Criminals http://www.webupon.com/tags/Criminals New posts about Criminals Complex Passwords: Don't Go Online Without Them http://www.webupon.com/Security/Complex-Passwords-Dont-Go-Online-Without-Them.132667 Technology is a part of every aspect of our lives. We use technology for more than just accessing information. We use it for banking, bill paying, filing personal forms and sending information via email. In order to use technology we rely on passwords to protect our identities and bank accounts. One simple “password” is all that is standing in the way of a potentially huge headache if it was cracked by a hacker exposing our most personal information.

Complex passwords make the cracking of your personal data by a hacker far more difficult and everyone who has even one online account must have them. A complex password is critical to online security. A complex password is different from a regular password in that it makes full access of all keyboard numbers, symbols and letters. A complex password is a strong password that is much more secure.

Creating Strong Complex Passwords 

  1. Think of a sentence like:” My brown dog Ralph has 7 fleas.” Then the password could be MbdRh7f. This is a strong complex password and it won't be as hard to remember since it is connected to a sentence.
  2. Intermix capital letters with numbers.
  3. Avoid your name or screen name in the password.
  4. Always use numbers, symbols, upper and lowercase letters in passwords.
  5. The length of the password should be from 12-14 letters. The more symbols the higher the security strength.
  6. Do not use passwords that are dictionary words, numbers or letter sequences, or names and dates.

Weak Passwords

  1.  Using a wordlist with a number: “jet2008”, “forest1234” etc.
  2. Using words such as: “password”, “computer”, “admin” etc.
  3. Using identifying words like “tomsmith1234” or phone numbers.
  4. Using sequencing letters or numbers on the keyboard: “asdfg1234” etc.
  5. Using double words: “spiderspider, antant, dogdog” etc.
  6. Using words with simple changes: “d0g”, “11ikeit” etc.
  7. Using dictionary words like “camouflage”, “habitat,” "oyster” etc.
  8. Using different passwords in each situation. This way if a criminal cracks your password they don"t have all your information on every account of which you subscribe.
  9. Do not use shared computers to access your accounts. These include computers that are open to the public at internet cafes, kiosks and libraries.
  10. Laptop computers may be less secure as you use them in different places, so make sure your laptop has strong passwords.
  11. A weak password is better than no password but still not a good idea. It might deter a criminal for a few minutes, but not for too long.
  12. Remember do not incorporate clever patterns into your passwords even though they are easy for you to remember. If they are easy for you to remember, they will be easy for someone to figure out.

Password protection is very important. Most security experts agree that you should never write down your password and keep the information in an easily accessible area. If you must write down your passwords then store the information it in a very safe place with your other valuables.

Another idea is to develop a code that will jar your memory so you can remember the password. This way the password in code won't make any sense to anyone but you. Also don't store your passwords online or reveal them to others through email requests or by telephone.

Always keep your passwords secret and change them ever 90-120 days. Always keep track of your banking accounts and monitor them regularly for changes you did not make.

Passwords are only as effective as the humans that create them. Even the best technology and Internet security is vulnerable to human error. So don't go online without your complex passwords!

]]> Mon, 02 Jun 2008 03:21:07 PST Are Our Kids Really Safe on Social Networks? http://www.webupon.com/Web-Talk/Are-Our-Kids-Really-Safe-on-Social-Networks.89181 I think the key is to keep a close eye on your kids while they use the internet. Use parental controls on your computers at home. I know it's impossible to keep tabs on our children all the time, so we must communicate with them, and let them know what is acceptable and what is not.

To prove my point about the social networks, I actually made a fake profile. I created a fake email address, then found a stock photo of someone and used it as my picture. It's that easy. And it's that scary. Everything I posted on this fake profile is all a lie. No one asked for my age. I can be anything I want, and no one would question me. If I can do that, then who's to say there aren't people out there, grown people, pretending to be children; just waiting for the perfect moment to abduct an innocent child, or even worse.

I created this profile just to see if it could be done. It was so easy. Someone with excellent computer skills could do all sorts of horrible things, as I'm sure they already do.

It's important we talk to our children and let them know that if they have a profile on one of these social networks, that they only talk to people they know, and keep their profile private.

Even doing all of these things, it can still be dangerous. You never know what some sick people do to get to children. I know these social networking pages will never be outlawed, but they need some type regulation to keep children safe. The rules they have now are just not good enough.

]]> Mon, 03 Mar 2008 06:10:33 PST Convicted: Nine Notorious Hackers of Our Time http://www.webupon.com/Security/Convicted-10-Notorious-Hackers-of-Our-Time.71135

  • Kevin Mitnick (Several Convictions in the 1990's)



    For several years he made a career out of hacking into computers, stealing corporate secrets, scrambling phone networks, and breaking into the national defense warning system which caused millions of dollars in losses. He has spent almost six years in prison in solitary confinement for his notorious crimes.

    It seems his hacking days are over, however. He is now a computer consultant, author, and public speaker. His story has inspired two Hollywood movies: Takedown and Freedom Downtime.

  • Adrian Lamo (Convicted in 2004)



    Adrian Lamo admitted to various computer crimes directed at companies like Yahoo!, Microsoft, Ameritech, Cingular, AOL Time Warner, Bank of America, Citigroup, McDonald's and Sun Microsystems, but he is best known his intrusion into "The New York Times" internal computer system. He repeatedly hacked into the system to add his name to confidential databases of expert sources. He also used the paper's LexisNexis account to conduct research on high-profile subjects.

    In 2004, he surrendered to FBI and pleaded guilty to one count of computer crimes against Microsoft, Lexis-Nexis and "The New York Times". He was sentenced to six months' detention at his parents' home plus two years probation, and was ordered to pay roughly $65,000 in restitution.

    Lamo is now an award winning journalist and public speaker. He has interviewed personalities like John Ashcroft and Oliver Stone.

  • Jonathan James (Convicted in 2000)



    Jonathan James was the first juvenile, at the age of 16, to be jailed for computer crimes in the United States. His crimes were directed toward NASA and the US Department of Defense.

    NASA claimed he downloaded $1.7 million worth of proprietary software. He then admitted to installing a "sniffer" on the Department of Defense's computer system which allowed him to intercept over three thousand messages passing to and from employees, along with numerous usernames and passwords of other DoD employees. At least ten of the computers he hacked into were military computers

    Although he could have served up to ten years in jail, the fact that he was a juvenile reduced his initial sentence to six months in jail and probation until he was 18 (he was also required to write apology letters to NASA and DoD). The judge then reduced the sentence to six months of house arrest and probation until the age of 21. After violating probation he was required to serve the full six months in a federal correctional facility.

  • Operation Web Snare (2004)



    As of 2004, operation Web Snare is the "largest and most successful" law enforcement operation related to online fraud. The operation included more than 150 investigations of Internet-related crimes, including denial-of-service attacks, computer hacking, selling counterfeit software, phishing, and identity theft. More than 870,000 victims lost more than $210 million dollars from such crimes.

    Among those convicted were Utah resident Mark Pentrack who offered car parts, aircraft parts, and other items for sale over the Internet, but did not own those items. More than ten people sent Pentrack more than $200,000 for such items. He hired secretaries in five states outside Utah to receive payments from the consumers, used an Australia based e-mail service, and used an "anonymizing" program when conducting online activities. He was sentenced to more than 11 years in prison after he pleaded guilty to mail fraud, misuse of a Social Security number, attempted destruction of evidence, and making a false statement in connection with an Internet fraud scheme.

  • Max Ray Butler (Convicted in 2001)



    Also known as Max Vision, Max Ray Butler was a talented computer specialist who ran a computer security company in Silicon Valley. He was also a highly-skilled hacker who went to prison for creating an Internet worm that hacked into systems at McChord Air Force Base, NASA's Marshall Space Flight Center, the Argonne and Brookhaven National Labs, IDSoftware, and an unspecified Defense Department system.

    Interestingly, Max was an FBI informant for five years. He supplied to the FBI information about several major cracks and helped track down other computer hackers.

    Police arrested Max in March 2000 after he refused to wear a wiretap to a meeting with a friend who was being suspected of cyber-crimes. He was later charged with 15 counts of hacking-related crimes including computer intrusion, possession of stolen passwords and interception of communications. He was sentenced to 18 months in prison.

    His hacking career didn't end with his prison sentence, though. Recently he was in court facing with charges of wire fraud and identity theft. He faces a possible sentence of 40 years in prison and a $1.5 million fine if convicted.

  • Nahshon Even-Chaim (Convicted in 1993)



    Nahshon Even-Chaim , aka Phoenix, belonged to an elite computer hacking group known as The Realm. He was the first major computer hacker to be convicted in Australia. His targets centered on defense and nuclear weapons research networks. He was so skilled that many of his victims weren't aware they were victimized until the evidence was presented after the arrests.

    Some of his crimes include stealing a password cracking program from NASA, gaining unauthorized access to universities involved in nuclear energy research, tampering with files and crashing the system at the Lawrence Livermore National Laboratory which controlled the world's most powerful laser, and many more.

    Wire and data taps gave police all the evidence they needed to charge Even-Chaim with 48 offenses, most of which carried a maximum ten year sentence. After negotiations, however, his sentence was reduced to 500 hours of community service and a 12 month suspended jail term.

  • Vasiliy Gorshikov and Alexey Ivanov (Convicted in 2001)



    After a very complex undercover FBI operations, Vasiliy Gorshikov and Alexey Ivanov of Chelyabinsk, Russia were arrested for 20 counts of computer crimes, fraud and conspiracy. They were convicted for stealing approximately 50,000 credit card numbers from U.S. online banks, e-commerce companies and Internet service providers.

    Gorshikov was sentenced to three years in prison and ordered to pay $690,000 in restitution charges, while Ivanov received a 3 years and 8 month sentence and restitution charges of $800,000.

  • Jeanson James Ancheta (Convicted in 2006)



    Jeanson James Ancheta of California was charged with 17 counts of conspiracy, fraud and other crimes connected to a 14-month hacking spree that started in June 2004. He pleaded guilty to seizing control of hundreds of thousands of computers and renting the zombie network to people who used it to send out spam. He silently downloaded Spy ware/Ad ware to more than 400,000 infected computers that he controlled. He admitted to gaining for himself and a co-conspirator more than $100,000 in advertising affiliate proceeds.

    Among the computers he attacked were some at the Weapons Division of the U.S. Naval Air Warfare Center in China Lake, California, and at the U.S. Department of Defense.

    Ancheta was sentenced to almost five years in federal prison and ordered to pay approximately $15,000 to the United States federal government for inflicting damage on military computers. He was also forced to return to the government more than $60,000 in cash, a BMW automobile and computer equipment.

  • Markus Hess (convicted in 1990)

    After being recruited by the KGB as an international spy to secure U.S. military information for the Soviets, Markus Hess, a German citizen, was able to attack 400 U.S. military computers.

    Hess was sentenced to one to three years in prison after being found guilty of espionage he was released on probation before the end of his sentence. He now writes networking software for a computer company in Germany.
    • ]]>     Fri, 04 Jan 2008 06:49:24 PST