Posted by
CyberMom on Tuesday, February 12, 2008 5:59:48 PM
The Newest Threat in Identity Theft:
Flies vs Spyders
Part 3: Why Spyders get away with it – and what do to protect yourself!
So far we’ve discussed the newest threat in Identity Theft – and quite frankly, it’s downright frightening to even touch a computer these days knowing this information. In the last article, we discussed what types of activities this new era of hackers engages in and what types of people are susceptible. But, what allows this to keep happening? Is it all end-user ignorance? Are we doomed to be trapped by hackers because not everyone is a computer technician? What about the technically savvy folks? Are they doomed to be falsely accused because there is far too much ignorance out there to understand the complexity of the Information Technology field? I can assure you now, that if you keep reading, you won’t like the truth!
Yes, it’s true that spiders spin their webs in corners and wait for the little bugs to come to them. But, the Internet is also known as the World Wide Web – and is an entanglement of tens of millions of computers interweaved in a giant, spiders’ web. Since Sepetember 11, 2000, airports around the country have increased their security ten-fold. The world has followed suit. People have to take their shoes, belts, jackets and other articles of clothing off just to walk through a metal detector. You can’t bring through your deodorant any longer if it exceeds a certain weight!! Why the big fear? In short – there are bad people in the world, and their methods of attack are becoming more complex. It used to be, only 20 years ago, that the big fear of not having your bag with you at an airport is that it will get stolen. For the last seven years, that fear has evolved to now be that you will be the victim of Identity Theft. In what way? There are now signs in every airport warning you not to leave even a small portion of your bag open or out of sight as someone may put contraband of some sort into your luggage. Is this because the bad guys are out to get you? No. That’s the ignorant paranoia that prosecutors use to discredit people. It’s because the items the bad guys are smuggling would land them in prison for life, or on death row, and in the event the item is discovered, it’s more worth it to them to lose the item and let you take the fall then get busted themselves!!
Now to the technology field. The very same principals hold true – if you’re carrying it – YOU are responsible! The current laws for computer forensics have one requirement: to find the illegal material on your computer. They don’t have to prove you accessed it or that you knew it was there because the computer belongs SOLELY to you! This applies now to every field of cyber-crime there is: from copy-righted music to illegal copies of software to child pornography! All of these have one thing in common for computer forensics: if it’s on your computer – YOU must have put it there!
The reality of this situation is much different. Ted Coombs writes that in today’s modern era of techonology, the internet, wireless and all the security-holes, there’s no way to say that any one user is in complete control of their computer. He goes on to say that even Savvy computer users cannot say they are in complete control, although they might be amongst the lucky to know when they’ve been hacked and stop it before they find themselves the falsely accused perpetrator of a cyber-crime. The web-site, corrupted-justice.com, recently hosted an article about the $100 million lawsuit against DateLine NBC’s, ‘To Catch a Predator Program,’ for setting a man up and leading him to commit suicide.
It’s not as ‘small’ of an issue as it seems. The News and media are busy telling people about the hackers and viruses and bad people of the world, but no one is educating the end-users as to the reality of the situation. Matthew Bandy, a 16-year old boy spent 3-years battling a false accusation of downloading child pornography and cost his family over $250,000.00 (from which they cannot recover). The method used to download the pornography? Limewire – a pay-per download, legal music trading program. Unknown to the family, this ‘legal’ program that they paid money for also created a security vulnerability, allowing someone else to access their computer and use their computer to both host and distribute pornography.
Recently, Microsoft sued a software-testing company for copyright infringement, not only costing them tens of millions of dollars, but banning them from using Microsoft’s software again – guaranteeing the company’s demise and the loss of many jobs. Microsoft and agencies like the RIAA (Recording Industry Association of America) do not limit their lawsuits to companies, but aggressively go after individuals as well. A single infringement can be as small as a couple thousand dollars and probation up to a lifetime in prison and countless millions of dollars. Either way – if you were the one downloading the materials, would you want to be caught?
What makes this a problem is that the law is ENCOURAGING the activities of hackers and Spyders alike!! The anti-child pornography industry is a perfect example. Where the downloading of a single image of child pornography might seem like a crime that requires somebody to seek counseling – it goes far beyond that. Currently, the act of acquiring child pornography is equivalent to raping a child and constitutes a minimum of 5 years in prison and 10 years (soon to be life) as a registered sex offender. While we can all agree that stiffening the laws on any form of sexual exploitation of children will help yield good results in most normal circumstances, we must also acknowledge that it’s creating a ever-more complex, black market. This black market is trading and working through the World Wide Web, increasing the need to take over other peoples’ computers to protect themselves. In April of this year, a 35-year old, Kerrville Doctor was accused of downloading and possessing child pornography. The doctor, being able to afford good, legal counsel, was able to make the statement that vulnerabilities in their email had recently lead to some unwanted hacking of their computers – and that is the only reasonable explanation for that material. But, what lead the police to his door? In fact, what leads the police to the doors of anyone who commits a cybercrime?
While it might be difficult to believe that you weren’t interested in downloading illegal music from a peer to peer sharing program such as BitTorrent or trying to access child pornography on an internet site where you are interactively talking to a person, describing yourself, your interests and such, the lines of reality become skewed when police show up for an unsolicited email containing or pertaining to the materials is sent across the internet, or there is a ‘tip-off’ based on IP addresses or phone calls. Fortunately, there are instances where it is ‘clear’ when a person has attempted to access illegal materials. One Texas man tried to blame his open Wireless connection for hackers breaking into his computer. When multiple CD’s were found in his bedroom, it became clear that it had been handled by the user sitting at the computer itself. But, what if it wasn’t you? Don’t computers keep good records and anti-virus programs prove otherwise?
Here’s a catch- if a Trojan accessed your computer, opened up ports for a hacker to upload pornography to your computer with the intent to distribute it on a Monday afternoon, and your virus scanner runs its scheduled program that night around 10:00 pm and wipes the virus out – it does not wipe out the uploaded pornography. It ONLY wipes out the EVIDENCE!!! How incredibly frightening and sickening is that? The same programs we use to defend our computers can inadvertently cause us to be falsely incriminated? There are numerous viruses with a post-functional, self-destruct sequence that wipes itself out and leaves you holding the bag. Didn’t think there were really malicious people out there? Might want to rethink that. Hackers who want to freely distribute software will often times create ‘scripts’ (short programs that serve only one purpose) that will discover any vulnerabilities you have and unlock your computer for their access. They can then use your computer to store their software!
But, what about Worm-viruses such as the, ‘I wish you were here’, virus and its variants that look for information in your emails that you have communicated with a minor and then seek to solicit that minor? The program might send a completely irrational and ridiculous letter, having pieced together parts of other letters and added solicitation to it – but that doesn’t change the fact that a minor was now solicited from YOUR email account or YOUR computer!! Again, we must ask: Don’t the authorities know this?
While there have been some baby steps made in the computer-forensics fields (such as not trying to bust somebody for being a pedophile because there are pictures in their temporary directory that could be an accident resulting from a virus), but these steps are too small, and too late, to undo what is happening now. Currently, there are thousands of people around the world contending that they are victims – not perpetrators of a crime. There are prosecutors and law enforcement agencies trying to create a world-wide, paranoia against people who claim to be the victims of a hacker. Rather than accept the possibilities of truth, they are seeking to undermine the basics of justice and truth. Sure, your 90 year old grandmother downloaded naked pictures of 4 year olds and distributed them across the internet. Well – thanks to her not being ‘computer savvy’ and clicking on a virus/spam email – her computer was hijacked and now the federal authorities are at her door – and they will try to press charges, even in light of the evidence!
Or better yet, a 30-year old, single father who IS a computer technician gets a knock on his door one day telling him he’s busted for soliciting a 16 year old girl for sex!! He’s even charged with attempted sexual abuse – because there is an email, again – sporadic and nonsensical based on grafted input from other emails and inserted portions of solicitation!! But, now his computer is taken, and low and behold – there’s pornography! Well – because he’s a computer technician, he MUST be guilty. No – there’s no actual proof he wrote the letter… and no, there’s no actual proof he downloaded the photos… and yes, there’s all the signs of a computer that could be and probably was easily hacked – but the legal system does not care. They do not consider a totality of circumstances! A single father with pornography on his computer – no criminal background, no issues whatsoever with his child who is loved in his community – folks, I cannot tell you how many forums I have read where people have been accused, convicted, continued to plead their innocence and now their friends and family are on there saying, “I can’t believe it was him – I would have never believed it!”
DON’T. Don’t be fooled by hype and media. While we must all strive to protect the innocent children of this world, the software producers, the movie makers and the book writers from being exploited and hurt, we must also not encourage Spyders to continue to let others take the fall for their actions. The trial of Julie Amero is a perfect example. Here is a substitute teacher who has no pornography anywhere else in her life, works to educate children, has never been accused of any crime now finds herself being re-tried (after several years of appeals) for trying to expose children to pornography because of pop-ups on the computer! Yes – the same pop-ups that plague us, we fight daily with anti-spyware, anti-adaware, anti-virus and anti-everything else programs! Her web search history contained pages on the internet that were supposedly pornographic. Guess what – web page redirects, pop-ups and the sort leading people to pornography against their will has been a problem in the computing industry for TEN years now!!
The fact is this: as long as the laws are going to be as strict as they are (hoping to protect children), then the Spyders are going to have more reason to be afraid. And, as long as the law is going to be as loose and inconsiderate of the truth or facts as they are – those Spyders will find it easier and easier to hid in the back of their web and let others take the fall! World-wide, the Legal System is encouraging Spyders to increase their activities by making it easier to blame others! It not only creates a terrifying method of framing an innocent person – it increases the danger to our children!! We cannot continue to allow the risk to our children to grow simply because we try to ignore the law and ‘hope’ they’re doing the right thing! They make mistakes too – just this mistake, is costing lives, and putting ALL our children in incredible danger! It’s increasing the copy-right infringement and music stores, businesses, jobs – lives – are all going down for it! It’s plaguing every section of our lives and threatening us as a whole to the point that only a ‘big brother,’ intrusive-form of daily monitoring will stop it if we allow it to continue uncontrolled.
Still think you’re safe? Still sure that you’ve done all you need to do? Over 1000 people every six months is turned into the police by computer-repair shops that find illegal materials on peoples’ computers that have been brought in for repair!! While I may not be Einstein, it doesn’t seem that complex to me to understand that somebody with illegal materials on their computer would not be taking it in to repair shops. Folks – I have neighbors who have asked me to fix their ‘slow’ computer where I have founded dozens of viruses, spyware programs and the sort and associated web pages indicating deviant searches. These folks are good, honest, clean, family people, just like myself. They did NOT surf these internet sites on purpose, had found themselves being taken to these sites without their consent and yet, the sites are there for anyone who wanted to falsely incriminate them. As a responsible technician, my job was to eliminate the materials that kept trying to redirect the web browser to these inappropriate sites, wipe out the history and false, temporary files and ensure the system was completely protected. I had to remove their music-downloading program (that they paid for) to ensure that the computer was not only safe from viruses that could do this sort of activity, but was safe from unknown people logging into their computer!
I’ve seen this happen at least 100 times in my career as a computer technician. What can you do to protect yourself? The honest answer is:
HELP FIGHT THE CURRENT SYSTEM OF LAWS.
Sound stupid? Not the answer you were hoping for? I can suggest you turn off all sorts of services on your Windows XP machine that make it easier to hack, install hundreds of dollars in anti-everything software that make it ‘more’ protected, recommend that you get a bit-by-bit comparison software and check it daily to ensure that no new files have been put onto your pc (although that would be impossible since the new world of security updates and operating system standards requires that), turn off your wireless, turn off your internet and turn off your computer. I can suggest that you literally come to a stand-still on your computer – and I can only be guaranteeing about 85% of your safety. The remainder is based on what happens if… or when… you become the victim of identity theft.
What can you do? While you may be busy – take out one afternoon, for a few hours, and research the information I’ve given you here. Goto the National Center for Missing and Exploited Children’s websites. In one afternoon, you can learn both sides of the coin – and you will see just how much at danger from Spyders you really are.
The question to ask yourself is this:
If you found yourself one day of being accused of a cybercrime such as solicitation of minors or downloading child pornography, and you know you are innocent, but you don’t have the money for $50,000 attorney to protect you from the ensuing hell, accusations, mistreatment and abuse who can have your computer examined for an extra $150,000 to try and prove your innocence, wouldn’t you want your jury to be interested in the totality of circumstances? Wouldn’t you want your jury to be educated enough about computers to know that they too, could be in your shoes someday? Wouldn’t you want more than the RIAA to simply point a finger at you and say 10 years in jail and $150,000 for stealing, copying and disseminating copy-righted movies as the ‘facts’ of your guilt? Wouldn’t you expect proof; fingerprints, DNA, forensics – any of it? I know I would.
Spread the word. Tell everyone you know. Make them read these articles and be aware of the danger they’re in!! In 2006, there were more than half a million ‘common’ viruses, and a quarter of these were designed by Spyders trying to infiltrate people’s, personal computers!! It’s estimated that in this year alone, those numbers will double – if not triple!! There will be over ten thousand cases this year, world-wide, where the accused is a victim of identity theft and from ignorance in Computer Forensics.
Ask yourself: Just because you own a gun, and it has bullets – doesn’t mean that the dead body the cops found with a bullet in it came from you!! Even if the bullet came from your gun – and you know you weren’t even home at the time – you’d EXPECT that the FACTS are taken into complete consideration, and such a case doesn’t even go to court, wasting taxpayer money it is so ludicrous.
But – for the victims of identity theft on computers – it’s not only going to court, it’s sending them to prison, and some of them to their deaths. This is real. This is fact. This is not the media’s hype or DateLine NBC’s trying to encourage people into becoming self-proclaimed witch-hunters – this is about real people being faced with real bad situations – who are exactly like you and me. And by helping them – we WILL help ourselves.
*Author’s note: The Author is a computer technician of over 10 years having worked with SMB, SOHO and Enterprise-level corporations. He is a certified Systems Analyst and has done Network Administration, Strategic IT Business Planning and Analysis and Security Analysis for multiple businesses. He has written articles for National IT Magazines, Newspapers, Journals and multiple Web Sites. The Author is A+ and Network+ Comptia certified and has completed the CCNA certified training curriculum. He currently works as a private consultant for individual small companies providing strategic business solutions, security infrastructure planning and enhanced productivity through Information Technology. He is also a single father and has first hand experience in victimization from Identity Theft. He is currently dealing with such issues in his own life and seeks to help others in similar situations.