Internet Security 1 : Let’s be safe out there.

There are a number of reasons why you should always blog anonymously and very few against it. There are some fanatics in the AGW debate whose activities go far beyond what would be termed acceptable behaviour both in the blogosphere or outside it. Indeed, if they were traced and they can be, they could end up in a court of law.

Remember Greenpeace’s infamous “we know who you are, we know where you live” post at their website and consider that it was written by their Director of Communications, not some deranged and criminal loner. Interestingly, Greenpeace neither apologised for it and removed it nor appear to have disciplined the person concerned. That’s the sort of “end justifies the means” mentality the ordinary person has to protect themselves against.

Back on topic. There’s a lot of stuff myself and others can tell you about online security. It could end up as a bewilderingly long list of “do’s” and “don’ts” which would obscure the essentials of Information Security (IS). Instead, I’m going to tell you a story.

Once upon a time there was a man named Innocenti Bloggs. He received his forename from his mother who was, yes you’ve guessed it, Italian. With a surname like that, his father of course, could only be an Englishman. Innocenti discovered the internet.

After the usual tentative start, he realised it was actually very handy. All that information, if not at his fingertips, then at least at the end of his mouse. Next came the mastery of email, which was quickly followed by the relatively easy transition to online banking. With so distinctive a name, he of course bagged an email address of InnocentiBloggs@hotmail.com. Success followed success. He was on a roll.

Now that he was comfortable, he started getting into the interactive aspects of the internet by reading blogs by commentators whose thoughts on things he found of interest. Pretty soon he had a nice collection of them in his favourite’s folder. None of them were in any way controversial.

After a few months of lurking, he tentatively assayed his first comment and things took off from there. He started commenting regularly, made the acquaintance of many like-minded or at least interesting people from all over the world and spent a pleasant half hour most evenings catching up and exchanging banter. This went on for a number of years.

And then came the fateful day. He went into work as usual but was intercepted in the lobby by his boss and an HR person and led to a private room. There was something to be discussed. Had he been sending offensive emails they asked him? Of course not he replied, at which point they started producing printouts of the emails and asked if that was his email address. Of course it is he replied but he didn’t send them.

They went on to tell him that some of the emails came with very explicit porno pictures attached. Some of the porn was the worst sort, child porn. He was told that under the circumstances he would have to be suspended while the whole thing was sorted out.

He went home in a daze and straight to his PC to check his email account. His password wouldn’t work and he was soon locked out. That evening his family and friends kept phoning him to complain about the filth he’d sent them. Things got worse. Within a month the police, accompanied by a child protection officer were knocking on his door.

They had a piece of paper with them authorising them to take his child into protective custody. In God’s name why, he asked in shock. He’d been downloading paedo porn. They’d already been to his email provider and his account was full of it. He was formally cautioned that downloading such material was a criminal offense. They lost their child.

Welcome to the nightmare.

End of story.

That is a true story and believe me, there are worse ones out there. What the hell had gone wrong? In a nutshell, information leakage.

Without noticing or even meaning to, he’d offended a not very nice person (an NVNP) on a blog somewhere who was determined to ‘pay him back’. The NVNP spent the next few hours googling the internet for comments by Innocenti. There was lots of material, stretching back years. At the end of it, he knew Innocenti was married with one child, his wife’s name, his child’s name, what he did for a living, where he worked and his email address.

The latter was particularly useful since it gave the NVNP Innocenti’s real name to google for even more information on him. With this information at hand, he monitored every comment made by Innocenti, waiting for the right opportunity. It duly arrived in the shape of another comment by Innocenti to a friend, saying they were going away for the weekend and he wouldn’t have internet access but would catch up Monday.

That weekend, the NVNP found a free WiFi point and began to break into Innocenti’s email account. He tried the wife’s name with no success, then the child’s. Straight in. Since there were years of email there from both blogging and personal correspondence, he skim read until he’d got a list of email addresses he was going to use.

He then registered Innocenti with a number of porn sites (he had his own list of favourites too) and requested pictures be automatically emailed to him at Innocenti’s email address. When enough material had arrived, he started emailing it out to family, friends, work, and every organisation Innocenti was a member of. It was as simple as that.

For me, the interactive aspects of the web are its best feature and I enjoy them to the full but I do think very carefully before giving out any personal specifics on the internet. You should always be mindful that you may be putting in harm’s way not only yourself but the ones you care about.

Lessons to take away:

  • Don’t give out personal information on the internet.
  • Set up a separate and anonymous email address to be used solely for blogging, never for personal stuff
  • Always use passwords which are a mixture of numbers, upper and lower case letters with a length of at least 10 chars. Always write them down but on a piece of paper.

Like the guy used to say in Hill Street Blues, “Let’s be safe out there.”

© Pointman

Related articles :

Click for all articles in the internet security series.

Click for a list of other articles.

Comments
3 Responses to “Internet Security 1 : Let’s be safe out there.”
  1. Greg says:

    I’ve had a spammer use one of my emails. I don’t think any accounts were hacked, but I think he was using it as a return address or something, since I was getting the bounces. I use several of your suggestions already, and I may just set up that email since I do comment on various blogs at times and have ticked off a couple of people, none of them like the one who got your friend, though. Thank goodness.

    Thanks for the tips.

  2. Gary Mirada says:

    Strangely enough I had an email from someone I don’t know very well on Friday morning. The email told me that this guy, lets call him Harry, was in Cyprus and had had his passport stolen and he needed help. Odd that I should get such an email from someone I hardly knew. I responded asking how I could help. Needless to say the next email from Harry asked me to send him £750 by Western Union.

    As it happens I had had an email from Harry within the last year or so, so I looked it up and found he had put his phone number on the email. I phoned him and he confirmed his email account had been hacked

  3. Jack Wilder says:

    I clicked on Yahoo! answers a few minutes ago, and the first question to come up was by a girl who’d just put up a facebook page advertising her artwork. She was looking for reassurance that the page was up to standard. The facebook page was advertised under what I assumed must be her real name, not a bad move for someone who is trying to start a business. How can you establish trust with prospective clients if you hide behind a faceless moniker?

    One google later and I’d found her real facebook page. There she was, smiling shyly at the camera. “Non Angli, sed angeli” said Pope Gregory a millenium and a half ago when confronted with pale snow faced angelic countenanced Anglo-Saxon boys at a slave market. I could well understand that feeling when seeing the pictures of that naive, young, trusting girl dappled across my monitor.

    A couple more googles, and I’d uncovered not only her facebook, but her other websites, her email addresses, her phone number, her home address, and the names of her mother and father and brother and sister.

    So I quickly fired an answer below her question, complimenting her on her new page, but telling her to immediately delete the question. Which she did. In order to hammer the point home, I also sent her an email, though only showing her the links to her other websites, as I really didn’t want to scare her, and warning her to try to take care when she posts in the semi-moderated feral wastelands of cyberspace.

    I imagine she’s scared witless now, hiding under her bed clutching her phone and hoping that that stranger doesn’t uncover her contact details… what to do if that phone suddenly starts ringing? Hi I just saw your question over at Yahoo, I’m just sat in my car outside your house, fancy a drive?

    “Not an Anglo, but my Angel…”

    Make sure that those who obsess about any angelic features you or your loved ones have are those who you trust and have knowingly allowed into your lives, and not some unknown and unknowable late night web stalker weirdo.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: