Getting Gamed

by Carl Weiss

Would you give your eight year old a credit card?  Of course not.  But that is what in essence has happened to many parents who allowed their children to play “free” game apps online, only to discover the following month that they had been billed hundreds or even thousands of dollars. 

In a recent blog by, “C.W. of Simsbury said he was stunned in March when he discovered that his eight year old son ran up more than $7,600 in four days playing games, free games like Dragonvale and Tiny Tower – games that encourage children to use real money to purchase virtual objects to make the games more fun.”

Fun was not the word that C.W. used when he complained to his credit card company, who subsequently deleted the charges and refused to pay the app developer.  He was lucky, but many other parents were not.  Parents from as far away as Australia have felt the sting of these unauthorized charges.  What many parents do not realize is that many of these "free games" have been designed to hook the child into playing the game, only to create anxiety for the child which can only be relieved by clicking on links that authorize payment.  Furthermore, the language used online to elicit payment is frequently confusing or even misleading. 

In a televised interview produced by the Australian Broadcast Corporation, Elise Davidson from the consumer group ACCAN states that the wording on some games is confusing. “It’s not really clear that you are spending real money.”    

Worst of all, instead of insisting on more stringent rules, including default parental consent in order to make a purchase, the interview goes on to explain that the companies who profit from these games, including Apple which owns iTunes, put the onus back on the parents' shoulders.  Meanwhile, app developers are free to exploit the psychological vulnerabilities inherent in youngsters.

Mark Textor, MD, explains it this way: “They're games, yes, but they're seen to be addictive games which are monetized, and those three together spell, well, this is gambling for infants.”

And this is one game that parents are not likely to win, especially when companies like Apple have designed all their devices to work using the same password.  Since Apple introduced in-app purchasing, developers have seen a quantum leap in profitability.  Consumers on the other hand have been seeing red, since this system has led to a blank check purchasing mechanism that puts a parent at risk of their children making any number of purchases using everything from iPhones, to iPads, iPods and even Apple TV.  And while Apple says that parents can enable restrictions on their devices to prevent access to specific features, for many this is seen as too little too late.

If you are a parent who wants to avoid getting gamed, go to this blog on to learn how to disable in-app purchases and avoid sticker shock the next time your credit card bill arrives.

Carl Weiss is president of W Squared Media Group and Jacksonville Video Production.  He can also be heard live every week at 4pm Eastern on Blog Talk Radio.

With Two You get Malware

By Carl Weiss

Just when you thought it was safe to go back to the Internet, a major wave of cybercrime reared its ugly head this month.  This time it wasn’t inspired by teenage pranksters on the prowl.  Nor was it the Russian mob trying to break into financial institutions once again.  No this time the culprits were state-sponsored hackers who wore military uniforms and lived in military barracks.  What I’m talking about is the latest hack attack by the Chinese People’s Liberation Army which came to light to the nation at large on Monday, March 11, when Tom Donilon, President Obama’s national security adviser stated in a speech in New York City,

“Increasingly, U.S. businesses are speaking out about their serious concerns about sophisticated, targeted theft of confidential business information and proprietary technologies through cyberintrusions emanating from China on an unprecedented scale. The international community cannot tolerate such activity from any country.” (Click here to read the blog.)

While this may have been news to the masses, to those in the know, this public revelation came as nothing new.  Everyone in the administration from the Department of Defense to Congress has for some time been portraying China as a menace to both national security and business interests who have been methodically stripped of intellectual property in a series of overt attacks that Top US officials admitted posed a greater potential threat then Al Qaeda. 

In a quote from the LA Times, “Mandiant Corp., a U.S. computer security firm based in Alexandria, Va., said in a report last month that it had traced an epidemic of attacks on dozens of U.S. and Canadian companies to an office building in Shanghai occupied by an espionage unit of the People's Liberation Army.

Unlike many hackers who get a vicarious thrill from penetrating computer networks, what makes this hacking unusual is that many of the Chinese hackers are conscripts who are forced to work long hours for low pay.  This has caused several disaffected hackers to post blogs lamenting the conditions under which they work.  It has also led Mandiant and reporters to track down the nexus of hacking activity to an office building in Shanghai occupied by an espionage unit of the People’s Liberation Army.

“Richard Bejtlich, Mandiant's security chief, said posts written by the blogger, who called himself "Rocy Bird," provided the most detailed first-person account known to date of life inside the hacking establishment. The hacker, whose real family name is Wang, posted some 625 entries between 2006 and 2009. "Fate has made me feel that I am imprisoned," he wrote in his first entry on "I want to escape."
Los Angeles Times reporters tracked down Wang and his blog through an email address that was listed in a published 2006 paper about hacking. A coauthor of the paper was Mei Qiang, identified by Mandiant as a key hacker who operated under the alias "Super Hard" in Unit 61398.
One of many Chinese military units linked to hacking, Unit 61398 falls under the People's Liberation Army's General Staff 3rd Department, 2nd Bureau, which is roughly equivalent to the U.S. National Security Agency.” 
What makes this current iteration of hacking so troubling is its sheer scope.  Where most hacking collectives specialize in homing in on certain high value targets, Unit 613898 has been implicated in attacks on hundreds of American companies, including cyber security firms and government defense contractors.  They have also purportedly gained access to the networks of a company that helps in the operation of the US utility grid.

More troubling still is the fact that this is only the tip of the cyber espionage iceberg.  How far have these hackers gotten?  A recent article by the Washington Poststates that, “Start asking security experts which powerful Washington institutions have been penetrated by Chinese cyberspies,” report my colleagues Craig Timberg and Ellen Nakashima, “and this is the usual answer: almost all of them.”

Known targets have included everything from Washington law firms, news organizations and think tanks, to the Federal Reserve, embassies, congressional offices and even the White House.  The attacks have become so wide spread and commonplace that it has led some to lament that, “If you aren’t being hacked by the Chinese, then you probably don’t matter.”

What’s more troubling still is the lack of response from the federal government to these overt attacks.  A March 3 article in theNew York Times, points out that, “No one in the administration argues that the United States should respond with cyber- or physical retaliation for the theft of secrets. Attorney General Eric H. Holder Jr. has made clear that would be dealt with in criminal courts, though the prosecutions of cybertheft by foreign sources have been few.” 

While some have tried to get the government involved in the defense of private corporate networks, some of which control everything from the Internet and cellphone networks to financial institutions, the Administration has been busy trying to put the onus on private industry.

“We are in a race against time,” Michael Chertoff, the former secretary of homeland security, said last week. “Most of the infrastructure is in private hands. The government is not going to be able to manage this like the air traffic control system. We’re going to have to enlist a large number of independent actors.”

That this trend is a growing menace is all too clear. The potential for a technological Pearl Harbor is an all too real and present danger.  When you consider that there are no fewer than a dozen countries including Iran that are developing offensive cyberweapons designed to cause catastrophic failure in key elements of the US infrastructure, most cyber security experts agree that time is not on our side. 

Carl Weiss is president of W Squared Media Group, a digital marketing agency based in Jacksonville, Florida.   You can listen to Carl live every Tuesday at 4pm Central on BlogTalkRadio.

Crash Course on Copyrights

by Carl Weiss

If you work the web you need to be cognizant about copyright issues.  What most people who publish blogs and social posts online do not realize is that for the most part, the writer relinquishes all rights to the publisher when it comes to online publications.  That's right, Virginia, all the blogs, social posts and tweets you sent out to the Internet now belong to the folks at Google and Twitter and Facebook.  Add to this the fact that you can still be held liable for copyright infringement or even sued for libel on anything you post online and this adds up to double indemnity for everyone concerned.

Who Owns What Online?

To make matters worse, there is recent legislation that even makes you liable for everything from illicitly  copying music and videos from the Internet to unlocking your cellphone.  As of the publication of this blog it is still illegal for you to unlock any phone bought after January 2013 so that you can use it on another cellphone network.  This move actually contravenes laws created back in 2006 and 2010 that permitted cellphone users to unlock their own phones.  

A recent article from the Bangor Daily News states, " Following a recent pitch from the wireless industry, the library determined in its most recent review that consumers no longer need the exception. Carriers say they unlock users’ phones under many conditions, and customers can find phones that are unlocked from the start. The wireless industry, meanwhile, insists that preventing users from unlocking their phones is an important protection of its business model, under which wireless providers subsidize the purchase of phones when customers sign up for a lengthy service contract.
But why should the government guarantee the viability of that business model — especially at the threat of criminal penalty? And why should copyright law be misused to do it? The industry has other tools available, beginning with hefty penalties for breaking a contract, to make the costs and benefits of these arrangements explicit to consumers. If the business model is indeed viable, companies should flourish under those conditions, as they did during the years in which mobile customers had the Library of Congress’s permission to unlock their phones.
In response to an online petition, R. David Edelman, President Barack Obama’s senior adviser for Internet, innovation and privacy, announced that the White House would support “narrow legislative fixes” to change the phone-unlocking policy permanently. “Neither criminal law nor technological locks,” he wrote, “should prevent consumers from switching carriers when they are no longer bound by a service agreement or other obligation.” What, though, about those who want to pay an early-termination fee to break their service agreements? Or those who want to use their phones on different networks while abroad without asking for permission? We can’t think of a good reason why they should be subject to the threat of criminal sanction for unlocking their devices. Neither, we trust, will Congress as it examines the issue."
The Bigger They Are...

Don't feel bad, because many of the biggest online companies in the world have been dragged into the 
Image representing Google as depicted in Crunc...
Image via CrunchBase
copyright infringement fracas, including Google, which has had to defend itself from lawsuits involving everything from multinational conglomerates to European nations.  Everyone from the Author's Guild to Viacom to Germany have sued Google in the past with mixed results.  Google won over Viacom when the judge ruled that the US based YouTube was protected under copyright law.  They also won the suit filed against them in Germany which concerned the use and display of thumbnail images that popped up as mixed media in Google searches. However they weren't so lucky when they were forced to settle the lawsuit with the Author's Guild to the tune of $125 million.

Google has settled the class action litigation entitled The Authors Guild, Inc., et al. v. Google Inc., which alleged that Google Book Search, including the company’s practice of scanning books to distribute them online, violated the copyrights of publishers and authors. Subject to final court approval, the settlement calls for Google to pay $125 million to litigants and clears the way for Google to continue scanning books. It also establishes some novel services and distribution mechanisms for the future.
The plaintiffs suing Google included The Authors Guild (and individual authors) and the Association of American Publishers, which includes The McGraw-Hill Companies, Pearson, John Wiley & Sons, and Simon & Schuster. The plaintiffs claimed that Google’s plan to scan and distribute part of all of copyrighted books online, without the explicit permission of the authors and publishers, was a violation of US copyright law.
Now that the cases have been tentatively settled, a “Book Rights Registry” is being created “to resolve existing claims by authors and publishers and to cover legal fees.” That will be funded by Google’s $125 million settlement payment.

Back to Basics
While lawsuits against major online players continues to rear their ugly heads from time to time, this dilemma is almost as old as the World Wide Web itself.  In fact back in 1998 the Digital Millenium Copyright Act  was passed that created a safe harbor for online service providers by shielding them from their own acts of direct copyright infringement as well as shielding them from liability for infringement caused by others on their network.  

An excerpt from Wikipedia concerning the Online Copyright Infringement Liability Limitation Act states that, "The 1998 DMCA was the U.S. implementation of the 1996 WIPO Copyright Treaty (WCT) directive to “maintain a balance between the rights of authors and the larger public interest, particularly education, research and access to information”[1] when updating copyright norms for the digital age. In the context of Internet intermediaries, OCILLA attempts to strike this balance by immunizing OSP’s for copyright liability stemming from their own acts of direct copyright infringement (as primary infringers of copyright), as well as from the acts of their users (as secondary infringers of copyright), provided that OSP’s comply with two general requirements protecting the rights of authors.
First, the OSP must “adopt and reasonably implement a policy” of addressing and terminating accounts of users who are found to be “repeat infringers.” Second, the OSP must accommodate and not interfere with “standard technical measures.” OSPs may qualify for one or more of the Section 512 safe harbors under § 512(a)-(d), for immunity from copyright liability stemming from: transmitting, caching, storing, or linking  to infringing material. An OSP who complies with the requirements for a given safe harbor is not liable for money damages, but may still be ordered by a court to perform specific actions such as disabling access to infringing material.
In addition to the two general requirements listed above, all four safe harbors impose additional 
Image representing YouTube as depicted in Crun...
Image via CrunchBase
requirements for immunity. The safe harbor for storage of infringing material under § 512(c) is the most commonly encountered because it immunizes OSPs such as YouTube that might inadvertently host infringing material uploaded by users."
While OCILLA’s passage clearly represented a victory for telecom groups over powerful copyright interests who wanted service providers to be held liable for the acts of their users, the copyright owners as it turned out obtained valuable concessions. In addition to the general and specific preconditions on the created immunity, OCILLA requires online service providers seeking an immunity to designate an agent to whom notices of copyright infringement can be sent, as well as disclosing information about users who are purportedly violate the letter of the law. The OSP also agrees to remove repeat offenders and to receive no direct financial benefit from the presence of infringed material.  
This latter inclusion is a spinoff from the 2001 lawsuit in which A&M Records sued Napster.  Started by 18-year-old college student Shawn Fanning, If you will recall, Napster allowed users to download digital music from other user's machines.    Unlike many other peer-to-peer services, Napster not only created a list of indexed user files, they directly profited from the service.  In essence Napster made money by allowing others to virtually strip mine songs from other sites without paying the musicians who created them or the labels that produced them a fee.  As a result, music industry revenues took a precipitous fall and have not truly recovered since.
Watching the Watchers
With the prevalence of file sharing sites and software, it isn't only the music industry that is effected.  The motion picture industry and television networks have also found fault with the Internet.  So much so that last week the Copyright Alert System was launched.  
Created by the recording and film industry, it essentially deputizes copyright holders who stealthily monitor peer-to-peer networks for illegal sharing of movies, TV shows, and music. When they notice material is being illegally shared, they contact the crook's ISP, which in turn will send a warning message to the subscriber. After six strikes, the ISP will do more than spam you; it can choose to slow your access speed, temporarily downgrade you to a lower-tier service, or automatically direct you to a special landing page until you contact them or complete an online education program.
Read more

While the Recording Industry Association of America and the Motion Picture Association of America insist that they aren't out to persecute offenders, appealing any alleged violations will cost the accused a minimum of $35. That the CAS is targeted toward consumers and not major criminal elements is apparent when you consider the fact that cybercriminals have the ability to mask the origin of their act of piracy.  So what the CAS amounts to in the eyes of many watchdog groups is nothing short of online vigilantism.

What this and other online copyright legislation mean to you and I is that we all need to watch our P's and Q's. Other legislation like the 2012 Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA) also provided search engines, online advertising companies and payment processors with the ability to sever ties with accused copyright violators at will. CAS even provides online service providers with the ability to slow a user's access speed, or automatically direct perceived violators to a landing page until contacted by the purported offender.

An article on Business Insider entitled The Dumbest Examples of Online Copyright Law Enforcement, states that, " In the last several years, the DMCA's notice and takedown provisions have been used by less than scrupulous parties to bully websites into removing competitor content which, more often than not, did not infringe any of the parties' rights. For example:
·         "Paranormalist" Uri Geller got YouTube to remove a video of a 1993 PBS piece that Geller did not own which debunked the psychic's special abilities. The poster's YouTube account was also suspended.
·         Competitors of dancer/model/actress Elizabeth "Sky" Ordonez registered the trademark ELIZABETH SKY and got Twitter, MySpace and Facebook to take down the actress' pages based on nonsense claims of trademark infringement.
·         Most recently, Warner Bros. admitted that it did not bother to confirm whether a slew of content that it asked cyberlocker website to take down actually infringed on its copyrights. (In a rare show of support for its users, the content publisher sued Warner Bros. for violating the DMCA by making a false take-down request.)
In each of the above cases, the innocent parties were ultimately successful in getting their content back online but only after having had their content down for, at minimum, the two week period that the DMCA sets out for takedown counter-notices.  In the above example, Elizabeth Sky was awarded $78,000 for damage caused to her "online presence."  Of course, the above examples made the news because the victims had the resources to get lawyers and fight back. When it comes to young startups, such successful outcomes are far less likely.  Now enter SOPA, the newest, biggest bully in the yard."
While there is no question that online piracy and other forms of digital copyright infringement are a serious and costly blight to businesses large and small, it seems that government has provided industry with just the kind of clout that many Internet advocates believe target consumers to the detriment of all concerned.  
Carl Weiss is president of WSquared Media Group, a digital marketing agency located in Jacksonville, Florida.  He is also owner of Jacksonville Video.  You can hear Carl live at 4pm Eastern every Tuesday on Blog Talk Radio.

Enhanced by Zemanta

Twick or Tweet - Twitter Gets Hacked

by Hector Cisneros

You may have read that Twitter was recently hacked.  This should come as no surprise to many since, LinkedIn, Facebook and even Microsoft's have been hit in recent months.  In this blog we will look at the inherent vulnerabilities of all social networks, as well as what can happen should your account get compromised.  We will also discuss how reduce vulnerabilities  on social sites and what you need to do to do, when it's your turn to answer the question, “Twick or Tweet?"

The Wild, Wild Web

With the advent of social networking the World Wide Web has created a revolution in connectivity that provides information to and on the masses. However with the benefits of widespread connecting have come the flip side of the coin. Criminals, con artist and other black hatters are exploiting the same openness that this connecting has wrought.

Criminals routinely exploit social nets in two ways: The first is by means of specialized hacker code designed to gain access to or install itself on an unsuspecting user's  computer, tablet or smart phone. The second means of exploitation is the use of social interaction to gain a persons trust in order to glean personal information. This is achieved by interacting and engaging with the victim as if they were a friend, family member or coworker.  In many cases these two techniques are used together to gain access or control of the unsuspecting users' internet connected device.

Social Nets are Not as Free as You Might Think

The cost of these kinds of exploitation does not come cheap. Cost can be measured as lost revenue for a business and it’s advertisers. A loss of a subscriber also costs money.  Acquiring new subscribers and retaining them is always a major cost to any businesses. Fraud prevention and security costs are high and fraud recovery costs can't easily be measured. The annual cost to the world at large is in the billions. It's often hard to get accurate statistics because most of the fraud is tracked by category, (mobile, viruses, Trojans, phishing, drive by, website impersonation, etc.…) and most don’t combine their statistic preferring to list them separately.  Reported Internet scams in the USA topped 485 million in 2010. The last worldwide figures I found were with which reported 2.6 billion in 2004. That article also went on to say that, annual increases were coming in at 700 million dollars a year. That would put the worldwide fraud cost at approximately 6 billion dollars in 2013.

A 2011 ComScore report estimated that anywhere from 2.7 to 10.1% was the worldwide website fraud rate. The article went on further to point out that if we assume a 6% average rate that 72 million users are at risk of becoming fraud victims’ in the USA  alone.

Who’s Getting Hacked?

The sad and scary reality today is that anyone can be hacked. Any company, any bank, any government agency and any individual's data and identity can be stolen. The FBI and the NSA recently announced a security breach of their own site. Several large banking institutions internet accounts were recently compromised. This post was written because several of the largest social media networks were recently hacked. Several prominent corporate subscriber passwords were stolen and their account pages were altered. The bigger the organization the greater the chance of them being attacked. As far as individuals go, the elderly are targeted more often than young. These scams are widespread and vary in style, breath and persistence.

Long list of vulnerabilities and attacks

The FBI’s counterintelligence agency provides a long list of tactics used to compromise a person’s sensitive and financial information. Tactics can include baiting, click-jacking, cross-site scripting, doxing, elicitation, pharming, phising, phreaking and many other scams. A great article to read regarding the detail of these methods is “Internet Social Networking Risk” provided by the FBI.

Is There a Solution?

The problem is so extensive that to combat it will require a whole new mindset for all internet users. Businesses will have to implement employee education programs to teach employee how to be safe and vigilant internet users. Counter hacker software will have to be improved and be adopted more readily. Currently most smart phones and tablets are not protected with any kind of malware protection. Users will have to learn to be smarter internet user by creating better passwords and by engaging in smarter surfing and email behavior. This can come about through education promoted by the larger internet players (Google, Microsoft, Yahoo, Apple etc.…) and by the widespread adoption of two-factor authentication practices. This new so called 2FA practice is where a user name and passwords are followed by an additional external authentication token passed along through a phone call, email or postcard. This additional token like a pin number, symbol or picture, provides and additional layers of defense. Some even use a special picture or avatar on their websites to provide proof of the website's authenticity. You see this type of authentication being deployed by banks, financial institution and companies like Google, Facebook and others.

We need to secure all internet connected devices. All computers, smart phones, tablets, and game consoles must be protected. Even the new smart TV’s and internet ready video streaming devices are vulnerable. Any device that employs computer technology and is connected to the internet is vulnerable. Securing all devices will move our world towards a safer computing environment. We need to have multiple layers of protection in place. One antivirus program is not enough anymore. We have to monitor our internet traffic and we need to create and implement internet usage policies, both for our businesses and our personal usages.

In this post, I have discussed the overall vulnerability problem we now face because of the growth and widespread adoption of social media networks. We have discussed the cost of this problem, who is being attacked and who is vulnerable. We have discussed the types of attacks being perpetrated and the possible solutions needed to solve this massive problem. If you have  learned something  from this post, pass it on to your friends. If you have, any additional ideas about this subject feel free to share them with our readers. 

Cyber attacks have been increasing exponentially over the last couple of years. Until all internet users implement protective measures, engage in smart and defensive surfing and start to use social media in a more prudent manner, this problem will only grow. I hope you take the FBI’s warning seriously and implement some of the solutions talked about here. Keep protecting what yours. That’s my opinion; I look forward to hearing yours.

 Hector Cisneros is COO of W Squared Media Group, a digital marketing agency based in Jacksonville, Florida.  You can hear Hector live at 4pm Eastern every Tuesday on his radio show Working the Web to Win.