/publications/threatreport.jsp?inid=ca_ghp_hero1_istr-20
• Predictions for 2016 - Trend Micro » http://www.trendmicro.fr/renseignements-securite/recherche/previsions-de-securite-2016/index.html
Hackers now target applications instead of the OS (Windows) According to the RCMP http://www.rcmp-grc.gc.ca/pubs/cc-report-rapport-cc-eng.htm
Technologies: Targets or instruments Evolution of cybercrime threats
Darknets
CaaS Model (cybercrime-as-a-service)
Malware targeting mobile platforms
Virtual currency schemes
Cyber-facilitated stock market manipulation
Cybercrime threats to industrial control systems
Top 10 Cyber Crime Prevention Tips http://www.rcmp-grc.gc.ca/tops-opst/tc-ct/cyber-tips-conseils-eng.htm 4
Phishing study finds major brands heavily targeted, niche sites also at risk
More iCloud phishing: don't get sucked in
The Internet Jungle
• Phishing – Spear Phishing – Whaling
• Botnets • Scripts
– Javascripts, ActiveX, …
• « Zero-day » Exploits
• « Drive-by » Infections – Parents surfing the web – Kids surfing the web!
• Exploit kits – Blackhole, MetaSploit, SweetOrange, Cool, …
5 Java flaws already included in Blackhole exploit kit
Malware injected into legitimate JavaScript code on legitimate websites
Invisible iFrame drive-by malware attacks explained
Microsoft warns Windows users of zero-day danger from booby trapped image files
Microsoft IE zero-day in the wild!
TeslaCrypt ransomware attacks gamers - "all your files are belong to us!"
Europol takedown of Ramnit botnet frees 3.2 million PCs from cybercriminals' grasp
Bamital botnet dismantled by Microsoft
• Ransomware
16-year-old Canadian boy arrested for over 30 swattings, bomb threats
Cloned Facebook accounts hit up friends with spam and money requests
Our Kids on the Internet
• Facebook (Instagram, Snapchat, …) – Trolls – Pedophiles – Blackmail – Swatting
• Twitter, Torrent – Child Pornography
• Webcam – Remote Access Trojans [RAT] – Blackshades, Darkcomet
• Cell/Smartphones – Cameras - GeoTags – iPhone vs Android
Hacker blackmailed 350 women into stripping on their webcams, FBI says
Pornographie juvénile sur Twitter
10 tips help you think before you act
Miss Teen USA 2013 says sextortionist hacked webcam to snap bedroom photos
Justin Bieber imposter jailed after tricking children into stripping in front of webcam
Party advertised on Facebook leads to 600 gatecrashers and one very trashed home
Snapchat images that have "disappeared forever" stay right on your phone...
Accused in Scotty Toppers sextortion‘ case faces 30 charges
Privacy group wants to shut down "eavesdropping" Barbie
Google's new 'My Account' lets you tweak privacy and security settings
Facebook publishes new security settings guide
Kid spends $5900 playing Jurassic World on Dad’s iPad
Sexting teens banned from using their phones for a year
• In-Game purchases
Android – Full of Holes!!
7
History of Android Vulnerabilities
http://bitzermobile.com/blog-android-vulnerabilities/
Android Vulnerabilities Per Year
Android Versions : Wiki
Smartphone PINs skimmed with microphone and camera
http://www.xray.io/
How to Protect Yourself?
Step 1 – Scan
Step 2 – Install a protection suite - NOW!
Threat Report H1 2013
New Android Trojan downloaded from Google Play by millions
Android users may have to wait years before getting patches from vendor!
The “Stagefright” hole in Android – what you need to know
Essential Safeguards at Home
9
1. Install a firewall/router • Buy a new router if older than 2 yrs old
• Choose 192.168.x.1 (where x=100 [not 0 (zero) or 1])
• If you use the wireless networking – enable encryption
How To - Secure Wireless Router Set Up
http://isc.sans.edu/survivaltime.html http://isc.sans.edu/countryreport.html#worldmap
Anatomy of an exploit - Linksys router
Essential Safeguards at Home
10
5. Save attachments in emails before opening them (automatic anti-virus check). Never follow a link in an email (instead copy the hyperlink into a new browser page to see if the link is good)
2. Use a “standard user” account instead of an “administrator” account
3. Regularly update your OS (windows update) and applications (iTunes, firefox, etc.)
4. Purchase a good anti-virus software suite with a firewall and preventing malicious scripts
Microsoft readies monster-sized security patch for Windows users
Fake anti-virus
Data-stealing malware targets Mac users
11
Essential Safeguards at Home
6. Choose Firefox with the “No-Script” add-on to prevent the automatic execution of scripts from each visited page.
8. Choose strong passwords • Cat48dog not very strong at all!
• ILTFBIHTWFAL
• On the Web: ILTBTfacebookAOBYBB, ILTBTgmailAOBYBB, etc or use KeyPass
Firefox hit by critical zero-day vulnerability – Use NoScript
7. Uninstall or Deactivate Java • Java is different from Javascript
• Java is the primary source of “drive-by attacks”
http://keypass.info
How to choose a strong password
Facebook locks users in a closet for using same passwords/emails on Adobe
Check that Java is turned off in your browser
12
9. Enable Anti-Tracking Protection AND gain 40% browser speed!!!
10. Back-up your important files to an external hard drive to prevent loosing pictures and financial information AND unplug it after
11. Be careful when shopping online. If the session is not secure – NO PURCHASE! And provide only the minimum info required. If they don’t need your name , stay anonymous!
12. Never access a bank account or financial service (paypal, etc) when connected to a public wifi (Starbucks, Tim Hortons, etc). Use your cellular data service instead.
Essential Safeguards at Home
http://lifehacker.com/turn-on-tracking-protection-in-firefox-to-make-pages-lo-1706946166
http://windows.microsoft.com/en-CA/internet-explorer/use-tracking-protection#ie=ie-11
Essential Safeguards at Home
13
13. Protect your RFID credit cards with a metallic card holder.
14. Obtain an Identity theft protection from your home insurance provider.
15. Activate Login Verification (2FA) for each of your on-line accounts
16. Before a job search or a university application, clean up your social media contributions
Top 10 Ways to Clean up Your Social Media Profile for a Job Hunt
Risks to our Children
14
• Risks associated to persons • On the Internet, and more particularly in chat rooms,
Instagram and other social networks, nothing is easier than to pretend to be someone else. Some people take advantage of the relative anonymity offered by the Net to lie about their age, sex, occupation and... intentions. For instance, sexual predators and pedophiles regularly participate in chat room discussions to find their victims. Ripoff artists are also very common.
• Risks associated to obscene or inappropriate material
• Protecting your children is of the utmost importance. Active protection is essential.
Hentai – Child Pornography
pedophiles on life virtual prog
Sting nets Canadians willing to pay for web sex with 'virtual' 10-year-old girl
Signs a child is being blackmailed
Stalking Amanda Todd : The Man in the Shadows
Cyberbullying is worse than face-to-face bullying, teens say
Sextortionist arrested in Texas – Here’s how to protect yourself
Belonging - Maslow
• Maslow (1908-1970) – Physiological and security needs
are fundamental
• In 2010, Kenrick & al., show that needs can in fact be less rigidly arranged depending on age and personal situations
“ … human beings are exquisitely sensitive to cues of social rejection, and they respond to such cues using some of the same neural circuits used to register physical pain.”
– Then for a teenager (11-16 yrs) belonging to a group may become so important that it can trump their physiological and security needs:
• Street gangs, ISIS • Bullying behaviour that seems to be completely contrary to their
established personality so as to get to « belong to the group »!
Kenrick, D.T., Griskevicious, V., Neuberg, S.L., & Schaller, M. (2010). Renovating the pyramid of needs; contemporary extension built upon ancient foundations. Perspectives of Psychological Science, 5(3), 292-314.
Asking for help on Social Media
• Some youths have more social difficulty than others • Asking for help or sharing your inner turmoil is considerably easier to
do on social medias than in front of a therapist • Many youths who share intimate feelings or mental health issues get
bullied and harassed by anonymous people on sites like Yik Yak, Ask.fm, Facebook, etc.
• The theory of the “spectator” indicates that when the audience (online especially) is large, a spectator has a greatly reduced response impulse and even more so when the person is not a best friend
• Therefore, the desire to get help can in fact turn against the youth who shares online:
To a person in crisis, not getting a response may be “almost worse than getting a negative response,” because it seems like “nobody is listening and nobody cares.”
Egan, Koff, Moreno (2013). College Students’ Response to Mental Health Status Updates on Facebook, Issues on Mental Health Nursing, vol. 34(1), 46-51.
Attention!!
• Not all kids will live turmoil through their social media experience. • A large majority of youth will evolve very well (with appropriate
parental limits) – For them, information sessions and guides to provide necessary
learnings (learning powerpoint is not enough though) are sufficient to get them to grow their online critical thinking abilities
• However, certain youth will experience varying degrees of social rejection and mental health issues – These kids are more vulnerable in face of social traps, sextrosion,
pedophiles or hackers – And these same kids will take more risks to « belong » (accepting
anyone as friends online, sharing their webcam, giving-in to inappropriate demands or threats, etc.)
– It is these kids, their parents and teachers who need to be identified, supervised and protected
19
http://www.webaverti.ca/english/default.html
http://mediasmarts.ca/sites/default/files/tutorials/parenting-digital-generation/index.html
• http://mediasmarts.ca/
The Child-Parent Relationship
20
• http://www.priv.gc.ca/youth-jeunes/index_e.asp
http://www.priv.gc.ca/youth-jeunes/fs-fi/res/gn_index_e.asp
http://www.priv.gc.ca/youth-jeunes/t-v/videos/rep_e.asp
Basic tips for kids
Other sites
21
Internet Security http://www.rcmp-grc.gc.ca/is-si/index-eng.htm
http://www.rcmp-grc.gc.ca/qc/pub/cybercrime/cybercrime-eng.htm#4
Cyber Security Tips http://www.rcmp-grc.gc.ca/tops-opst/tc-ct/cyber-tips-conseils-eng.htm
http://deal.org/the-knowzone/internet-safety/
http://www.cyberaide.ca/app/en/home
http://mobility.protectchildren.ca/app/en/home
http://www.needhelpnow.ca/app/en/
Hundreds arrested in international child porn investigation led by Toronto Police
Counter Cyber-Bullying
OnlineFamily.Norton.com
22
Allows you to manage/monitor your kids Internet activities Very small agent installed on each computer
Configure the access rules for each child
Allows to tighten or relax controls for each child independently
Receive alerts for specific events
Allows monitoring of MSN, Skype, Facebook, etc.
ReturNil
23
http://www.returnilvirtualsystem.com/
Combines virus protection with powerful system restore feature Enter seamless virtual environment and do “whatever” to your PC.
Test new products, browse dark corners of the Internet with no harm.
Restart your PC and "pooof", all the bad stuff including any malicious files are gone. Your PC stays nice and clean.
If all fails and your system is still giving you trouble, just choose a point in time to restore your system to and enjoy a virus free PC ($39.99) .
PixelGarde
24
http://pixelgarde.com/
Examine, modify or eliminate GeoTags (or other personal details) from your pictures without changing the pictures themselves! Share your pictures without divulging where they were taken!
Eliminate the purchase requests and the pixelgarde logo by buying the tool ($9.99)
iPod, iPhone, iPad
25
Allows the monitoring/control of your kids Internet activities Each visited site is logged on your web account. Simply
consult the logs where and when you want
Allows the management of filters for each user as well as the usage timeslot
Allows remote de-activation of the device and the remote management of the device’s filters
Recommanded by
25 Child-proofing your iPad/iPad mini/iPhone
How to Set Up iPad Parental Controls and Content Filtering
Sandbox Web Browser
http://www.mobicip.com
Mobicip Safe Browser With Parental Control
iPod, iPhone, iPad
26
Allows the control of usage time for each device Protected by a 4 digit code known only by parents
Deactivates the device when the time limit is reached
Can be deactivated by a parent by entering the code
TimeLock
http://itunes.apple.com/ca/app/timelock-time-limit-for-parents/id440218332?mt=8
$1.19 US
Merci - Thank you!
27
• Protect your home environment – Unfortunately, there are people on the Web who definitely want to
enter your environment and steal your money – or put your kids in severe danger
– Implement the 16 steps protection recommendations
– Trust your instinct • If it’s too good to be true – IT IS!!
• If you are not sure about a link or an attachment – Turn on Returnil or call the sender and ask if he/she really did send you this email
– Ask permission from everyone on a picture you want to post before posting (you never know what people find embarrassing)
– Protect your mobile devices • Install the SOPHOS protection suite on ALL your Android devices
• don’t keep sensitive details on your mobile device unless necessary.
References
• References – Young Canadians in a Wired World, Phase III, MediaSmarts © 2014
– Canadian Center for Child Protection
– Psychology Today, Father Absence, Father Deficit, Father Hunger, May 2012
– GlobalPost, The Effects of Parents Being Absent From the Home
– Brené Brown, Shame vs. Guilt, Jan 2013
– Egan, Koff, Moreno (2013). College Students’ Response to Mental Health Status Updates on Facebook, Issues on Mental Health Nursing, vol. 34(1), 46-51.
– American Academy of Pediatrics (AAP), “Children, Adolescents and the Media,” released Oct. 28, 2013 at the AAP National Conference & Exhibition in Orlando.
– Cyberbullying Hurts: Respect for Rights in the Digital Age, Standing Senate Committee on Human Rights, dec. 2012
• Forum sur l’intimidation : Fini le silence, Ginette Gratton - Rogers TV, 10 Mai 2012
• 250+ youth workshops (3rd à 12th grades)
• 200+ parent and teacher workshops
• Countless statements by parents, teachers and youth
29