School volunteers face background checks

All across the country one by one school, administrators are slowly beginning to recognize the need to perform background checks on volunteers.

In Albany County WY, “under the tentative policy, all volunteers would complete an information form when they begin their volunteer work. Additionally, volunteers would undergo screening through the Wyoming Department of Family Services and a to-be-selected national database if they volunteer more than an hour a week on average, accompany students on an overnight trip, spend more than five days working as a volunteer coach or accompany students on any off-campus activity in which they would be alone with students. School principals would also have the authority to request the screening of any volunteer.”

As stated in the article policies like this  are designed to identify the criminal and sexual offense background of potential volunteers.

When a lion is hungry it seeks out a smaller, weaker and slower animals that it feels it has the power to capture and kill. This is a normal and natural evolution of life. Sadly, as with predators in the wild, predators in “civilization” act much the same and seek out their prey in much the same way.

Any time an adult is  positioned to work alongside children in any capacity it is essential that adult is fully checked to determine any prior history of wrong doing that may affect the safety and security of a child.

Robert Siciliano is a Personal Security Expert and Adviser to Intelius.com. For more information see Intelius background checks to learn more. See him discussing Dating Security on E! True Hollywood Stories.  (Disclosures)

Introducing Robert Siciliano – Identity Theft Expert and McAfee Consultant

Growing up in and around Boston, Massachusetts, I encountered enough urban crime to understand the importance of self-defense from an early age. I studied several forms of defensive training and soon began a career helping others improve their own personal safety. My life became a study of the fundamental principles of personal security, particularly in regard to violence and theft prevention.

I’ve Been a Victim Too
In the mid ‘90s, my small business qualified for merchant status and began accepting Visa, MasterCard and American Express. Within weeks my business received its first fraudulent credit card order. Because the money was ultimately coming out of my pocket, I subsequently tracked the criminal down at home, and over the years I went on to investigate and expose many others who had targeted my business.

A Friend’s Story
Around the year 2000, a good friend’s identity was stolen. A woman had stolen her mail and used her personal information to open a charge card at a local retail chain. My friend got a phone call notifying her that $3000.00 in curtains were ready for pick up. At the time, identity theft was so new that law enforcement wasn’t sure how to respond. But after we found out where the curtains were supposed to end up, law enforcement checked on the address and discovered that the woman who lived there had 45 prior convictions for fraud. She was arrested and eventually prosecuted, but only received a one year suspended sentence.

My Life’s Mission
I knew then that identity theft was on its way to becoming a major ongoing threat. From the late 90’s up through the present I’ve witnessed the exploding growth of identity theft fueled by Internet access, the overuse and availability of Social Security numbers, the speed of technology outpacing that of security, and a fundamentally flawed system of identification.

Personal security has evolved beyond smash and grabs in the physical world to criminal hackers and identity thieves in the virtual world. This new breed of criminal is savvy and technologically proficient, and is able to find the holes and flaws in our existing systems. The rise of the identity thief has resulted in a global crisis, in which anyone can pose as anyone else, at any time, for any reason. From simple credit card fraud to an adult stealing a child’s identity or a terrorist using your data to enter the country, identity theft is as close as it gets to the perfect crime.

Robert Siciliano – Identity Theft Expert and McAfee Consultant on Security Insights Blog

Hackers Play “Social Engineering Capture The Flag” At Defcon

Social engineering is a fancier, more technical form of lying. An alternative to traditional hacking, it is the act of manipulating others into performing certain actions or divulging confidential information. Social engineering or “social penetration” techniques are used to bypass sophisticated and expensive hardware and software in a corporate network. Smart organizations train their employees to identify and resist the more common attempts to trick them into letting down their guard. Criminal hackers use social engineering as a very effective tool and as part of their strategy when gathering information to piece together the parts of their scams. They often target company executives via phone and email. Once they have extracted some data from the top, accessing networks or whatever end game they had in mind is much easier.

Social engineering has always been a “person to person” confidence crime. Once the con man gains the mark’s trust, the victim begins to provide all kinds of information, or to fork over cash and credit. Trust seems to be an inherent trait we all have from birth. I suppose we would need to be able to trust one another in order to survive as an interdependent communal species, otherwise fear would prevent us from relying on others to nurture us until we are tossed out of the nest.

Defcon is a conference for hackers of all breeds. There are good guys, bad guys, and those who are somewhere in between, plus law enforcement and government agents. All kinds of inventive people with an intuition for technology decend on Las Vegas to learn, explore, and hack. InfoWorld reports, “This year’s Defcon gathering in Las Vegas will feature a contest in which participants will compete to gather nuggets of information from unsuspecting target companies — over the telephone instead of the Internet.”

Defcon is known for its antics but it’s also an event where hackers of all flavors improve their skills. The game they are playing this year is a social engineering fun-o-rama called Social Engineering CTF, referencing the game “Capture the Flag.” “This contest will borrow elements from the convention’s traditional computer-based CTF tournaments, but with a few variations. Prior to the conference, participants will receive an email with the name and URL of a target company. Participants will be permitted to gather preliminary information about the company using Google searches and other passive techniques. Contestants are banned from contacting their target directly via email or phone, and they get points for information gathered. Competitors then use that data during the actual tournament to fuel their social engineering attack. They have twenty minutes to call unsuspecting employees at their target companies and obtain specific bits of (nonsensitive) information about the business for additional points. Participants aren’t allowed to make the target company feel at risk by pretending to represent a law enforcement agency.”

Recognize that online predators use these tactics to get what they want. They consider you, the innocent computer user, their natural prey.

So always question authority, or the appearance of authority. Don’t automatically trust or give the benefit of the doubt. When you are contacted via phone or email, or approached in person, proceed with caution. Always be suspect of external or internal communications, and consider that you could be the target of a phishing scam. Never click on links in the body of an email, and if an email prompts you to divulge a username and password, pick up the phone to verify the legitimacy of the request. The best defense is effective policies coupled with ongoing awareness training.

Robert Siciliano, personal security and identity theft expert adviser to Just Ask Gemalto, discusses credit and debit card fraud on CNBC. (Disclosures)

Keeping Kids Safe Online

It is no surprise that cybercriminals are taking advantage of the Internet and the people who use it. The Internet is like a bad neighborhood with bad guys around every corner. Any parent with an ounce of sensibility should recognize that when your child is on the wild wild web, they are at the same risk as they would be walking through the red light district in any big city.

I’m not saying this because I want to instill fear and panic, I’m bringing this up because sex offenders, pedophiles, criminal hackers and identity thieves treat the online world as if it was the physical world and use the anonymity of the web and the easiness of approach to seduce your children into doing things they wouldn’t normally do.

The Secret Online Lives of Teens, a survey conducted by McAfee, reveals that tweens and teens are relatively clueless about online privacy. The study sheds light on this generation’s tendency to use the Internet in ways that translate to danger in the real world.

There always has, is, and will be a predatory element out there. Generally, most people don’t want to think about that or even admit that it’s true. Instead of acknowledging the risks, most people completely discount this reality, telling themselves, “It can’t happen to me or my kids.”

The good news is you can do something about it. As soon as a family member becomes active online, it’s time to educate them—no matter what age they are—about cyber safety.

  • Set up the computer in a high-traffic family area and limit the number of hours your children spend on it.
  • Be sure you have computer security software with parental controls.
  • Decide exactly what is okay and what is not okay with regard to the kinds of web sites that are appropriate to visit
  • Use only appropriate monitored chat rooms
  • Never log in with user names that reveal true identity or that are provocative
  • Never reveal your passwords
  • Never reveal phone numbers or addresses
  • Never post information that reveals your identity
  • Never post inappropriate photos or ones that may reveal your identity (for example: city or school names on shirts)
  • Never share any information with strangers met online
  • Never meet face-to-face with strangers met online
  • Never open attachments from strangers

Once you have established the rules, make a poster listing them, and put it next to the computer.

Robert Siciliano personal security expert to ADT Home Security Source discussing Home Security and Identity Theft on TBS Movie and a Makeover. Disclosures.

Police Arrest Six People in Ritzy Robbery Ring

Burglars broke into more than 50 homes in the high end areas of Miami and Palm Beach. Most of the victims were out to dinner and some were victims of home invasions.

The perps may have had a network in place of valets, waiters/waitresses or others who had an idea of who the victims were, their addresses and what their schedules were. Most importantly, someone on the inside of this network would inform the thieves when the victims would be gone from the home.

The thieves would enter the homes through locked or unlocked sliding doors generally in the back of the home. Their targets included high end jewelry, watches, gold and diamonds. Losses could be as high as 2 million dollars.

Getting the stolen jewelry back is often next to impossible. Jewelry is the quickest and easiest to fence.

“Police have dubbed the six people arrested for their participation in a burglary ring spanning three counties as the “Dinner Crew Set.”  Home surveillance video captured one of the thieves in action — a masked man with a two way radio.”

It’s obvious that most of these homes did not have home alarms or home security cameras. Many of these burglaries could have been prevented with simple investments that equate to a dollar a day for your family home security.

It’s amazing to me how people go out and spend all this money on expensive items but don’t lock them in a safe or protect them with a home security system.

Robert Siciliano personal security expert to ADT Home Security Source discussing Home Invasions on Montel. Disclosures.

As Crime Witness, Security Camera Can Speak Volumes

Back when dinosaurs roamed the planet law enforcement had to look for witnesses, bystanders, and get on their hands and knees to look for the slightest hair or clue that would help them crack the case. They still do all that stuff today, but one of the first things they look for are security cameras in the vicinity of the crime scene that will tell them the rest of the story.

In Philadelphia, homicide detectives investigated a woman who went missing and was eventually found murdered.  After the discovery law enforcement began tracing back her steps and detectives started looking for cameras along her route of travel.

In the days after [the murder], residents provided police with a list of cameras at local businesses and apartment buildings. Soon, detectives were working around the clock, viewing hundreds of hours of footage taken by dozens of cameras.”

Cameras caught the suspect as he was on his bicycle in the area of the murder. One video showed the suspect biking past the victim and him making a U-turn on his bike and began to follow her.

“One recording provided a clear view of the suspects face. The day after it was released to the public, police got a tip that led to him.”

Joran van der Sloot, the main suspect in the Natalie Holloway murder confessed to the slaying of a 21-year-old woman in a Lima hotel room. Hotel video caught him checking into the hotel, walking in the hotel room with the victim and him walking out alone. She was discovered a day later. Video certainly helped make his confession possible. Too bad they didn’t have video cameras on the beaches in Aruba. The Peru victim may still be alive.

Cameras are everywhere. Some people call this an invasion of privacy. I say the more cameras the better. We are on camera at most retails stores, banks, ATMs, busy intersections, highways, downtown areas and in neighborhoods. We are a video camera soaked society and it’s a good thing. It keeps the honest people honest and the bad guys in-check or in jail.

Set up security cameras to monitor the perimeter of your home. Security cameras can send off an alarm triggering additional lighting, sirens and alerting the home owner to a potential breach via text and telephone calls. I can immediately see my cameras via my iPhone. Cameras inside the house are necessary as well. Wire your home to show all doors and living spaces to ensure home security. Once you take the leap you wonder how you lived without it.

Robert Siciliano personal security expert to ADT Home Security Source discussing Home Security on NBC Boston. Disclosures.

Wireless Security” is an Oxymoron, But There is Hope

WiFi is everywhere. Whether you travel for business or simply need Internet access while out and about, your options are plentiful. You can sign on at airports, hotels, coffee shops, fast food restaurants, and now, airplanes. What are your risk factors when accessing wireless? There are plenty. WiFi wasn’t born to be secure. It was born to be convenient. Wireless networks broadcast messages using radio and are thus more susceptible to eavesdropping than wired networks.

Anyone using an open unsecured network risks exposing their data. There are many ways to see who’s connected on a wireless connection, and to gain access to their information. As more sensitive data has been wirelessly transmitted over the years, the need for security has evolved. Today, with criminal hackers as sophisticated as they ever have been, wireless communications are at an even higher risk.

When setting up a wireless router, there are two different security protocol options. WiFi Protected Access (WPA and WPA2) is a certification program that was created in response to several serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy. Wired Equivalent Privacy was introduced in 1997 and is the original version of wireless network security.

There are a few things you should do to protect yourself while using wireless.

Be smart about what kind of data you transmit on a public wireless connection. Only transmit critical data from secure sites, ones where “HTTPS” appears in the address bar. These sites have additional encryption built in.

Don’t store critical data on a device used outside the secure network. I have a laptop and an iPhone. If they are hacked, there’s no data on either device that would compromise my identity or financial security.

If you have file sharing set up on a home network, when venturing to wireless hot spots you need to manually turn it off on your laptop.

Turn off WiFi and Bluetooth on your laptop or cell phone when you’re not using them. An unattended device emitting wireless signals is very appealing to a criminal hacker.

Beware of free WiFi connections. Anywhere you see a broadcast for “Free WiFi,” consider it a red flag. It’s likely that free WiFi is being used as bait.

Beware of evil twins. Anyone can set up a router to say “T-Mobile” “ATT Wireless” or “Wayport”. These are connections can appear legitimate but are actually traps set to snare anyone who connects.

Keep your antivirus software and operating system updated. Make sure your antivirus software is automatically updated and your operating system’s critical security patches are up to date.

Robert Siciliano, personal security and identity theft expert adviser to Just Ask Gemalto, discusses hackers hacking wireless networks on Fox Boston. (Disclosures)