Cyber-Security – A Parental Responsibility

J-F Sauriol, SecurityJF Inc.

Cyber Security Expert © 2017 - SecurityJF Inc.

JL Couroux

March 2017

Good Day

• J-F Sauriol • Canadian Forces, Foreign Affairs, Treasury Board • SecurityJF, President and Chief Security Advisor • Information Security consultant for over 25 years

• Experience – Over 400 Workshops for parents and kids (3rd to 12th gr) in last 6 yrs

• Cyber-Security: a Parental Responsibility • Cyber-Bullying in our Techno-kids Lives • Being a Parent in the Era of Social Media

– Invited speaker at Cyber-Security and Cyber-Bullying Conferences

• Small Survey – Number & age of kids? – Are you « techies »? – Number of computers at home? – Types of Smart Phone? – External Backup disk? – Wireless network at home? Protected?

2

Our Time Together

3

• Security 101 – Main Threats

– Essential safeguards at home

• Risk for our Kids

• Guided tour of some essential websites

• Tips: – What to do?

– What not to do?

• Resource websites

Internet – Really Cool … BUT!

4

Almost infinite number of amazing resources

With the arrival of home high-speed Internet, we see an explosion of corporate and personal attacks

Since 9 or 10 years, attacks are aimed at relieving you of your money! Sophos Threat Report and 10 predictions

» https://blogs.sophos.com/2015/12/11/our-cybersecurity-predictions-for-2016/

• Symantec Threat report 2015 » http://www.symantec.com/fr/ca/security_response/publications/threatreport.jsp?inid=ca_ghp_hero1_istr-20

• Predictions for 2016 - Trend Micro » http://www.trendmicro.fr/renseignements-securite/recherche/previsions-de-securite-2016/index.html

Hackers now target applications instead of the OS (Windows) According to the RCMP http://www.rcmp-grc.gc.ca/pubs/cc-report-rapport-cc-eng.htm

Technologies: Targets or instruments Evolution of cybercrime threats

Darknets

CaaS Model (cybercrime-as-a-service)

Malware targeting mobile platforms

Virtual currency schemes

Cyber-facilitated stock market manipulation

Cybercrime threats to industrial control systems

Top 10 Cyber Crime Prevention Tips http://www.rcmp-grc.gc.ca/tops-opst/tc-ct/cyber-tips-conseils-eng.htm 4

Phishing study finds major brands heavily targeted, niche sites also at risk

More iCloud phishing: don't get sucked in

The Internet Jungle

• Phishing – Spear Phishing – Whaling

• Botnets • Scripts

– Javascripts, ActiveX, …

• « Zero-day » Exploits

• « Drive-by » Infections – Parents surfing the web – Kids surfing the web!

• Exploit kits – Blackhole, MetaSploit, SweetOrange, Cool, …

5 Java flaws already included in Blackhole exploit kit

Malware injected into legitimate JavaScript code on legitimate websites

Invisible iFrame drive-by malware attacks explained

Microsoft warns Windows users of zero-day danger from booby trapped image files

Microsoft IE zero-day in the wild!

TeslaCrypt ransomware attacks gamers - "all your files are belong to us!"

Europol takedown of Ramnit botnet frees 3.2 million PCs from cybercriminals' grasp

Bamital botnet dismantled by Microsoft

• Ransomware

16-year-old Canadian boy arrested for over 30 swattings, bomb threats

Cloned Facebook accounts hit up friends with spam and money requests

Our Kids on the Internet

• Facebook (Instagram, Snapchat, …) – Trolls – Pedophiles – Blackmail – Swatting

• Twitter, Torrent – Child Pornography

• Webcam – Remote Access Trojans [RAT] – Blackshades, Darkcomet

• Cell/Smartphones – Cameras - GeoTags – iPhone vs Android

Hacker blackmailed 350 women into stripping on their webcams, FBI says

Pornographie juvénile sur Twitter

10 tips help you think before you act

Miss Teen USA 2013 says sextortionist hacked webcam to snap bedroom photos

Justin Bieber imposter jailed after tricking children into stripping in front of webcam

Party advertised on Facebook leads to 600 gatecrashers and one very trashed home

Snapchat images that have "disappeared forever" stay right on your phone...

Accused in Scotty Toppers sextortion‘ case faces 30 charges

Privacy group wants to shut down "eavesdropping" Barbie

Google's new 'My Account' lets you tweak privacy and security settings

Facebook publishes new security settings guide

Kid spends $5900 playing Jurassic World on Dad’s iPad

Sexting teens banned from using their phones for a year

• In-Game purchases

Android – Full of Holes!!

7

History of Android Vulnerabilities

http://bitzermobile.com/blog-android-vulnerabilities/

Android Vulnerabilities Per Year

Android Versions : Wiki

Smartphone PINs skimmed with microphone and camera

http://www.xray.io/

How to Protect Yourself?

Step 1 – Scan

Step 2 – Install a protection suite - NOW!

Threat Report H1 2013

New Android Trojan downloaded from Google Play by millions

Android users may have to wait years before getting patches from vendor!

The “Stagefright” hole in Android – what you need to know

8

15 Protection Measures

for the Home

Essential Safeguards at Home

9

1. Install a firewall/router • Buy a new router if older than 2 yrs old

• Choose 192.168.x.1 (where x=100 [not 0 (zero) or 1])

• If you use the wireless networking – enable encryption

How To - Secure Wireless Router Set Up

http://isc.sans.edu/survivaltime.html http://isc.sans.edu/countryreport.html#worldmap

Anatomy of an exploit - Linksys router

Essential Safeguards at Home

10

5. Save attachments in emails before opening them (automatic anti-virus check). Never follow a link in an email (instead copy the hyperlink into a new browser page to see if the link is good)

2. Use a “standard user” account instead of an “administrator” account

3. Regularly update your OS (windows update) and applications (iTunes, firefox, etc.)

4. Purchase a good anti-virus software suite with a firewall and preventing malicious scripts

Microsoft readies monster-sized security patch for Windows users

Fake anti-virus

Data-stealing malware targets Mac users

11

Essential Safeguards at Home

6. Choose Firefox with the “No-Script” add-on to prevent the automatic execution of scripts from each visited page.

8. Choose strong passwords • Cat48dog not very strong at all!

• ILTFBIHTWFAL

• On the Web: ILTBTfacebookAOBYBB, ILTBTgmailAOBYBB, etc or use KeyPass

Firefox hit by critical zero-day vulnerability – Use NoScript

7. Uninstall or Deactivate Java • Java is different from Javascript

• Java is the primary source of “drive-by attacks”

http://keypass.info

How to choose a strong password

Facebook locks users in a closet for using same passwords/emails on Adobe

Check that Java is turned off in your browser

12

9. Enable Anti-Tracking Protection AND gain 40% browser speed!!!

10. Back-up your important files to an external hard drive to prevent loosing pictures and financial information AND unplug it after

11. Be careful when shopping online. If the session is not secure – NO PURCHASE! And provide only the minimum info required. If they don’t need your name , stay anonymous!

12. Never access a bank account or financial service (paypal, etc) when connected to a public wifi (Starbucks, Tim Hortons, etc). Use your cellular data service instead.

Essential Safeguards at Home

http://lifehacker.com/turn-on-tracking-protection-in-firefox-to-make-pages-lo-1706946166

http://windows.microsoft.com/en-CA/internet-explorer/use-tracking-protection#ie=ie-11

Essential Safeguards at Home

13

13. Protect your RFID credit cards with a metallic card holder.

14. Obtain an Identity theft protection from your home insurance provider.

15. Activate Login Verification (2FA) for each of your on-line accounts

16. Before a job search or a university application, clean up your social media contributions

Top 10 Ways to Clean up Your Social Media Profile for a Job Hunt

Risks to our Children

14

• Risks associated to persons • On the Internet, and more particularly in chat rooms,

Instagram and other social networks, nothing is easier than to pretend to be someone else. Some people take advantage of the relative anonymity offered by the Net to lie about their age, sex, occupation and... intentions. For instance, sexual predators and pedophiles regularly participate in chat room discussions to find their victims. Ripoff artists are also very common.

• Risks associated to obscene or inappropriate material

• Protecting your children is of the utmost importance. Active protection is essential.

Hentai – Child Pornography

pedophiles on life virtual prog

Sting nets Canadians willing to pay for web sex with 'virtual' 10-year-old girl

Signs a child is being blackmailed

Stalking Amanda Todd : The Man in the Shadows

Cyberbullying is worse than face-to-face bullying, teens say

Sextortionist arrested in Texas – Here’s how to protect yourself

Belonging - Maslow

• Maslow (1908-1970) – Physiological and security needs

are fundamental

• In 2010, Kenrick & al., show that needs can in fact be less rigidly arranged depending on age and personal situations

“ … human beings are exquisitely sensitive to cues of social rejection, and they respond to such cues using some of the same neural circuits used to register physical pain.”

– Then for a teenager (11-16 yrs) belonging to a group may become so important that it can trump their physiological and security needs:

• Street gangs, ISIS • Bullying behaviour that seems to be completely contrary to their

established personality so as to get to « belong to the group »!

Kenrick, D.T., Griskevicious, V., Neuberg, S.L., & Schaller, M. (2010). Renovating the pyramid of needs; contemporary extension built upon ancient foundations. Perspectives of Psychological Science, 5(3), 292-314.

Asking for help on Social Media

• Some youths have more social difficulty than others • Asking for help or sharing your inner turmoil is considerably easier to

do on social medias than in front of a therapist • Many youths who share intimate feelings or mental health issues get

bullied and harassed by anonymous people on sites like Yik Yak, Ask.fm, Facebook, etc.

• The theory of the “spectator” indicates that when the audience (online especially) is large, a spectator has a greatly reduced response impulse and even more so when the person is not a best friend

• Therefore, the desire to get help can in fact turn against the youth who shares online:

To a person in crisis, not getting a response may be “almost worse than getting a negative response,” because it seems like “nobody is listening and nobody cares.”

Egan, Koff, Moreno (2013). College Students’ Response to Mental Health Status Updates on Facebook, Issues on Mental Health Nursing, vol. 34(1), 46-51.

Attention!!

• Not all kids will live turmoil through their social media experience. • A large majority of youth will evolve very well (with appropriate

parental limits) – For them, information sessions and guides to provide necessary

learnings (learning powerpoint is not enough though) are sufficient to get them to grow their online critical thinking abilities

• However, certain youth will experience varying degrees of social rejection and mental health issues – These kids are more vulnerable in face of social traps, sextrosion,

pedophiles or hackers – And these same kids will take more risks to « belong » (accepting

anyone as friends online, sharing their webcam, giving-in to inappropriate demands or threats, etc.)

– It is these kids, their parents and teachers who need to be identified, supervised and protected

Let’s visit a few good Websites

18

19

http://www.webaverti.ca/english/default.html

http://mediasmarts.ca/sites/default/files/tutorials/parenting-digital-generation/index.html

• http://mediasmarts.ca/

The Child-Parent Relationship

20

• http://www.priv.gc.ca/youth-jeunes/index_e.asp

http://www.priv.gc.ca/youth-jeunes/fs-fi/res/gn_index_e.asp

http://www.priv.gc.ca/youth-jeunes/t-v/videos/rep_e.asp

Basic tips for kids

Other sites

21

Internet Security http://www.rcmp-grc.gc.ca/is-si/index-eng.htm

http://www.rcmp-grc.gc.ca/qc/pub/cybercrime/cybercrime-eng.htm#4

Cyber Security Tips http://www.rcmp-grc.gc.ca/tops-opst/tc-ct/cyber-tips-conseils-eng.htm

http://deal.org/the-knowzone/internet-safety/

http://www.cyberaide.ca/app/en/home

http://mobility.protectchildren.ca/app/en/home

http://www.needhelpnow.ca/app/en/

Hundreds arrested in international child porn investigation led by Toronto Police

Counter Cyber-Bullying

OnlineFamily.Norton.com

22

Allows you to manage/monitor your kids Internet activities Very small agent installed on each computer

Configure the access rules for each child

Allows to tighten or relax controls for each child independently

Receive alerts for specific events

Allows monitoring of MSN, Skype, Facebook, etc.

ReturNil

23

http://www.returnilvirtualsystem.com/

Combines virus protection with powerful system restore feature Enter seamless virtual environment and do “whatever” to your PC.

Test new products, browse dark corners of the Internet with no harm.

Restart your PC and "pooof", all the bad stuff including any malicious files are gone. Your PC stays nice and clean.

If all fails and your system is still giving you trouble, just choose a point in time to restore your system to and enjoy a virus free PC ($39.99) .

PixelGarde

24

http://pixelgarde.com/

Examine, modify or eliminate GeoTags (or other personal details) from your pictures without changing the pictures themselves! Share your pictures without divulging where they were taken!

Eliminate the purchase requests and the pixelgarde logo by buying the tool ($9.99)

iPod, iPhone, iPad

25

Allows the monitoring/control of your kids Internet activities Each visited site is logged on your web account. Simply

consult the logs where and when you want

Allows the management of filters for each user as well as the usage timeslot

Allows remote de-activation of the device and the remote management of the device’s filters

Recommanded by

25 Child-proofing your iPad/iPad mini/iPhone

How to Set Up iPad Parental Controls and Content Filtering

Sandbox Web Browser

http://www.mobicip.com

Mobicip Safe Browser With Parental Control

iPod, iPhone, iPad

26

Allows the control of usage time for each device Protected by a 4 digit code known only by parents

Deactivates the device when the time limit is reached

Can be deactivated by a parent by entering the code

TimeLock

http://itunes.apple.com/ca/app/timelock-time-limit-for-parents/id440218332?mt=8

$1.19 US

Merci - Thank you!

27

• Protect your home environment – Unfortunately, there are people on the Web who definitely want to

enter your environment and steal your money – or put your kids in severe danger

– Implement the 16 steps protection recommendations

– Trust your instinct • If it’s too good to be true – IT IS!!

• If you are not sure about a link or an attachment – Turn on Returnil or call the sender and ask if he/she really did send you this email

– Ask permission from everyone on a picture you want to post before posting (you never know what people find embarrassing)

– Protect your mobile devices • Install the SOPHOS protection suite on ALL your Android devices

• don’t keep sensitive details on your mobile device unless necessary.

28

Bonne journée

-

Good day

J-F Sauriol, SecurityJF

JF«at»SecurityJF.com

References

• References – Young Canadians in a Wired World, Phase III, MediaSmarts © 2014

– Canadian Center for Child Protection

– Psychology Today, Father Absence, Father Deficit, Father Hunger, May 2012

– GlobalPost, The Effects of Parents Being Absent From the Home

– Brené Brown, Shame vs. Guilt, Jan 2013

– Egan, Koff, Moreno (2013). College Students’ Response to Mental Health Status Updates on Facebook, Issues on Mental Health Nursing, vol. 34(1), 46-51.

– American Academy of Pediatrics (AAP), “Children, Adolescents and the Media,” released Oct. 28, 2013 at the AAP National Conference & Exhibition in Orlando.

– Cyberbullying Hurts: Respect for Rights in the Digital Age, Standing Senate Committee on Human Rights, dec. 2012

• Forum sur l’intimidation : Fini le silence, Ginette Gratton - Rogers TV, 10 Mai 2012

• 250+ youth workshops (3rd à 12th grades)

• 200+ parent and teacher workshops

• Countless statements by parents, teachers and youth

29

uestions?

JF ”at” SecurityJF.com