IIA Security Portal

Day 4 of Cyber Security Awareness Week. So far you should have updated your Java Engine (www.java.com), updated your Adobe products (www.adobe.com), and checked your Microsoft products are up to date (www.update.microsoft.com). Apple users should be running the latest Mac Defender destroying version of OS X. (Cyber Crims have already found a way around that, take care for the next round!) and finally, we have learnt that there are times when we should not click, but that we invariably do!

Tonight I’m going to be speaking about a different topic. Privacy & Identity safety. There is precious little of this on the Internet, or in our daily lives for that matter. It may seem that you are powerless to do anything about it, but there are some key factors to take into account.

Firstly, you must always think before you share information. There are literally thousands of points of identity about all of us, out there on the net. Every time we press a “Like” button on Facebook, every time we Tweet something. Every time we follow a link on a website. Every Google, Bing, Yahoo and Image search we do.

I am late sending today’s Cyber Security tip, because today, I went down to Sydney to take part in a Cyber Security Round Table discussion. I was hoping the Attorney-General, Robert McClelland, was going to be there, and I could dazzle him with the science of the Australian Protected Network! But that was not to be. Hopefully I made some inroads today, but that’s not what I’m talking about here. The interesting thing happened on the way home from Sydney. I was fortunate enough to run into someone who has developed an Advertising/Media release control system which shows just how much data on us there is out there. This system could track a Media Release/Advertising campaign and determine who had Tweeted it, shared it on Facebook, “Liked” it, searched for it, it was amazing. It really did pull all those pieces of information together, and because we are so good at sharing our intimate details on services like Facebook and Twitter, we could easily be identified.

And it was at that moment that I realised how the latest Facebook “Like” scam was operating for the criminals. It was not a benign operation at all. They were harvesting data.

There is no doubt that Social media is an absolute boon for catching up with old friends, and there is definitely a place for it. But we need to be very careful about what we allow to be publically visible. There was more than enough data garnered by this relatively simple system, to make an Identify Thief squeal with delight! This particular application was reasonably benign in its function. It tried to assist people making Media Releases; to help them understand what sort of people were picking up on it, and assist them in targeting future releases.

Cyber Criminals can and do, however, take exactly the same approach and build up massive dossiers on us. Armed with this information, they get past our normal defences and attack our friends, our credit history, hijack our Email and financial accounts, redirect our mail. The power they gain from information is virtually limitless. And we are literally inviting them to do it!

The Australian Protected Network comes into its own here. Before you enter a Criminal’s lair and click on a link that would associate your Twitter or Facebook account, it stops the connection and warns you that you very nearly gave them the connection they needed to build up a dossier like this. You wouldn’t have even known that you were doing it, and probably would have just brushed off the display of an innocuous Video. The APN won’t protect you from Advertising/Marketing systems in the first phase of operation, but it will help to protect your identity. Both by direct action at the point where you would have exposed yourself, and by teaching you, at that time, about the things that you should, and should not share, and what the dangers are of going past that point.

The Australian Protected Network - We can do something effective in the campaign against Criminal activities on the Internet.

http://www.australianprotectednetwork.com.au/