MN WEBCHAT GUIDELINES 1. One question per member plus a follow-up question if appropriate, ie once you've had a response. 2. Keep your question brief 3. Don't be disappointed if your specific question doesn't get answered and do try not to keep posting "What about me?". 4. Do be civil/polite. See guidelines in full here.

Live webchat about cybercrime with broadcaster and author, Misha Glenny 1 - 2pm Monday 3rd October

(53 Posts)
RachelMumsnet (MNHQ) Thu 29-Sep-11 10:30:43

We're joined on Monday at 1pm by Misha Glenny, broadcaster and author of numerous books including McMafia - Seriously Organised Crime and his latest DarkMarket: CyberThieves, CyberCops and You.

The benefits of living in a digital, globalised society are clearly enormous, but so too are the dangers. The world has become a law enforcer's nightmare and every criminal's dream. We bank online, shop online, date, learn, work and live online. But have the institutions that keep us safe on the streets learned to protect us in the burgeoning digital world? Have we become complacent about our personal security? sharing our thoughts, beliefs and the details of our daily lives with anyone who cares to relieve us of them?

Misha Glenny has gone behind the scenes in the murky world of cybercrime and has talked to the criminals, the police and the government security forces for his new book DarkMarket: CyberThieves, CyberCops and You. He is excellently placed to advise us on how to keep our personal details from being hacked online. Join Misha for a live webchat on Monday 3rd October at 1pm or send in your question to him in advance to this thread.

MishaGlenny Mon 03-Oct-11 13:18:22

Blueberties

Hi Misha

I have a couple of pretty stupid questions really

How much information can be retrieved about us? in one country I lived in the aparatus of the state was said to be able to retrieve every single text message every person had sent. Can this be true?

Where's the greatest "danger" to the individual with stored data? Is it state/civil liberties, commerical exploitation or is it criminal?

After all your research, do you think you're slightly paraniod? Were you shocked by what you'd found?

Hi - at the moment, an EU directive requires member states to store all traffic going through European ISPs for up to two years (in this country, it is six months). Within the framework of local laws, various government agencies can access this material with a warrant.

If the government wants to find out something about you, it isn't too difficult for them but they do have to work within a legal framework.

The issue of the amount of private data being stored by corporations is rather different - the two biggest depositories of personal data in the world are the servers of google and Facebook. The US government can access anything on their servers with a court order within a 24 hour period (that includes all of us in the UK using Google and Facebook). For even friendly law enforcement agencies like the British, it can take up to 6 months to get authorisation from a US court to have a look at something.

This of course speaks to the weirdness of the web - it is global but it also has many national jurisdictions.

We cannot know who is looking at our private traffic but please let me tell you that you MUST assume that somebody is monitoring what you are doing (usually passively but they can go back to the records). Never ever write anything in an email that is too private or intimate that you would not mind seeing in a newspaper!

MishaGlenny Mon 03-Oct-11 13:23:45

EdithWeston

I won't be there for the web chat. But if I was, I'd have questions in two areas:

a) what is his opinion on the collection and storage of biometric information? Are the big firms like Rayethon and Safran accumulating too much data about individuals? Especially as governments could access such data. The prospect of abuse of information held - by using it in a big brother-ish way - or by criminals to substitute an innocent person's identity to a criminal's fingerprint algorithm, strike me as worrying scenarios. Especially as these systems are being used more and more in schools (which seems to me to be softening up a whole generation to see such control by multinationals of identities as normal).

b) you wrote in the 1990s a thoughtful history of Yugoslavia and its break up. The former Yugoslavia has dropped out of the headlines. Does this mean that the communities are really reconciled, or is there potential for further strife or even conflict?

I’ll take Edith Weston and Blueberties questions together.

Cybercrime is one sub-section of the overall malfeasance presence on the web. The other two pillars are cyber industrial espionage or extortion and, finally, cyber espionage and warfare between states or between states and so-called non-state actors (insurgent groups, hacktivists like Anonymous and LulzSec, and terrorist groups).

They are all connected in odd ways but for state agencies charged with protecting the network in the first instance, they all look the same. The need to protect networked computer systems is provoking ever more vocal calls for the introduction of monitoring and regulating of the internet.

The greatest challenge of all that we face in dealing with bad stuff on the web is to ensure that people are protected without having their civil liberties violated. We already know that in Russia and Iran, for example, people’s Internet activity is monitored, stored and used in evidence by the security forces as an excuse to violate individual human rights.

The Internet is a technology that is analogous to the invention of sedentary farming techniques, gunpowder, industrial processes in the 18th/19th centuries and the development of nuclear technology in the 20th as it is having a huge social impact in a very short space of time. I would argue that its impact is even greater than the preceding technological breakthroughs. But like all these technologies, it can be used for good purposes and for bad – it is no longer just the great democratiser that its idealistic pioneers believed it to be.

The desire of government to encroach on our privacy is now visible throughout the Western world as well as in more repressive places. The Arab spring and the riots in the UK offered ample proof that the technology has an extraordinary ability to mobilise (Egypt did monitor individual bloggers but its rather crusty gerontocracy had not taken into account the impact of social media). The kneejerk reaction of many politicians in this country in suggesting that we restrict Blackberry, Twitter and other devices and sites suggests to me that they haven’t understood how the world is changing – wholesale assault on networked activity will not be a solution (especially as those with a minimum of skills will always be able to get round this).

So we need increased education about the basics of cyber security which recognises that the government certainly DOES have a responsibility in this area. But there MUST be checks and balances, preferably through the court system, when it comes to accessing information from individuals’ computers.

MishaGlenny Mon 03-Oct-11 13:28:02

MrMan

In some countries (eg Nordics) lots of personal info (incl complete tax returns) are widely published. Yet those countries don't seem to have higher rates of fraud, ID theft, etc. Why?

Hello, Mr Man!

As I understand it, you are not compelled to publish your personal info online in the Nordic countries but there are a couple of things, I would point out. Firstly, the bulk of cybercrime takes place against the following language groups - English (by far the greatest), Chinese (the authorities have a growing internal cybercrime problem, especially based around Massive Multiple Online Games - this is an interesting sub-section because of the proliferation of digital currencies like the linden dollar in Second Life which can be bought and sold for real dollars), Spanish, Portuguese (as a consequence of the high incidence of cybercriminal groups in Brazil) and German. There is, interestingly, comparatively little online crime directed at French speakers and relatively few aimed at speakers of Scandinavian languages.

Having said that Sweden is a major centre of Intellectual Property theft via piracy and has a thriving card-cloning community although their targets tend to be other European and Canadian consumers.

Sweden and other Scandinavian countries have some of the most liberal laws regarding the Internet with relatively little state intervention (other than financial support for hi-tech start-up companies) and this is partly responsible for the extraordinary success these countries have had in developing some of the most successful companies in the world (Skype was a joint Estonian-Danish operation before it was sold to the Americans - then you have Eriksson, Nokia etc.).

And so the Scandinavian philosophy, it could well be argued, has demonstrated the advantages of embracing web technology. Increasingly, however, the Scandinavians are now talking about the need for greater security to prevent attacks on their Critical National Infrastructure (electric grid, telecoms, utilities etc.).

Hope this goes some way to answering your questions.

MishaGlenny Mon 03-Oct-11 13:43:06

personanongrata

Hi Misha, I know (from Google, obviously!) that you have children.

What has your advice been to them about sharing personal info via Facebook etc? Is there one absolutely essential thing all parents should be doing vis-a-vis their children's online security, or is that too simplistic?

I read that some children are creating multiple accounts on social media sites, so their parents see the 'official' one but they're busy doing their real networking under other guises (today's equivalent of getting changed at the bus stop, I guess).

I suppose I'm asking how high in the panoply of parental anxieties online security should come!

Thanks in advance.

The kids issue!

First - we must always remember that children have grown up with the environment of the Internet as a given. It is as natural to them as playing in the park or hanging out at shopping malls.

This means that they possess an instinctive feel for the Internet and its immense potential, entertainment and educational value that their parents lack.

Let us take one critical issue which governments (under pressure from the music and film industries) have attempted to regulate heavily through legislation - the downloading of music and movies.

In theory, this is illegal in this country and subject to really tough penalties. In practice, I know of nobody under the age of 35 who does not understand it as their right and perfectly natural to download anything they want from the Internet for free.

This is unstoppable and as one friend remarked to me recently, 'Darwinism is not about the strongest or most cunning surviving, it is about the most adaptable.' And we have to adapt to the fact that kids will increasingly refuse to buy music, films or books but download them. I say this as somebody who makes his living from intellectual production and so know that even at my old age, I am going to have find something else to do.

And now another thing about Facebook. Your kids will generally not let you look at their Facebook. You may want to insist but similarly you may not be able to face the resulting tantrums, not to mention the now habitual rhetoric of human rights and privacy that they throw in your face.

Recently, however, my 19 year-old daughter went missing en route between my home and her mother's. At 1 in the morning I got a call from my ex-wife explaining that she hadn't turned up as agreed and did I know where she was as she was travelling aboard at the crack of dawn.

I checked her room and her unpacked suitcase and passport was there. Her phone was off and she hadn't been answering messages since early afternoon.

I decided to hack her Facebook account - in order to do this, I guessed that she uses the same password as she has done for years (and which she had once revealed to me). Bingo! I was in.

The first thing I would say is how stunned I was by the number of her friends (about 50%) were trolling about the Internet at 2.30 on a Monday morning - they just sit their all night moaning about stuff, giggling and doing general teenage stuff.

But I put out a message explaining that I was her Dad and I needed to contact her urgently. It worked - she was checking her messages...she was just too embarrassed to fess to her parents that she was with some boy. However, as soon as she realised, I had got into her Facebook account, she got in touch with my ex.

On the one hand, she was livid that I had hacked her Facebook (it might teach her to vary her passwords - I hope so) - on the other hand, she knew that she had caused her parents incredibly distress.

But fundamentally, kids see the Internet as a private zone from which their parents, ABOVE ALL, must be excluded. What they don't know is that their habits are attracting all sorts of other people with far less benign intentions that their parents!

TheRhubarb Mon 03-Oct-11 13:50:52

One question if I may? I am a copywriter and I regularly put SEO content directly onto websites as well as owning a couple of my own sites.

I am very aware of the dangers of using the same password and so all my passwords are a mixture of letters, numbers and symbols. I currently save these on an excel spreadsheet on my hard drive for quick and easy access. Is this wise or could my hard drive also be hacked into? If not, what do you suggest for people who have numerous different usernames and passwords for a number of different sites? And how often do you recommend changing passwords?

caramelwaffle Mon 03-Oct-11 13:51:45

Hello.
Is it advisable to change passwords on a weekly basis, or is this overkill?

MishaGlenny Mon 03-Oct-11 13:52:59

fivegomadindorset

How better can we protect ouselves from account take overs? Two years ago I discovered that somone had taken my idenity, switched my address and taken over £10k off my credit card. apparnetly my details had been taken from ancestry.com which now makes me very wary about using anything like this. Living rurally though I do do 90% of my purchases on line which does make it difficult.

Firstly, I am so sorry to hear what happened to you. Until people experience the digital violation of cyber crime, I am not sure that they fully understand quite how distressing it can be. Researching McMafia and DarkMarket, I have spoken to many victims of cybercrime (including one whose house by thieves who broke into his email and found a scanned copy of the title deeds in his account - I'm not kidding).

It can often turn their lives upside down - I have also spoken to people who were the victims of identity theft and then arrested at a national border (Swiss in this case) because the thief had used their identity to perpetrate a major crime. This poor person had to spend several days in an unforgiving Swiss jail before this was cleared up.

What you describe is a classic case of ID theft and I would make sure that ancestry.com is made fully aware of this breach and, if you can face, you should demand to know how these details were taken and what they intend doing about their security.

I trust that the bank recompensed you without question but the issue of the banks and internet crime is problematic. Banks make much more money by persuading us to do all our banking online (because they can close down their branches) than they do in cybercrime losses. A much greater concern for them is their loss of reputation if evidence of their vulnerabilities were to become public knowledge.

In researching, DarkMarket I spoke to police officers who were appalled at the lack of cooperation they received from banks because the banks were afraid that if the case reached open court (and hence the public domain), that it would reflect badly on them.

Some banks, like HSBC, have a sensible policy of NOT recompensing online customers who do not install their anti-virus software RAPPORT (although ironically Rapport was found to have a serious vulnerability recently). This means that they educate us to take our security seriously which is a GOOD thing.

However, I firmly believe that the government should also impose regulatory sanctions on the directors and executives of banks whose systems are breached in the same way - they should be subject to the negative incentive that they impose on us, their clients. If they were, their security systems would shape up pdq!

Porpoise Mon 03-Oct-11 13:54:01

Hi Misha

I'm a bit ridiculous about online privacy after a nasty scare (stalked on Facebook yadda yadda)

But is it really possible NOT to be found on the web?

caramelwaffle Mon 03-Oct-11 13:54:48

Are Social sites such as Facebook really allowed to use the photographs we post there as they wish? (now, and any time in the future?)
Someone mentioned to me that it is in the very small, smallprint.

fivegomadindorset Mon 03-Oct-11 13:55:41

Is Rapport a good thing then? I get offered it by NatWest, now my main bank as I ended up going into Lloyds weekely to get the money back.

personanongrata Mon 03-Oct-11 13:56:17

Thank you for your reply. V glad your daughter was safe. Will drone on to my teens more about internet safety and passwords. Part of the problem is that their generation knows they're far more sussed than we are/ever will be when it comes to the net and They Won't Be Told.

MishaGlenny Mon 03-Oct-11 13:58:15

Blueberties

Yy - in Belgium your name and bank acc number is known to all. I don't know about the rates of ID theft.

Also how do you know when you check your retained data status or whatever it's called, how do you know you're not being fobbed off?

eg I asked not to be in the NHS central computer, now abandoned but still I've asked not to be in whatever's left of it. I have no idea if I'm in there anyway and no way of finding out.

You will often be fobbed off. But my message is PERSIST. The EU has very good data protection laws and data protection commissioners in this country and in Europe are often quite zealous in securing our rights in this area.

Generally, I would say that the larger a data base is, the more reason you have to be concerned.

Having said all of this - let us not forget what a miraculous thing the Internet is...it has changed so many lives for the better and we should encourage its use and development. But we MUST take care.

We are creatures of convenience and so we love to get the latest labour-saving or fun gadgets as soon as they are on the market. But the proliferation of these exposes us to greater dangers so do take care.

Before long, there will be few areas of human activity which will not be mediated by networked computer technology in some way and this does mean greater opportunities for the bad guys.

MishaGlenny Mon 03-Oct-11 14:01:21

Porpoise

Hi Misha

I'm a bit ridiculous about online privacy after a nasty scare (stalked on Facebook yadda yadda)

But is it really possible NOT to be found on the web?

There is a growing movement of people who find the Internet so intrusive that they are going 'offline,' i.e. ceasing to use the internet altogether or reducing their use to the minimum.

This is still possible but it is becoming increasingly difficult as both commercial and public sector institutions place incentives on you to do your business online.

You can still do your banking via your branch; you can still shop locally with a bag; you can still communicate with friends and businesses by letter.

So yes - you can do it but you will find it sometimes extremely difficult and inconvenient. But good luck - there are times when I seriously consider going offline (as if!).

MishaGlenny Mon 03-Oct-11 14:02:17

fivegomadindorset

Is Rapport a good thing then? I get offered it by NatWest, now my main bank as I ended up going into Lloyds weekely to get the money back.

They have now fixed the bug on Rapport and it does improve your security - I use it and I would recommend it.

MishaGlenny Mon 03-Oct-11 14:04:39

personanongrata

Thank you for your reply. V glad your daughter was safe. Will drone on to my teens more about internet safety and passwords. Part of the problem is that their generation knows they're far more sussed than we are/ever will be when it comes to the net and They Won't Be Told.

That's right - they know that they hold the technical advantage over us and they will exploit that mercilessly - handheld devices (i.e. all their mobiles) make monitoring their activity much more difficult. And of course when you see what goes on on Facebook, one begins to understand where much of our fears about early sexualisation of kids, drinking etc. come from.

MishaGlenny Mon 03-Oct-11 14:09:49

caramelwaffle

Are Social sites such as Facebook really allowed to use the photographs we post there as they wish? (now, and any time in the future?)
Someone mentioned to me that it is in the very small, smallprint.

When we put material on Facebook, we are giving FB a degree of copyright control over it as they are regarded as the publisher. In theory, they should ask you if they want to use material although it is a moot point - Google for example gets its revenues from collating the information they see you using and then selling that info (anonymously) to third party advertisers so that those advertisers can target you with products that you specifically want.

Facebook has not yet unveiled its money making strategy but it is valued so highly as a company BECAUSE it can access all that personal data....We should know about this within in a year and then individuals will have to choose whether they want to grant FB and its commercial allies the privilege to use this data - the only way not to grant it, is by not joining FB or trying to close your existing a/c.

MishaGlenny Mon 03-Oct-11 14:12:13

Okay everyone - time for me to tootle off. Thank you very much for your interest - it's all a bit depressing, I know, but in DarkMarket I've tried to tell the tale of cyber criminals in the most entertaining fashion possible, combining the thriller genre with a little bit of comedy here and there - but it's all true!

I must now confess that I have been a Mumsnet member for some time and have drawn considerable solace from other members in particular when discussing the nightmare that is parenting teens!

All the best and cheerio!

caramelwaffle Mon 03-Oct-11 14:13:05

Thank you for answering.

If an account is deleted, are they denied Rights to use text/pictures that was previously posted?

caramelwaffle Mon 03-Oct-11 14:13:25

*that were

caramelwaffle Mon 03-Oct-11 14:14:00

Thank you.

RachelMumsnet (MNHQ) Mon 03-Oct-11 14:14:17

Thanks so much to all those who sent in questions and big thanks to Misha for joining us today for such an interesting webchat. If you're interested in reading more about this, Misha's latest book is DarkMarket: CyberThieves, CyberCops and You

TheRhubarb Mon 03-Oct-11 14:20:20

caramel, it's there forever more depressingly enough.

Thank you for answering my question!

I am perhaps inappropriately excited to hear that Misha Glenny, one of my fave authors, is on Mumsnet <swoon>

strandednomore Mon 03-Oct-11 14:20:53

Thanks, this is really interesting reading and I think everyone with children should take note. So what's your MN name then? Come on, out yourself wink

Tianc Mon 03-Oct-11 14:20:58

Thanks, Misha, very interesting reading.

Join the discussion

Join the discussion

Registering is free, easy, and means you can join in the discussion, get discounts, win prizes and lots more.

Register now