The Denial of Service attack is an attack on a computer resource to render it unavailable to its intended users. Very often it is the work of a person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Recently ReputationDefender came across a news story where a man denied service to a would-be lover and was attacked, kind of a variation on the DoS attack.
It’s your typical boy-meets-girl-over-the-Internet-posing-as-a-woman-in-Second Life story, but with some zaniness thrown in for good measure. After meeting in first life (that is, real life), the 52-year-old male victim from Claymont, Delaware ended the relationship (virtual and otherwise). This apparently upset the real woman of the pair, but instead of resorting to the typical jaded Internet-lover tactics of weepy/angry blog posts and troll forum comments calling his manhood into question, she decided to get physical, and not in the Linda Ronstadt way.
In August the jilted woman allegedly drove to the victim’s workplace in Pennsylvania and attempted to kidnap him at gunpoint. When that initial attempt at reconciliation failed (we can’t understand why not), she returned undaunted two weeks later to track down the victim’s Delaware home address. Unfortunately for her, he had recently moved, so she did what any sane person would do: she posed as a postal worker and searched for four days until she found the new address.
A truly compassionate soul, the woman brought her dog Gogi along with her to Delaware and then cut and removed a screened window in order to enter her virtual ex’s apartment.
According to police, when our would-be beau arrived home on Thursday, August 21, he saw someone pointing an object at his chest that was projecting a laser beam. Recognizing that his apartment was not the location for an impromptu rave, he fled immediately and contacted the police.
Authorities soon arrived on the scene, only to discover that the dog Gogi had been bound with duct tape and put in the bathroom while the woman was nowhere to be found. In addition to the dog, she apparently left behind a pair of handcuffs, a roll of duct tape, a Taser and a BB gun.
Maryland authorities identified her vehicle approximately an hour after the incident at a rest stop on I-95. After a brief struggle she was taken into custody and now faces charges of attempted kidnapping, burglary and aggravated menacing.
The conclusion is one that we’ve brought up before, but it bears repeating: be careful with what you do on the Internet. It is a very short leap for a determined individual to go from cyber stalking to real world stalking. Both are very hurtful, scary and illegal, but at least you can’t get tased over email.
ReputationDefender encourages parents to educate their children about online safety and their online reputation. Any readers have online teen safety tips? Let us know in the comments!
There has been recent news coverage of the conflict between Russia-backed South Ossetia and the government of Georgia. No, the estate of Ray Charles is not involved with the Kremlin. We’re talking the Black Sea here, people.
As if getting your city shelled with mortars and being under sniper fire were not bad enough, in the 21st century Information Age there is also a digital front to the fighting. Wired reports on the digital assault taking place:
The websites of Georgia’s government have been under denial-of-service attacks for weeks, with Russian hackers fingered as the culprits. Those online assaults have only intensified in recent days, as a shooting war between the two countries has broken out.
Galrahn at Information Dissimenation says that “Russia appears to have targeted the .ge domain for specific government websites, and are pounding the Georgian military networks, but other websites in Georgia in org, net, and other domains are still up, sporadically.” The Washington Post adds that “the Caucasus Network Tbilisi — key Georgian commercial Internet servers — remain under sustained attack from thousands of compromised PCs aimed at flooding the sites with so much junk Web traffic that they can no longer accommodate legitimate visitors.”
IntelFusion calls it a “full scale cyberwar being conducted by Russia against Georgia.” As always, however, its extremely difficult to sort out which hacks are being done with government involvement, which are being done with government wink-and-a-nod, and which have nothing to do with the government whatsoever.
There has been quite a bit of buzz in the Internet recently surrounding the actions a rookie New York City cop took during a Critical Mass ride through Times Square. A bystander caught the officer on tape body checking a bicyclist to the ground.
The Smoking Gun got in on the action and promptly posted the official report the officer submitted about the incident, much of which is in direct contradiction to the events caught on camera.
Judging from the sources, the outrage from many people stems from the fact that the attack on the bicyclist seems unprovoked and overly violent. People expect the NYPD to be more courteous, or at least not tackle cyclists in the street, it seems.The officer has been stripped of his badge and gun pending review, and is reportedly on desk duty for the foreseeable future. This all sounds fairly standard for a police force with proper internal controls. Now we wait for the hearing and justice to prevail, yes?Not on the Internet, they don’t. If there is one thing to take away from this incident, it is that the mob justice of the Internet is swift and brutal. There are websites now that are providing more information than the bicycle tackling cop would probably ever have wanted to find about himself online.
We won’t link to those sites, but a cursory overview of some of them reveals:
The Officer’s Badge Number
The Officer’s Age
The Officer’s Full Name
The Officer’s Family Information (father and mother’s names, careers)
Where the Officer Attended High School (and class year)
The Officer’s Home Address (with both street and map views)
The Officer’s Phone Number
The Officer’s Facebook Profile
The Officer’s Past Legal Issues
If you have any private information on the Internet you must understand that this can become (and already is, to some extent) public information. Anyone with relatively basic computer skills can dig up and repost information. They can even make stuff up, if they like, and they have a platform from which to disseminate their views. In this instance a police officer upset some people and his actions were caught on tape (we won’t wade into the arguments for/against justification, that’s not our job). Now he has very quickly learned how online information can be wielded to attain what the internet perceives as justice.
The dean of an Indianapolis, Indiana high school, Roncalli High, and the Roman Catholic Archdiocese, have subpoenaed Palo Alto based social network giant Facebook for information regarding the identity of a person who setup a false profile on the site.
Someone posing as the dean for the interparochial archdiocesan Catholic high school (the term interparochial referring to the fact that the school receives financial and pastoral support from the parishes that comprise the South Deanery of the Indianapolis Archdiocese), began contacting Roncalli students with inappropriate messages, according to an attorney for the Archdiocese of Indianapolis.
Although Facebook removed the fake profile from its site after Roncalli officials contacted them about it last month, the lawsuit — which alleges harassment and identity deception against the anonymous troublemaker — was filed Thursday because Facebook’s privacy policy requires a court order or subpoena before it will release any identifying information about a user.
According to the Indianapolis Star, the Archdiocese doesn’t know whether a Roncalli student created the “fauxfile.” Although Facebook has declined to issue a statement on the matter, the information that they release could be as vague as an IP address.
The above article quotes several lawyers with differing views on digital speech. Some say that students posing as school officials online are defaming their administrators and can be held liable while others see the fake profile as parody speech protected by the First Amendment.
This is another example of where the law is behind current technology and only future rulings will decide what is a harmless prank and what is a crime online.
The New York Times is reporting today that 11 people have been charged with stealing over 40 million credit and debit card numbers in what is being called “the largest identity-theft case ever prosecuted by the Justice Department.”
The authorities said that the scheme was spearheaded by a Miami man named Albert Gonzalez, who hacked into the computer systems of retailers including TJX, BJ’s Wholesale Club , OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW Inc.
Although this scheme hacked into major retailers, web sites displaying personal information are another target for identity thieves. These sites often list sensitive and personal data online where thieves can exploit it. ReputationDefender offers MyPrivacy, a service that removes your private information from the web and functions as a Global Do Not Call List. Sign up for MyPrivacy today and keep your personal data off the internet for only $4.95/ month.
But they are not always honest. According to Valleywag, an internet marketer is selling ten Facebook profiles on the internet auction site eBay. Each fake Facebook account is active and has over 200 friends. eBay has closed the auction but luckily, the ‘wag was able to snip some information from the listing before it disappeared, and it reads pretty interesting:
I am the owner of ten Facebook profiles. Every single one of my profiles has at minimum 200 friends. I have aggregated the friends for each persona organically. I will briefly mention the manner in which I compiled a list of genuine friends for each persona.
Step 1: Develop a persona with an intense interest on specific subjects/topics
Step 2: Integrate that individual into communities/forums based on their interests
Step 3: Stimulate conversation inside communities/forums and interact with other users
Step 4: Establish the persona inside the communities/forums
Step 5: Begin to add friends organically
The profiles have their own personalities and interests, and include Carrie, a 26 year old fashionista and Michael, a 42 year old intellectual with two kids. This post again raises concerns about the fluid nature of online identity, and people should be careful what information they share online.
In closing, one of the commenters may have said it best: Someone has finally figured out how to monetize Facebook.
ReputationDefender is committed to child online safety and protecting kids on the net. That is why we launched MyChild, a service that monitors the online activity of teens and allows parents to keep up with what their child is doing online. ReputationDefender encourages all parents to speak with their children about proper online behavior. Never give out personal information online and don’t assume that something posted on your own blog or facebook account will remain private.
Parents should be proactive about defending the reputation of their children online. Do not hesitate to contact site moderators, admins or other webmasters to report TOS violations and malicious postings.
ReputationDefender ran into this sage advice from Tales of Mere Existence that relates to online bullying and your child’s reputation.
“Lulz” is how trolls keep score. A corruption of “LOL” or “laugh out loud,” “lulz” means the joy of disrupting another’s emotional equilibrium. “Lulz is watching someone lose their mind at their computer 2,000 miles away while you chat with friends and laugh,” said one ex-troll who, like many people I contacted, refused to disclose his legal identity.
Covering topics ranging from the Megan Meier MySpace suicide to the epilepsy foundation hack the article is a road map to internet cruelty and the real life faces behind flame wars and cyberbullying. The piece looks at some of the most notorious trolls and hackers online today and examines their motives and methods for gaining lulz. Some trolls even take their hijinx offline and send threatening messages to their victims in the real world. As a result of these death threats and harassing phone calls:
Several state legislators have recently proposed cyberbullying measures. At the federal level, Representative Linda Sánchez, a Democrat from California, has introduced the Megan Meier Cyberbullying Prevention Act, which would make it a federal crime to send any communications with intent to cause “substantial emotional distress.”
[SNIP]
Many trolling practices, like prank-calling . . . and intimidat[ion], violate existing laws against harassment and threats. The difficulty is tracking down the perpetrators. In order to prosecute, investigators must subpoena sites and Internet service providers to learn the original author’s IP address, and from there, his legal identity.
ReputationDefender has looked at the legal difficulties surrounding internet harassment and online anonymous hate speech before and is committed to helping people lead safe, productive, online lives.
By now most people are aware of the Meghan Meier case. For those that are unaware, Lori Drew, 49, of Missouri, allegedly created a fake profile on MySpace for a non-existent boy and then contacted Meghan Meier through MySpace. Supposedly after receiving some mean messages from this fictitious boy Meghan killed herself in the family home.
Because the case occurred over the Internet and MySpace is headquartered out of Beverly Hills, federal authorities have been involved with the matter. Charges have been filed, and prosecutors are arguing that by helping create a MySpace account in the name of someone who didn’t exist Drew violated the News Corp.-owned site’s terms of service and thus illegally accessed protected computers.
While it seems to make some sense, the potential ramifications of this logic are a little chilling unto themselves. As the AP article points out:
Legal experts warned Friday that such an interpretation could criminalize routine behavior on the Internet. After all, people regularly create accounts or post information under aliases for many legitimate reasons, including parody, spam avoidance and a desire to maintain their anonymity or privacy online or that of a child.
This new interpretation also gives a business contract the force of a law: Violations of a Web site’s user agreement could now lead to criminal sanction, not just civil lawsuits or ejection from a site.
The prosecution’s legal argument is that in order to access MySpace’s servers Drew had to sign up for MySpace’s service, which entails providing your name and date of birth. Beyond that, one must agree to abide by the site’s terms of service. The terms of service forbid using any false registration information, soliciting personal information from anyone under 18 and using any information gathered from the Web site to “harass, abuse, or harm another person.” Thus, by merely using a fictitious name Drew violated MySpace’s terms and had no authority to access the MySpace service.
The Drews are already on the defensive, and their lawyer has announced a legal challenge to this interpretation. They contend that this reading raises issues of constitutionality related to free speech and due process of law.
In response to the suicide death of 13-year-old Meghan Meier, state lawmakers in Missouri have given final approval to a bill making cyber bullying illegal. Meier is at the center of a pending case that transpired when the mother of one of her friends wanted to know if Meghan was saying negative things about her daughter and allegedly created a false profile on MySpace in the name of a non-existent 16-year-old boy. Eventually this fictitious boy, “Josh Evans,” ended his online relationship with Meghan, which is believed to have been the catalyst that led to the young girl taking her life.
The bill, which was recently signed by the Governor, updates existing state laws against harassment to be more relevant with current technological developments. Specifically, the new bill removes the requirement that the communication considered to be harassment be written or over the telephone. Supporters of the move say the updated bill will now cover harassment from electronic devices like computers and text messages.
Many of the provisions contained in the bill arose from a special gubernatorial task force that studied Internet harassment after the details of Megan Meier’s suicide were made public.
The mother who allegedly created the profile, Lori Drew, has been indicted in California on federal counts of conspiracy and accessing protected computers without authorization to get information used to inflict emotional distress on the teen. As we reported earlier, an attorney for Drew is preparing a legal challenge to the prosecution’s claims.
Police in Missouri did not initially file any charges against Drew largely because there was no applicable state law to prosecute her actions under. While the outcome of the current case is uncertain, Sen. Scott Rupp has stated that the proposed amendments would have allowed prosecutors to continue investigating without having to ship the case to a different state.
“Without a good, quality cyber stalking and harassment law, which we don’t currently have, we have to go to federal courts in other states to make a stretching leap argument,” said Rupp, R-Wentzville.
Other senators have seen the proverbial handwriting on the wall, and our coming out with their own interpretations. State Sen. Harry Kennedy, D-St. Louis, said the law is “definitely a warning shot for those folks who want to use the Internet for harassment.”
This is another example of how 20th century case law is unfit to deal with the realities of the digital age. Anti Bullying advocates, parents and concerned netizens, while saddened at this event, can be pleased with the outcome and new state law.
The Wall Street Journal recently ran an interesting piece entitled “The Downsides To Blogging About Your Kid,” in which Cybele Weisser discusses the possible pitfalls associated with Cyber Parenting. She runs a blog with public photos of her son. The internet allows friends and family to watch the child grow up.
Sometimes, though, the site also serves as an unfortunate reminder of the Internet’s not-so-innocent side. A few days ago, for instance, I noticed that some of the recent photos we’d posted had an extraordinary number of views, the result of people searching for keywords such as “bedtime, “nursing,” and “pj’s.”
Privacy concerns stemming from the public display of family photos include Cyber Stalking and balancing the protection of children online with wanting to share their development with loved ones. Other points of view brought up in the piece and in the comments include making a website private to keep predatory web surfers out of your digital family life and concerns that this album could prove embarrasing to the child as he matures.
What do you think? Are parenting blogs putting children at risk? Are we over exposing the intimate details about our lives? And when the kids grow up, will they ever live down their baby blog?
Regular readers of the ReputationDefender Blog will remember this post about Indian Schools posting student records online for employers and universities to see. Now, a recent article from Australia’s venerable Courier Mail highlights another new policy by school officials to publicly post all student files for anyone to see:
The intranet database, dubbed OneSchool, will profile each of the state’s 480,000 public school students enrolled from Prep to Year 12.
Photographs, personal details, career aspirations, off-campus activities and student performance records are being collected from all 1251 state schools.
Some parents are understandably concerned about this initiative, questioning the rationale behind such a bold new program. They cite concerns about the availability of the information to inappropriate parties such as pedophiles and hackers. One reader commenting on the article suggested that personal information from the politicians who support the measure, along with that of their wives and children, be posted first as a test to determine if it safe before adding school children.
Using more of a stick than a carrot, Education Minister Rod Welford is quoted as saying that parents who refuse to supply information about their children for the database could find their children denied access to public education, and that the program, dubbed OneSchool is “non-negotiable.”
While the centralization of records and databases is a necessary thing in order to facilitate information sharing, it comes with a cost, and the child’s reputation moves online, as well as off. At what point does the availability of information outweigh the security risks inherent in making it more widely available?
In response to the rash of false identities on MySpace, the company has requested users to send a video to admins of the real users saying their MySpace ID tag.
An ingenious YouTube user has taken this as an opportunity to compile the many faces of MySpace (which are predominantly young girls with bangs and lots of eye shadow). Enjoy!
A story about ReputationDefender and the continual development of our MyPrivacy product made the front page of Digg this morning. If you want to keep your personally identifiable information off the Internet, you need to read the story about ReputationDefender in Forbes. Check out the Digg screen cap below:
image via laughing squid.
