Gangs use of the Internet and Cell Phones

June 14, 2010

There are more than 20,000 gangs, with collectively over 1 million members in the United States. Gangs are present in all 50 states, the District of Columbia, and all U.S. territories, according to the Attorney General’s report to congress on the growth of violent street gangs in suburban areas (April 2008). Research by the Justice Department’s National Gang Intelligence Center estimates that 147,000 gang members sit in U.S. prisons or jails, and that criminal gangs are responsible for up to 80% of crimes committed in communities across the nation. 80 percent – it is hard to digest such an appalling statistic.

“Gangs have long posed a threat to public safety, but as this study shows, gang activity is no longer merely a problem for urban areas. Gang members are increasingly moving to suburban America, bringing with them the potential for increased crime and violence,” said Assistant Director Kenneth W. Kaiser, FBI Criminal Investigative Division. Gang members are migrating from urban to suburban and rural areas, expanding the gangs’ influence in most regions. They are doing so for a variety of reasons, including expanding drug distribution territories, increasing illicit revenue, recruiting new members, hiding from law enforcement, and escaping from other gangs.

Gangs, like organized crime rings, have taken to the Internet as a facilitator in sending messages to associates throughout the U.S. and other countries – including deported gang members, deliver threats, assert territorial boundaries that used to be scrawled as graffiti across buildings, fences, and signs, brag, and conduct ‘business’. Gang business includes drug trafficking, human trafficking, prostitution, weapons trafficking, smuggling illegal aliens across borders, murder, theft, fraud, armed robbery, auto theft home invasions, gang rapes, and more. (Source FBI 2009)

Gangs continue to recruit via traditional methods in their neighborhoods and through family members. law enforcement agencies report seeing 3rd generation gang members where grandfathers, fathers and sons are all members. The internet however has over the last 8 years increasingly become a key recruitment tool to help gangs expand, both in terms of territory (gangs are now are established in over 2,500 cities across the country) and the number of members in each gang.

Age of recruits continues to drop

Gang members are grooming recruits as young as 2nd graders according to a study sited in The Oklahoman (Nov 2009), though most frequently targeted are the tweeners in 5th – 7th grade age range. The link to schools is crucial to gangs not only for recruiting purposes, but also as a key drug distribution channel.

School infiltration is so valuable that law enforcement agencies several states report  gangs are directing teenage members who had dropped out of school to reenroll, primarily to recruit new members and sell drugs. These kids typically use cell phones to conduct drug transactions and prearrange meetings with customers.

The most recent statistics from the Bureau of Justice Statistics and the National Center for Education only shows data through 2005, but we should expect to see stark increases in their next biennial report. “We’re seeing the gang members coming back from prison looking more and more to those middle schoolers and the younger kids to recruit them,” said Susan Manheimer San Mateo Police Chief, who speaks for the San Mateo County gang task force.

Gang outreach and ‘style’

Gang leaders know kids socialize on sites such as Facebook and YouTube, and they are actively reaching out through popular online services to create a new generation of gang members. They describe gang life as glamorous, and seductive. Recruiters tell of a life of power, leisure, and wealth, and instant gratification, as well as a ‘family’ and a sense of belonging and acceptance that many kids desperately want. They glorify the danger and the excitement.

Gangs have pushed hard to make gang clothing a fashion statement to such an extent that Gang apparel can be seen everywhere as a fashion statement for young people – on MTV and other teen sites and stations. They use images of rap artists like Snoop Dogg, and promote music with gang themes, violence and attire. Many of today’s youth who are not connected with gangs wear the gang styles and colors because of the cool factor, certainly wearing the fashion does not make a kid a gang member. However, wearing gang fashion can have tragic consequences when kids are mistaken for being a member of a rival gang. (See what happens when your clothing makes you look like a gang member links below)

Gang Websites

For the most part, gangs use the same sites everyone else does – MySpace, Facebook, YouTube, Twitter, and so on.

There are tens of thousands of websites, message boards and chatrooms created by gang members or young gang wanna be’s. These ‘web-banging’, ‘cyberbanging’ ‘netbanging’ ‘phone-banging’ sites are typically set to public viewing, and are places to hang out online like everyone else – but with the gangsta cult and violence highly glorified through photos, music, gang signs, guns, tats, colors, videos, etc. They frequently contain memorials to gang members who have been killed or are incarcerated.

The videos and photos posted may just be about the ‘life’, but they frequently include documentation of crimes they want to brag about – beatings, robberies, graffiti, etc. where everyone in the video has their face covered to avoid identification (though the bragging they do online has helped solve several cases). The sites are also used to trash rivals and convey threats and intimidate ‘bystanders’.

The fact that so many identify themselves on their sites makes they relatively easy prey to predators or rival gangs who can quickly profile them and these websites also become a new battle ground – a turf to defend from being trashed or hijacked. Hacking into and disrespecting a rival gang’s site is just one more field of engagement.  The threats and disrespect exchanged online are creating a new cause for offline violence as gang members settle disagreements that started online.

Gang sites often use a kind of cryptic language that has evolved between gang members enabling them to convey messages on public sites through language and inferences that others will not understand. (See links to typical sites at the bottom – though when you read this, the links may or may not still be in use as these sites change frequently)

The actual number of hard-core gang sites is hard to estimate, but is assumed to be only a couple of thousand.  These sites are private and much harder to monitor. These are used to plan crimes – the kills and raids on rivals, and the long list of crimes cited above, plus provide a place to brag about their past crimes and document the gang’s ‘history’.

At risk kids

Impressionable youth of either gender can find the secret handshakes, clothing and slang of gang cultures commonly found on gang-affiliated websites, appealing. They may start out in their online exploration of gangs with just an interest in the music, or pictures lauding street gangs, or the gangsta fashion, yet their online actions make it more likely they will be approached for recruiting – online and offline.

Some are drawn to gangs through parties, girls, and drugs. Some want a sense of respect and power. Others want to make money — to help out at home or to have nice clothes, etc.  They may be kids who feel adrift – disconnected at home – lacking in positive role models, or who have few friends or perhaps have moved frequently. The kids may be angry or rebellious and want to lash out. They may grow up in an area with a strong gang presence and gang culture. They may already be in trouble with the law, or are looking for a thrill. Some join for protection because they are picked on by another gang. Most have some real or imagined problem with their families that makes the streets preferable to being home.

It may begin with participation on a wanna-be site where the conversation seems innocuous, but then arguments arise, threats are made and kids are caught in an escalation they had not intended.  “The type of profiling they’re doing of themselves makes them prey to predators and also at odds with and challenging other gangs,” said Manheimer. “So, we’ll see something start on the Internet, and actually turn into an assault or a gang fight that actually results out of Internet profiling.”

Kids drawn to the content posted online that glorifies the gang lifestyle are being invited to parties where the real recruitment and initiation occurs. Most recruits want to be ‘cool’, some young enough to believe that killing is just an extension of the video games they play. Gangs groom these kids with ‘respect’, bling, and attention – something most are missing in their lives.

These young recruits are particularly useful to gangs for a couple of key reasons, they don’t place much value on life and they are hard to identify as they have no prior criminal histories; even if caught their age keeps them out of the worst legal responses.

Cell phones

Cell phones have become as essential to gang members as they are to organized crime groups.  Gangs members may have several prepaid phones and calling cards to ensure their calls are untraceable for any communications about criminal activities, and easily disposable.  They use encrypted internet technologies like VoiceOverIP (VoIP) on products like Skype on their mobile phones or computers to avoid wiretapping – making it nearly impossible for law enforcement to track their actions or crimes.

Gangs use cell phones cameras and video to document crimes or collect information for future crimes, and use GPS coordinate attacks and crimes, as well as surreptitiously monitor those they think might be ratting them out.

They use cell phones to assist in robberies, for extortion, as evidence of accomplished hits, to arrange drug deals, set up transactions, prostitute girls and boys, commit identity theft, and more. Gangs have been known to place a member inside a bank, (or near an ATM, or any other place that cash is transacted) to take photos of likely victims and watch to see who withdraws large sums, then send it to another gang member sitting outside the banks to identify the victim to follow and rob.

Gangs also use cell phones to communicate with members behind bars, allowing incarcerated gang leaders to continue to conduct business, and for members outside to request hits against rivals also serving time. Though cell phones are illegal, prisons appear to have a very hard time of preventing them from getting into the hands of incarcerated gang members.

What to look for

According to the Washington D.C. Metropolitan Police Department, the best defense against gangs begins in the home. Family conversations are critical to debunk the perceived glamour and show gang life for the thuggery it represents. Keeping kids out of gangs in real life now has to include teaching them to avoid becoming targets of propaganda in the virtual world.

In addition to conversations, experts advise watching for the following gang signs:

  • Gang insignia downloaded onto their phones, websites, clothing – this can include what appear to be Major League Baseball logos for the Giants or Yankees, which have been modified to represent gangs.
  • Ringtones or songs glorifying gangs and violence – on cell phones or web pages
  • Pictures of gang leaders or dead gang members
  • Gang colors, or other gang images – this means educating yourself about the colors and signs of gangs in your area
  • Requests for tattoos – or simply showing up with tattoos – or ear piercing (of course, ear piercing alone may be simple fashion statements unrelated to gangs)
  • Gang style cloths, bandanas, gang related jewelry – or perhaps suddenly tilting their baseball cap to one side, or rolling up the cuff of a pant leg. Gang branding may be more subtle in the beginning, are their gang symbols inside their hats or collars?
  • New gang-looking friends, secrecy about friends, sneaking out
  • Change of language – new nickname, phrases you are unfamiliar with,
  • Involvement in any criminal activity – graffiti, vandalism, theft, drugs, etc.
  • Change in interests, grades dropping, cutting school
  • Has your child been injured—boys are often beaten and girls raped as part of their initiation into a gang.

If it looks like your child is headed down the wrong path, get help.  If you are afraid your kid is in a gang, they probably are.
Linda

Useful Articles

Links to gang related public sites – most is just art, photos and music, but they give a flavor of this kind of mentality.  (Note that these sites change all the time, these may become obsolete quickly, but even the names are illustrative)

Asian

Gangster Disciples

Bloods/Piru

Norteño

Brothers of Struggle

People Nation

Crips

Sureños

Folks

Vice Lords

Examples of Gangsta Videos

Advertisements

What are Bots, Zombies, and Botnets?

June 12, 2010

News about internet crimes often mentions ‘bots’, ‘zombies’, and ‘botnets’. It’s not hard to figure out from the context that these are computer or network security threats. But what exactly are they and how do they work?

A ‘bot’ is a type of malicious code that allows an attacker to take complete control over the affected computer – turning the computer into a ‘robot’ that the criminal can remotely control. Once infected, these machines may also be referred to as ‘zombies’.

While taking over one computer is useful, the real value comes from collecting huge numbers of computers and networking these so they can all be controlled at once (a botnet). There are between 100-150 million computers worldwide (out of 600 million PCs on the Internet) infected with bots and under the control of hackers. These computer owners unwittingly put everyone at risk, and most would be shocked to learn that the spam you’re receiving is coming from thousands or even millions of computers just like (and including) theirs. Frankly, failing to adequately protect your computer is socially irresponsible.  Click here to learn how to protect your computer.

Now, the way criminals make money from connecting all of these computers is twofold:

  • Criminals can use the botnets themselves. This may be to send spam, phishing, or other scams to consumers that will earn them money. They may use them to create denial of service (DoS) attack that floods a service or network with an crushing amount of traffic to severely slow down the networks ability to respond or entirely overwhelm it and take it down. The revenue from DoS attacks comes in the form of extortion (pay or have your site taken down) or through payments by other groups with interest in inflicting damage. These groups include “hacktivists” — hackers with political agendas and foreign military and intelligence organizations. In 2008 several ISP’s reported multi-hour outages of their services due to advanced DoS attacks according to research by Arbor Networks.
  • Criminals also rent out their botnets to other criminals for the same exploits as they use the botnets for themselves.

Here’s an attempt at illustrating botnets are created:

If you have not installed security software and ensured that it is turned on, and kept up-to-date your machine is likely infected with all kinds of malicious software, including bots. The best protection is to run anti-virus and anti-spyware programs diligently and to install every patch that your operating system makes available. Set your computer up to run these automatically for the best protection.

Even with the most up-to-date protection tools, there is still some risk because the developers of malware are always looking for new ways to get around security measures, and your own actions may put you at risk. One common user risk is through downloading content from unknown sites OR from friends that don’t have up-to-date protections. The intent may not be at all malicious, but if content comes from an unprotected computer it may well be infected and by downloading the content you bring the malicious code past your security checkpoints. Interacting with others who have not protected their devices increases your risk.

Watch for symptoms like odd changes in settings, or your computer becoming really slow or crashing for no obvious reason. If these occur, take action. The cause may not be a bot, it could be another form of malicious software that causes the same symptoms, but they are clear indicators of trouble. If you experience these, check to be sure you have the latest operating system updates, and that your anti-virus and anti-spyware programs are updating properly, then run a new scan of your computer. You may want to use a second spyware tool (many, like Ad-Aware offer free versions)

Don’t contribute to this problem. Ensure you have adequate protections today.

Linda


Beware of con artists on the prowl on Facebook

February 26, 2010

Beware of con artists on the prowl on Facebook

I was interviewed for this article and TV segment by Connie Thompson from Fisher Communications. Below is the story in its entirety, including a link to the video segment.

Video

Cyber con artists turn your Facebook into an open book. They hack into your Facebook account and pretend to be you. Once they take over your Facebook account, hackers can often take control of your e-mail.

Their ultimate goal is to turn your Facebook screen into a cash machine either through identity theft or other forms of fraud.

Depending on your privacy setting and who you let share your information, every posted photo, every friend, each seemingly innocent message can give scammers the information they need to compose a story.

The typical communication explains that you’ve had an emergency in another state or country and need money. Friends and family who panic and want to help may wire money to the scammer, thinking they’re talking to you.

“In many ways we make it very very easy,” said Internet safety and security expert Linda Criddle.

The former Microsoft analyst is now an author and consumer advocate who specializes in educating children and adults about the different ways scammers can target you online. Social networks are a fertile hunting ground.

Internet security experts say 2010 could be a banner year for scams on sites like Facebook and Twitter, because of their popularity.

On Facebook alone, there are more than 350 million users- sharing their pictures and information with friends, who share with their friends, who share with their friends.

It’s an information gold mine for a hacker tactic known as “screen scraping.”

“It means that you are literally gathering, collecting all the information you can find on a screen.” explained Criddle.

People share information about hobbies, family background, employment, vacation plans, last names, nick names and more. Photographs and videos can reveal even more information you don’t even realize you’re providing.

“Gathering that information off these social networking sites is quick. And what you don’t share about yourself, your friends probably did, Criddle added.

And if just one person on your list takes the bait the scammers almost instantly get thousands of dollars, especially if they can get the name and phone number of an older relative in a different state.

Scammers like to use the telephone with older people, because seniors tend to respond to the “person to person” approach. They get caught up in the emotion. They’re sympathetic toward their relatives and are more likely to keep things a secret when asked not to say anything. That makes the victim less likely to call their family member at home and check on them.

The scammers explain they need money wired through Western Union. By the time the friend or family realizes it was a scam, the money’s gone. Police say caring relatives in particular- are sitting ducks.

Facebook is aware of the problem. Spokesperson Simon Axten offered the following e-mail reply in response to our questions:

“This is a very low-volume attack, affecting only a small number of people. However, we’re concerned about any potential security threat, and we’re taking this issue very seriously. Our team has analyzed the trends of these attacks and is using this information to surface compromised accounts before the scammers get very far.

When we find these accounts, we disable them and attempt to get them back to their rightful owner. In many cases, the scammer has changed the password or added a new contact email to attempt to maintain control of the account.

To combat this, we notify people when their account is modified and empower them to reverse the changes or disable the account entirely. We’re reminding people to be very suspicious of anyone, even friends, who ask for money over the Internet. Please verify their circumstances through some other means than the web (e.g. call them or mutual friends).If you see something that looks amiss with your account or a friend’s, please report it to us through the form in our Help Center.

These and other security tips can be found on our Facebook Security Page. We’ve also published a blog post about the scam.”

Specific things users can do to protect themselves:

  • Be suspicious of anyone – even friends – who ask for money over the Internet. Verify their circumstances independently (e.g. call them or mutual friends).
  • Choose a strong password and use unique credentials for each of your web accounts (we believe users are being phished on one site, and the bad guys are then trying those credentials on another).
  • Use an up-to-date browser that features an anti-phishing blacklist.
  • Use and run anti-virus on your machine.
  • Reset your Facebook password if you suspect your account has been compromised.

Specific actions Facebook has taken:

  • Adjusted and updated our sophisticated security systems to also detect and defeat these smaller-scale attacks.
  • Improved our prioritization systems so we can help impacted users more quickly.
  • Instituted changes to notify users when their account is modified and empower them to reverse the changes or disable the account.
  • Worked with law enforcement to investigate cases and with Western Union (a wire transfer company commonly used by the scammers) to improve education. With our help, Western Union has posted a warning about this scam. Western Union has also alerted its branches in London, where the scammers are picking up the money.

Don’t Fall for the Xmas Variant of the Koobface Worm

December 1, 2009

There is always a Grinch. This year he comes in the form of malware, and his name is Koobface.

Koobface (an anagram for Facebook) is a malicious worm that uses social networks to send fake messages to users – things like “Hey! Are you really in this video?”, “LOL, check it out”, “My home video :)”, or “Hey! You are on news!” and contain a link to a website where you will supposedly be able to view the ‘video’.

Clicking on the malicious link starts your troubles. Once on the site, if you click to watch the ‘video’ you get a pop-up message telling you that in order to watch the video, you need to update your Adobe Flash player. Conveniently, they provide the option to install the ‘new’ version simply by clicking install.

What you really install of course is the Koobface Worm that infects your computer, steals your information, and enables a proxy tool so that your machine becomes part of a botnet so the attackers can continue to abuse your computer and any information it contains.

In this example, the ‘message’ refers to a fake video posted by ‘SantA’, and you are led to believe it will be cute entertainment to watch.

Adobe Flash player continues to be one of the most popular social engineering tactics used by criminals to turn your computer into a bot. But one simple rule will prevent you from becoming a victim.

Consistently applying one key principle will ensure that you don’t fall for these scams

Steer don’t be pulled

  • Do not use a link contained in a message – whether it comes in email, IM, on a social networking site, text message, or some other means. Find the proper URL yourself using a search engine – and use a malware filter like McAfee Site Advisor (it’s free) to be sure the site is legitimate before clicking the link.
  • If you think you need to install a newer version of ANY software, go to the company’s site (in this case Adobe.com) and download from there. It is the only way to ensure you are not getting something other than you bargained for.

Following a few safety principles will keep the Grinch, Koobface, and other nastiness out of your holiday festivities.

Linda


1.5 Million Unencrypted Medical Records “Lost”

November 29, 2009

Medical insurance giant Health Net apparently waited 6 months to notify authorities of the breach of 1.5 million consumer and physician’s medical records.

The breach occurred in a Health Net office in Connecticut, but consumers in Connecticut are not the only group exposed; HealthNet also provides services in Arizona, California, New Jersey, New York, Oregon, and Washington State.

According to an article by the Health Information Trust Alliance Connecticut Attorney General Richard Blumenthal reaction to the belated notification was severe, “I am outraged and appalled by Health Net’s huge loss of personal financial and medical information and its failure to swiftly inform authorities and consumers. This information vanished six months ago, but Health Net is only now informing authorities and consumers, an inexcusable and inexplicable delay. Health Net’s incomprehensible foot-dragging demonstrates shocking disregard for patients’ financial security, as well as loss of their highly sensitive and confidential personal health information.”

Blumenthal went on to say “Another day, another data breach, but companies still don’t get it: personal information is like cash and should be guarded with equal care. Casual and cavalier attitudes toward data protection and breaches are intolerable and must stop. I will fight to compel companies to fully safeguard personal information, quickly inform consumers of breaches and properly protect them when losses occur.”

Health Net’s inaction is inexcusable… and far too common. Personal health records have become a hot new and lucrative target for hackers and ID thieves as more medical data has been dumped online without appropriate security precautions.

Learn more about the scope of personal data record theft and why the notification rules for personal health record breaches aren’t going to work by reading my blogs:

Stay vigilant.

Linda


Search Engines Responsibility to Block Malware

November 24, 2009

New malware is released on the Internet every 30 seconds according to McAfee research, and the problems it causes threaten the very health of the online environment. Much of this malware is distributed through search results. Some is disseminated through the millions of legitimate websites that have been infected – including .gov, .edu, .org, and .net sites. Other malware is distributed via the millions of deliberately malicious websites whose express purpose is to dump malware onto hapless consumers’ devices.

Tackling the malware scourge are dozens of security software companies and law enforcement agencies. Enduring the most pain are consumers and companies doing business online. Who’s not at the table?

Search engine companies – the very companies that enable the dissemination of most malware today – are notably absent in this battle. Why have Google, Microsoft, Yahoo, and other search companies. failed to step up to their role and responsibility in blocking malicious sites?

Why is Google promoting harmful sites in their sponsored search links section?

Without using a tool that flags harmful sites (in this graphic, it’s McAfee Site Advisor, but there are several options) consumers have no way of knowing that the first sponsored link is harmful.

Defining ‘malicious’ is not an impossible task. Malicious is a matter of definition along a sliding scale, and it can be argued where the line should be drawn. Fine, argue about it – then set a standard.  

Identifying malicious sites is not an impossible task; dozens of companies flag and block malicious or infected sites. Though search engines can’t guarantee to catch every single malicious/compromised site, they could dramatically reduce the likelihood that consumers and companies would be infected – and dramatically reduce the revenue of organized crime groups promulgating this crap.

Blocking malicious sites is not a freedom of speech issue. Search engines are owned by companies with policies, and they can write those policies however they see fit. Freedom of speech does not apply in a company-owned environment, whether you’re standing in Disneyland or using a search engine. Companies have the right to set their standards for what they display, accept, monitor, or block.

  • One policy option could be that the search engine will not knowingly display sites that have been shown to be malicious or are currently infected.
  • Alternatively, search engines could have a policy that provides consumers choice – for example, giving an option for consumers to choose between “only show sites believed to be free of malware” vs. “show me all sites, but highlight ones with known risks”.

Identifying and blocking malicious sites should not be a financial issue. Identifying malicious sites isn’t inordinately expensive – or the free services available for consumers would not exist. Blocking malicious sites that want to get top placement as sponsored links does represent a loss of revenue– but is this revenue from criminal or malicious entities worth facilitating the exploitation of consumers?

In fact, search engine companies should be able to make a good business out of notifying legitimate companies, organizations, etc. that their sites are infected.

Search engines, step up to social responsibility

The major search engine companies need to step up to their social responsibility rather than simply abetting the circulation of malware. These engines are the ideal chokepoint – if malicious sites aren’t displayed in search results, or are clearly marked as malicious – consumers and companies alike won’t fall victim.

Consumers, hold companies accountable

If you want a safer online experience, you need to demand a safer online experience from the companies you use. Change doesn’t happen overnight, but change is much less likely to occur when consumers aren’t demanding it.

YOU have the power to change the level of risk search engines expose you, and your family, to – let your search engine provider know you want protection today.

Linda


Teens Report High Levels of Texting While Driving – Parents Poor Role Models

November 18, 2009

The Pew Research Center’s Internet & American Life Project released a report Monday that found 25% of 16 to 17yr-olds who have cellphones say they text while driving.

The study also found that nearly half of Americans ages 12 to 17 say they’ve been in cars with someone who texted while behind the wheel.

However, perhaps the most disappointing finding was that teens say their parents are also texting behind the wheel. Pew found that “the frequency of teens reporting parent cellphone use behind the wheel in our focus groups was striking, and suggested, in many cases, that texting while driving is a family affair.”

Research by the National Highway Traffic Safety Administration found even higher texting frequency. Their data indicates that 81% of U.S. residents said they have used their cellphone while driving, and that of the 82% of 16- to 17-year-olds who have cellphones, 52% said they use them while driving.

Teens know the risks – just think it won’t happen to them

“Many teens understand the risks of texting behind the wheel,” said Amanda Lenhart, co-author of the Pew report, “but the desire to stay connected is so strong for teens and their parents that safety sometimes takes a back seat to staying in touch with friends and family.”

For more information about the risks of texting and driving (like the stat saying Drivers who text behind the wheel have a 23 x greater risk of crashing), read my blogs:

Linda