Post by: Lisa Vaas | SOPHOS Naked Security | Published on: 10/19/2016
Welcome to Week 3 of National Cyber Security Awareness Month!
This week’s theme, brought to you courtesy of the National Cyber Security Alliance of US businesses and government agencies, is about recognizing and combating cybercrime.
That includes all manner of online crime, be it crooks stealing personal information for monetary gain, identity theft, or online radicalization and recruitment to terrorist networks.
It also includes things that some of us might not even realize are crimes, like guessing at passwords, using somebody else’s photo, trolling, cyberbullying or getting back at an ex by posting their intimate photos online.
Here are examples we’ve seen of such crimes, how harmful they can be, and the potential consequences in store for people who commit them.
Impersonating someone online
This includes guessing at somebody’s password, using their photo, and/or pretending to be someone else: an art that phishers have honed in their quest to part us from data, information, money and more.
Phishing is how many serious cyberattacks begin. It was at the heart of the 2014 Celebgate nude-photo-theft scandal, for one.
The consequences can be severe. Besides the anxiety the victims endured, we’ve already witnessed the conviction of multiple perpetrators, with ongoing investigations holding out the potential for more.
What about using somebody else’s photo online?
There are so many cases where imposters have targeted kids by putting up fake photos, such as the guy who posed as Justin Bieber in order to trick kids into stripping in front of a webcam, or the 22-year-old from New Jersey who posed as a teenager to stalk girls online.
Adults have their own flavors of lying sleazebag fraudsters too: cybercrooks who prey on vulnerable love-seekers on dating sites, who convince them they’re sending money to needy soldiers; who send bogus emails claiming you’ll get a payment just as soon as you first pay a “shipping agent” (known as “advance fee fraud“); or by voluptuous women who, strangely enough, are forced to find love online – presumably because Russia is fresh out of men who like buxom blondes.
Short of child stalking or fraud, just doing something like putting up a fake Facebook profile is illegal. It’s a violation of Facebook’s terms, for one thing, but that should be the least of your worries.
After all, Facebook isn’t going to haul all of its fake people into court, for very good, very voluminous reasons.
What’s more serious than breaking Facebook’s terms of service is the fact that if the photo you’re using was found through a Google search or taken off somebody’s profile, you’re guilty not only of misrepresenting your identity, but also of stealing intellectual property and possible commission of identity theft.
With regards to guessing at somebody’s password, sorry, but lame, easily guessed passwords simply aren’t a justification to access anybody’s account without authorization.
One example of this was Chris Correa, the former baseball scouting director for the St. Louis Cardinals. In July, he was sentenced to 46 months in jail after guessing a rival team’s password.
The lack of a strong password allowed Correa to gain unauthorized access to an internal network of the Houston Astros and enabled the theft of closely guarded information about players, including internal discussions about trades, proprietary statistics and scouting reports.
In short, it was a case of corporate espionage.
The courts didn’t give a hoot whether the guessed-at password was strong or feeble.
Even if it was as drop-dead simple as the word “Password” or that good old favorite “123456,” it didn’t make it right, or even remotely legal, for Correa to break into the account.
He was convicted of five counts of computer hacking under the CFAA.
Forget that saying about sticks and stones breaking our bones: words and virtual mobs can hurt us just as horribly. Even one teenager’s suicide caused by being mocked on social media is a tragedy, but we’ve seen far more than just one.
One of the more recent court cases we’ve seen was that of a student who filmed a schoolmate in the school toilet.
The student posted the 10-second video to Snapchat and Vine. In spite of Snapchat videos only lasting 24 hours, the video went viral, spreading not only throughout the school but beyond, to other schools.
The boy in the video, 14-year-old Matthew Burdette, was mercilessly bullied.
He killed himself in November 2013, writing in a suicide note that…
I can’t do school anymore. I have no friends. I don’t want to kill myself but I have no friends.
The boy who posted the video, identified only as MH in court documents, was charged with invasion of privacy. A minor at the time, he was sentenced to probation.
We’ve seen girls as young as 12 kill themselves because they just couldn’t stand the cyberbullying. In the case of Rebecca Ann Sedwick, even her death didn’t stop the bullies. They bragged on Facebook about driving her to it.
In the US, nearly all states have bullying laws, many with cyberbullying or electronic harassment provisions.
In the UK, the Crown Prosecution Service earlier this month published new guidelines in order to make it clear to prosecutors that those who encourage others to participate in online harassment campaigns can face criminal charges under the Serious Crime Act 2007.
That covers doxxing – i.e., publicly publishing a target’s personal information, such as home address or bank details – or creating a derogatory hashtag to encourage others to pick on victims.
Legislators continue to pass new laws against revenge porn – what’s also called nonconsensual porn.
In the first year of the UK’s new law against nonconsensual porn, we’ve seen children as young as 11 be victimized by the sharing of private sexual images without the subject’s consent, with the aim of inflicting distress.
It’s an act for which prosecutors had previously sought convictions under existing copyright or harassment laws.
Convictions for revenge porn in the UK have included:
- Jason Asagba, the 21-year-old who sent a woman’s photos to her family and shared them on Facebook a mere three days after the new law went into effect on 13 April 2015
- David Jones, a 53-year-old married man who was sentenced to three months in jail after posting images of his ex on social media. She said she felt “complete terror” when she saw the sexually explicit images
- Luke King, who swapped out his WhatsApp profile picture for a naked picture of his ex-girlfriend. The 21-year-old was prosecuted under the Protection from Harassment Act 1997 and sentenced to 12 weeks of jail time in November 2014
It’s one thing to go after the people who commit these acts, but it’s another to hold accountable the services that enable the dissemination of these images.
Criminals often choose Facebook as the forum in which they prefer to torment. The social network has seen its share of legal woes because of it. In 2014, it was hit with a $123 million lawsuit in the US for hosting, for months, a page dedicated to humiliating one Texas woman with Photoshopped clips of her face pasted onto porn shots.
Since then, Facebook has said that it’s bolstered its report abuse infrastructure, appointing a worldwide team of experts to investigate the complaints around the clock in order to remove offending images as soon as possible.
Instagram and Snapchat say that they’re also on top of abuse reports 24/7.
What’s more, Google and Facebook this year teamed up to host an EU Child Safety Summit that focused on how to keep young people safe online and how both of the internet giants are fighting revenge porn.
Those are just a few of the cybercrimes that some of us don’t seem to realize are crimes.
Have you witnessed cyberbullying or revenge porn or was ever a victim? Share your stories below and help end the cycle.
Reference Article: https://nakedsecurity.sophos.com/2016/10/19/3-things-you-might-not-realize-are-crimes/