In this blog post we look at online security and privacy. We are using a number of websites and examples from the US as we felt they were compelling & relevant to our topic.
Imagine this. You are in the cafeteria, trying to decide between egg and onion or ham on rye, when a colleague approaches and tells you itâs your lucky day! That disposable razor you emailed your entire contact list about needing? Itâs on your desk. She teases you a little about the âclean-upâ you plan on doing in the staff washroom before your unexpected date that evening, wondering if the disposable will be up to snuff, and with a wink-wink, nudge-nudge, turns on her heel and exits. Leaving you openmouthed. And feeling slightly sick to your stomach. And not really thinking about lunch.
You, my friend, have been waffled: That fun email game where colleagues pounce the minute you leave your desk â and your email account up and open. That exact waffle happened at my last place of employment. In fact, our group was renowned for waffling, and it was all in good fun, if a tad inappropriate at times. But it illustrates how easy â and how âhumanâ â it is to leave yourself vulnerable.
In a previous post, we talked about how online privacy is pretty much toast â itâs a 21st century oxymoron, in fact. But we gave you a few tools and tips to help you maintain some control over your online life, personally and professionally. The thing is, you have to use them. There are always going to be really smart people out there creating the latest hack or scam. The key is to try and learn a little something from the mess they leave behind.
So on that note, we thought it might be fun â and a little enlightening â to take a look back at a couple of high-profile online scams, hacks, and social media missteps. Schadenfreude? Surely not. But who among us hasnât taken a âthere but for the grace of Godâ very deep breath after reading about some bigwig who accidentally left his laptop/smartphone/USB key at his local bar. From a kid from Quebec to the largest corporations, if youâre not risk-intelligent, you risk losing everything.
The Video Seen âRound the World
In a classic case of âdonât leave it lying aroundâ, one minute and 48 seconds of privately taped video changed Ghyslain Razaâs life for years. Take a slightly ungainly and awkward teenager, a golf ball retriever as a pretend light saber and a few muffled sound effects, toss in classmates who found the tape and distributed it online via email and forums, and voila! youâve got The Star Wars Kid!
The video became a web and pop culture phenom, with close to a billions views, and mentions on shows like âThe Family Guyâ, âArrested Developmentâ and âThe Colbert Reportâ. It also spun a vulnerable kid into depression and raised one of the first red flags regarding online privacy â the family sued the classmates and their families, and settled privately out of court.
Marcia, Jan, and Cindy?
What company was hacked three times in 2009 by using password/security question guessing? If you said âTwitter for $500, Alexâ, youâd be correct. Surprised? You shouldnât be. Weâve all done it. We set passwords that are easy for us to remember. Your kids, pets, birth dates, wifeâs name. But the whole point of passwords is that theyâre passwords. They are supposed to make your page, portal, company website, online banking site, Facebook page, Twitter account, etc., safe and secure. And believe me, the easier they are for you to rememberâŠthe easier they are for a hacker to guess.
Each time Twitter was hacked, very valuable and sensitive confidential business information was stolen. One hack involved faking tweets by high-profile users like Barack Obama and Britney Spears. Maybe not a huge concern for Britney, but definitely an issue for President Obama, one would think. Toss in the new trend towards âcloud computingâ, and as Twitter found out, one employeeâs easy password could do a company serious damage.
The Lights Are On But Nobodyâs Home
You can be fairly certain that when astronaut Doug Wheelock unlocked Foursquareâs NASA Explorer badge by checking in from the International Space Station, he wasnât worrying about someone heading to his earthly home to toss the place. But then again, he didnât post his Foursquare badge win to Twitter. The creators of the slightly tongue-in-cheek web site Please Rob Me say thatâs a good thing. Their site shows just how easy geolocation apps like Foursquare make it for criminals to know when weâre home, and when weâre not.
Foursquare at face value sounds fairly benign: You earn badges and titles, and sometimes perks, for âchecking inâ at various locations. Where it starts to get a little creepy is when you also âauto-shareâ your checkins via Twitter. Believe it or not, while streaming Foursquare data, the Please Rob Me creators saw people âchecking inâ to their home addresses, as well as the addresses of friends and family. Those checkins then appeared on Twitter. And that information can now be accessed by an industrious criminal. Bingo â theoretically at least â the next time you check in at your local Starbucks, your 50-inch flat screen is checking into an unassuming, white moving van with no plates.
The Dutchmen who created Please Rob Me are not master hackers. And they never intended the site to be used for nefarious purposes. They merely wanted to prove a point. You control what gets shared and not shared. Think before you tweet.
Loose Tweets Sink Fleets
Speaking of âthinking before you Tweetâ, thereâve been a number of high-profile Twitter missteps as of late â proof that youâre never too high up the professional food chain to not benefit from some social media training.
For example, fashion designer Kenneth Cole stunned the social media world just a few weeks back when he tweeted this: âMillions are in uproar in #Cairo. Rumor is they heard our new spring collection is now available online at http://bit.ly/KCairo âKCâ. Ouch. Understandably, people were outraged, articles and blogs were written, and KC eventually tweeted an apology. In this case, being the boss, he kept his job. Others havenât been so lucky.
Nir Rosen, a high-profile and respected journalist and fellow at the prestigious New York University Center for Law and Security, was forced to resign from that post shortly after tweeting/making fun of CBS correspondent Lara Loganâs assault in Egypt. In one of his very public apologies, he stated that he was having a snarky dialogue with some friends after news broke of the attack on Logan, and that essentially their dark humour was misunderstood. But Twitter isnât âjust a few friendsâ. Itâs not private. And he offended a lot of people. The title of one of the apologies he wrote said it all: âHow 480 Characters Unravelled My Careerâ.
Tall Poppy Syndrome
Itâs no secret that the higher oneâs profile, the more vulnerable one is to attack. Humans have an innate desire to take people down a peg. In Canada, we call it âtall poppy syndromeâ. And no oneâs more popular at the moment than our own little tall poppy, Justin Bieber. But donât stop reading! From the âdonât believe everything you see onlineâ file, the following Bieber scams are all about falsely inflated numbers, fake viral voting campaigns, and phishing scams. All things that either you or your company can be affected by.
According to Googleâs âZeitgeist 2010: How the world searchedâ report, Justin Bieber topped the list of the most searched-for entertainers, and hackers rode those coat tails all the way to Internet infamy. One prank, attributed to the imageboard website 4chan, influenced an online voting contest to decide which country Bieber should tour next. And by influenced, I mean took North Korea from 24th to 1st place in just under two days. Itâs fair to say that none of the votes actually came from the citizens of the secretive communist country. And thereâs no word on whether Kim Jong-Il weighed in on the possibility of a performance (it turned out the contest was not sanctioned by Bieberâs camp â but only after much reporting in the mainstream and social medias).
Bieber also topped Google Trendâs Hot Searches list. Not surprising until you discover the search term was a highly sketchy and slightly controversial phrase. Again, an orchestrated web scam.
YouTube was hacked as well, exposing a security flaw that left Bieber bearing the brunt of the hack, and pre-teen girls around the world reeling from the news that he had died in a car crash. Bieber wasnât the only cybercrime celebrity, of course. Lady Gaga, Justin Timberlake, and a number of other pop stars, had their computers hacked by simple Trojan Horses. Not only did they lose private emails and bank card
info, but unreleased songs were illegally downloaded and shared virally, as well as sensitive and personal photos and videos of the performers.
To wrap it up, in the words of the great Buzz Lightyear, the reach of online scams, hacks, pranks and criminal behaviour extends ââŠto infinity and beyond!â. We could write for days about all the neat little ways your professional and personal data and security can be compromised if you donât exert some control over what you share and donât share. And using some common sense, and ensuring you and/or your employees are educated about being online, and using social media, goes a long way toward making sure it doesnât happen to you.
What do you think? Do you know of some great scams or hacks you want to share? And has reading about them made you stop and think at all about your own â or your companyâs â online habits?
Leave a Comment