Well, don’t be too caught up in your Twitter postings that you forget your safety. Remember that the Internet is still a prime target market for sexual predators, stalkers, fraudsters, scammers, hackers and people who want to do others harm. You might need these Twitter safety tips more than you realise, especially if you have just started to use twitter.

Just the other day, I chanced upon this TV interview of a young, popular actress who pointed out that someone has set up an account on Twitter, pretending to be her which leads me to…

Twitter Safety Tip # 1:  Don’t believe everything you read

Have we not learned from the past? The Internet, while not harmful by itself, is still a haven for individuals and groups that are up to no good.

After all, who can say that a 50-year-old pervert isn’t a cute, 15-year-old student from London when he sounds just like a 15-year old student from London? And that picture of him in that blue shirt just backs it up, right?

If you are inclined to believe this, then you need this Twitter safety tip more than anyone else. People who want to befriend you can easily make up lies on Twitter. Don’t think for a second that they wouldn’t take the time and effort to prattle away about their non-existent boring Algebra classes and upcoming winter dance if it meant making themselves more convincing.

Be aware that there are many fake profiles on twitter. Learn how to spot them. Firstly, you’ll notice that they have not posted much, and with links being shortened, its hard to see if your being sent to a real site or a dodgy site where you will be prone to a clickjacking attack/scam. Other things too look out for are the following and followers. Usually you can tell by looking if this is a real person or a fake. Also keep away from people sending tweets from API. Scammers/Spammers also follow each other, and may converse between themselves to make it look like they have actual friends. Be wary. A quick example of clickjacking. Click this link (its safe), but its shows you how an easy link can be spoofed.

The most common looking fake profile with low followers

Automated tweets from the Twitter API - Block these people

If you want to follow a celebrity, I suggest you look for the new Twitter Verified Account tag that’s added at the top right of a profile, and check out Valebrity for a huge list of validated celebs.

An official Verified Account

Last bits on this subject, there are lots of automated scripts out there that create fake profiles, bots that create fake posts and user accounts. So if you are unsure that this is a real person, do some investigating and look at their followers and see if any of them has ever had a proper conversation with this possible ‘fake’. If in doubt, don’t follow them back and block them.

A typical fake Profile. Notice there's no conversation, and low followers

Also beware of tweets and websites that claim Get 160,000 followers in a month, or words like that. Firstly, they don’t work, and secondly they are probably a scam.

Why? Well, once you click a link, you are directed to a website where you enter your Twitter login details. Now the scammers/spamers can send tweets from your account. Also, they may flood Twitter with thousands of messages. Twitter hates this and it will get your account locked and possibly deleted. If this happens and you still have access to your account, change your password immediately.

When visiting any website that is not directly affiliated or endorsed by twitter, be very careful when submitting your account details. You never know who owns the website or what they are using it for, so do some research first. Check the whois information for the site (this can also be faked), search twitter to see if other people are using the site (or even an app) and see if they seem to be sending spam tweets. If all is clear, then they are probably OK.

Never pay for a service that links to Twitter.

Twitter Safety Tip # 2: Don’t give out your location

I know that micro blogging is fun. There’s just something addicting about being able to post what you’re doing or what you’re feeling at this exact moment… and having hundreds, possibly thousands of followers seeing it.

If you have added people in Twitter who are not really your friends, then all the more reason to be careful. If you, for example, tweets that you’re stuck in the Starbucks near your home late at night, anyone could just take advantage of that information. Its only a matter of time until you turn on the TV and hear that someone is being stalked or has been attacked or murdered because they twitted their exact location, so be warned.

Lastly on this location tip. Be careful if you are using an iPhone and turn on the Location Option. It looks like this in a persons profile: 37.739705,-122.430799 and gives you the longitude and latitude of a persons iPhone. This can be used to track you. So turn this feature off.  In a test, I activated this feature on an iPhone with Twitterrific. With a laptop and mobile phone enabled with GPS Software I travelled miles away from home, where I left the iPhone switched on. I activated the Laptop and GPS, loaded my Twitter page and got the coordinates. I entered them into the GPS system and navigated the route to 20 meters from my doorstep. Anyone could do this with just a laptop and GPS Enabled phone. You can also go to Google Maps and copy and paste the longitude and latitude, this will also give the location. And with Street View, you can probably see where that person lives.

Twitter Safety Tip # 3: Don’t attract too much attention to yourself

Twittering that you have just received a gold bracelet from your boyfriend can also attract the wrong sort of followers to your account. Trust should not be so freely given on the Internet.

You might want to show it off on Twitter via TwitPic or some other image provider or host, but think about the possible risks. It might tempt others into doing something both you, and they, will regret.

As much fun as Twitter is, set a limit on how much private information you’re really broadcasting to the world. Many of you may be thinking, ‘yeah, whateverrrr’, or ‘yeah OK, this will never happen to me’. But never forego you’re safety,  and never let your guard down on the Internet. If you do, you’re a fool!

More protection…

When using twitter, I’d suggest using a 3rd party application like TweetDeck (which is my favorite twitter app) or CoTweet (which is my second fave). The reason for using a 3rd party application is that it uses Twitters API (Application programming interface) and you are less likely to get a trojan or virus from clicking on a users infected profile. Yes! You can also get a Trojan or Virus from using Twitter. A while back, Twitter was plagued by the ‘Mikeyy Worm‘ that infected you if you clicked on a profile that had been compromised by the Mikeyy worm. Incidentaly, the Mikeyy worm was actually written by Michael Mooney, a 17 year old kid and it crippled millions of Twitter accounts.

You can keep track of attacks on twitter here. And if you would like to report suspicious activity, a spammer or something that doesn’t look right, follow twitters Spam Team and then send them a tweet with your problem: http://twitter.com/spam and they should help. Also, if you have any real issues and you need support from Twitter, visit their ticketing system.

Twitter is not perfect and is riddled with security holes, and more are being discovered or exploited daily. For a platform that’s almost over 3 years old, the boffins at Twitter really should plug these holes, tighten up security and keep people safer. Don’t let this spoil your twitting experience though. As long as you keep safe whilst on twitter, and learn how to spot the fake profiles, you’ll have a great time.

If you have any Twitter tips you would like to share with us, please comment below and at some point I will include these in a list, and credit you.

Lastly, check out Sharon Hays’ Blog for tons of Twitter information. She’s a pure Twitter professional, lovely person and her blog will help you get used to Twitter if you are new. Also, checkout Twitter 101 for some excellent information.

Recent Twitter Bots/Scammers

I will update this section of this post as new scams, bots and strategies change, so keep popping back for updats…

You will notice that they are now having conversations. But with other bots and they use rubbish English like ‘Howz U doin‘,  ‘I did dat last wk‘ and so on. If you click on the people they are following, you will notice the same bad grammar and spellings. Some of these new spammers are also now mimicking or pretending to be up and coming actors/actresses and celebs.

3rd Party Application Spam

I’ve noticed that spammers are now creating profiles and posting tweets via TweetDeck and CoTweet as well as TwitterFeed. Again, there is no real conversation and the posts are riddled with useless links and random tweets. You may also notice that the spammers and bots are now using lists to make them look like normal people. Be wary.

New fake profile using TweetDeck and using Lists

True Twit

This is not a danger, but I wanted to update you with this cool utility. If you are plagued by Twitter spam (or Twam) and you have had enough, you can try True Twit. True Twit has been around a while now and what it does is to verify anyone following you. So, if for example, I follow you, I’m sent a DM to click a link to verify that I am in fact a cool human being and wants to follow you because I think your cool. I don’t have to enter any of my Twitter details either.

True Twit - Helping stop Twitter Spam

True Twit also has a few neat options behind the scenes, where you can send a verification note to anyone on your list to whom you think may is a spammer or may have a fake profile, they are then sent a DM to verify themselves. The message that is sent is customisable, or you can use the default message. You can also unfollow people too. Signup today and help stop the spam.

http://www.truetwit.com.

Stay tuned for more info…

One of the most prominent features of stalking behaviour is fixation on victims. Their obsession can drive stalkers to extremes that make this type of investigation challenging and potentially dangerous. Although stalkers who use the Internet to target victims may attempt to conceal their identities, their obsession with a victim often causes them to expose themselves. For instance, they may say things that reveal their relationship with or knowledge of the victim, or they may take risks that enable investigators to locate and identify them. However, even when stalkers have been identified, attempts to discourage them can have the opposite effect, potentially angering them and putting victims at greater risk.

In 1990, after five women were murdered by stalkers, California became the first state in the US to enact a law to deal with this specific problem. Then, in 1998, California explicitly included electronic communications in their anti-stalking law. The relevant sections of the California Penal Code have strongly influenced all subsequent anti-stalking laws in the US, clearly defining stalking and related terms.

Any person who willfully, maliciously, and repeatedly follows or harasses another person and who makes a credible threat with the intent to place that person in reasonable fear of death or great bodily injury is guilty of the crime of stalking … “harasses” means a knowing and willful course of conduct directed at a specific person that seriously alarms, annoys, torments, or terrorizes the person, and that serves no legitimate purpose. This course of conduct must be such as would cause a reasonable person to suffer substantial emotional distress, and must actually cause substantial emotional distress to the person.

… “course of conduct” means a pattern of conduct composed of a series of acts over a period of time, however short, evidencing a continuity of purpose … “credible threat” means a verbal or written threat, including that performed through the use of an electronic communication device, or a threat implied by a pattern of conduct or a combination of verbal, written, or electronically communicated statements and conduct made with the intent to place the person that is the target of the threat in reasonable fear for his or her safety or the safety of his or her family and made with the apparent ability to carry out the threat so as to cause the person who is the target of the threat to reasonably fear for his or her safety or the safety of his or her family. It is not necessary to prove that the defendant had the intent to actually carry out the threat… “electronic communication device” includes, but is not limited to, telephones, cellular phones, computers, video recorders, fax machines, or pagers.” [California Penal Code 646.9]

The equivalent law in the United Kingdom is the Protection from Harassment Act 1997 (Chapter 40).

Note that persistence is one of the operative concepts when dealing with stalking. A single upsetting e-mail message is not considered harassment because it is not a pattern of behavior. Remember that anti-stalking laws were enacted to protect individuals against persistent terrorism and physical danger, not against annoyance or vague threats.

The distinction between annoyance and harassment is not easily defined. It is usually enough to demonstrate that the victim suffered substantial emotional distress. However, there is always the argument that the victim overreacted to the situation. If a victim is not found to be a “reasonable person” as described in the law, a court might hold that no harassment took place. Therefore, when investigating a stalking case, it is important to gather as much evidence as possible to demonstrate that persistent harassment took place and that the victim reacted to the credible threat in a reasonable manner.

The explicit inclusion of electronic communication devices in California’s anti-stalking law is a clear acknowledgement of the fact that stalkers are making increasing use of new technology to further their ends. In addition to using voice mail, fax machines, cellular phones, and pagers, stalkers use computer networks to harass their victims. The term cyberstalking refers to stalking that involves the Internet. This chapter briefly describes how cyberstalkers operate, what motivates them, and what investigators can do to apprehend them.

How Cyberstalkers Operate

Cyberstalking works in much the same way as stalking in the physical world. In fact, many offenders combine their online activities with more traditional forms of stalking and harassment such as telephoning the victim and going to the victim’s home. Some cyberstalkers obtain victims over the Internet and others put personal information about their victims online, encouraging others to contact the victim, or even harm them.

CASE EXAMPLE (ASSOCIATED PRESS 1997):

Cynthia Armistead-Smathers of Atlanta believes she became a target during an e-mail discussion of advertising in June, 1996. First she received nasty e-mails from the account of Richard Hillyard of Norcross, GA. Then she began receiving messages sent through an “anonymous remailer,” an online service that masks the sender’s identity.

After Hillyard’s Internet service provider cancelled his account, Ms Armistead-Smathers began getting messages from the Centres for Disease Control and Prevention in Atlanta, where he worked. Then she got thousands of messages from men who had seen a posting of a nude woman, listing her e-mail address and offering sex during the Atlanta Olympics.

But police said there was little they could do – until she got an anonymous message from someone saying he had followed Ms Armistead-Smathers and her 5-year-old daughter from their post office box to her home.

People say “It’s online. Who cares? It isn’t real. Well this is real,” Ms Armistead-Smathers said. “It’s a matter of the same kind of small-minded bullies who maybe wouldn’t have done things in real life, but they have the power of anonymity from behind a keyboard, where they think no one will find them.”

In general, stalkers want to exert power over their victims in some way, primarily through fear. The crux of a stalker’s power is information about and knowledge of the victim. A stalker’s ability to frighten and control a victim increases with the amount of information that he can gather about the victim. Stalkers use information like telephone numbers, addresses, and personal preferences to impinge upon their victims’ lives. Also, over time cyberstalkers can learn what sorts of things upset their victims and can use this knowledge to harass the victims further.

Since they depend heavily on information, it is no surprise that stalkers have taken to the Internet. After all, the Internet contains a vast amount of personal information about people and makes it relatively easy to search for specific items. As well as containing people’s addresses and phone numbers, the Internet records many of our actions, choices, interests, and desires. Databases containing social security numbers, credit card numbers, medical history, criminal records, and much more can also be accessed using the Internet. Additionally, cyberstalkers can use the Internet to harass specific individuals or acquire new victims from a large pool of potential targets. In one case, a woman was stalked in chat rooms for several months, during which time the stalker placed detailed personal information online and threatened to rape and kill her. Some offenders seek victims online but it is more common for stalkers to use chat networks to target individuals that they already know.

Acquiring Victims

Past studies indicate that many stalkers had a prior acquaintance with their victims before the stalking behavior began (Harmon et al. 1994). The implication of these studies is that investigators should pay particular attention to acquaintances of the victim. However, these studies are limited because many stalking cases are unsolved or unreported. Additionally, it is not clear if these studies apply to the Internet. After all, it is uncertain what constitutes an acquaintance on the Internet and the Internet makes it easier for cyberstalkers to find victims of opportunity.

Cyberstalkers can search the Web, browse through Windows Live Messenger (MSN), Skype, Digsby, Yahoo, ICQ and AOL profiles, and lurk in Yahoo, IRC and AOL chat rooms looking for likely targets – vulnerable, under-confident individuals who will be easy to intimidate.

CASE EXAMPLE: One stalker repeatedly acquired victims of opportunity on AOL and used AOL’s Instant Messenger to contact and harass them. The stalker also used online telephone directories to find victims’ numbers, harassing them further by calling their homes. This approach left very little digital evidence because none of the victims recorded the Instant Messenger sessions, they did not know how to find the stalker’s IP address, and they did not contact AOL in time to track the stalker.

Of course, the victims were distressed by this harassment, feeling powerless to stop the instant messages and phone calls. This sense of powerlessness was the primary goal the cyberstalker. This stalker may have picked AOL as his stalking territory because of the high number of inexperienced Internet users and the anonymity that it affords.

As a rule, investigators should rely more on available evidence than on general studies. Although research can be useful to a certain degree, evidence is the most reliable source of information about a specific case and it is what the courts will use to make a decision.

Anonymity and Surreptitious Monitoring

The Internet has the added advantage of protecting a stalker’s identity and allowing a stalker to monitor a victim’s activities. For example, stalkers acquainted with their victims use the Internet to hide their identity, sending forged or anonymous e-mail and using ICQ or AOL Instant Messenger to harass their victims. Also, stalkers can utilize ICQ, AOL Instant Messenger, and other applications (e.g. finger) to determine when a victim is online. Most disturbing of all, stalkers can use the Internet to spy on a victim. Although few cyberstalkers are skilled enough to break into a victim’s e-mail account or intercept e-mail in transit, a cyberstalker can easily observe a conversation in a live chat room. This type of pre-surveillance of victims and amassing of information about potential victims might suggest intent to commit a crime but it is not a crime in itself, and is not stalking as defined by the law.

Escalation and Violence

It is often suggested that stalkers will cease harassing their victims once they cease to provoke the desired response. However, some stalkers become aggravated when they do not get what they want and become increasingly threatening. As was mentioned at the beginning of this chapter, stalkers have resorted to violence and murder. Therefore, it is important for investigators to be extremely cautious when dealing with a stalking case. Investigators should examine the available evidence closely, protect the victim against further harm as much as possible, and consult with experts when in doubt. Most importantly, investigators should not make hurried judgements that are based primarily on studies of past cases.

Investigating Cyberstalking

There are several stages to investigating a cyberstalking case. These stages assume that the identity of the cyberstalker is unknown. Even if the victim suspects an individual, investigators are advised to explore alternative possibilities and suspects. Although past research suggests that most stalkers have prior relationships with victims, this may not apply when the Internet is involved since stranger stalking is easier. Therefore, consider the possibility that the victim knows the stalker, but do not assume that this is the case:

Interview victim – determine what evidence the victim has of cyberstalking and obtain details about the victim that can be used to develop victimology. The aim of this initial information gathering stage is to confirm that a crime has been committed and to obtain enough information to move forward with the investigation.

Interview others – if there are other people involved, interview them to compile a more complete picture of what occurred.

Victimology and risk assessment – determine why an offender chose a specific victim and what risks the offender was willing to take to acquire that victim. The primary aim of this stage of the investigation is to understand the victim-offender relationship and determine where additional digital evidence might be found.

Search for additional digital evidence – use what is known about the victim and cyberstalker to perform a thorough search of the Internet. Victimology is key at this stage, guiding investigators to locations that might interest the victim or individuals like the victim. The cyberstalker initially observed or encountered the victim somewhere and investigators should try to determine where. Consider the possibility that the cyberstalker encountered the victim in the physical world. The aim of this stage is to gather more information about the crime, the victim and the cyberstalker.

Crime scene characteristics – examine crime scenes and cybertrails for distinguishing features (e.g. location, time, method of approach, choice of tools) and try to determine their significance to the cyberstalker. The aim of this stage is to gain a better understanding of the choices that the cyberstalker made and the needs that were fulfilled by these choices.

Motivation – determine what personal needs the cyberstalking was fulfilling. Be careful to distinguish between intent (e.g. to exert power over the victim, to frighten the victim) and the personal needs that the cyberstalker’s behavior satisfied (e.g. to feel powerful, to retaliate against the victim for a perceived wrong). The aim of this stage is to understand the cyberstalker well enough to narrow the suspect pool revisit the prior steps and uncover additional evidence

Repeat - if the identity of the cyberstalker is still not known, interview the victim again. The information that investigators have gathered might help the victim recall additional details or might suggest a likely suspect to the victim

To assist investigators carry out each of these stages in an investigation, additional details are provided here.

Interviews

Investigators should interview the victim and other individuals with knowledge of the case to obtain details about the inception of the cyberstalking and the sorts of harassment the victim has been subjected to. In addition to collecting all of the evidence that the victim has of the cyberstalking, investigators should gather all of the details that are required to develop a thorough victimology as described in the next section.

While interviewing the victim, investigators should be sensitive to be as tactful as possible while questioning everything and assuming nothing. Keep in mind that victims tend to blame themselves, imagining that they encouraged the stalker in some way (e.g. by accepting initial advances or by making too much personal information available on the Internet) (Pathé 1997). It is therefore important for everyone involved in a cyberstalking investigation to help the victim regain confidence by acknowledging that the victim is not to blame. It is also crucial to help victims protect themselves from potential attacks. The National Center for Victims of Crime has an excellent set of guidelines developed specifically for victims of stalking.

Victimology

In addition to helping victims protect themselves against further harassment, investigators should try to determine how and why the offender selected a specific victim. To this end, investigators should determine whether the cyberstalker knew the victim, learned about the victim through a personal Web page, saw a Usenet message written by the victim, or noticed the victim in a chat room.

It is also useful to know why a victim made certain choices to help investigators make a risk assessment. For example, individuals who use the Internet to meet new people are at higher risk than individuals who make an effort to remain anonymous. In some instances, it might be quite evident why the cyberstalker chose a victim but if a cyberstalker chooses a low risk victim, investigators should try to determine which particular characteristics the victim possesses that might have attracted the cyberstalker’s attention (e.g. residence, work place, hobby, personal interest, demeanor). These characteristics can be quite revealing about a cyberstalker and can direct the investigator’s attention to certain areas or individuals.

Questions to ask at this stage include:

Does the victim know or suspect why, how, and/or when the cyberstalking began?

What Internet Service Provider(s) do(es) the victim use and why?

What online services does the victim use and why (e.g. Web, free e-mail services, Usenet, IRC)?

When does the victim use the Internet and the various Internet services (does the harassment occur at specific times suggesting that the cyberstalker has a schedule or is aware of the victim’s schedule)?

What does the victim do on the Internet and why?

Does the victim have personal Web pages or other personal information on the Internet (e.g. a Facebook profile, Twitter, Myspace or Bebo Web page, customized finger output)? What information do these items contain?

In addition to the victim’s Internet activities, investigators should examine the victim’s physical surroundings and real world activities.

When the identity of the cyberstalker is known or suspected, it might not seem necessary to develop a complete victimology. Although it is crucial to investigate suspects, this should not be done at the expense of all else. Time spent trying to understand the victim-offender relationship can help investigators understand the offender, protect the victim, locate additional evidence, and discover additional victims. Furthermore, there is always the chance that the suspect is innocent in which case investigators can use the victimology that they developed to find other likely suspects.

Risk Assessment

A key aspect of developing victimology is determining victim and offender risk. Generally, women are at greater risk than men of being cyberstalked and new Internet users are at greater risk than experienced Internet users. Individuals who frequent the equivalent of singles bars on the Internet are at greater risk than those who just use the Internet to search for information. A woman who puts her picture on a Web page with some biographical information, an address, and phone number is at high risk because cyberstalkers can fixate on the picture, obtain personal information about the woman from the Web page, and start harassing her over the phone or in person.

Bear in mind that victim risk is not an absolute thing – it depends on the circumstances. A careful individual who avoids high risk situations in the physical world might be less cautious on the Internet. For example, individuals who are not famous in the world at large might have celebrity status in a certain area of the Internet, putting them at high risk of being stalked by someone familiar with that area. Individual who are sexually reserved in the physical world might partake in extensive sexual role playing on the Internet, putting them at high risk of being cyberstalked.

If a cyberstalker selects a low risk victim, investigators should try to determine what attracted the offender to the victim. Also, investigators should determine what the offender was willing to risk when harassing the victim. Remember that offender risk is the risk as an offender perceives it – investigators should not try to interpret an offender’s behavior based on the risks they perceive. An offender will not necessarily be concerned by the risks that others perceive. For example, some cyberstalkers do not perceive apprehension as a great risk, only an inconvenience that would temporarily interfere with their ability to achieve their goal (to harass the victim) and will continue to harass their victims, even when they are under investigation.

Search

Investigators should perform a thorough search of the Internet using what is known about the victim and the offender and should examine personal computers, log files on servers, and all other available sources of digital evidence as described in this book. For example, when a cyberstalker uses e-mail to harass a victim, the messages should be collected and examined. Also, other e-mail that the victim has received should be examined to determine if the stalker sent forged messages to deceive the victim. Log files of the e-mails server that was used to send and receive the e-mail should be examined to confirm the events in question.

Log files sometimes reveal other things that the cyberstalker was doing (e.g. masquerading as the victim, harassing other victims) and can contain information that lead directly to the cyberstalker.

CASE EXAMPLE: Gary Steven Dellapenta became the first person to be convicted under the new section of California’s stalking law that specifically includes electronic communications. After being turned down by a woman named Randi Barber, Dellapenta retaliated by impersonating her on the Internet and claiming she fantasized about being raped.

Using nicknames such as “playfulkitty4U” and “kinkygal30,” Dellapenta placed online personal ads and sent messages saying such things as “I’m into the rape fantasy and gang-bang fantasy too.” He gave respondents Barber’s address and telephone number, directions to her home, details of her social plans and even advice on how to short-circuit her alarm system.

Barber became alarmed when men began leaving messages on her answer machine and turning up at her apartment. In an interview (Newsweek 1999), Barber recalled that one of the visitors left after she hid silently for a few minutes, but phoned her apartment later. “What do you want?” she pleaded. “Why are you doing this?” The man explained that he was responding to the sexy ad she had placed on the Internet.

“What ad? What did it say?” Barber asked. “Am I in big trouble?”

“Let me put it to you this way,” the caller said. “You could get raped.”

When Barber put a note on her door to discourage the men who were responding to the personal ads, Dellapenta putting new information on the Internet claiming that the note was just part of the fantasy.

In an effort to gather evidence against Dellapenta, Barber kept recordings of messages that were left on her machine and contacted each caller, asking for any information about the cyberstalker. Two men cooperated with her request for help, but it was ultimately her father who gathered the evidence that was necessary to identify Dellapenta.

Barber’s father helped to uncover Dellapenta’s identity by posing as an ad respondent and turning the e-mails he received over to investigators.

Investigators traced the e-mails from the Web sites at which they were posted to the servers used to access the sites. Search warrants compelled the Internet companies to identify the user. All the paths led police back to Dellapenta. “When you go on the Internet, you leave fingerprints – we can tell exactly where you’ve been,” says sheriff’s investigator Mike Gurzi, who would eventually verify that all the e-mails originated from Dellapenta’s computer after studying his hard drive. The alleged stalker’s M.O. was tellingly simple: police say he opened up a number of free Internet e-mail accounts pretending to be the victim, posted the crude ads under a salacious log-on name and started e-mailing the men who responded. (Newsweek 1999)

Dellapenta admitted to authorities that he had an “inner rage” against Barber and pleaded guilty to one count of stalking and three counts of solicitation of sexual assault.

When searching for evidence of cyberstalking it is useful to distinguish between the offender’s harassing behaviors and surreptitious monitoring behaviours. A victim is usually only aware of the harassment component of cyberstalking. However, cyberstalkers often engage in additional activities that the victim is not aware of. Therefore, investigators should not limit their search to the evidence of harassment that the victim is already aware of but should look for evidence of both harassment and surreptitious monitoring.

If the victim frequented certain areas, investigators should comb those areas for information and should attempt to see them from the cyberstalker’s perspective. Could the cyberstalker have monitored the victim’s activities in those areas? If so, would this monitoring have generated any digital evidence and would Locard’s exchange principle take effect? For example, if the victim maintains a Web page, the cyberstalker might have monitored its development in which case the Web server log would contain the cyberstalker’s IP address (with associated times) and the cyberstalker’s personal computer would indicate that the page had been viewed (and when it was viewed). If the cyberstalker monitored the victim in IRC, he might have kept log files of the chat sessions. If the cyberstalker broke into the victim’s e-mail account the log files on the e-mail server should reflect this.

Keep in mind that the evidence search and seizure stage of an investigation forms the foundation of the case – incomplete searches and poorly collected digital evidence will result in a weak case. It is therefore crucial to apply the Forensic Science concepts presented in this book diligently. Investigators should collect, document, and preserve digital evidence in a way that will facilitate the reconstruction and prosecution processes. Also investigators should become intimately familiar with available digital evidence, looking for class and individual characteristics in an effort to maximize its potential.

Crime Scene Characteristics

When investigating cyberstalking, investigators might not be able to define the primary crime scene clearly because digital evidence is often spread all over the Internet. However, the same principle of behavioral evidence analysis applies – aspects of a cyberstalker’s behavior can be determined from choices and decisions that a cyberstalker made and the evidence that was left behind, destroyed, or taken away. Therefore, investigators should thoroughly examine the point of contact and cybertrails (e.g. the Web, Usenet, personal computers) for digital evidence that exposes the offender’s behavior.

To begin with, investigators should ask themselves why a particular cyberstalker used the Internet – what need did this fulfill? Was the cyberstalker using the Internet to obtain victims, to remain anonymous, or both? Investigators should also ask why a cyberstalker used particular areas of the Internet – what affordances did the Internet provide? MO and signature behaviors can usually be discerned from the way a cyberstalker approaches and harasses victims on the Internet.

How cyberstalkers use the Internet can say a lot about their skill level, goals, and motivations. Using IRC rather than e-mail to harass victims suggests a higher skill level and a desire to gain instantaneous access to the victim while remaining anonymous. The choice of technology will also determine what digital evidence is available. Unless a victim keeps a log, harassment on IRC leaves very little evidence whereas harassing e-mail messages are enduring and can be used to track down the sender.

Additionally, investigators can learn a great deal about offenders’ needs and choices by carefully examining their words, actions, and reactions. Increases and decreases in intensity in reaction to unexpected occurrences are particularly revealing. For example, when a cyberstalker’s primary mode of contact with a victim is blocked the cyberstalker might be discouraged, unperturbed, or aggravated. How the cyberstalkers choose to react to setbacks indicates how determined they are to harass a specific victim and what they hope to achieve through the harassment. Also, a cyberstalker’s intelligence, skill level, and identity can be revealed when he modifies his behaviour and use of technology to overcome obstacles.

Motivation

There have been a number of attempts to categorize stalking behavior and develop specialized typologies (Meloy 1998). However, these typologies were not developed with investigations in mind and are primarily used by clinicians to diagnose mental illnesses and administer appropriate treatments.

When investigating cyberstalking, the motivational typologies can be used as a sounding board to gain a greater understanding of stalkers’ motivations. Also, as described earlier in this chapter, some stalkers pick their victims opportunistically and get satisfaction by intimidating them, fitting into the power assertive typology.

Other stalkers are driven by a need to retaliate against their victims for perceived wrongs, exhibiting many of the behaviours described in the anger retaliatory typology. For instance, Dellapenta, the Californian cyberstalker who went to great lengths to terrify Randi Barber, stated that he has an “inner rage” directed at Barber that he could not control. Dellapenta’s behavior confirms this statement, indicating that he was retaliating against Barber for a perceived wrong. His messages were degrading and were designed to bring harm to Barber. Furthermore, Dellapenta tried to arrange for other people to harm Barber, indicating that he did feel the need to hurt her himself. Although it is possible that Dellapenta felt some desire to assert power over Barber, his behavior indicates that he was primarily driven by a desire to bring harm to her.

Summary

Cyberstalking is not different from regular stalking – the Internet is just another tool that facilitates the act of stalking. In fact, many cyberstalkers also use the telephone and their physical presence to achieve their goals. Stalkers use the Internet to acquire victims, gather information, monitor victims, hide their identities, and avoid capture. Although cyberstalkers can become quite adept at using the Internet, investigators with a solid understanding of the Internet and a strong investigative methodology will usually be able to discover the identity of a cyberstalker.

With regard to a strong investigative methodology, investigators should get into the habit of following the steps described in the chapter (interviewing victims, developing victimology, searching for additional evidence, analysing crime scenes, and understanding motivation).

The type of digital evidence that is available in a cyberstalking case depends on the technologies that the stalker uses. However, a cyberstalker’s personal computer usually contains most of the digital evidence, including messages sent to the victim, information gathered about the victim, and even information about other victims.

It is difficult to make accurate generalizations about cyberstalkers because a wide variety of circumstances can lead to cyberstalking. A love interest turned sour can result in obsessive and retaliatory behaviour. An individual’s desire for power can drive him to select and harass vulnerable victims opportunistically. The list goes on, and any attempt to generalize or categorize necessarily excludes some of the complexity and nuances of the problem. Therefore, investigators who hope to address this problem thoroughly should be wary of generalisations and categorizations, only using them to understand available evidence further.

Unfortunately, many businesses fail to take advantage of encryption technology, fearing that it’s ‘too complex’ and ‘difficult to use’ on a routine basis. In reality, encrypting vital data isn’t much more difficult than running a virus scanner or a data-backup program. Here’s how to get started.

The Basics

There are two basic ways to encrypt data. One approach is to use asymmetric PKI (public-key infrastructure) encryption. PKI cryptography is based on a pair of cryptographic keys: One is private and known only to the user, while the other is public and known to the opposite party in any exchange.

PKI technology provides privacy and confidentiality, access control, proof of document transmission, and document archiving and retrieval support. While most security vendors currently incorporate some type of PKI technology into their software, differences in design and implementation prevent interoperability between products.

The other method of encrypting data is symmetric key protection, also known as “secret-key” encryption. Generally speedier yet less secure than PKI, symmetric encryption uses the same key to both encrypt and decrypt messages. Symmetric technology works best when key distribution is restricted to a limited number of trusted individuals. Since symmetric encryption can be fairly easy to break, it’s primarily used for safeguarding relatively unimportant information or material that only has to be protected for a short period of time.

Applying Encryption

The easiest way to use encryption is to purchase a business application or a hardware product that incorporates some form of encryption technology. Microsoft’s Outlook or Outlook Express email client, for example, provides built-in encryption support. Meanwhile, vendors such as Seagate Technology LLC and Hitachi Ltd. have started incorporating encryption technology into their hard drives.

Since most software applications and hardware products don’t include any type of internal encryption technology, business owners and managers need to look for stand-alone encryption products. This can be a confusing process, one that’s best approached by first determining the business’s precise security requirements, then finding an encryption product that fits each need.

Microsoft Vista Enterprise and Ultimate users can take advantage of BitLocker Drive Encryption, a full disk tool that offers powerful 1024-bit encryption. Another Windows offering is EFS (Encrypting File System), which uses symmetrical PKI technology to provide file encryption.

Beyond Microsoft, leading encryption vendors and products include PGP, free – open-source TrueCrypt, DESlock+, Namo FileLock and T3 Basic Security.

What to Encypt

So how do you know what to encrypt? Here are some places to start:

• Hard Drives: A business may choose to encrypt entire hard drives as a way to reduce or eliminate data theft.
• Individual Files: In cases where full disk encryption is overkill, file-by-file encryption provides added security on an “as-needed” basis. Many leading encryption products offer drag-and-drop encryption capabilities.
• Laptops: Unlike office systems, laptops are easy to lose and are prone to casual theft. By ensuring that the system’s data content is unreadable, a business can limit its loss to the cost of the laptop. A growing number of government regulators and insurance companies are demanding that businesses encrypt any data that leaves their premises and over 5000 Laptops were left in the back of a taxi cab last year.
• Removable Media: Memory sticks, thumb drives and similar portable storage technologies provide portability, convenience, and an opportunity for data loss and theft. As with laptops, encryption limits a business’s loss to the cost of the device itself. A growing number of removable-media devices come with built-in encryption support.
• File Transfers: Sending files over unsecured wired or wireless links can expose sensitive information to data thieves. Encryption provides an additional layer of security, even when a secured network is used.
• Email: Encrypted email is kept secure during the transmission process and while sitting in its recipient’s mailbox.
• IM (Instant Messaging): A growing number of businesses are using IM to swap confidential business information. Encryption helps secure these critical transmissions.

Encryption’s Limitations

Like any technology, encryption software isn’t perfect. Even the best products consume both processor speed and storage space. Users can also lose or forget passwords, thereby potentially locking systems forever.

Before purchasing any encryption tool, carefully research the product. Make sure that the offering addresses your company’s needs, is compatible with your systems and has a good track record concerning reliability and support. If possible, check with your friends and colleagues for their opinions on various encryption tools.

Lastly, if you do use any of the products available for encryption, including Windows EFS, please remember to backup and store your public and private keys. If not, you will probably lose your data.

ESET’s award-winning anti-malware solutions ESET NOD32 Antivirus and ESET Smart Security, for consumers and businesses. The new versions build on ESET’s ThreatSense, the industry’s most accurate proactive technology for detecting viruses and other malware, by adding over 20 new capabilities that improve malware detection, enhance system diagnostics and recovery, and improve management. The latest release continues ESET’s tradition of delivering ultimate security with fast, transparent operation and minimal load on system memory, disk or CPU. ESET’s unrivaled ability to deliver industry-leading proactive malware detection and high system performance can literally extend the life of PCs and laptops while improving their security.

‘In an increasingly complex threat environment, anti-malware solution providers are tasked with packing even more security features into endpoint security products, but must be conscious of system performance when doing so,’ said Andrew Hanson, research analyst, Security Products, IDC. ‘Current economic pressures are causing businesses to extend or freeze PC-replacement cycles, but security expenditures are still required to address the growing threat landscape. Leading security vendors will provide cost effective solutions that successfully integrate multiple layers of protection, while extending the life of the computer by conserving system resources and maintaining performance ‘ all at a price point businesses and consumers can afford.’

ESET’s new detection and diagnostic features (one shown above) safeguard users from deceptive forms of malware by digging deeper into the operating system, files and encrypted browser traffic to identify and eliminate hidden malware threats. The latest version also includes advanced self-defense technology that protects against malware designed to disable antivirus or anti-malware solutions, leaving the user completely unprotected. Together, these new features enable consumers and businesses to proactively block most new malware attacks before they can compromise systems to damage or steal data.

ESET NOD32 Antivirus 4 and ESET Smart Security 4 Business Editions also feature a full-range of management capabilities. These include support for high-end databases, fine-grained control of endpoint security, and even greater scalability for large, dispersed networks. ESET Business Editions include version 3.0 of ESET’s Remote Administrator, which enables businesses to remotely deploy and manage ESET software. New Statistics will help admins and users see trends in infection on the machine.

ESET NOD32 Antivirus 4 and ESET Smart Security 4′s new, industry-first security features include:

• Advanced Archive Scanning ‘ This new feature makes ESET’s consumer products the first to allow experienced users to fully customize scanning to do a ‘deep dive’ of archive files created with popular compression formats, including .RAR, .ZIP and others. Comprehensive controls allow users to define archive scanning with scanning depth, maximum scan time and maximum file size.
• Removable Media Access Control ‘ Gives consumers removable media security for USB flash drives and CDs ‘ protection previously extended only to businesses. The feature gives administrators the ability to allow or block mounting of removable media. If removable media is allowed, dangerous files like AUTORUN.INF are scanned for threats.
• ESET SysInspector ‘ Newly integrated into ESET NOD32 Antivirus 4 and ESET Smart Security 4, this powerful system diagnostics tool quickly discovers hidden/potentially dangerous rootkits without running a full antivirus scan. It can also reveal hidden changes to the operating system, web browser, registry and applications. The scan results are standardized and can be reviewed by IT personnel, speeding up malware analysis and removal.
• ESET SysRescue ‘ Enables users to diagnose and recover compromised systems more easily. Customers build their own system rescue CDs, which can be used to clean up and repair systems compromised by malware without re-imaging the system.

With ESET NOD32 Antivirus 4 and ESET Smart Security 4, the company also adds the following additional features to further improve threat prevention, detection and management:

• Business-class Interoperability and Management ‘ ESET includes powerful features to integrate into multi-layer security environments. Enhanced reporting, support for Cisco NAC, removable media control and improved policy authoring simplify deployment and ongoing management, with improved interoperability.
• Power Conservation ‘ Already the most efficient and lightweight anti-malware products on the market, ESET NOD32 Antivirus 4 and ESET Smart Security 4 go one step further by automatically adjusting performance on laptops to maximize battery life without compromising security.
• Improved Self-defense Technology ‘ ESET software features improved defenses against disabling of the antivirus system by malware or unauthorized users ‘ among other things by restricting changes to ESET’s processes and registry entries to authenticated users.

• User-friendly Interface ‘ Numerous enhancements to the GUI make the product even easier to use. Among many enhancements, there is auto-disabling notifications when full-screen applications like presentations, games or video are running, and a new non-graphical user interface that allows disabled and visually-impaired users to easily interact with the software using screen readers and other assistive technologies.

For a full list of ESET NOD32 Antivirus 4 and ESET Smart Security 4 features, please visit http://www.eset.com/products/.

Social Networking is popular and packed with features, and yet it offers so little to so many. The favourite timewaster for many office workers, sites such as Facebook and MySpace offer swathes of features to keep you clicking around on the site without achieving anything other than leaking your personal data. Creating a bad first impression of yourself for potential employers and ruining your eyes.

Facebook is undergoing a new look, and is still incredibly popular. It contains an enormous database of college-educated users who use the site to keep in contact (a bit like email but more onerous), play silly games that suck the time out of their lives and upload private details and photos that should be kept private.  Even with the newly designed interface, Facebook still neglect to keep your privacy safe.

However, even if you’ve hardened your profile, someone still has access to this data. That someone is just as faceless to you as the guy or girl you’ve never met but wants to be your friend. That someone is Facebook itself.

So who are the faces behind Facebook, and why are they running a site that is essentially a massive database of personal details, surrounded by millions of users? Why have 3 US firms invested $25 Million (£50 Million) in a site that lets you play Zombie games, own strangers photographs, rate people you don’t know and befriend a paedophile or mentally ill person. How committed are these people to protecting your personal data? In the US, the New York Attorney General doesn’t think it’s committed enough (more on this later).

You must add this cool Application

Applications that Facebook allows to use its API, are also a danger. How do you know that the app that you have just added and invited all your friends to use were written by real developers? They could have easily been created for use by organised crime syndicates, hackers or companies wanting to collect your personal data for illegal use like Identity Theft, or to sell your information to the highest bidder on eBay.

In our own words

Even Facebook itself admits that it can’t keep users’ personal information completely secure. It’s privacy page says: “We are not responsible for the circumvention of privacy settings or security measures contained on the site.” The data that Facebook claims little responsibility for includes files on users who have signed up, as well as information about users who have been invited to join by excising users, even if they themselves have not run through the registration process. This in itself is dodgy. If I send your email address to a website, there is no good reason why that site should store it forever.

In fact, Facebook won’t store your email address forever, in this circumstance. However, you do have to take the initiative and contact the site directly, requesting that it removes the data about you that you did not send. It may not even be your friend’s fault that they sent your email address to the company. Signing Up involves a system that, if you gave a Gmail or Google mail account, it requests your Gmail password. Submit this, which is easy to do without realising the consequences, and the site will rifle through all your contacts and invite each one to be your Facebook friend. I, myself find this diabolical in an age where privacy matters.

If you are the sort of person who is concerned about the privacy fallout (if you’re not, you should be) from using store cards, which enable large companies to buy data on your shopping habits (bet you didn’t know that), sites such as Facebook should have you quaking with paranoiac fear. Do what no-one else does and read all of Facebooks terms and conditions. If you do, you may dig out little juicy nuggets such as the paragraph where Facebook reserves the right to investigate you and store the results of its research electronically.

Specifically, the site warns that it “may also collect information about you from other sources, such as newspapers, blogs, instant messaging services and other users on the Facebook service”. If it does this, it’s hard to imagine why this will be for your own benefit and it’s easy to see how it could cause problems. If nothing else, it’s unclear who else will have access to this research and its unclear as to how easy it would be for you to discover its extent and accuracy.

So, are networking sites a threat to your privacy and are they dangerous?

Using the internet to socialise electronically will not help create a new circle of friends. In fact, many young users will attract unwanted attentions of adult predators, and the sites they use fail to provide sufficient protection. These are the findings of myself, and academic researchers along with the New York Attorney General’s Office.

Facebook and MySpace encourage users to link to each other as ‘friends’ thus the term Networking. But many habitually choose  to go and interact with complete strangers. I myself use Facebook to research how its users behave when contacted by a stranger, most want to befriend you after the first or second message. I realised though, that just because you’ve become ‘friends’ with someone online, it doesn’t mean you are actually friends.

It’s so very easy to be deceptive online. A profile may look like someone is a genuine person, but what secrets lie behind the stare of their monitors? Not enough is done to educate people of the dangers of faceless interaction. I could just as easily pretend to be a 13 year old girl, befriending a young female of around the same age. I could also be a middle aged man, bereaved at the loss of a loved one, looking for the comfort of a stranger, but my motives could be more sinister.

The information that users plaster within their profiles can be dangerous. Anyone with mediocre computer skills can use this information to actually track you down and physically stalk you, or do something unimaginable to you. An example of this; I bought a pay-as-you-go SIM card for my mobile phone and put the new number on my Facebook profile. Within a couple of days, I had Facebook users I didn’t know, calling and sending text messages to it. If you’re a parent, do you know who is calling your child’s phone? Or more to the point, do you know who they are actually talking to, or who those people are added as ‘Friends’ in their list?

Naivety is no excuse

Whilst all this may sound obvious, many users of internet social networking (and even instant messaging) exhibit extreme naivety and will happily share personal information with people who are, effectively anonymous strangers. In September of 2007, the New York Attorney General’s office subpoenaed Facebook, accusing it of failing to protect young users from sexual predators.

Facebook failed to respond to complaints and noted several defects in the sites safety controls. When undercover investigators used the site posing as underage children, they were targeted by predatory adults and were also able to access pornographic content including video footage. Meanwhile, it was also noted that 3 convicted sex offenders were using Facebook, and this is just the tip of the iceberg.

Face the music

Facebook has had problems protecting its own data in the past. In August 2007 Facebook’s site suffered from some configuration problems, the result of which was that some of the programming code driving the site was exposed to the public. This provided an insight into how the site works, which in turn put users’ personal data at risk.

Facebook’s statement to this was: “a small fraction of the code that displays Facebook WebPages was exposed to a small number of users due to a single misconfigured web server that was fixed immediately. It was not a security breach and did not compromise user data in any way”.