What is Phishing

OK, for those of you who don’t know what phishing is, here’s a quick overview. This exploit originates via email and typically requests account information, such as usernames or passwords, a situation that could easily lead to identity theft. According to the United States Federal Trade Commission, nearly 255,000 cases of identity theft were reported in 2003, most of them attributed to the crime of phishing.

Phishing now crosses over to the web, where fake websites are created that look like legitimate sites like Banks. You fill in your details as usual to check your online banking account, only to be redirected to your original bank. Whats actually happened here is that you have entered all your information into a fake website that now has your login details. These are then used to steal your identity or funds from your bank.

What can be done to protect yourself?

Well, here’s a security concept for everyone: “if you can’t do it securely, then don’t do it at all.”

This particularly applies when it would be far more “convenient” to do it in an insecure fashion. I’m not talking convenience here, I’m talking security. So, how this applies to phishing is, don’t use email to send links or account information. Some sites are sort of getting around to this. One such is eBay. Now eBay will include a copy of all legitimate correspondence they send you in your email account at eBay.

Of course, the problem is if someone can match their website close enough to fool you into entering you eBay username/password on their server and do a man-in-the-middle attack on your account (and including their own phishing email in what you see) you’re still 100% compromised. And all that takes is time and skill to set up.

Given the limits of email right now (including SPF and such), it is impossible for the average user to know whether or not a specific email is legitimate or not. Sure, www.ebay.com is easy to verify, but is www.myebaysecurity.com also legitimate? Should I click on the enclosed link? SPF, rDNS, and everything else can confirm that that IP address is legitimately assigned to that name.

So, the easiest solution would be to not send email with links. Yes, I am aware that this will mean the end of the cute HTML email ads that you send/receive. That’s the part about “if you can’t do it securely then don’t do it at all.” There’s no use in crying about what you can’t do if you can’t do what you want to do in a secure fashion.

It’s 2005 and the technology has advanced enough for any financial site (that means any site that involves money being exchanged) to run its own web-email-type system. They wouldn’t even need it to be SMTP-capable. It would only be used for outside people reading their email from that business and sending email to employees inside that business and for employees at that business to send/receive email from the clients connected to it.

This isn’t to say that you’d have to check that email account all the time to see if you have email. Again, this is 2005. We have all kinds of means of alerting people when they need to check something. We can send a text message to their pager or mobile phone, we can leave a voice message on their pager, cell phone or home phone. It would even be possible to send a text only email without any links telling them that they have email at such-and-such bank/auction site/wherever and that they should go there to check it. Since they should already know the web site name (they have used it before, right?) they shouldn’t need to have it spelled out for them in the email.

It is economical for a bank to have a computer call phones and leave voice messages if you need to contact the bank (they already do this) but it is not economical for the phishers to do that (even if they’re running Skype or whatever). And it gets even easier if the bank (or whatever) allows you to choose the text message to be sent to your pager/cell phone.

The best part is that this would not require 51%+ of the email servers to be upgraded or modified or anything else. For this to work for a specific bank/site it would only require that they change. And the technology is 100% available (and Open Source) today.

It should be noted that this does not in any way describe any method for securing financial transactions done over the Web. This is just a method to kill phishing attempts and the losses associated with successful compromises.

Read more about Phishing here: http://en.wikipedia.org/wiki/Phishing

Note: I published this article earlier in the year and I have decided to re-post it due to demands I’m getting from people finding me from this site: http://www.realtime-websecurity.com – Since I re-designed my blog, I had removed this article, hence the re-post.

Today, businesses wanting to guard against the potentially ultra-serious hazard of vitally important data being deliberately leaked to unauthorised people outside or even inside the organisation, need to get to grips with an alarming reality: a picture can also conceal a thousand words.

Or in some cases even up to around 5,000 words. More than enough to betray all your most precious and commercially sensitive data: locations of newly-discovered oil fields; formulae for synthesising newly-discovered molecules of breakthrough drugs costing millions or even billions to develop; designs of revolutionary products you’re planning on being the first to bring to market; ultra-sensitive lists of hard-won customers; you name it.

Data concealed in pictures? It may sound like the basis for a plot sequence in the next Mission Impossible movie, but it isn’t. It’s real. And unless you are prepared to let any Tom, Dick or Harry cruise around your precious data, you need to be aware of the threat it poses.

The technique is called steganography, from Ancient Greek words meaning hidden or covered writing, just as that lumbering dinosaur the stegosaurus is so named because its back was covered in those large bony plates whose real purpose is a mystery even today.

But steganography wasn’t a mystery to the Ancient Greeks; indeed they most likely invented it. The Greek historian Herodotus records that in 312 BC, Histaeus of Miletus commanded the head of his most trusted slave to be shaved and tattooed with a vitally important secret message on it. Once the slave’s hair had grown, hiding the message, Histaeus used him as an emissary to a friendly power via enemy territory to instigate a revolt against the Persians.

This example from history shows why steganographic writing is such a dangerous threat to security. Friends who betray us are always a more potent threat than people we recognise as enemies from the outset, and steganographic messages look friendly and innocent.

You could devise a simple steganographic message by agreeing with your recipient that your real message will consist of the first letter of every word of your apparent message. ‘Bring us your invoice by Monday’, for example, would really mean ‘BUY IBM’. In steganographic writing the apparent message is known as the covertext and the real message is called the plaintext.

The innocuous appearance of the covertext in the example illustrates why steganographic writing doesn’t tend to set alarm bells ringing. It looks innocent, whereas the message ‘BUY IBM’ encrypted in a simple code that consisted, say, of substituting each letter for the next letter in the alphabet – ‘CVZ JCN’ – obviously looks dodgy and would be certain to awaken the suspicions of even the most credulous member of an industrial espionage prevention team.

The point is that any encrypted message will tend to raise suspicions because even though it can’t readily be read you will know it’s been encrypted and will instantly conclude that something fishy’s going on.

In the highly competitive ocean of modern business, the threat of steganography has recently become a major issue in corporate life.

It’s actually been a significant threat for several years due to the increased computing power available on everyone’s desktop, but people have been distracted by publicity about cryptography and steganography has rather remained in the background.

It’s a particularly worrying threat now because of the enormous computing power on desktops today, the massive volume of electronic communications, and the number of freely available tools that allow even a routine user to employ steganographic techniques.

By far the biggest type of threat is the potential for concealing steganographic writing within computerised images. With Windows you can literally drag and drop your hidden text onto a picture and the deed is done.

As Gordon Gekko reminded us in the film Wall Street (1987), the most valuable commodity of all is information. And it’s precisely that which can so easily be given away today – or sold – using image-based steganographic techniques.

What’s actually happening when you carry out what looks like a simple drag and drop?

An electronic image is comprised of thousands of ‘picture elements‘ or ‘pixels‘. A pixel is a binary number that provides information on the colour or (in a black and white picture) the shade of grey that should be displayed in that particular pixel.

The binary number will look something like this: 10011011 etc depending on the pixel in question. The individual numbers (the 1 or the 0) are known as bits and the further along you go to the right the less significant the bits become in defining the precise colour of the pixel.

Why does the opportunity for steganography exist? Because while each pixel is defined by a series of bits, some of these bits can be changed without affecting the resulting pixel to any discernible extent. In a computerised image whose size is 256 by 256 pixels, making a total of 65,536 pixels, there would easily be room to conceal say, about 5,000 words of data.

This method of concealment is known as ‘bit twiddling‘. An obvious place to conceal a secret message would be within a computerised picture that does not show any apparent changes.

Bit twiddling is the most common way to conceal text within a computerised image. There are many more techniques, though, particularly when using image formats such as the now ubiquitous jpeg which many will have encountered through their digital cameras.

An apparently innocuous picture of – of example – an employee’s child’s first day at school taken with a standard family digital camera could easily be used to conceal a damaging leak. The leak could be so fatal that by the time the school term ends, thousands of other mums and dads at the business from which the information was leaked will have had to find new jobs – if they can.

Insider Threats are big business, and selling or leaking company information, customer credit card details and more can now all be hidden in a single image file and emailed or innocently be taken out of the building on a laptop or removable media.

What’s the best way to guard against the hazard of modern image-based steganographic betrayal?

The first step is to recognise that it is a potential problem and get help to understand what tools are likely to be available to a malicious team member. You also need to know the manner in which these tools can be used because they often leave little trace of their presence – some are even termed ‘zero footprint‘ by those who develop them.

Yet help is at hand because dedicated teams of experts have been making available tools to help detect steganography. The technique they use is known as ‘steganalysis’.

Steganalysis is as much an art as a science. The detection tools need to be used so that the appropriate steganalysis resource is used in the appropriate situation.

Admittedly, this is not easy, when the range of steganography tools and the steganalysis counterparts have proliferated and are proliferating just as the threat from viruses did when they first emerged into the IT environment.

At work I began my own anti-steganography work as a forensic technical exercise but was soon alarmed at what my experiments were told me, not just about the power of the steganography tools available but also about the degree of care that needs to be applied to combat this potent security hazard.

Taking the threat of betrayal by apparently innocuous pixels seriously will lead you to put into practice the measures necessary to defend against it. And you do need to take this threat very seriously indeed. The stegosaurus may be long extinct, but steganographic treachery is, unfortunately, here to stay.

If criminals or other malicious users steal this information, they can use your name to open new credit card accounts, apply for a mortgage, or pose as you in online transactions. In many cases you would not notice these attacks until it was too late.

Fortunately, it is not hard to create strong passwords and keep them well protected.

What makes a strong password

To an attacker, a strong password should appear to be a random string of characters. The following criteria can help your passwords do so:

Make it lengthy. Each character that you add to your password increases the protection that it provides many times over. Your passwords should be 8 or more characters in length; 14 characters or longer is ideal.

Many systems also support use of the space bar in passwords, so you can create a phrase made of many words (a “pass phrase“). A pass phrase is often easier to remember than a simple password, as well as longer and harder to guess.

Combine letters, numbers, and symbols. The greater variety of characters that you have in your password, the harder it is to guess. Other important specifics include:

The fewer types of characters in your password, the longer it must be. A 15-character password composed only of random letters and numbers is about 33,000 times stronger than an 8-character password composed of characters from the entire keyboard. If you cannot create a password that contains symbols, you need to make it considerably longer to get the same degree of protection. An ideal password combines both length and different types of symbols.

Use the entire keyboard, not just the most common characters. Symbols typed by holding down the “Shift” key and typing a number are very common in passwords. Your password will be much stronger if you choose from all the symbols on the keyboard, including punctuation marks not on the upper row of the keyboard, and any symbols unique to your language.

Use words and phrases that are easy for you to remember, but difficult for others to guess. The easiest way to remember your passwords and pass phrases is to write them down. Contrary to popular belief, there is nothing wrong with writing passwords down, but they need to be adequately protected in order to remain secure and effective.

In general, passwords written on a piece of paper are more difficult to compromise across the Internet than a password manager, Web site, or other software-based storage tool, such as password managers.

Create a strong, memorable password in 6 steps

Use these steps to develop a strong password:

1. Think of a sentence that you can remember. This will be the basis of your strong password or pass phrase. Use a memorable sentence, such as “My son Aiden is three years old.”

2. Check if the computer or online system supports the pass phrase directly. If you can use a pass phrase (with spaces between characters) on your computer or online system, do so.

3. If the computer or online system does not support pass phrases, convert it to a password. Take the first letter of each word of the sentence that you’ve created to create a new, nonsensical word. Using the example above, you’d get: “msaityo”.

4. Add complexity by mixing uppercase and lowercase letters and numbers. It is valuable to use some letter swapping or misspellings as well. For instance, in the pass phrase above, consider misspelling Aiden’s name, or substituting the word “three” for the number 3. There are many possible substitutions, and the longer the sentence, the more complex your password can be. Your pass phrase might become “My SoN Ayd3N is 3 yeeRs old.” If the computer or online system will not support a pass phrase, use the same technique on the shorter password. This might yield a password like “MsAy3yo”.

5. Finally, substitute some special characters. You can use symbols that look like letters, combine words (remove spaces) and other ways to make the password more complex. Using these tricks, we create a pass phrase of “MySoN 8N i$ 3 yeeR$ old” or a password (using the first letter of each word) “M$8ni3y0″.

6. Test your new password with a Password Checker. A Password Checker is a non-recording feature on this Web site that helps determine your password’s strength as you type.

Password strategies to avoid

Some common methods used to create passwords are easy to guess by criminals. To avoid weak, easy-to-guess passwords:

Avoid sequences or repeated characters. “12345678,” “222222,” “abcdefg,” or adjacent letters on your keyboard do not help make secure passwords.

Avoid using only look-alike substitutions of numbers or symbols. Criminals and other malicious users who know enough to try and crack your password will not be fooled by common look-alike replacements, such as to replace an ‘i’ with a ’1′ or an ‘a’ with ‘@’ as in “M1cr0$0ft” or “P@ssw0rd”. But these substitutions can be effective when combined with other measures, such as length, misspellings, or variations in case, to improve the strength of your password.

Avoid your login name. Any part of your name, birthday, social security number, or similar information for your loved ones constitutes a bad password choice. This is one of the first things criminals will try.

Avoid dictionary words in any language – Criminals use sophisticated tools that can rapidly guess passwords that are based on words in multiple dictionaries, including words spelled backwards, common misspellings, and substitutions. This includes all sorts of profanity and any word you would not say in front of your children.

Use more than one password everywhere – If any one of the computers or online systems using this password is compromised, all of your other information protected by that password should be considered compromised as well. It is critical to use different passwords for different systems.

Avoid using online storage – If malicious users find these passwords stored online or on a networked computer, they have access to all your information.

The “blank password” option

A blank password (no password at all) on your account is more secure than a weak password such as “1234″. Criminals can easily guess a simplistic password, but on computers using Windows XP/Vista or Windows 7, an account without a password cannot be accessed remotely by means such as a network or the Internet. (This option is not available for Microsoft Windows 2000, Windows Me, or earlier versions) You can choose to use a blank password on your computer account if these criteria are met:

• You only have one computer or you have several computers but you do not need to access information on one computer from another one

• The computer is physically secure (you trust everyone who has physical access to the computer)

The use of a blank password is not always a good idea. For example, a laptop computer that you take with you is probably not physically secure, so on those you should have a strong password.

How to access and change your passwords

Online accounts

Web sites have a variety of policies that govern how you can access your account and change your password. Look for a link (such as “my account”) somewhere on the site’s home page that goes to a special area of the site that allows password and account management.

Computer passwords

The Help files for your computer operating system will usually provide information about how to create, modify, and access password-protected user accounts, as well as how to require password protection upon startup of your computer. You can also try to find this information online at the software manufacturer’s Web site. For example, if you use Microsoft Windows XP, online help can show you how to manage passwords, change passwords, and more.

Keep your passwords secret

Treat your passwords and pass phrases with as much care as the information that they protect.

Don’t reveal them to others – Keep your passwords hidden from friends or family members (especially children) who could pass them on to other less trustworthy individuals. Passwords that you need to share with others, such as the password to your online banking account that you might share with your spouse, are the only exceptions.

Protect any recorded passwords – Be careful where you store the passwords that you record or write down. Do not leave these records of your passwords anywhere that you would not leave the information that they protect.

Never provide your password over e-mail or based on an e-mail request. Any e-mail that requests your password or requests that you to go to a Web site to verify your password is almost certainly a fraud. This includes requests from a trusted company or individual. E-mail can be intercepted in transit, and e-mail that requests information might not be from the sender it claims. Internet “phishing” scams use fraudulent e-mail messages to entice you into revealing your user names and passwords, steal your identity, and more.

Change your passwords regularly – This can help keep criminals and other malicious users unaware. The strength of your password will help keep it good for a longer time. A password that is shorter than 8 characters should be considered only good for a week or so, while a password that is 14 characters or longer (and follows the other rules outlined above) can be good for several years.

Do not type passwords on computers that you do not control. Computers such as those in Internet cafés, computer labs, shared systems, kiosk systems, conferences, and airport lounges should be considered unsafe for any personal use other than anonymous Internet browsing. Do not use these computers to check online e-mail, chat rooms, bank balances, business mail, or any other account that requires a user name and password. Criminals can purchase keystroke logging devices for very little money and they take only a few moments to install. These devices let malicious users harvest all the information typed on a computer from across the Internet—your passwords and pass phrases are worth as much as the information that they protect. Windows has an OnScreen Keyboard that you can access if needs be. Press Start > Run and type OSK and click OK. Now use the mouse to type in a password.

Windows 7 On Screen Keyboard

What to do if your password is stolen

Be sure to monitor all the information you protect with your passwords, such as your monthly financial statements, credit reports, online shopping accounts, and so on. Strong, memorable passwords can help protect you against fraud and identity theft, but there are no guarantees. No matter how strong your password is, if someone breaks into the system that stores it, they will have your password. If you notice any suspicious activity that could indicate that someone has accessed your information, notify authorities as quickly as you can. If you need further help on what to do if you think your identity has been stolen or you’ve been similarly defrauded, then contact me.

When people take a sexually revealing picture or video of themselves and send it or them as text message attachments, it’s called “sexting.” And recently the practice has been increasing exponentially amongst kids. Kids “sext” to show off, to entice someone, to show interest in someone, or to prove commitment. The problem with that, is that the moment the relationship ends (and most of them do) someone is in possession of a highly compromising image that can be easily posted on a social networking site or sent around via email or text.

There have been some high profile cases of sexting — including High School Musical star Vanessa Hudgens, who sent a nude picture to her co-star/boyfriend, Zac Efron, that ended up all over the Internet and made headlines. And in July 2008, Cincinnati teen Jesse Logan committed suicide after a nude photo she’d sent to a boyfriend was circulated widely around her high school, resulting in harassment from her classmates.

Why It Matters

In a technology world where anything can be copied, sent, posted, and seen by huge audiences, there’s no such thing as being able to control images. Even if a photo was taken and sent as a token of love, the intention doesn’t matter — the technology makes it possible for everyone to see your child’s most intimate self. And in the hands of teenagers, when revealing photos are made public the subject almost always becomes the object of ridicule and name calling. Furthermore, sending sexual images to minors is against the law, and some states in the US and the UK have begun prosecuting kids for child pornography or obscenity.

Advice for Parents

Don’t wait – for an incident to happen to your child or your child’s friend before you talk to your kids about the consequences of sexting. Sure, talking about sex or dating with teens can be really uncomfortable, but better to have the talk before the fact.

Remind them – that once an image is sent, it can never be retrieved — and they will lose control of it. Ask teens how they would feel if their teachers, parents, or the entire school saw the picture, because it happens all the time.

Talk about pressures – to send revealing photos. Let teens know that you understand that they can be pushed or dared into sending something. Tell them that no matter how big the social pressure is, the potential social humiliation will be hundreds of times worse.

The buck stops with them. If someone sends them a photo, have them delete it immediately. Better to be part of the solution than the problem. Besides, if they do send it on, they’re distributing pornography — and that’s against the law.

If you can’t deal with this, have your kids go to a professional that can help (and you should go yourself).

Statistics

• 22% of teen girls and 20% of teen boys have sent nude or semi-nude photos of themselves
• 22% of teens admit that technology makes them personally more forward and aggressive
• 38% say exchanging sexy content makes dating or hooking up with others more likely
• 29% believe those exchanging sexy content are “expected” to date or hook up

Remember; revealing photos can be resent to a vast audience. If the person you or a kid sends an explicit image via mobile phone, or even email. These can be forwarded to someone else, and before you know it, the content is uploaded online or passed between peers and sending a sexual image to a minor, even minor to minor is illegal.

Evidence

As a parent, you may be worried what your kids are sending to each other. Where do your ethics come in to play regarding a kids privacy? Sometimes drastic measures will force you to intervene in a child’s life and development and for his or her protection.  For the worried parent there is software available that will help you. MOBILedit is a Forensic Application that works will all mobile phones and PDAs and requres a data cable (one of these usually comes with a new phone as standard, if not, they are cheap to buy).

MOBILedit is quite costly, but the trial is fully functional and will allow you to use the application for a short time. Which will be all you need to gather the information you need. This software can also be used to read test (SMS) messages from both sides of the conversation. This is useful if your child is being bullied, or is indeed a bully him or herself. The application can be used for many predicaments you and your child may come across, and a way of proving facts.

Do not use this software as just a spying tool, this would be unfair and you would be infringing on privacy issues if you have no just cause, so please use this software wisely. You can download the trial below.

Well, don’t be too caught up in your Twitter postings that you forget your safety. Remember that the Internet is still a prime target market for sexual predators, stalkers, fraudsters, scammers, hackers and people who want to do others harm. You might need these Twitter safety tips more than you realise, especially if you have just started to use twitter.

Just the other day, I chanced upon this TV interview of a young, popular actress who pointed out that someone has set up an account on Twitter, pretending to be her which leads me to…

Twitter Safety Tip # 1:  Don’t believe everything you read

Have we not learned from the past? The Internet, while not harmful by itself, is still a haven for individuals and groups that are up to no good.

After all, who can say that a 50-year-old pervert isn’t a cute, 15-year-old student from London when he sounds just like a 15-year old student from London? And that picture of him in that blue shirt just backs it up, right?

If you are inclined to believe this, then you need this Twitter safety tip more than anyone else. People who want to befriend you can easily make up lies on Twitter. Don’t think for a second that they wouldn’t take the time and effort to prattle away about their non-existent boring Algebra classes and upcoming winter dance if it meant making themselves more convincing.

Be aware that there are many fake profiles on twitter. Learn how to spot them. Firstly, you’ll notice that they have not posted much, and with links being shortened, its hard to see if your being sent to a real site or a dodgy site where you will be prone to a clickjacking attack/scam. Other things too look out for are the following and followers. Usually you can tell by looking if this is a real person or a fake. Also keep away from people sending tweets from API. Scammers/Spammers also follow each other, and may converse between themselves to make it look like they have actual friends. Be wary. A quick example of clickjacking. Click this link (its safe), but its shows you how an easy link can be spoofed.

The most common looking fake profile with low followers

Automated tweets from the Twitter API - Block these people

If you want to follow a celebrity, I suggest you look for the new Twitter Verified Account tag that’s added at the top right of a profile, and check out Valebrity for a huge list of validated celebs.

An official Verified Account

Last bits on this subject, there are lots of automated scripts out there that create fake profiles, bots that create fake posts and user accounts. So if you are unsure that this is a real person, do some investigating and look at their followers and see if any of them has ever had a proper conversation with this possible ‘fake’. If in doubt, don’t follow them back and block them.

A typical fake Profile. Notice there's no conversation, and low followers

Also beware of tweets and websites that claim Get 160,000 followers in a month, or words like that. Firstly, they don’t work, and secondly they are probably a scam.

Why? Well, once you click a link, you are directed to a website where you enter your Twitter login details. Now the scammers/spamers can send tweets from your account. Also, they may flood Twitter with thousands of messages. Twitter hates this and it will get your account locked and possibly deleted. If this happens and you still have access to your account, change your password immediately.

When visiting any website that is not directly affiliated or endorsed by twitter, be very careful when submitting your account details. You never know who owns the website or what they are using it for, so do some research first. Check the whois information for the site (this can also be faked), search twitter to see if other people are using the site (or even an app) and see if they seem to be sending spam tweets. If all is clear, then they are probably OK.

Never pay for a service that links to Twitter.

Twitter Safety Tip # 2: Don’t give out your location

I know that micro blogging is fun. There’s just something addicting about being able to post what you’re doing or what you’re feeling at this exact moment… and having hundreds, possibly thousands of followers seeing it.

If you have added people in Twitter who are not really your friends, then all the more reason to be careful. If you, for example, tweets that you’re stuck in the Starbucks near your home late at night, anyone could just take advantage of that information. Its only a matter of time until you turn on the TV and hear that someone is being stalked or has been attacked or murdered because they twitted their exact location, so be warned.

Lastly on this location tip. Be careful if you are using an iPhone and turn on the Location Option. It looks like this in a persons profile: 37.739705,-122.430799 and gives you the longitude and latitude of a persons iPhone. This can be used to track you. So turn this feature off.  In a test, I activated this feature on an iPhone with Twitterrific. With a laptop and mobile phone enabled with GPS Software I travelled miles away from home, where I left the iPhone switched on. I activated the Laptop and GPS, loaded my Twitter page and got the coordinates. I entered them into the GPS system and navigated the route to 20 meters from my doorstep. Anyone could do this with just a laptop and GPS Enabled phone. You can also go to Google Maps and copy and paste the longitude and latitude, this will also give the location. And with Street View, you can probably see where that person lives.

Twitter Safety Tip # 3: Don’t attract too much attention to yourself

Twittering that you have just received a gold bracelet from your boyfriend can also attract the wrong sort of followers to your account. Trust should not be so freely given on the Internet.

You might want to show it off on Twitter via TwitPic or some other image provider or host, but think about the possible risks. It might tempt others into doing something both you, and they, will regret.

As much fun as Twitter is, set a limit on how much private information you’re really broadcasting to the world. Many of you may be thinking, ‘yeah, whateverrrr’, or ‘yeah OK, this will never happen to me’. But never forego you’re safety,  and never let your guard down on the Internet. If you do, you’re a fool!

More protection…

When using twitter, I’d suggest using a 3rd party application like TweetDeck (which is my favorite twitter app) or CoTweet (which is my second fave). The reason for using a 3rd party application is that it uses Twitters API (Application programming interface) and you are less likely to get a trojan or virus from clicking on a users infected profile. Yes! You can also get a Trojan or Virus from using Twitter. A while back, Twitter was plagued by the ‘Mikeyy Worm‘ that infected you if you clicked on a profile that had been compromised by the Mikeyy worm. Incidentaly, the Mikeyy worm was actually written by Michael Mooney, a 17 year old kid and it crippled millions of Twitter accounts.

You can keep track of attacks on twitter here. And if you would like to report suspicious activity, a spammer or something that doesn’t look right, follow twitters Spam Team and then send them a tweet with your problem: http://twitter.com/spam and they should help. Also, if you have any real issues and you need support from Twitter, visit their ticketing system.

Twitter is not perfect and is riddled with security holes, and more are being discovered or exploited daily. For a platform that’s almost over 3 years old, the boffins at Twitter really should plug these holes, tighten up security and keep people safer. Don’t let this spoil your twitting experience though. As long as you keep safe whilst on twitter, and learn how to spot the fake profiles, you’ll have a great time.

If you have any Twitter tips you would like to share with us, please comment below and at some point I will include these in a list, and credit you.

Lastly, check out Sharon Hays’ Blog for tons of Twitter information. She’s a pure Twitter professional, lovely person and her blog will help you get used to Twitter if you are new. Also, checkout Twitter 101 for some excellent information.

Recent Twitter Bots/Scammers

I will update this section of this post as new scams, bots and strategies change, so keep popping back for updats…

You will notice that they are now having conversations. But with other bots and they use rubbish English like ‘Howz U doin‘,  ‘I did dat last wk‘ and so on. If you click on the people they are following, you will notice the same bad grammar and spellings. Some of these new spammers are also now mimicking or pretending to be up and coming actors/actresses and celebs.

3rd Party Application Spam

I’ve noticed that spammers are now creating profiles and posting tweets via TweetDeck and CoTweet as well as TwitterFeed. Again, there is no real conversation and the posts are riddled with useless links and random tweets. You may also notice that the spammers and bots are now using lists to make them look like normal people. Be wary.

New fake profile using TweetDeck and using Lists

True Twit

This is not a danger, but I wanted to update you with this cool utility. If you are plagued by Twitter spam (or Twam) and you have had enough, you can try True Twit. True Twit has been around a while now and what it does is to verify anyone following you. So, if for example, I follow you, I’m sent a DM to click a link to verify that I am in fact a cool human being and wants to follow you because I think your cool. I don’t have to enter any of my Twitter details either.

True Twit - Helping stop Twitter Spam

True Twit also has a few neat options behind the scenes, where you can send a verification note to anyone on your list to whom you think may is a spammer or may have a fake profile, they are then sent a DM to verify themselves. The message that is sent is customisable, or you can use the default message. You can also unfollow people too. Signup today and help stop the spam.

http://www.truetwit.com.

Stay tuned for more info…

One of the most prominent features of stalking behaviour is fixation on victims. Their obsession can drive stalkers to extremes that make this type of investigation challenging and potentially dangerous. Although stalkers who use the Internet to target victims may attempt to conceal their identities, their obsession with a victim often causes them to expose themselves. For instance, they may say things that reveal their relationship with or knowledge of the victim, or they may take risks that enable investigators to locate and identify them. However, even when stalkers have been identified, attempts to discourage them can have the opposite effect, potentially angering them and putting victims at greater risk.

In 1990, after five women were murdered by stalkers, California became the first state in the US to enact a law to deal with this specific problem. Then, in 1998, California explicitly included electronic communications in their anti-stalking law. The relevant sections of the California Penal Code have strongly influenced all subsequent anti-stalking laws in the US, clearly defining stalking and related terms.

Any person who willfully, maliciously, and repeatedly follows or harasses another person and who makes a credible threat with the intent to place that person in reasonable fear of death or great bodily injury is guilty of the crime of stalking … “harasses” means a knowing and willful course of conduct directed at a specific person that seriously alarms, annoys, torments, or terrorizes the person, and that serves no legitimate purpose. This course of conduct must be such as would cause a reasonable person to suffer substantial emotional distress, and must actually cause substantial emotional distress to the person.

… “course of conduct” means a pattern of conduct composed of a series of acts over a period of time, however short, evidencing a continuity of purpose … “credible threat” means a verbal or written threat, including that performed through the use of an electronic communication device, or a threat implied by a pattern of conduct or a combination of verbal, written, or electronically communicated statements and conduct made with the intent to place the person that is the target of the threat in reasonable fear for his or her safety or the safety of his or her family and made with the apparent ability to carry out the threat so as to cause the person who is the target of the threat to reasonably fear for his or her safety or the safety of his or her family. It is not necessary to prove that the defendant had the intent to actually carry out the threat… “electronic communication device” includes, but is not limited to, telephones, cellular phones, computers, video recorders, fax machines, or pagers.” [California Penal Code 646.9]

The equivalent law in the United Kingdom is the Protection from Harassment Act 1997 (Chapter 40).

Note that persistence is one of the operative concepts when dealing with stalking. A single upsetting e-mail message is not considered harassment because it is not a pattern of behavior. Remember that anti-stalking laws were enacted to protect individuals against persistent terrorism and physical danger, not against annoyance or vague threats.

The distinction between annoyance and harassment is not easily defined. It is usually enough to demonstrate that the victim suffered substantial emotional distress. However, there is always the argument that the victim overreacted to the situation. If a victim is not found to be a “reasonable person” as described in the law, a court might hold that no harassment took place. Therefore, when investigating a stalking case, it is important to gather as much evidence as possible to demonstrate that persistent harassment took place and that the victim reacted to the credible threat in a reasonable manner.

The explicit inclusion of electronic communication devices in California’s anti-stalking law is a clear acknowledgement of the fact that stalkers are making increasing use of new technology to further their ends. In addition to using voice mail, fax machines, cellular phones, and pagers, stalkers use computer networks to harass their victims. The term cyberstalking refers to stalking that involves the Internet. This chapter briefly describes how cyberstalkers operate, what motivates them, and what investigators can do to apprehend them.

How Cyberstalkers Operate

Cyberstalking works in much the same way as stalking in the physical world. In fact, many offenders combine their online activities with more traditional forms of stalking and harassment such as telephoning the victim and going to the victim’s home. Some cyberstalkers obtain victims over the Internet and others put personal information about their victims online, encouraging others to contact the victim, or even harm them.

CASE EXAMPLE (ASSOCIATED PRESS 1997):

Cynthia Armistead-Smathers of Atlanta believes she became a target during an e-mail discussion of advertising in June, 1996. First she received nasty e-mails from the account of Richard Hillyard of Norcross, GA. Then she began receiving messages sent through an “anonymous remailer,” an online service that masks the sender’s identity.

After Hillyard’s Internet service provider cancelled his account, Ms Armistead-Smathers began getting messages from the Centres for Disease Control and Prevention in Atlanta, where he worked. Then she got thousands of messages from men who had seen a posting of a nude woman, listing her e-mail address and offering sex during the Atlanta Olympics.

But police said there was little they could do – until she got an anonymous message from someone saying he had followed Ms Armistead-Smathers and her 5-year-old daughter from their post office box to her home.

People say “It’s online. Who cares? It isn’t real. Well this is real,” Ms Armistead-Smathers said. “It’s a matter of the same kind of small-minded bullies who maybe wouldn’t have done things in real life, but they have the power of anonymity from behind a keyboard, where they think no one will find them.”

In general, stalkers want to exert power over their victims in some way, primarily through fear. The crux of a stalker’s power is information about and knowledge of the victim. A stalker’s ability to frighten and control a victim increases with the amount of information that he can gather about the victim. Stalkers use information like telephone numbers, addresses, and personal preferences to impinge upon their victims’ lives. Also, over time cyberstalkers can learn what sorts of things upset their victims and can use this knowledge to harass the victims further.

Since they depend heavily on information, it is no surprise that stalkers have taken to the Internet. After all, the Internet contains a vast amount of personal information about people and makes it relatively easy to search for specific items. As well as containing people’s addresses and phone numbers, the Internet records many of our actions, choices, interests, and desires. Databases containing social security numbers, credit card numbers, medical history, criminal records, and much more can also be accessed using the Internet. Additionally, cyberstalkers can use the Internet to harass specific individuals or acquire new victims from a large pool of potential targets. In one case, a woman was stalked in chat rooms for several months, during which time the stalker placed detailed personal information online and threatened to rape and kill her. Some offenders seek victims online but it is more common for stalkers to use chat networks to target individuals that they already know.

Acquiring Victims

Past studies indicate that many stalkers had a prior acquaintance with their victims before the stalking behavior began (Harmon et al. 1994). The implication of these studies is that investigators should pay particular attention to acquaintances of the victim. However, these studies are limited because many stalking cases are unsolved or unreported. Additionally, it is not clear if these studies apply to the Internet. After all, it is uncertain what constitutes an acquaintance on the Internet and the Internet makes it easier for cyberstalkers to find victims of opportunity.

Cyberstalkers can search the Web, browse through Windows Live Messenger (MSN), Skype, Digsby, Yahoo, ICQ and AOL profiles, and lurk in Yahoo, IRC and AOL chat rooms looking for likely targets – vulnerable, under-confident individuals who will be easy to intimidate.

CASE EXAMPLE: One stalker repeatedly acquired victims of opportunity on AOL and used AOL’s Instant Messenger to contact and harass them. The stalker also used online telephone directories to find victims’ numbers, harassing them further by calling their homes. This approach left very little digital evidence because none of the victims recorded the Instant Messenger sessions, they did not know how to find the stalker’s IP address, and they did not contact AOL in time to track the stalker.

Of course, the victims were distressed by this harassment, feeling powerless to stop the instant messages and phone calls. This sense of powerlessness was the primary goal the cyberstalker. This stalker may have picked AOL as his stalking territory because of the high number of inexperienced Internet users and the anonymity that it affords.

As a rule, investigators should rely more on available evidence than on general studies. Although research can be useful to a certain degree, evidence is the most reliable source of information about a specific case and it is what the courts will use to make a decision.

Anonymity and Surreptitious Monitoring

The Internet has the added advantage of protecting a stalker’s identity and allowing a stalker to monitor a victim’s activities. For example, stalkers acquainted with their victims use the Internet to hide their identity, sending forged or anonymous e-mail and using ICQ or AOL Instant Messenger to harass their victims. Also, stalkers can utilize ICQ, AOL Instant Messenger, and other applications (e.g. finger) to determine when a victim is online. Most disturbing of all, stalkers can use the Internet to spy on a victim. Although few cyberstalkers are skilled enough to break into a victim’s e-mail account or intercept e-mail in transit, a cyberstalker can easily observe a conversation in a live chat room. This type of pre-surveillance of victims and amassing of information about potential victims might suggest intent to commit a crime but it is not a crime in itself, and is not stalking as defined by the law.

Escalation and Violence

It is often suggested that stalkers will cease harassing their victims once they cease to provoke the desired response. However, some stalkers become aggravated when they do not get what they want and become increasingly threatening. As was mentioned at the beginning of this chapter, stalkers have resorted to violence and murder. Therefore, it is important for investigators to be extremely cautious when dealing with a stalking case. Investigators should examine the available evidence closely, protect the victim against further harm as much as possible, and consult with experts when in doubt. Most importantly, investigators should not make hurried judgements that are based primarily on studies of past cases.

Investigating Cyberstalking

There are several stages to investigating a cyberstalking case. These stages assume that the identity of the cyberstalker is unknown. Even if the victim suspects an individual, investigators are advised to explore alternative possibilities and suspects. Although past research suggests that most stalkers have prior relationships with victims, this may not apply when the Internet is involved since stranger stalking is easier. Therefore, consider the possibility that the victim knows the stalker, but do not assume that this is the case:

Interview victim – determine what evidence the victim has of cyberstalking and obtain details about the victim that can be used to develop victimology. The aim of this initial information gathering stage is to confirm that a crime has been committed and to obtain enough information to move forward with the investigation.

Interview others – if there are other people involved, interview them to compile a more complete picture of what occurred.

Victimology and risk assessment – determine why an offender chose a specific victim and what risks the offender was willing to take to acquire that victim. The primary aim of this stage of the investigation is to understand the victim-offender relationship and determine where additional digital evidence might be found.

Search for additional digital evidence – use what is known about the victim and cyberstalker to perform a thorough search of the Internet. Victimology is key at this stage, guiding investigators to locations that might interest the victim or individuals like the victim. The cyberstalker initially observed or encountered the victim somewhere and investigators should try to determine where. Consider the possibility that the cyberstalker encountered the victim in the physical world. The aim of this stage is to gather more information about the crime, the victim and the cyberstalker.

Crime scene characteristics – examine crime scenes and cybertrails for distinguishing features (e.g. location, time, method of approach, choice of tools) and try to determine their significance to the cyberstalker. The aim of this stage is to gain a better understanding of the choices that the cyberstalker made and the needs that were fulfilled by these choices.

Motivation – determine what personal needs the cyberstalking was fulfilling. Be careful to distinguish between intent (e.g. to exert power over the victim, to frighten the victim) and the personal needs that the cyberstalker’s behavior satisfied (e.g. to feel powerful, to retaliate against the victim for a perceived wrong). The aim of this stage is to understand the cyberstalker well enough to narrow the suspect pool revisit the prior steps and uncover additional evidence

Repeat - if the identity of the cyberstalker is still not known, interview the victim again. The information that investigators have gathered might help the victim recall additional details or might suggest a likely suspect to the victim

To assist investigators carry out each of these stages in an investigation, additional details are provided here.

Interviews

Investigators should interview the victim and other individuals with knowledge of the case to obtain details about the inception of the cyberstalking and the sorts of harassment the victim has been subjected to. In addition to collecting all of the evidence that the victim has of the cyberstalking, investigators should gather all of the details that are required to develop a thorough victimology as described in the next section.

While interviewing the victim, investigators should be sensitive to be as tactful as possible while questioning everything and assuming nothing. Keep in mind that victims tend to blame themselves, imagining that they encouraged the stalker in some way (e.g. by accepting initial advances or by making too much personal information available on the Internet) (Pathé 1997). It is therefore important for everyone involved in a cyberstalking investigation to help the victim regain confidence by acknowledging that the victim is not to blame. It is also crucial to help victims protect themselves from potential attacks. The National Center for Victims of Crime has an excellent set of guidelines developed specifically for victims of stalking.

Victimology

In addition to helping victims protect themselves against further harassment, investigators should try to determine how and why the offender selected a specific victim. To this end, investigators should determine whether the cyberstalker knew the victim, learned about the victim through a personal Web page, saw a Usenet message written by the victim, or noticed the victim in a chat room.

It is also useful to know why a victim made certain choices to help investigators make a risk assessment. For example, individuals who use the Internet to meet new people are at higher risk than individuals who make an effort to remain anonymous. In some instances, it might be quite evident why the cyberstalker chose a victim but if a cyberstalker chooses a low risk victim, investigators should try to determine which particular characteristics the victim possesses that might have attracted the cyberstalker’s attention (e.g. residence, work place, hobby, personal interest, demeanor). These characteristics can be quite revealing about a cyberstalker and can direct the investigator’s attention to certain areas or individuals.

Questions to ask at this stage include:

Does the victim know or suspect why, how, and/or when the cyberstalking began?

What Internet Service Provider(s) do(es) the victim use and why?

What online services does the victim use and why (e.g. Web, free e-mail services, Usenet, IRC)?

When does the victim use the Internet and the various Internet services (does the harassment occur at specific times suggesting that the cyberstalker has a schedule or is aware of the victim’s schedule)?

What does the victim do on the Internet and why?

Does the victim have personal Web pages or other personal information on the Internet (e.g. a Facebook profile, Twitter, Myspace or Bebo Web page, customized finger output)? What information do these items contain?

In addition to the victim’s Internet activities, investigators should examine the victim’s physical surroundings and real world activities.

When the identity of the cyberstalker is known or suspected, it might not seem necessary to develop a complete victimology. Although it is crucial to investigate suspects, this should not be done at the expense of all else. Time spent trying to understand the victim-offender relationship can help investigators understand the offender, protect the victim, locate additional evidence, and discover additional victims. Furthermore, there is always the chance that the suspect is innocent in which case investigators can use the victimology that they developed to find other likely suspects.

Risk Assessment

A key aspect of developing victimology is determining victim and offender risk. Generally, women are at greater risk than men of being cyberstalked and new Internet users are at greater risk than experienced Internet users. Individuals who frequent the equivalent of singles bars on the Internet are at greater risk than those who just use the Internet to search for information. A woman who puts her picture on a Web page with some biographical information, an address, and phone number is at high risk because cyberstalkers can fixate on the picture, obtain personal information about the woman from the Web page, and start harassing her over the phone or in person.

Bear in mind that victim risk is not an absolute thing – it depends on the circumstances. A careful individual who avoids high risk situations in the physical world might be less cautious on the Internet. For example, individuals who are not famous in the world at large might have celebrity status in a certain area of the Internet, putting them at high risk of being stalked by someone familiar with that area. Individual who are sexually reserved in the physical world might partake in extensive sexual role playing on the Internet, putting them at high risk of being cyberstalked.

If a cyberstalker selects a low risk victim, investigators should try to determine what attracted the offender to the victim. Also, investigators should determine what the offender was willing to risk when harassing the victim. Remember that offender risk is the risk as an offender perceives it – investigators should not try to interpret an offender’s behavior based on the risks they perceive. An offender will not necessarily be concerned by the risks that others perceive. For example, some cyberstalkers do not perceive apprehension as a great risk, only an inconvenience that would temporarily interfere with their ability to achieve their goal (to harass the victim) and will continue to harass their victims, even when they are under investigation.

Search

Investigators should perform a thorough search of the Internet using what is known about the victim and the offender and should examine personal computers, log files on servers, and all other available sources of digital evidence as described in this book. For example, when a cyberstalker uses e-mail to harass a victim, the messages should be collected and examined. Also, other e-mail that the victim has received should be examined to determine if the stalker sent forged messages to deceive the victim. Log files of the e-mails server that was used to send and receive the e-mail should be examined to confirm the events in question.

Log files sometimes reveal other things that the cyberstalker was doing (e.g. masquerading as the victim, harassing other victims) and can contain information that lead directly to the cyberstalker.

CASE EXAMPLE: Gary Steven Dellapenta became the first person to be convicted under the new section of California’s stalking law that specifically includes electronic communications. After being turned down by a woman named Randi Barber, Dellapenta retaliated by impersonating her on the Internet and claiming she fantasized about being raped.

Using nicknames such as “playfulkitty4U” and “kinkygal30,” Dellapenta placed online personal ads and sent messages saying such things as “I’m into the rape fantasy and gang-bang fantasy too.” He gave respondents Barber’s address and telephone number, directions to her home, details of her social plans and even advice on how to short-circuit her alarm system.

Barber became alarmed when men began leaving messages on her answer machine and turning up at her apartment. In an interview (Newsweek 1999), Barber recalled that one of the visitors left after she hid silently for a few minutes, but phoned her apartment later. “What do you want?” she pleaded. “Why are you doing this?” The man explained that he was responding to the sexy ad she had placed on the Internet.

“What ad? What did it say?” Barber asked. “Am I in big trouble?”

“Let me put it to you this way,” the caller said. “You could get raped.”

When Barber put a note on her door to discourage the men who were responding to the personal ads, Dellapenta putting new information on the Internet claiming that the note was just part of the fantasy.

In an effort to gather evidence against Dellapenta, Barber kept recordings of messages that were left on her machine and contacted each caller, asking for any information about the cyberstalker. Two men cooperated with her request for help, but it was ultimately her father who gathered the evidence that was necessary to identify Dellapenta.

Barber’s father helped to uncover Dellapenta’s identity by posing as an ad respondent and turning the e-mails he received over to investigators.

Investigators traced the e-mails from the Web sites at which they were posted to the servers used to access the sites. Search warrants compelled the Internet companies to identify the user. All the paths led police back to Dellapenta. “When you go on the Internet, you leave fingerprints – we can tell exactly where you’ve been,” says sheriff’s investigator Mike Gurzi, who would eventually verify that all the e-mails originated from Dellapenta’s computer after studying his hard drive. The alleged stalker’s M.O. was tellingly simple: police say he opened up a number of free Internet e-mail accounts pretending to be the victim, posted the crude ads under a salacious log-on name and started e-mailing the men who responded. (Newsweek 1999)

Dellapenta admitted to authorities that he had an “inner rage” against Barber and pleaded guilty to one count of stalking and three counts of solicitation of sexual assault.

When searching for evidence of cyberstalking it is useful to distinguish between the offender’s harassing behaviors and surreptitious monitoring behaviours. A victim is usually only aware of the harassment component of cyberstalking. However, cyberstalkers often engage in additional activities that the victim is not aware of. Therefore, investigators should not limit their search to the evidence of harassment that the victim is already aware of but should look for evidence of both harassment and surreptitious monitoring.

If the victim frequented certain areas, investigators should comb those areas for information and should attempt to see them from the cyberstalker’s perspective. Could the cyberstalker have monitored the victim’s activities in those areas? If so, would this monitoring have generated any digital evidence and would Locard’s exchange principle take effect? For example, if the victim maintains a Web page, the cyberstalker might have monitored its development in which case the Web server log would contain the cyberstalker’s IP address (with associated times) and the cyberstalker’s personal computer would indicate that the page had been viewed (and when it was viewed). If the cyberstalker monitored the victim in IRC, he might have kept log files of the chat sessions. If the cyberstalker broke into the victim’s e-mail account the log files on the e-mail server should reflect this.

Keep in mind that the evidence search and seizure stage of an investigation forms the foundation of the case – incomplete searches and poorly collected digital evidence will result in a weak case. It is therefore crucial to apply the Forensic Science concepts presented in this book diligently. Investigators should collect, document, and preserve digital evidence in a way that will facilitate the reconstruction and prosecution processes. Also investigators should become intimately familiar with available digital evidence, looking for class and individual characteristics in an effort to maximize its potential.

Crime Scene Characteristics

When investigating cyberstalking, investigators might not be able to define the primary crime scene clearly because digital evidence is often spread all over the Internet. However, the same principle of behavioral evidence analysis applies – aspects of a cyberstalker’s behavior can be determined from choices and decisions that a cyberstalker made and the evidence that was left behind, destroyed, or taken away. Therefore, investigators should thoroughly examine the point of contact and cybertrails (e.g. the Web, Usenet, personal computers) for digital evidence that exposes the offender’s behavior.

To begin with, investigators should ask themselves why a particular cyberstalker used the Internet – what need did this fulfill? Was the cyberstalker using the Internet to obtain victims, to remain anonymous, or both? Investigators should also ask why a cyberstalker used particular areas of the Internet – what affordances did the Internet provide? MO and signature behaviors can usually be discerned from the way a cyberstalker approaches and harasses victims on the Internet.

How cyberstalkers use the Internet can say a lot about their skill level, goals, and motivations. Using IRC rather than e-mail to harass victims suggests a higher skill level and a desire to gain instantaneous access to the victim while remaining anonymous. The choice of technology will also determine what digital evidence is available. Unless a victim keeps a log, harassment on IRC leaves very little evidence whereas harassing e-mail messages are enduring and can be used to track down the sender.

Additionally, investigators can learn a great deal about offenders’ needs and choices by carefully examining their words, actions, and reactions. Increases and decreases in intensity in reaction to unexpected occurrences are particularly revealing. For example, when a cyberstalker’s primary mode of contact with a victim is blocked the cyberstalker might be discouraged, unperturbed, or aggravated. How the cyberstalkers choose to react to setbacks indicates how determined they are to harass a specific victim and what they hope to achieve through the harassment. Also, a cyberstalker’s intelligence, skill level, and identity can be revealed when he modifies his behaviour and use of technology to overcome obstacles.

Motivation

There have been a number of attempts to categorize stalking behavior and develop specialized typologies (Meloy 1998). However, these typologies were not developed with investigations in mind and are primarily used by clinicians to diagnose mental illnesses and administer appropriate treatments.

When investigating cyberstalking, the motivational typologies can be used as a sounding board to gain a greater understanding of stalkers’ motivations. Also, as described earlier in this chapter, some stalkers pick their victims opportunistically and get satisfaction by intimidating them, fitting into the power assertive typology.

Other stalkers are driven by a need to retaliate against their victims for perceived wrongs, exhibiting many of the behaviours described in the anger retaliatory typology. For instance, Dellapenta, the Californian cyberstalker who went to great lengths to terrify Randi Barber, stated that he has an “inner rage” directed at Barber that he could not control. Dellapenta’s behavior confirms this statement, indicating that he was retaliating against Barber for a perceived wrong. His messages were degrading and were designed to bring harm to Barber. Furthermore, Dellapenta tried to arrange for other people to harm Barber, indicating that he did feel the need to hurt her himself. Although it is possible that Dellapenta felt some desire to assert power over Barber, his behavior indicates that he was primarily driven by a desire to bring harm to her.

Summary

Cyberstalking is not different from regular stalking – the Internet is just another tool that facilitates the act of stalking. In fact, many cyberstalkers also use the telephone and their physical presence to achieve their goals. Stalkers use the Internet to acquire victims, gather information, monitor victims, hide their identities, and avoid capture. Although cyberstalkers can become quite adept at using the Internet, investigators with a solid understanding of the Internet and a strong investigative methodology will usually be able to discover the identity of a cyberstalker.

With regard to a strong investigative methodology, investigators should get into the habit of following the steps described in the chapter (interviewing victims, developing victimology, searching for additional evidence, analysing crime scenes, and understanding motivation).

The type of digital evidence that is available in a cyberstalking case depends on the technologies that the stalker uses. However, a cyberstalker’s personal computer usually contains most of the digital evidence, including messages sent to the victim, information gathered about the victim, and even information about other victims.

It is difficult to make accurate generalizations about cyberstalkers because a wide variety of circumstances can lead to cyberstalking. A love interest turned sour can result in obsessive and retaliatory behaviour. An individual’s desire for power can drive him to select and harass vulnerable victims opportunistically. The list goes on, and any attempt to generalize or categorize necessarily excludes some of the complexity and nuances of the problem. Therefore, investigators who hope to address this problem thoroughly should be wary of generalisations and categorizations, only using them to understand available evidence further.

Unfortunately, many businesses fail to take advantage of encryption technology, fearing that it’s ‘too complex’ and ‘difficult to use’ on a routine basis. In reality, encrypting vital data isn’t much more difficult than running a virus scanner or a data-backup program. Here’s how to get started.

The Basics

There are two basic ways to encrypt data. One approach is to use asymmetric PKI (public-key infrastructure) encryption. PKI cryptography is based on a pair of cryptographic keys: One is private and known only to the user, while the other is public and known to the opposite party in any exchange.

PKI technology provides privacy and confidentiality, access control, proof of document transmission, and document archiving and retrieval support. While most security vendors currently incorporate some type of PKI technology into their software, differences in design and implementation prevent interoperability between products.

The other method of encrypting data is symmetric key protection, also known as “secret-key” encryption. Generally speedier yet less secure than PKI, symmetric encryption uses the same key to both encrypt and decrypt messages. Symmetric technology works best when key distribution is restricted to a limited number of trusted individuals. Since symmetric encryption can be fairly easy to break, it’s primarily used for safeguarding relatively unimportant information or material that only has to be protected for a short period of time.

Applying Encryption

The easiest way to use encryption is to purchase a business application or a hardware product that incorporates some form of encryption technology. Microsoft’s Outlook or Outlook Express email client, for example, provides built-in encryption support. Meanwhile, vendors such as Seagate Technology LLC and Hitachi Ltd. have started incorporating encryption technology into their hard drives.

Since most software applications and hardware products don’t include any type of internal encryption technology, business owners and managers need to look for stand-alone encryption products. This can be a confusing process, one that’s best approached by first determining the business’s precise security requirements, then finding an encryption product that fits each need.

Microsoft Vista Enterprise and Ultimate users can take advantage of BitLocker Drive Encryption, a full disk tool that offers powerful 1024-bit encryption. Another Windows offering is EFS (Encrypting File System), which uses symmetrical PKI technology to provide file encryption.

Beyond Microsoft, leading encryption vendors and products include PGP, free – open-source TrueCrypt, DESlock+, Namo FileLock and T3 Basic Security.

What to Encypt

So how do you know what to encrypt? Here are some places to start:

• Hard Drives: A business may choose to encrypt entire hard drives as a way to reduce or eliminate data theft.
• Individual Files: In cases where full disk encryption is overkill, file-by-file encryption provides added security on an “as-needed” basis. Many leading encryption products offer drag-and-drop encryption capabilities.
• Laptops: Unlike office systems, laptops are easy to lose and are prone to casual theft. By ensuring that the system’s data content is unreadable, a business can limit its loss to the cost of the laptop. A growing number of government regulators and insurance companies are demanding that businesses encrypt any data that leaves their premises and over 5000 Laptops were left in the back of a taxi cab last year.
• Removable Media: Memory sticks, thumb drives and similar portable storage technologies provide portability, convenience, and an opportunity for data loss and theft. As with laptops, encryption limits a business’s loss to the cost of the device itself. A growing number of removable-media devices come with built-in encryption support.
• File Transfers: Sending files over unsecured wired or wireless links can expose sensitive information to data thieves. Encryption provides an additional layer of security, even when a secured network is used.
• Email: Encrypted email is kept secure during the transmission process and while sitting in its recipient’s mailbox.
• IM (Instant Messaging): A growing number of businesses are using IM to swap confidential business information. Encryption helps secure these critical transmissions.

Encryption’s Limitations

Like any technology, encryption software isn’t perfect. Even the best products consume both processor speed and storage space. Users can also lose or forget passwords, thereby potentially locking systems forever.

Before purchasing any encryption tool, carefully research the product. Make sure that the offering addresses your company’s needs, is compatible with your systems and has a good track record concerning reliability and support. If possible, check with your friends and colleagues for their opinions on various encryption tools.

Lastly, if you do use any of the products available for encryption, including Windows EFS, please remember to backup and store your public and private keys. If not, you will probably lose your data.

There is another form of software which may be termed as “Trackware”, -because they track, store and analyse your browsing patterns thereby compromising your privacy on the World Wide Web. They are probably less malicious, but unwanted at the same time. It includes Spyware, Web bugs, tracking cookies, and “forced” adware.

Quick Definitions

Following is some basic information about some of the main Malware types:

Spyware

Spyware is defined loosely as any program that secretly gathers information about you and or your computer use through your Internet connection. Typically, a Spyware program gathers information about you by monitoring your computing activities and then transmits it across the Internet to a central server for onward distribution to interested parties for advertising purposes. These programs can also download files, run other programs in the background, and change your system settings.

In addition to violating your privacy and potentially damaging your system, Spyware can slow your computer down by stealing processing time from the CPU. Even though the name may indicate so, Spyware is not an illegal type of software in any way as yet. However there are certain issues that a privacy oriented user may object to and therefore prefer not to use the product.

Another potential problem is that many are poorly written, may contain programming bugs and errors and can cause problems with the normal operation of your computer. One of the causes of your web browser hanging and crashing frequently with those “General Protection Faults” may be due to one of those badly written Spyware programs interfering with its normal operation.

What is spyware?

Spyware is ANY SOFTWARE which employs a user’s Internet connection in the background (the so-called “Backchannel”) without their knowledge or explicit permission.

Silent background use of an Internet “backchannel” connection MUST BE PRECEDED by a complete and truthful disclosure of proposed backchannel usage, followed by the receipt of explicit, informed, consent for such use.

ANY SOFTWARE communicating across the Internet absent these elements is guilty of information theft and is properly and rightfully termed: Spyware.

http://grc.com/optout.htm

There are also PC surveillance utilities like key loggers, email and chat loggers, which monitor all activity on a computer. Though designed for businesses, parents and similar environments they can be easily abused if they are installed on your computer without your knowledge.

Adware

Adware is usually a freeware displaying advertising banners within the program interface. The developer creates revenue by selling advertising space in the software product, instead of you having to pay for it. Occasionally, some Adware will also act as spyware which includes information gathering code to send non-sensitive information back to third parties. Some people think that Adware are same as spyware, but Adware isn’t necessarily spyware. While legitimate adware companies will disclose the nature of data that is collected and transmitted in their privacy statement, there is almost no way for the user to actually control what data is being sent. In addition to privacy concerns, frequent downloading of advertisement banners and other ads while the user is browsing can slow down the system immensely and for users paying for dial up services by time used, ad-loading and hidden communications with servers can be very costly.

Most of the time, if you prefer a “non advertised” product, you have the option to purchase a version that does not display any banners.

Trojans

A program that comes in secretly and quietly, but it carries a destructive payload. Once you become infected by the worm or virus that that Trojan carries into your computer, it can be very difficult to repair the damage. Trojans often carry programs that allow someone else to have total and complete access to your computer. Trojans usually come attached to another file, such as an .avi, or .exe, or even a .jpg. Many people do not see full file extensions, so what may appear as games.zip in reality could be games.zip.exe. Once the person opens up this file, the Trojan goes to work, many times destroying the computer’s functionability. Scary, eh? You can read more about this here, on our Trojans, Viruses, and Worms reference page. Your best line of defence is to NEVER accept files from someone you don’t know, and if you have any doubts, then do NOT open the file. Get and use a virus detection program, such as Inoculate and keep it updated regularly.

www.ircbeginner.com/ircinfo/ircglossary.html

Viruses

A piece of programming code usually disguised as something else that causes some unexpected and, for the victim, usually undesirable event and which is often designed so that it is automatically spread to other computer users. Viruses can be transmitted by sending them as attachments to an e-mail note, by downloading infected programming from other sites, or be present on a diskette or CD. The best protection against a virus is to know the origin of each program or file you load into your computer or open from your e-mail program.

www.gslis.utexas.edu/~vlibrary/glossary/

Browser Hijackers

Browser Hijacking is caused by malicious code which can alter your browser settings without your knowledge. Browser Hijackers are extremely common.

Here’s a list of the typical effects a Browser Hijacker can have on your system:

• Altering the Homepage, Search Page of your browser
• Changing various options in your Internet settings
• Blocking access to certain functions (parts or all of the internet options screen, registry editor etc)
• Changing to reset (iereset.inf) file to prevent user being able to reset web settings within the internet explorer options screen
• Automatically add sites to your trusted zone
• Hijack of URL prefixes, therefore if you enter a site in your browser without a prefix (ie google.com), internet explorer automatically appends http:// to the address
• This function can be abused to redirect you to any site if you omit the prefix
• Altering your winsock list of providers used to resolve domain names
• Adding a proxy server so all your traffic could be intercepted
• Altering your user stylesheet (normally used for visually impaired users), thereby changing the way websites appear

http://www.adoko.com/hijackers.html

Rootkit

A root kit is a set of tools used by an intruder after cracking a computer system. These tools can help the attacker maintain his or her access to the system and use it for malicious purposes. An attacker enters the victims computer through a security loop hole, like a weak password or a missing patch and then installs his favorite collection of tools which will provide him backdoor(s) to remotely access the cracked system and also mask the fact that the system is compromised.

Though not very prevalent currently other than an open source NT rootkit called Hacker Defender, some malware programs are reportedly using rootkit like mechanisms to hide in the bowels of Windows to evade detection and removal.

The name of the malware category rootkits comes from the Unix-based operating systems’ most powerful account — the “root” — which has capabilities similar to the built-in Administrator account in Windows.

Years ago, an attacker who compromised a computer would gain root privileges and install his collection of applications and utilities, known as a “kit,” on the compromised system. The rootkit provided the attacker with capabilities like ongoing remote access to the compromised system, an FTP daemon for hosting pirated software or an IRC daemon for hosting illicit chat channels shared by the attacker with his cohorts.

Typically, rootkits do not exploit operating system flaws, but rather their extensibility. Windows, for example, is modular, flexible and designed as an easy platform upon which to build powerful applications. Rootkits created for Windows take advantage of these same features by extending and altering the operating system with their own suite of useful behaviors — useful, that is, to the attacker. What is a rootkit?

Article: Rootkits – Invisible Assault on Windows: http://www.pcworld.com/news/article/0,aid,120658,00.asp

Web bug or Web beacons

Also called a Web bug or a pixel tag or a clear GIF. Used in combination with cookies, a Web beacon is an often-transparent graphic image, usually no larger than 1 pixel x 1 pixel, that is placed on a Web site or in an e-mail that is used to monitor the behavior of the user visiting the Web site or sending the e-mail. When the HTML code for the Web beacon points to a site to retrieve the image, at the same time it can pass along information such as the IP address of the computer that retrieved the image, the time the Web beacon was viewed and for how long, the type of browser that retrieved the image and previously set cookie values.

Web beacons are typically used by a third-party to monitor the activity of a site. A Web beacon can be detected by viewing the source code of a Web page and looking for any IMG tags that load from a different server than the rest of the site. Turning off the browser’s cookies will prevent Web beacons from tracking the user’s activity. The Web beacon will still account for an anonymous visit, but the user’s unique information will not be recorded.

http://www.webopedia.com/TERM/W/Web_beacon.html

Keyloggers

A Keylogger (KeyLogger, Key Logger, or Keystroke Logger) is a program that runs in the background, recording all the keystrokes. Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker. The attacker then peruses them carefully in the hopes of either finding passwords, or possibly other useful information that could be used to compromise the system or be used in a social engineering attack. For example, a key logger will reveal the contents of all e-mail composed by the user.

A freeware program to detect Keyloggers running in your system is KL-Detector: detect keylogging activity on your computer!. It can detect keyloggers, but you should remove them by yourself.

Malicious Dialers

Once installed, they can be extremely difficult to remove. The dialler will configure your settings to route you from your chosen ISP to a network specified by the dialler’s programming. The alarming part of this is that you could be charged any amount per minute that the dialler’s distributor has selected, from pennies to hundreds of dollars. Most often the only indication that you might have a dialler on your system is when you receive your phone bill.

What is frightening here is that you do not need to download these programs yourself. A site might attempt to hide the installation by swamping your connection with popup ads so you do not notice the program attempting to install. If you do not have the appropriate security settings for your browser, these programs can and do install without any notice and do not require that you click to agree. A common method is to force a silent install and have wording in the application’s EULA (End User License Agreement) that states that you agree to the charges if the software is installed. The dialer is installed, you connect to the net, and you are billed, regardless of whether or not you agreed to, or even knew that it was being installed.

When the charges on your phone bill finally arrive and you protest them, the dialer companies might make it extremely difficult for you to obtain credit for the charges. You might even be asked to send them a copy of your birth certificate or other personal information. Do not send any personal information!

Tracking cookies

Any cookie that is shared among two or more unrelated sites for the purpose of tracking a user’s browsing and/or gathering and/or sharing information which many users regard as “private”. Definitions of “private” may differ. Some consider any code “private” if it uniquely identifies a user, even if it is not their name or email address. A typical tracking cookie might look like this: “1www.somedomainname.com/ 0 2719785088 29508922 2980377808 29496852 * ” The encoded info in this cookie includes a unique UserID assigned by a web server; the cookie can be used to track a user as they visit other sites that accept this cookie.

These are the more common varieties of malware prevalent in the web at present today.

Identity theft has been a big hit with the purveyors of fear in recent years. We all now live in terror of waking up one morning and finding that someone has stolen our identity, and we can’t even remember who we are.

Well, maybe not. But identity theft is a real problem. If someone manages to construct a copy of your identity, you don’t stop being you, you just stop being the owner of all of your money (unless you can persuade your bank it’s their fault). You might get back from vacation to find that your house has been stolen…

Identity is closely tied to the concept of reputation. We are now trying to apply ideas from villages of a few hundred people to a global scale and (not surprisingly) finding that they don’t quite work.

In a small community, everyone knows—or knows of—everyone else. Reputations are very important. If you want to borrow something from a neighbour, or ask them for a favour, then you will have some idea of how much you trust them.

When banks started, they would use this sort of model. They would be willing to lend you money based on letters of recommendation from people they trusted, or based on their prior dealings.

Now banks have grown so big that they use a much less personal system, but still deal in the idea of reputations.

The Social Security Scam

Some time ago, the UK and the U.S. governments introduced the concept of a Social Security number (SSN). This was a unique identifier assigned to every taxpaying citizen, allowing their tax records to be connected together.

Having a unique identifier for people was useful to a lot of institutions. It’s pretty hard to know whether you can trust John Smith, but it’s much easier to find out information about a specific John Smith.

The problem began when people started regarding knowing someone’s Social Security number as proof (or, at least, strong evidence) that you were that person.

This attitude isn’t limited to SSNs, by the way. One of my banks has an ultra-secure login where, in addition to my password, they also require that I tell them the following information:

• My mother’s maiden name
• My house number
• My date of birth

All these responses are public knowledge and can be looked up by anyone who wanted to find them out.

The most surreal experience I’ve had with a bank was one based in the United States. I phoned them to try to set up Internet banking. The conversation went something like this:

Me: Hi, I’d like to know my password for Internet banking, please.

Them: Certainly. We just need to confirm your identity. Can you tell me the size of the last transaction in your account, please?

Me: No, I want to log into Internet banking to look that up.

Them: Oh, we can tell you that over the phone.

Me: Okay…

Them: £n

Me: Thanks. The answer to your question is £n.

Them: Oh, I can’t ask you things I’ve just told you as a security question.

Me: Well, that’s sensible.

Them: Let me transfer you to someone who can.

Me: !

The next person I talked to asked me for the number that the first representative had given me, and was then happy to pass on my Internet banking password.

The illusion of security seems very popular with banks at the moment.

Reputation versus Identity

Part of the problem with this system is that it associates your reputation with your identity. If you are going to buy a house and are looking for a mortgage, then it is not unreasonable for a potential lender to want to know about the house you are thinking of buying, your current income, earning potential, outstanding debts, and so on.

If, on the other hand, you are looking to take out a credit card with a £1,000 credit limit, the only thing they need to know is whether you can service a debt of £1,000.

Either do you have £1,000 in liquid assets, or do you have enough disposable income to service interest payments at the horrendous rates that credit card companies charge?

Unfortunately, the way the system is set up at the moment, there is no fine-grained control. Someone who uses a £1,000 credit card application to steal your identity gets enough to take out a £500,000 mortgage backed by your reputation.

A bigger problem is what to do after your identity has been stolen. Fingerprint locks are pretty cheap now, but most people still prefer to use pass codes. The reason is, if someone steals a pass code, you can change it.

If someone steals a copy of your fingerprint, it’s very difficult to grow a new finger. The current situation with identities is similar to the fingerprint lock. So much of the information associated with your virtual identity is tied to the real you that building a new one that the thief does not have access to is very hard.

Multiple Personalities

One solution to this problem would be to have multiple virtual identities. This is already quite common outside of financial circles.

I have an account on Slashdot, for example, where I post under a pseudonym. Someone who cared enough could probably link that virtual identity to me fairly easily, but most of the time it can be treated as a separate persona. It has an independent reputation, based on Slashdot’s karma system.

Since I post more informative comments than troll posts (or, at least, most of my attempts at trolling go unnoticed), that persona has a good reputation. That reputation, however, is in no way related to the reputation I have as a result of writings published in other places.

The idea of multiple personalities would make sense for financial markets, too. Going back to the earlier example, if I wanted to apply for a credit card, then I would not have to use my real identity to do so. I could create a new identity and have my real identity guarantee it up to a certain limit that would be sensible for the credit application.

From the credit card company’s perspective, the identity would have a fixed income of some proportion of my income and a fixed capital of some proportion of my capital. They would be isolated from my real identity and only see the subset of my assets that were required to construct an identity that was a safe risk for lending money to.

This kind of game isn’t particularly new. Corporations do it all the time. They set up shell companies, spin-offs, or joint ventures for a variety of purposes. Some have to do with combining resources from different companies; some have to do with shielding the parent organization from liability.

Both of these would be useful for individuals. Couples sharing a house, for example, might want to create a phantom shared identity rather than having individual responsibility for various payments. Limiting liability is the more important one, however.

The concept of limited liability has to do with limiting the amount of money you can lose. In simple terms, if a limited liability company goes bust, the investors don’t lose any money beyond that which they had invested already. Banks know this, and will not take the investors’ assets into account when assessing the risk involved with lending the limited company money.

Putting this in terms of identity theft, someone who could pose as the limited company would be able to do only a small amount of damage to the investors.

This kind of structure would be ideal for limiting the effects of identity theft. When applying for small loans, you could create a limited liability identity, and an identity thief who took it would not gain any more than a thief who took a credit card.

Fluidity of Identity

The Internet has shown time and time again that reputations are important, but don’t have to be tied to specific real individuals. The entire banking system is built on top of the idea of reputation, but tries hard to tie them to real identities.

The problem of identity theft is likely to break this connection. We will see a greater disconnect between individuals and their reputations.

Corporations already do this with different branding for different market segments, and it’s only a matter of time before the facilities become more widely available.

The designers of the Secure Internet Live Chat (SILC) protocol realized this some years ago. SILC does not provide a mechanism for tying an online personality to a real person (although you can do this out of band).

Instead, it provides something more valuable; a way of telling whether a particular online identity corresponds to the same person today as it did yesterday. This is valuable in an online chat setting, because the only contact you are likely to have with a particular person in an Internet chat room is via that chat room. The reputation is based entirely on their behaviour in that context.

The same is true in many other contexts; the behaviour of individuals in a specific context is important and their actions in others are misleading. My advise; Protect yourself at all costs and be careful who you pass over your information to. Remember that Governments and legal bodies keep losing your data, either because they are careless, don’t have proper facilities in place to safeguard your data, or they just don’t care.

What do you think is the Future of Identity?

The IT security world has now enriched its vocabulary with such notions as spyware, adware, phishing, zombie PCs, spam robots, etc. Thus software protection from all that malware has appeared. Some developers offer specialized utilities, others supply whole packages of applications for deleting various malicious modules. These programs could be efficient, and thoroughly “clean” the system, if they could prevent zero-day threats from entering the PC.

Recently the amount of Internet threats to users’ PCs has risen disastrously. Last October, as a result of research lead under America Online and National Cyber Security Alliance initiatives, traces of spyware activity were found in more than 80% of users’ computers. The subject is relevant, so it’s time to talk about spyware, why users’ PCs are vulnerable and how to protect your computer from spyware attacks.

What is spyware?

Spyware is a general term used for software that traces user activity on the PC and collects personal info or confidential data without user consent. Spyware can register the websites you visit, the time of visits, all clicks on the keyboard (this is how credit card numbers and pin-codes are often stolen) or monitor and register secretly for software that is in turn installed on a PC.

The most dangerous spyware one which self replicates via e-mail, and installs itself without your consent using software bugs. Software intercepting e-mails and instant messages can collect and transmit confidential information to Internet, and are also dangerous and valid security concerns. Some software may also change parameters of installed security software without your consent. All this makes your computer vulnerable to spyware attacks. Depending on the type of spyware, some programs may warn the developer about users running applications on their PCs, while others are able to make holes for intrusion into the system, or set the modem to make calls, which the PC owner will eventually be billed for. Recently, some shareware programs have been referred to as spyware, such programs extract files from your computer without your consent. One of the most dangerous features of spyware is the ability to transmit collected information to the developer’s PC.

Spyware can enter your PC in a number of different ways. The most common is via e-mail or a Web browser. Also such software may be integrated into “useful” software and downloaded at the moment of “useful” program start-up. Generally such programs are integrated into popular free software, which are downloaded from the Internet, or distributed on CDs attached to magazines.

Why spyware is dangerous?

Spyware doesn’t have much influence on the way your PC runs. Usually, it doesn’t contain viruses, however it can consume a huge amount of system resources. Spyware brings lots of damage in the sense of data confidentiality. Spyware programs register every user step, both inside the system and in the Internet. All information is delivered to the malefactor who collects data in his, not your, interest!

How do I protect my PC from spyware?

Most spyware programs are integrated into freeware that you have to install on your computer, but some are automatically downloaded when you enter a Web site. If a message pops-up on your screen proposing you install a program providing access to Web site content, don’t hurry to press “OK” without checking the software. If there is no need to install some special software to view the Web site, it’s better to refuse downloading extra software.

On some Web sites you can find lists of programs containing harmful spy modules. Looking through these lists can help you learn if such programs have been installed on your computer. Sometimes PC system behavior such as slow typing, periodical alarms of installed firewalls, registration queries to unknown Web sites, system and network efficiency reduction and suspicious file discovery may indicate that spyware is inside. The best way to protect your computer from spyware is to install specialized anti-spy software.

Security Tools

A firewall is considered to be the most popular tool to protect a computer from spyware. Firewalls are integrated into operating systems (OS) and permanently examine incoming and outgoing addresses to computer network ports. They analyse data packages coming to Internet ports and mail ports according to the type of request and the addressee. Most firewalls allow or deny some types of addresses, but this is a weak point because spyware may be integrated inside many packages or disguised as a Web browser. This type of spyware cannot be detected by a firewall, and gets inside the PC to start its malicious activity. Also, firewalls are usually resource-consuming, so the price for relative security is
your PC running much slower.

The problem of firewall relative protection is successfully solved by proactive security systems. Such systems analyze all application activity on the PC for its potential maliciousness, according to predefined rules of malicious or non-dangerous behaviour. In case of a real threat, proactive systems block dangerous programs before any damage to the OS is done.

An anti-spyware solutions called Safe’n’Sec+Anti-Spyware, is a special solution consisting of Safe’n’Sec behavior analyzer — which blocks previously unknown spyware (new modifications) — and the Anti-Spyware module, which detects already known spyware with the help of extended anti-spyware signature databases. This Anti-Spyware module has the option to delete malware from the user’s PC. The solution is absolutely compatible with any traditional security software installed on your computer. Anti-Spyware solutions efficiently protect your confidential data from unauthorized access, whether you work in the system or just browse the Internet.