In this blog post we look at online security and privacy. We are using a number of websites and examples from the US as we felt they were compelling & relevant to our topic.
Imagine this. You are in the cafeteria, trying to decide between egg and onion or ham on rye, when a colleague approaches and tells you it’s your lucky day! That disposable razor you emailed your entire contact list about needing? It’s on your desk. She teases you a little about the ‘clean-up’ you plan on doing in the staff washroom before your unexpected date that evening, wondering if the disposable will be up to snuff, and with a wink-wink, nudge-nudge, turns on her heel and exits. Leaving you openmouthed. And feeling slightly sick to your stomach. And not really thinking about lunch.
You, my friend, have been waffled: That fun email game where colleagues pounce the minute you leave your desk — and your email account up and open. That exact waffle happened at my last place of employment. In fact, our group was renowned for waffling, and it was all in good fun, if a tad inappropriate at times. But it illustrates how easy — and how ‘human’ — it is to leave yourself vulnerable.
In a previous post, we talked about how online privacy is pretty much toast — it’s a 21st century oxymoron, in fact. But we gave you a few tools and tips to help you maintain some control over your online life, personally and professionally. The thing is, you have to use them. There are always going to be really smart people out there creating the latest hack or scam. The key is to try and learn a little something from the mess they leave behind.
So on that note, we thought it might be fun — and a little enlightening — to take a look back at a couple of high-profile online scams, hacks, and social media missteps. Schadenfreude? Surely not. But who among us hasn’t taken a ‘there but for the grace of God’ very deep breath after reading about some bigwig who accidentally left his laptop/smartphone/USB key at his local bar. From a kid from Quebec to the largest corporations, if you’re not risk-intelligent, you risk losing everything.
The Video Seen ‘Round the World
In a classic case of ‘don’t leave it lying around’, one minute and 48 seconds of privately taped video changed Ghyslain Raza’s life for years. Take a slightly ungainly and awkward teenager, a golf ball retriever as a pretend light saber and a few muffled sound effects, toss in classmates who found the tape and distributed it online via email and forums, and voila! you’ve got The Star Wars Kid!
The video became a web and pop culture phenom, with close to a billions views, and mentions on shows like “The Family Guy”, “Arrested Development” and “The Colbert Report”. It also spun a vulnerable kid into depression and raised one of the first red flags regarding online privacy — the family sued the classmates and their families, and settled privately out of court.
Marcia, Jan, and Cindy?
What company was hacked three times in 2009 by using password/security question guessing? If you said “Twitter for $500, Alex”, you’d be correct. Surprised? You shouldn’t be. We’ve all done it. We set passwords that are easy for us to remember. Your kids, pets, birth dates, wife’s name. But the whole point of passwords is that they’re passwords. They are supposed to make your page, portal, company website, online banking site, Facebook page, Twitter account, etc., safe and secure. And believe me, the easier they are for you to remember…the easier they are for a hacker to guess.
Each time Twitter was hacked, very valuable and sensitive confidential business information was stolen. One hack involved faking tweets by high-profile users like Barack Obama and Britney Spears. Maybe not a huge concern for Britney, but definitely an issue for President Obama, one would think. Toss in the new trend towards “cloud computing”, and as Twitter found out, one employee’s easy password could do a company serious damage.
The Lights Are On But Nobody’s Home
You can be fairly certain that when astronaut Doug Wheelock unlocked Foursquare’s NASA Explorer badge by checking in from the International Space Station, he wasn’t worrying about someone heading to his earthly home to toss the place. But then again, he didn’t post his Foursquare badge win to Twitter. The creators of the slightly tongue-in-cheek web site Please Rob Me say that’s a good thing. Their site shows just how easy geolocation apps like Foursquare make it for criminals to know when we’re home, and when we’re not.
Foursquare at face value sounds fairly benign: You earn badges and titles, and sometimes perks, for ‘checking in’ at various locations. Where it starts to get a little creepy is when you also ‘auto-share’ your checkins via Twitter. Believe it or not, while streaming Foursquare data, the Please Rob Me creators saw people ‘checking in’ to their home addresses, as well as the addresses of friends and family. Those checkins then appeared on Twitter. And that information can now be accessed by an industrious criminal. Bingo — theoretically at least — the next time you check in at your local Starbucks, your 50-inch flat screen is checking into an unassuming, white moving van with no plates.
The Dutchmen who created Please Rob Me are not master hackers. And they never intended the site to be used for nefarious purposes. They merely wanted to prove a point. You control what gets shared and not shared. Think before you tweet.
Loose Tweets Sink Fleets
Speaking of ‘thinking before you Tweet’, there’ve been a number of high-profile Twitter missteps as of late — proof that you’re never too high up the professional food chain to not benefit from some social media training.
For example, fashion designer Kenneth Cole stunned the social media world just a few weeks back when he tweeted this: “Millions are in uproar in #Cairo. Rumor is they heard our new spring collection is now available online at http://bit.ly/KCairo –KC”. Ouch. Understandably, people were outraged, articles and blogs were written, and KC eventually tweeted an apology. In this case, being the boss, he kept his job. Others haven’t been so lucky.
Nir Rosen, a high-profile and respected journalist and fellow at the prestigious New York University Center for Law and Security, was forced to resign from that post shortly after tweeting/making fun of CBS correspondent Lara Logan’s assault in Egypt. In one of his very public apologies, he stated that he was having a snarky dialogue with some friends after news broke of the attack on Logan, and that essentially their dark humour was misunderstood. But Twitter isn’t ‘just a few friends’. It’s not private. And he offended a lot of people. The title of one of the apologies he wrote said it all: “How 480 Characters Unravelled My Career”.
Tall Poppy Syndrome
It’s no secret that the higher one’s profile, the more vulnerable one is to attack. Humans have an innate desire to take people down a peg. In Canada, we call it “tall poppy syndrome”. And no one’s more popular at the moment than our own little tall poppy, Justin Bieber. But don’t stop reading! From the ‘don’t believe everything you see online’ file, the following Bieber scams are all about falsely inflated numbers, fake viral voting campaigns, and phishing scams. All things that either you or your company can be affected by.
According to Google’s “Zeitgeist 2010: How the world searched” report, Justin Bieber topped the list of the most searched-for entertainers, and hackers rode those coat tails all the way to Internet infamy. One prank, attributed to the imageboard website 4chan, influenced an online voting contest to decide which country Bieber should tour next. And by influenced, I mean took North Korea from 24th to 1st place in just under two days. It’s fair to say that none of the votes actually came from the citizens of the secretive communist country. And there’s no word on whether Kim Jong-Il weighed in on the possibility of a performance (it turned out the contest was not sanctioned by Bieber’s camp — but only after much reporting in the mainstream and social medias).
Bieber also topped Google Trend’s Hot Searches list. Not surprising until you discover the search term was a highly sketchy and slightly controversial phrase. Again, an orchestrated web scam.
YouTube was hacked as well, exposing a security flaw that left Bieber bearing the brunt of the hack, and pre-teen girls around the world reeling from the news that he had died in a car crash. Bieber wasn’t the only cybercrime celebrity, of course. Lady Gaga, Justin Timberlake, and a number of other pop stars, had their computers hacked by simple Trojan Horses. Not only did they lose private emails and bank card
info, but unreleased songs were illegally downloaded and shared virally, as well as sensitive and personal photos and videos of the performers.
To wrap it up, in the words of the great Buzz Lightyear, the reach of online scams, hacks, pranks and criminal behaviour extends “…to infinity and beyond!”. We could write for days about all the neat little ways your professional and personal data and security can be compromised if you don’t exert some control over what you share and don’t share. And using some common sense, and ensuring you and/or your employees are educated about being online, and using social media, goes a long way toward making sure it doesn’t happen to you.
What do you think? Do you know of some great scams or hacks you want to share? And has reading about them made you stop and think at all about your own — or your company’s — online habits?