The whole issue specfic to TMI and the Internet specific to "social engineering" as it relates to your "digital footprint", is a huge issue when it comes to personal and professional safety. This is one reason why my Internet Safety program has become soooooooo popular in both our Jr and Sr highschools. Here's a chapter from my Interent safety book on the topic. My book can be located at:
http://www.personalprotectionsystems.ca ... _Book.html
The Internet Predator
Who Are They ?
Most Internet predators are:
• Very computer savvy,
• College graduates,
• Have a successful career, and
• Usually male.
The Internet, and its anonymity, offers a virtual place for the on-line predator to hunt their prey with relative freedom. Many of these predators are extremely knowledgeable in youth subject matter and current events, and are able to speak with teens using current on-line lingo. They are experts at what they do, conduct research, and know how to build rapport quickly with their intended target. Of real importance is that these predators can be anyone, and as Perverted Justice has shown, they can be police officers, lawyers, actors, doctors, teachers, coaches and CEO’s.
Although there is a belief out there that the Internet predator that specializes in child pornography does so to make money, research has found that most distribution of this type of material is done on trade rather than for financial gain. Child pornographers like to expand their collections by trading with one another, and the Internet has been a boon to not only this type of activity, but also in the sharing of “trade secrets” such as; how to cyber groom and lure our children for sexual exploitation and how to avoid law enforcement detection.
According to experts, there are four categories of Internet child sexual predators to be aware of:
This is a group of sex offenders who are interested in collecting child pornography, and usually do not want to meet a child in person.
This is a group of sexual offenders that will target children for the purpose of making a face to face meeting to have sex with them. These predators will become completely obsessed with the child they have targeted, and will travel vast distances to meet the child.
This group of sexual offenders is both a collector and distributor of child pornography. Not all collectors are manufacturers, but all manufacturers are collectors. These predators financially profit from selling child pornography. Often this predator will entice the child/youth to create their own sexually inappropriate “show” via a web cam that they will now record and sell for money.
This group of sexual offenders rarely attempts to meet their victims face to face and often do not collect child pornography. Instead this group prefers to have cybersex or phone sex on sites such omegle.com.
Why Does The Internet Fuel These Sexual Predators?
• It offers easy and anonymous access to children and youth from around the world 24/7.
• It presents risky on-line behavior that children and youth engage in while on-line such as posting too much personal information in their non-secured social network, or even the willingness to freely interact with on-line strangers on sites such as Omegle.com, that the predator can hook into and take advantage of via social engineering. In our introduction we stated that the research has consistently demonstrated that sexual predation (luring) cases typically involve teens who WILLINGLY meet with adults KNOWING they will be engaging in sexual activities. This same research has shown that the youth who are at the greatest risk on-line, in all areas of risk discussed in this book (especially sexual exploitation in all its forms), and targeted by these predators are usually the same youth who are at greater risk in their off-line real world activities. Often these are the youth that have significant psychosocial challenges, intentionally engage in risk from their peers in the form of sexual solicitation, sexual harassment, cyberbullying and have parents that are ineffectually involved in their on-line activity.
• It offers virtual validation from others of like mindedness where they can share their conquests.
• It offers easy access to the thousands of child pornography sites, pictures, and video that is available 24/7.
• It offers the thrill of being chased by law enforcement which they see as a challenge.
Like it or not, the Internet has provided the perfect forum for these predators. The Internet has ignited the deviant sexual appetite of the pedophile, who can now engage in their behavior 24/7, usually undetected, thus allowing them to target our children with the click of their mouse.
The Grooming Process and Building Rapport
Many Internet predators, especially sexual predators, will engage in a grooming process. The primary goal of the grooming process is to build rapport and make the potential target feel comfortable with him, in the hope that you will want to meet him face to face at some later time. It is not uncommon that once a potential target has been identified, the predator will often play the waiting game, and work long periods of time in order to build rapport.
Although hard to identify, they can be anyone, the Internet predator will often follow a standardized grooming process that looks similar to the following:
• The predator will often “Stealth”, “Chicken Hawk”, or “Creep” chat rooms and social networks to gain information on a potential target, through information contained in the target’s profile and actual chat room text messaging content.
• Once the predator has gained the information needed to build rapport with their intended target, they will initiate contact in the Chat Room or social network.
• At some point in the Chat Room interaction, the predator will ask their target to P2P (person to person chat) or “whisper”. Why? Because the predator wants to cut their prey from the herd for privacy.
• Once the predator and target have whispered for a while, the predator will often ask the target to engage in a conventional e-mail relationship, which will allow for a longer and more private relationship without having to log into a Chat Room, thus further increasing anonymity. It is also at this point that the predator will request that you tell no one about your interaction with them.
• Often after a prolonged e-mail relationship, the predator will now request a conventional phone conversation, again to build rapport, with the ultimate goal of having a private face-to-face meeting with you.
• If the goal is not a face-to-face meet, but rather inappropriate sexual behavior on-line (often known as cybersex), the predator will very slowly break down sexual barriers.
• It is not uncommon that the predator will “test the waters” by introducing sexual language and content into conversations.
• As their target become desensitized to this sexual language, they may start to send sexual pictures/video (sometimes of them) based upon an incremental process.
• Once their target is hooked, and they sense that their target is withdrawing from a conversation, they may start to use threats (cyber bullying) such as sending pictures, video, and text messaging that you were involved in with him, to parents and friends.
Often during the grooming process, the predator will use a variety of rapport “lures” to hook their intended prey. Some of these lures include:
• “Let’s go P2P or Whisper”. Here they want no witnesses.
• “Where’s your computer in your house?” Here they want to know if parents are potentially watching.
• “Who are your favorite band, movie, and designer?” Here information obtained can assist in building rapport based upon similar interests.
• “I know someone who can get you a modeling job.” This is an ego boosting lure their goal is to make you feel special.
• “I know a fast way that you can earn some money.” Usually through web cam pornography that the predator will say offers some anonymity. Just have a look at how many voyeur sites are now available on-line.
• “You seem so sad; tell me what’s happening in your life.” The sympathy lure. They are good at the “listening game”.
• “What’s your phone number?” This usually happens later in the grooming process, but once obtained, can reveal where you are located and in some cases, using Internet 411 technology, can reveal your actual address.
• “If you do not do what I ask, I will tell your parents, or post your picture(s) in a Blog, web cam directory, or file-sharing network.” Classic threat lure.
• “You are the love of my life.” Sure you are!!!!
In May 2010, Ryan Earl McCann, 20, was convicted and given an 8 year prison sentence in the Province of Ontario for socially engineering 22 young women, some as young as 14 years, for luring/grooming them into demeaning sexual acts on-line under the threat of physical violence or the public on-line release of Chat/video that the youth had participated in with him. McCann would initially chat (groom) with his victims on Facebook (after being invited in as a friend) or in MSN Messenger. McCann would have these young women remove their clothing, sexually touch themselves and simulate sex acts all under duress. McCann was known as the Webcam Puppeteer because of his ability to socially engineer his victims and make them sexually do what he wanted in front of their webcam for him and others to see.
One of the best sites on the Internet that describes who these sexual predators are, and how they hunt their prey, can be found at www.perverted-justice.com
. Perverted Justice has become very well known, due to their work with Dateline NBC, and their investigative series called “To Catch a Predator”. Together, Perverted Justice and Dateline set up several undercover stings in a number of US states, where in cooperation with law enforcement, they assisted in the arrest of over 180 men who wanted to meet and have sex with a child under the age of 14yrs. Visit Perverted Justice’s web site, it is a true learning experience for every family member.
Social Engineering: How The Predator Gains Information:
Social Engineering is how an Internet predator will use personal information that they data mined on-line about you, to use to their advantage for criminal, personal, sexual, or financial benefit. Often this information is obtained from Chat Room dialogues, Social Networks, and Blogs. As an example of how an Internet Predator will Social Engineer a Social Network, here is a fictitious Profile that has “TMI” (internet chat abbreviation for “Too Much Information”) that was posted on the MSNBC web site as a learning tool:
(sorry picture did not copy over)
Many Social Networking sites, such as Facebook and MySpace look very similar to the above noted hypothetical “Yerplace” site, and often, much like the above noted example, offer too much information that can be used by a potential predator to socially engineer a potential target. So let’s look a little closer at some of the less than desirable information that is contained in this example, which can be easily exploited and socially engineered to build rapport by a predator:
Listing your school location and year gives a predator an idea of where you live, as well as a clue as to your age. In this posting Jane posted that she is in junior high, revealing that she is actually younger than the 16 years of age that she had posted in her “Basic” information field.
Jane listed her afterschool job, and even the location where she works. When this information is combined with the picture that is provided of Jane, it makes it easier for a potential predator/stalker to track Jane down.
The Ultimate Survey:
Posting your answers to surveys such as this, reveal a lot about who you are as person, including your personality and hobbies. An on-line predator posing as a “friend” could easily pretend to share your interests (social engineering). Here, Jane even mentions that “Thompson Park” is her favorite hangout, again making it easier for a predator/stalker to track Jane down.
Here Jane mentions that she likes to celebrate by drinking Coronas, even though we know she is younger than 16 years of age. Whether it is a joke or not, a mention of inappropriate alcohol use may come back to haunt you in the future. Colleges and employers are now using the Internet to check out potential candidates. What one posts on their Web site now may surface years down the road.
You will also note that Jane provided her instant messaging (IM, MSN or AIM) screen name to everyone. Instant Messaging is one of the preferred methods of communication by predators, because of its private nature, and therefore should never be provided to anyone other than a face-to-face friend you know personally.
Consideration should also be given to avoid group shots that are going to be posted on-line, unless your friends have given their permission first. Linking these pictures to photo album sites like “Photobucket” or “Flikr”, should also be reconsidered due to the fact that these sites often feature information about these teen’s that can become very searchable by others, revealing information such as their home address and even vehicle license plate numbers.
Jane’s Friends Space:
Does Jane really have 323 friends? One of the badges of honor in some of these Social Networks is to have a large number of friends. The larger the number friend’s one has, the more popular you must be. To a potential predator, the larger the number of friends that a person has, the more likely you will invite him in as a friend as well, and once in, unless mediated via privacy settings, this person now has access to all the information contained in your site. Keep your “friends” list limited to people who you really know, and have met in person face-to-face. Remember when a person has been accepted on your friend’s list, they receive all “bulletins” that you send.
Also of note; what are your friends posting about you on your site. In the above noted example, although Jane was very good about not revealing her last name in her profile, one of her friends referred to her as “Anderson”. Social Engineering is all about data mining and often predators will drill down in a potential target’s site to gain as much information as possible. This is why it is very important that you read and edit all comments that your friends write on your site that may provide TOO MUCH INFORMATION.
In our Internet safety seminars, we demonstrate how we have been able to socially engineer young girls on-line, via their social networks, to obtain their home phone number and address, where they go to school and where they might work and here’s one of the ways we do it:
• We will “creep” a social network, chatroom, or Blog that has not been locked down primarily looking for those who have more than 150+ friends.
• Once we have creeped the site for an extended period of time, getting to know our target covertly, we will create our own page and develop a profile matching the sex, age range, likes, and dislikes of our intended target. We do this because we know that many youth before inviting an unknown person into their site as a friend, will check that person’s page and profile to ensure they are who they say they are.
• Once this fake page has been created, we will then initiate contact with the target and ask to be invited in as a friend. In the vast majority of cases we get invited in and accepted as a friend. This now gives us greater access to information about our intended target.
• The next thing we do is look for the target’s last name, which can usually be located if you spend the time to look around their site.
• With this last name, and given that in the target’s profile we can usually locate the city in which the target lives, we next go to 411.com, plug in the last name of the target, and the city they are located in, hit enter, and poof several phone numbers now appear. If the target has a rare or unique last name, this process is even easier.
• We next start dialing each one of these phone numbers and ask for the target by name and once we get a positive reply, we now have the target’s phone number.
• We next take this phone number and plug it into an on-line reverse directory and poof now we have an address.
• With the address, we now go to Google maps, plug in the address, and poof now we can plot directions as how to get from my residence to the target’s. Even better yet, I can go to Google Street View and download an actual picture of the target’s house.
It’s that easy, and thus why it is so very important that our youth learn to protect their digital footprint on-line.
As you can appreciate, the above noted MSNBC hypothetical profile contains way too much information that a predator can use to Social Engineer a potential target. Although this was a hypothetical profile, all you have to do is go visit Facebook, Nexopia or MySpace to see the real thing. Obviously many of our youth, and young adults, who create their own social networks and Blogs, do not understand the dangers of too much information, and how the Internet predator can and will use their information to his advantage. Social Networks are cool places to surf, and interact with friends and people of similar interests from around the world. Having said this however, not everyone is who he or she makes themselves out to be while on-line. Again, to emphasize this point, I would highly recommend that you and your family go to the Perverted Justice Web Site located at www.perverted-justice.com
, and have a look at those who they have helped law enforcement to arrest, for arranging face-to-face meetings over the Internet with boys and girls under the age of consent, for the purpose of sexual relations.
One of the best ways to learn about a Social Network such as Facebook is to get involved yourself. So after reading this book, and if you have not done so already, we want you to:
• Set up your own Facebook page. How do you do that ?, here are three options:
1. Go to the Facebook site located at http://www.facebook.com
and click the green “sign up” button and follow the easy directions.
2. Go to the YouTube site located at http://www.youtube.com
and click on the search field and type in “Facebook Tutorial” and click on any number of great Facebook tutorials that are available for review, prior to going to the Facebook site to create your Facebook page.
3. Get your child to mentor you through the process, because chances are they are probably already an expert that you can learn from.
• Set up the appropriate security settings on your Facebook page. How do you do that?, here are three options that should be familiar:
1. Follow the process in the Facebook sign up procedure.
2. Go to the YouTube site located at www.youtube.com/
and click on the search field and type in “Facebook Security Settings Tutorial” and click on any number of great Facebook Security Setting tutorials that are available for review prior to going to the Facebook site.
3. Once again have your child mentor you through the process.
4. Once you have created your Facebook page, have your Child invite you into their site as a friend and watch their jaws drop.
Even with these privacy settings in place, Facebook cannot guarantee that information contained in your Social Network or Blog will not become publicly available. Forewarned is forearmed specific to “TMI” (too much information).
The 24hr Safety Warning Notice:
Although Social Networks are cool places to own and visit, because of Social Engineering issues, it is more than appropriate for parents to supervise the content of their child’s Social Networking site or Blog. To be reasonable, and to also honor your child’s privacy, provide your son or daughter with a 24hr notice that you will be having a look at their Social Network page or Blog Site (unless you have already been invited in as a full friend as mentioned above), to ensure that personal and private information that could be used by the internet predator, is not readily available. Yes it is important to “TRUST” your child, but we believe there is nothing wrong with periodically “VERIFYING”.
Of note, many youth that we have spoken to have admitted to having a “parent friendly” Facebook page that they don’t regularly use, and a completely separate one that they constantly use when interacting with their friends. As a parent, pay special attention to the “Activity Feed” on your child’s Facebook Wall, as it should easily identify if that profile page is the primary one. Based on the content and posts that are shared by (and with) your son or daughter, you should be able to spot if the profile page in which you are a “friend”, is the one and only one that your child uses.
We also encourage parents to have their child print out the passwords of all their social networks, seal them in an envelope, and give it to you for safekeeping in the case of an emergency. Access to your child’s social network may be of assistance to parents, or even law enforcement, in time of need should something happen to your child.