Would you give your eight year old a credit
card? Of course not.But that is what in essence has happened to
many parents who allowed their children to play “free” game apps online, only
to discover the following month that they had been billed hundreds or even
thousands of dollars.
In a recent blog by ctwatchdog.com, “C.W. of Simsbury said he was stunned in
March when he discovered that his eight year old son ran up more than $7,600 in
four days playing games, free games like Dragonvale and Tiny Tower – games that
encourage children to use real money to purchase virtual objects to make the
games more fun.”
Fun was not the word that C.W. used when he
complained to his credit card company, who subsequently deleted the charges and
refused to pay the app developer.He was
lucky, but many other parents were not.Parents from as far away as Australia have felt the sting of these unauthorized charges. What many parents do not realize is that many of these "free games" have been designed to hook the child into playing the game, only to create
anxiety for the child which can only be relieved by clicking on links that authorize payment.Furthermore, the language used online to
elicit payment is frequently confusing or even misleading.
In a televised interview produced by the Australian
Broadcast Corporation, Elise Davidson from the consumer group ACCAN states that
the wording on some games is confusing. “It’s
not really clear that you are spending real money.”
Worst of all, instead of insisting on more stringent
rules, including default parental consent in order to make a purchase, the
interview goes on to explain that the companies who profit from these games,
including Apple which owns iTunes, put the onus back on the parents' shoulders.Meanwhile, app developers are free to exploit
the psychological vulnerabilities inherent in youngsters.
Mark Textor, MD, explains it
this way: “They're games, yes, but
they're seen to be addictive games which are monetized, and those three
together spell, well, this is gambling for infants.”
And this is one game that parents are not likely to win,
especially when companies like Apple have designed all their devices to work
using the same password. Since Apple
introduced in-app purchasing, developers have seen a quantum leap in
profitability. Consumers on the other
hand have been seeing red, since this system has led to a blank check
purchasing mechanism that puts a parent at risk of their children making any
number of purchases using everything from iPhones, to iPads, iPods and even Apple
TV. And while Apple says that parents
can enable restrictions on their devices to prevent access to specific
features, for many this is seen as too little too late.
If you are a parent who wants to avoid getting gamed, go to this blog on iappkids.com to learn how to disable in-app purchases and avoid sticker shock the next time your credit card bill arrives.
Just when you thought it was
safe to go back to the Internet, a major wave of cybercrime reared its ugly
head this month. This time it wasn’t inspired
by teenage pranksters on the prowl. Nor
was it the Russian mob trying to break into financial institutions once again. No this time the culprits were
state-sponsored hackers who wore military uniforms and lived in military
barracks. What I’m talking about is the
latest hack attack by the Chinese People’s Liberation Army which came to light
to the nation at large on Monday, March 11, when Tom Donilon, President Obama’s
national security adviser stated in a speech in New York City,
“Increasingly,
U.S. businesses are speaking out about their serious concerns about
sophisticated, targeted theft of confidential business information and
proprietary technologies through cyberintrusions emanating from China on an
unprecedented scale. The international community cannot tolerate such activity
from any country.” (Click here to read the slate.com blog.)
While this may have been news
to the masses, to those in the know, this public revelation came as nothing
new. Everyone in the administration from
the Department of Defense to Congress has for some time been portraying China
as a menace to both national security and business interests who have been
methodically stripped of intellectual property in a series of overt attacks
that Top US officials admitted posed a greater potential threat then Al Qaeda.
In a quote from the LA Times,
“Mandiant Corp., a U.S. computer security firm based in Alexandria, Va.,
said in a report last month that it had traced an epidemic of attacks on dozens
of U.S. and Canadian companies to an office building in Shanghai occupied by an
espionage unit of the People's Liberation Army.”
Unlike many hackers who get a
vicarious thrill from penetrating computer networks, what makes this hacking
unusual is that many of the Chinese hackers are conscripts who are forced to
work long hours for low pay. This has
caused several disaffected hackers to post blogs lamenting the conditions under
which they work. It has also led
Mandiant and reporters to track down the nexus of hacking activity to an office
building in Shanghai occupied by an espionage unit of the People’s Liberation
Army.
“Richard Bejtlich, Mandiant's security chief, said posts
written by the blogger, who called himself "Rocy Bird," provided the
most detailed first-person account known to date of life inside the hacking
establishment. The hacker, whose real family name is Wang, posted some 625
entries between 2006 and 2009. "Fate has made me feel that I am
imprisoned," he wrote in his first entry on Sina.com. "I want to
escape."
Los Angeles Times reporters tracked down Wang
and his blog through an email address that was listed in a published 2006 paper
about hacking. A coauthor of the paper was Mei Qiang, identified by Mandiant as
a key hacker who operated under the alias "Super Hard" in Unit 61398.
One of many Chinese military units linked to
hacking, Unit 61398 falls under the People's Liberation Army's General Staff
3rd Department, 2nd Bureau, which is roughly equivalent to the U.S. National
Security Agency.”
What makes this current
iteration of hacking so troubling is its sheer scope. Where most hacking collectives specialize in homing
in on certain high value targets, Unit 613898 has been implicated in attacks on
hundreds of American companies, including cyber security firms and government
defense contractors. They have also
purportedly gained access to the networks of a company that helps in the
operation of the US utility grid.
More troubling still is the
fact that this is only the tip of the cyber espionage iceberg. How far have these hackers gotten? A recent article by the Washington Poststates that,“Start asking security
experts which powerful Washington institutions have been penetrated by Chinese
cyberspies,”reportmy colleagues Craig Timberg and Ellen Nakashima, “and this is the usual
answer: almost all of them.”
Known
targets have included everything from Washington law firms, news organizations
and think tanks, to the Federal Reserve, embassies, congressional offices and
even the White House. The attacks have
become so wide spread and commonplace that it has led some to lament that, “If
you aren’t being hacked by the Chinese, then you probably don’t matter.”
What’s more
troubling still is the lack of response from the federal government to these
overt attacks. A March 3 article in theNew York Times, points out that, “No one in the administration argues that the United States
should respond with cyber- or physical retaliation for the theft of secrets.
Attorney General Eric H. Holder Jr. has made clear that would be dealt with in
criminal courts, though the prosecutions of cybertheft by foreign sources have
been few.”
While
some have tried to get the government involved in the defense of private
corporate networks, some of which control everything from the Internet and
cellphone networks to financial institutions, the Administration has been busy
trying to put the onus on private industry.
“We are in a race against
time,” Michael Chertoff, the former secretary of homeland security, said last
week. “Most of the infrastructure is in private hands. The government is not
going to be able to manage this like the air traffic control system. We’re
going to have to enlist a large number of independent actors.”
That
this trend is a growing menace is all too clear. The potential for a technological
Pearl Harbor is an all too real and present danger. When you consider that there are no fewer
than a dozen countries including Iran that are developing offensive
cyberweapons designed to cause catastrophic failure in key elements of the US
infrastructure, most cyber security experts agree that time is not on our side.
Carl
Weiss is president of W Squared Media Group, a digital marketing agency based
in Jacksonville, Florida. You can listen to Carl live every Tuesday at 4pm Central on BlogTalkRadio.
If you work the web you need to be
cognizant about copyright issues. What most people who publish blogs and
social posts online do not realize is that for the most part, the writer
relinquishes all rights to the publisher when it comes to online publications.
That's right, Virginia, all the blogs, social posts and tweets you sent out to the
Internet now belong to the folks at Google and Twitter and Facebook. Add
to this the fact that you can still be held liable for copyright infringement
or even sued for libel on anything you post online and this adds up to double
indemnity for everyone concerned.
Who Owns What Online?
To make matters worse, there is
recent legislation that even makes you liable for everything from illicitly
copying music and videos from the Internet to unlocking your cellphone.
As of the publication of this blog it is still illegal for you to unlock
any phone bought after January 2013 so that you can use it on another cellphone
network. This move actually contravenes laws created back in 2006 and
2010 that permitted cellphone users to unlock their own phones.
A recent article from theBangor
Daily Newsstates, " Following
a recent pitch from the wireless industry, the library determined in its most
recent review that consumers no longer need the exception. Carriers say they
unlock users’ phones under many conditions, and customers can find phones that
are unlocked from the start. The wireless industry, meanwhile, insists that
preventing users from unlocking their phones is an important protection of its
business model, under which wireless providers subsidize the purchase of phones
when customers sign up for a lengthy service contract.
But
why should the government guarantee the viability of that business model — especially
at the threat of criminal penalty? And why should copyright law be misused to
do it? The industry has other tools available, beginning with hefty penalties
for breaking a contract, to make the costs and benefits of these arrangements
explicit to consumers. If the business model is indeed viable, companies should
flourish under those conditions, as they did during the years in which mobile
customers had the Library of Congress’s permission to unlock their phones.
In
response to an online petition, R. David Edelman, President Barack Obama’s
senior adviser for Internet, innovation and privacy, announced that the White
House would support “narrow legislative fixes” to change the phone-unlocking
policy permanently. “Neither criminal law nor technological locks,” he wrote,
“should prevent consumers from switching carriers when they are no longer bound
by a service agreement or other obligation.” What, though, about those who want
to pay an early-termination fee to break their service agreements? Or those who
want to use their phones on different networks while abroad without asking for
permission? We can’t think of a good reason why they should be subject to the
threat of criminal sanction for unlocking their devices. Neither, we trust,
will Congress as it examines the issue."
The Bigger They Are...
Don't feel bad, because many of the
biggest online companies in the world have been dragged into the
copyright
infringement fracas, including Google, which has had to defend itself from
lawsuits involving everything from multinational conglomerates to European
nations. Everyone from the Author's Guild to Viacom to Germany have sued
Google in the past with mixed results. Google won over Viacom when the
judge ruled that the US based YouTube was protected under copyright law.
They also won the suit filed against them in Germany which concerned the
use and display of thumbnail images that popped up as mixed media in Google
searches. However they weren't so lucky when they were forced to settle the
lawsuit with the Author's Guild to the tune of $125 million.
Google has settled the class action litigation
entitled The Authors Guild, Inc., et al. v. Google Inc.,
which alleged that Google Book Search, including the company’s practice of
scanning books to distribute them online, violated the copyrights of publishers
and authors. Subject to final court approval, the settlement calls for Google
to pay $125 million to litigants and clears the way for Google to continue
scanning books. It also establishes some novel services and distribution
mechanisms for the future.
The
plaintiffs suing Google included The Authors Guild (and individual authors) and
the Association of American Publishers, which includes The McGraw-Hill
Companies, Pearson, John Wiley & Sons, and Simon & Schuster. The
plaintiffs claimed that Google’s plan to scan and distribute part of all of
copyrighted books online, without the explicit permission of the authors and
publishers, was a violation of US copyright law.
Now that the cases have been tentatively settled, a “Book Rights Registry”
is being created “to resolve existing claims by authors and publishers and to
cover legal fees.” That will be funded by Google’s $125 million settlement
payment.
Back to Basics
While lawsuits against major online
players continues to rear their ugly heads from time to time, this dilemma is
almost as old as the World Wide Web itself. In fact back in 1998 the
Digital Millenium Copyright Act was passed that created a safe harbor for
online service providers by shielding them from their own acts of direct
copyright infringement as well as shielding them from liability for
infringement caused by others on their network.
An
excerpt from Wikipediaconcerning
the Online Copyright Infringement Liability Limitation Act states that,
"The 1998 DMCA was the U.S. implementation of the
1996 WIPO Copyright Treaty (WCT)
directive to “maintain a balance between the rights of authors and the larger
public interest, particularly education, research and access to information”[1] when updating copyright norms
for the digital age. In the context of Internet intermediaries, OCILLA attempts
to strike this balance by immunizing OSP’s for copyright liability stemming
from their own acts of direct copyright infringement (as primary infringers of
copyright), as well as from the acts of their users (as secondary infringers of
copyright), provided that OSP’s comply with two general requirements protecting
the rights of authors.
First, the OSP must “adopt and
reasonably implement a policy” of addressing and terminating
accounts of users who are found to be “repeat infringers.” Second, the OSP must accommodate
and not interfere with “standard technical measures.” OSPs may qualify for one or more
of the Section 512 safe harbors under § 512(a)-(d), for immunity from copyright
liability stemming from: transmitting,caching, storing, or linking to infringing material. An OSP
who complies with the requirements for a given safe harbor is not liable for
money damages, but may still be ordered by a court to perform specific actions
such as disabling access to infringing material.
In addition to the two general
requirements listed above, all four safe harbors impose additional
requirements
for immunity. The safe harbor for storage of infringing material under § 512(c)
is the most commonly encountered because it immunizes OSPs such as YouTube that might inadvertently host
infringing material uploaded by users."
While OCILLA’s passage clearly
represented a victory for telecom groups over powerful copyright interests who
wanted service providers to be held liable for the acts of their users, the
copyright owners as it turned out obtained valuable concessions. In addition to
the general and specific preconditions on the created immunity, OCILLA requires
online service providers seeking an immunity to designate an agent to whom
notices of copyright infringement can be sent, as well as disclosing
information about users who are purportedly violate the letter of the law. The
OSP also agrees to remove repeat offenders and to receive no direct financial
benefit from the presence of infringed material.
This latter inclusion is a spinoff
from the 2001 lawsuit in which A&M Records sued Napster. Started by
18-year-old college student Shawn Fanning, If you will recall, Napster allowed users to download
digital music from other user's machines. Unlike many other
peer-to-peer services, Napster not only created a list of indexed user files,
they directly profited from the service. In essence Napster made
money by allowing others to virtually strip mine songs from other sites without
paying the musicians who created them or the labels that produced them a fee.
As a result, music industry revenues took a precipitous fall and have not
truly recovered since.
Watching the Watchers
With the prevalence of file sharing
sites and software, it isn't only the music industry that is effected.
The motion picture industry and television networks have also found fault
with the Internet. So much so that last week the Copyright Alert System
was launched.
Created
by the recording and film industry, it essentially deputizes copyright holders
who stealthily monitor peer-to-peer networks for illegal sharing of movies, TV
shows, and music. When they notice material is being illegally shared, they
contact the crook's ISP, which in turn will send a warning message to the
subscriber. After six strikes, the ISP will do more than spam you; it can
choose to slow your access speed, temporarily downgrade you to a lower-tier
service, or automatically direct you to a special landing page until you
contact them or complete an online education program. Read
more
While the Recording Industry
Association of America and the Motion Picture Association of America insist
thatthey aren't out to persecute
offenders, appealing any alleged violations will cost the accused a minimum of
$35. That the CAS is targeted toward consumers and not major criminal elements
is apparent when you consider the fact that cybercriminals have the ability to
mask the origin of their act of piracy. So what the CAS amounts to in the
eyes of many watchdog groups is nothing short of online vigilantism.
What this and other online
copyright legislation mean to you and I is that we all need to watch our P's
and Q's. Other legislation like the 2012 Stop
Online Piracy Act (SOPA) and the Protect IP Act (PIPA) also provided search
engines, online advertising companies and payment processors with the ability
to sever ties with accused copyright violators at will. CAS even provides online service providers with the ability to slow a user's access speed, or automatically direct perceived violators to a landing page until contacted by the purported offender.
An
article on Business Insider entitledThe
Dumbest Examples of Online Copyright Law Enforcement, states that,
" In the last several years, the DMCA's notice and takedown provisions
have been used by less than scrupulous parties to bully websites into removing
competitor content which, more often than not, did not infringe any of the
parties' rights. For example:
·"Paranormalist"
Uri Geller got YouTube to remove a
video of a 1993 PBS piece that Geller did not own which debunked the psychic's
special abilities. The poster's YouTube account was also suspended.
·Competitors of
dancer/model/actress Elizabeth "Sky" Ordonez registered the trademark
ELIZABETH SKY and got Twitter, MySpace and Facebook to take down the actress'
pages based on nonsense claims of
trademark infringement.
·Most
recently, Warner Bros. admitted that
it did not bother to confirm whether a slew of content that it asked
cyberlocker website Hotfile.com to take down actually infringed on its
copyrights. (In a rare show of support for its users, the content publisher
sued Warner Bros. for violating the DMCA by making a false take-down request.)
In each of the above cases,
the innocent parties were ultimately successful in getting their content back
online but only after having had their content down for, at minimum, the two
week period that the DMCA sets out for takedown counter-notices. In the above example, Elizabeth
Sky was awarded $78,000 for damage caused to her "online presence."
Of course, the above examples made the news because the victims had the
resources to get lawyers and fight back. When it comes to young startups, such
successful outcomes are far less likely. Now enter SOPA, the newest,
biggest bully in the yard."
While there is no question
that online piracy and other forms of digital copyright infringement are a serious
and costly blight to businesses large and small, it seems that government has
provided industry with just the kind of clout that many Internet advocates
believe target consumers to the detriment of all concerned.
Carl Weiss is president of WSquared Media Group, a digital marketing agency located in Jacksonville,
Florida. He is also owner of
Jacksonville Video. You can hear Carl
live at 4pm Eastern every Tuesday on Blog Talk Radio.
You may have read that Twitter
was recently hacked. This should come as no surprise to many since, LinkedIn, Facebook and even Microsoft's have been hit in recent months.
In this blog we will look at the inherent vulnerabilities of all
social networks, as well as what can happen should your account get
compromised. We will also discuss how reduce vulnerabilities on social
sites and what you need to do to do, when it's your turn to
answer the question, “Twick or Tweet?"
The Wild, Wild Web
With the advent of social networking the World Wide Web has
created a revolution in connectivity that provides information to and on the masses. However with the benefits of widespread connecting have come the flip side of the coin. Criminals, con artist and other black hatters are exploiting the
same openness that this connecting has wrought.
Criminals routinely exploit social nets
in two ways: The first is by means of specialized hacker code designed to gain
access to or install itself on an unsuspecting user's computer, tablet or smart
phone. The second means of exploitation is the use of social interaction to
gain a persons trust in order to glean personal information. This is achieved by interacting and
engaging with the victim as if they were a friend, family member or
coworker. In many cases these two
techniques are used together to gain access or control of the unsuspecting users'
internet connected device.
Social Nets are Not as Free as You Might Think
The cost of these kinds of exploitation does not come cheap. Cost can be measured as
lost revenue for a business and it’s advertisers. A loss of a subscriber also
costs money. Acquiring new subscribers
and retaining them is always a major cost to any businesses. Fraud prevention
and security costs are high and fraud recovery costs can't easily be measured.
The annual cost to the world at large is in the billions. It's often hard to
get accurate statistics because most of the fraud is tracked by category,
(mobile, viruses, Trojans, phishing, drive by, website impersonation, etc.…)
and most don’t combine their statistic preferring to list them separately. Reported Internet scams in the USA topped 485
million in 2010. The last worldwide figures I found were with NBCNews.com
which reported 2.6 billion in 2004. That article also went on to say that,
annual increases were coming in at 700 million dollars a year. That would put
the worldwide fraud cost at approximately 6 billion dollars in 2013.
A
2011 ComScore report estimated that anywhere from 2.7 to 10.1% was the
worldwide website fraud rate. The article went on further to point out that if
we assume a 6% average rate that 72 million users are at risk of becoming fraud
victims’ in the USA alone.
Who’s Getting Hacked?
The sad and scary reality today is that anyone can be
hacked. Any company, any bank, any government agency and any individual's data and identity can be stolen. The FBI and
the NSA recently announced a security breach of their own site. Several large banking
institutions internet accounts were recently compromised. This post was written
because several of the largest social media networks were recently hacked.
Several prominent corporate subscriber passwords were stolen and their account
pages were altered. The bigger the organization the greater the chance of them
being attacked. As far as individuals go, the elderly are targeted more often
than young. These scams are widespread and vary in style, breath and persistence.
Long list of
vulnerabilities and attacks
The FBI’s counterintelligence agency provides a long list of
tactics used to compromise a person’s sensitive and financial information.
Tactics can include baiting, click-jacking, cross-site scripting, doxing,
elicitation, pharming, phising, phreaking and many other scams. A great article
to read regarding the detail of these methods is “Internet
Social Networking Risk” provided by the FBI.
Is There a Solution?
The problem is so extensive that to combat it will require a
whole new mindset for all internet users. Businesses will have to implement
employee education programs to teach employee how to be safe and vigilant
internet users. Counter hacker software will have to be improved and be adopted
more readily. Currently most smart phones and tablets are not protected with any
kind of malware protection. Users will have to learn to be smarter
internet user by creating better passwords and by engaging in smarter surfing
and email behavior. This can come about through education promoted by the
larger internet players (Google, Microsoft, Yahoo, Apple etc.…) and by the widespread
adoption of two-factor authentication practices. This new so called 2FA
practice is where a user name and passwords are followed by an additional
external authentication token passed along through a phone call, email or
postcard. This additional token like a pin number, symbol or picture,
provides and additional layers of defense. Some even use a special picture or
avatar on their websites to provide proof of the website's authenticity. You
see this type of authentication being deployed by banks, financial institution
and companies like Google, Facebook and others.
We need to secure all internet connected devices. All
computers, smart phones, tablets, and game consoles must be protected. Even the new
smart TV’s and internet ready video streaming devices are vulnerable. Any
device that employs computer technology and is connected to the internet is
vulnerable. Securing all devices will move our world towards a safer computing environment.
We need to have multiple layers of protection in place. One antivirus program
is not enough anymore. We have to monitor our internet traffic and we need to
create and implement internet usage policies, both for our businesses and our
personal usages.
In this post, I have discussed the overall vulnerability
problem we now face because of the growth and widespread adoption of social
media networks. We have discussed the cost of this problem, who is being
attacked and who is vulnerable. We have discussed the types of attacks being
perpetrated and the possible solutions needed to solve this massive problem. If
you have learned something from this post, pass it on to your friends.
If you have, any additional ideas about this subject feel free to share them with our
readers.
Cyber attacks have been increasing exponentially over the last couple
of years. Until all internet users implement protective measures, engage in
smart and defensive surfing and start to use social media in a more prudent
manner, this problem will only grow. I hope you take the FBI’s warning
seriously and implement some of the solutions talked about here. Keep protecting
what yours. That’s my opinion; I look forward to hearing yours.
Hector Cisneros is COO of W Squared Media Group, a digital marketing agency based in Jacksonville, Florida. You can hear Hector live at 4pm Eastern every Tuesday on his radio show Working the Web to Win.
