tag:theconversation.com,2011:/global/topics/cybersafety-4216/articlesCybersafety – The Conversation2024-02-27T23:08:38Ztag:theconversation.com,2011:article/2231902024-02-27T23:08:38Z2024-02-27T23:08:38ZShould you be checking your kid’s phone? How to know when your child is ready for ‘phone privacy’<figure><img src="https://images.theconversation.com/files/576354/original/file-20240219-30-bolx5l.jpg?ixlib=rb-1.1.0&rect=275%2C646%2C4164%2C3181&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/child-using-smart-phone-lying-bed-2299524663">Aleksandra Suzi/Shutterstock</a></span></figcaption></figure><p>Smartphone ownership among younger children is <a href="https://www.ofcom.org.uk/__data/assets/pdf_file/0027/255852/childrens-media-use-and-attitudes-report-2023.pdf">increasing rapidly</a>. Many primary school children now own smartphones and they have become the norm in high school.</p>
<p>Parents of younger children may occasionally (or routinely) look at their child’s phone to check it’s being used responsibly and safely.</p>
<p>But as children mature into teens, parental inspections will likely feel like an invasion of privacy. Many would not ask for a high schooler’s diary, yet phones hold even more personal information. </p>
<p>So, what do parents need to consider when making the “phone rules” for their children as they get older?</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/575539/original/file-20240214-27-yg1k3s.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="A girl looks surprised while her dad talks to her about phone use." src="https://images.theconversation.com/files/575539/original/file-20240214-27-yg1k3s.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/575539/original/file-20240214-27-yg1k3s.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/575539/original/file-20240214-27-yg1k3s.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/575539/original/file-20240214-27-yg1k3s.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/575539/original/file-20240214-27-yg1k3s.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/575539/original/file-20240214-27-yg1k3s.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/575539/original/file-20240214-27-yg1k3s.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Is it OK for a parent to ask a teen to show them their phone?</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/asian-father-asking-his-daughter-stop-1502950871">CGN089/Shutterstock</a></span>
</figcaption>
</figure>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/school-phone-bans-seem-obvious-but-could-make-it-harder-for-kids-to-use-tech-in-healthy-ways-204111">School phone bans seem obvious but could make it harder for kids to use tech in healthy ways</a>
</strong>
</em>
</p>
<hr>
<h2>Early smartphone ownership</h2>
<p>Parents get their younger children phones for many reasons. Some feel it will help keep kids safe when, for example, travelling on their own to and from school. Others have bought one after intense pressure from their child or worry their child will be left out socially if all their friends have a <a href="https://www.tandfonline.com/doi/full/10.1080/13229400.2023.2207563">phone</a>. </p>
<p>In my own research with parents, some also tell me they are reluctant to let their child use the parents’ phone for fear of risking important work files or information stored on the phone.</p>
<p>But many parents also worry getting a phone early might encourage phone addiction, or that a child might be accessing adult content. </p>
<p>Parental guidance for this age group tends to focus on safety, which usually includes checking the child’s phone activity (with or without the child’s knowledge), restricting access through passwords or <a href="https://www.tandfonline.com/doi/full/10.1080/13229400.2023.2207563">time limits</a>.</p>
<p>Parents understandably want their children to be safe. Monitoring may be part of this, but it’s not the whole story. Most important is our role in equipping children to make good, independent and responsible decisions with their phone.</p>
<p>This means teaching children a broader set of skills about how to use phones safely and in a way that maximises potential for learning, connection and <a href="https://www.tandfonline.com/doi/full/10.1080/17482798.2020.1725902">self-expression</a>.</p>
<p>Education and open dialogue about phone safety should begin the day your child gets their phone and continue as they grow. </p>
<p>The focus should be on problem-solving together and respectfully. This is what will empower them to self-regulate appropriately as they grow. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/575522/original/file-20240214-30-4ek2z3.jpg?ixlib=rb-1.1.0&rect=0%2C33%2C5580%2C3664&q=45&auto=format&w=1000&fit=clip"><img alt="A young boy looks at his phone while sitting at home." src="https://images.theconversation.com/files/575522/original/file-20240214-30-4ek2z3.jpg?ixlib=rb-1.1.0&rect=0%2C33%2C5580%2C3664&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/575522/original/file-20240214-30-4ek2z3.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/575522/original/file-20240214-30-4ek2z3.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/575522/original/file-20240214-30-4ek2z3.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/575522/original/file-20240214-30-4ek2z3.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/575522/original/file-20240214-30-4ek2z3.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/575522/original/file-20240214-30-4ek2z3.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">In the first year of a younger child owning a phone, the focus should be on safety.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/leisure-children-technology-internet-addiction-people-336092240">Ground Picture/Shutterstock</a></span>
</figcaption>
</figure>
<h2>A phased approach: laying the groundwork early</h2>
<p>In the first year of a younger child owning a phone, the focus should be on safety.</p>
<p>This may include controls, restrictions and monitoring, but does not necessarily need to include phone checking. Establishing the rules on safety and wellbeing for using the phone is key. </p>
<p>This means talking to your children about how and when they use their phone, why they shouldn’t answer unknown texts and calls, beware of giving out personal information online, and about being kind online. Let your children know they can always talk to you if they have a weird or bad experience online. </p>
<p>Parents should also focus on bigger picture safety and digital habits education. This can include, for example:</p>
<ul>
<li><p>reviewing privacy and app settings together</p></li>
<li><p>understanding screen time features and how to use them </p></li>
<li><p>learning how routines such as reaching for the phone when you wake can have a negative impact. </p></li>
</ul>
<p>Look for quality apps together that your child may enjoy or benefit from, such as productivity apps, creative or problem solving games, music or science-based games or other apps that will help develop their interests and life skills.</p>
<p>Trial and test apps or games together with your child to see how they work.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/575521/original/file-20240214-26-f775n6.jpg?ixlib=rb-1.1.0&rect=0%2C13%2C4479%2C2977&q=45&auto=format&w=1000&fit=clip"><img alt="A young teen looks at her mobile phone while sitting on the couch." src="https://images.theconversation.com/files/575521/original/file-20240214-26-f775n6.jpg?ixlib=rb-1.1.0&rect=0%2C13%2C4479%2C2977&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/575521/original/file-20240214-26-f775n6.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/575521/original/file-20240214-26-f775n6.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/575521/original/file-20240214-26-f775n6.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/575521/original/file-20240214-26-f775n6.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/575521/original/file-20240214-26-f775n6.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/575521/original/file-20240214-26-f775n6.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Smartphone ownership among younger children is increasing rapidly.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/upset-depressed-caucasian-little-kid-girl-2152037861">Iren_Geo/Shutterstock</a></span>
</figcaption>
</figure>
<h2>Adapting the approach as children mature</h2>
<p>As children mature, parental guidance also needs to change alongside it.</p>
<p>After about 12 months of the child’s phone ownership (give or take), checking phones needs to fade, and ongoing open communication needs to become the mainstay. </p>
<p>At this older stage, parents should have frequent, open discussions with their children about online safety, respect and responsibility. Ask your child questions about their phone experiences and always encourage them to ask for help in difficult situations.</p>
<p>Parents may also trial new ways of using the phone or certain apps together with their child. For example, the child and parent can use the screentime feature to discuss, and be aware of, their developing phone habits. It may also include learning to use the camera and its features well or trying new apps (such as a creative drawing app) that allow them to explore a new interest.</p>
<p>Help your child work out which habits work for them and which ones seem to cause stress. For example, if your child is on a WhatsApp group with friends and classmates, is that causing stress or worry? Talk to them about how they can handle it if they or a classmate are being talked about in the group chat. </p>
<p>The risk of routinely checking a teen’s phone is that it may end up fostering mistrust between parent and child. Regular conversations about phone and online safety, and discussing news articles on the topic are two ways of keeping safety front and centre. This helps promote good communication and trust.</p>
<h2>Alleviating fear and worry</h2>
<p>Taking a phased approach helps your child develop the skills and values they need to be able to make good, independent decisions. </p>
<p>Some children may need more or less than 12 months in the stricter hands-on initial phase. Much depends on their maturity, the home environment and their social world. </p>
<p>But taking a broader and adaptable approach will also help a parent better understand their child as a phone user. </p>
<p>This can help alleviate the fear and worry many parents have about phones and kids.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/kids-screen-time-rose-by-50-during-the-pandemic-3-tips-for-the-whole-family-to-bring-it-back-down-193955">Kids' screen time rose by 50% during the pandemic. 3 tips for the whole family to bring it back down</a>
</strong>
</em>
</p>
<hr>
<img src="https://counter.theconversation.com/content/223190/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Joanne Orlando receives funding from Office of eSafety Commissioner for funded research on online safety for 10–13 year olds. </span></em></p>Is it reasonable to occasionally inspect a 13- or 14-year-old’s device, or does this undermine a new sense of privacy at this stage?Joanne Orlando, Researcher: Digital Literacy and Digital Wellbeing, Western Sydney UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2165812023-11-22T17:05:13Z2023-11-22T17:05:13ZThe vast majority of us have no idea what the padlock icon on our internet browser is – and it’s putting us at risk<figure><img src="https://images.theconversation.com/files/559630/original/file-20231115-15-zfe1h.jpg?ixlib=rb-1.1.0&rect=50%2C0%2C5568%2C3692&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">The padlock icon which appears in most internet browser address bars. </span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/web-browser-closeup-on-lcd-screen-1353121223">Robert Avgustin/Shutterstock</a></span></figcaption></figure><p>Do you know what the padlock symbol in your internet browser’s address bar means? If not, you’re not alone. <a href="https://www.tandfonline.com/doi/full/10.1080/10447318.2023.2266789">New research</a> by my colleagues and I shows that only 5% of UK adults understand the padlock’s significance. This is a threat to our online safety. </p>
<p>The padlock symbol on a web browser simply means that the data being sent between the web server and the user’s computer is encrypted and cannot be read by others. But when we asked people what they thought it meant, we received an array of incorrect answers.</p>
<p>In our study, we asked a cross section of 528 web users, aged between 18 and 86 years of age, a number of questions about the internet. Some 53% of them held a bachelor’s degree or above and 22% had a college certificate, while the remainder had no further education. </p>
<p>One of our questions was: “On the Google Chrome browser bar, do you know what the padlock icon represents/means?” </p>
<p>Of the 463 who responded, 63% stated they knew, or thought they knew, what the padlock symbol on their web browser meant, but only 7% gave the correct meaning. Respondents gave us a range of incorrect interpretations, believing among other things that the padlock signified a secure web page or that the website is safe and doesn’t contain any viruses or suspicious links. Others believed the symbol means a website is “trustworthy”, is not harmful, or is a “genuine” website. </p>
<figure class="align-left ">
<img alt="A symbol of a circle next to a straight line over a straight line and a circle." src="https://images.theconversation.com/files/559903/original/file-20231116-19-zm7pen.jpeg?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/559903/original/file-20231116-19-zm7pen.jpeg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=600&fit=crop&dpr=1 600w, https://images.theconversation.com/files/559903/original/file-20231116-19-zm7pen.jpeg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=600&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/559903/original/file-20231116-19-zm7pen.jpeg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=600&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/559903/original/file-20231116-19-zm7pen.jpeg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=754&fit=crop&dpr=1 754w, https://images.theconversation.com/files/559903/original/file-20231116-19-zm7pen.jpeg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=754&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/559903/original/file-20231116-19-zm7pen.jpeg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=754&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Google’s new ‘tune icon’ which replaces the padlock icon in Chrome’s address bar.</span>
<span class="attribution"><a class="source" href="https://blog.chromium.org/2023/05/an-update-on-lock-icon.html">Google Chromium</a>, <a class="license" href="http://creativecommons.org/licenses/by/4.0/">CC BY</a></span>
</figcaption>
</figure>
<p>Not understanding symbols like the padlock icon, can pose problems to internet users. These include increased security risks and simply hindering effective use of the technology.</p>
<p>Our findings corroborate research by <a href="https://support.google.com/chrome/thread/222182314/the-lock-icon-replaced-with-a-tune-icon-in-the-google-chrome-address-bar?hl=en">Google</a> itself, who in September, replaced the padlock icon with a <a href="https://www.thesslstore.com/blog/google-to-replace-the-padlock-icon-in-chrome-version-117/#:%7E:text=But%20that's%20about%20to%20change,to%20have%20HTTPS%20by%20default.">neutral symbol</a> described as a “tune icon”. In doing so, Google hopes to eradicate the misunderstandings that the padlock icon has afforded. </p>
<p>However, Google’s update now raises the question as to whether other web browser companies will join forces to ensure their designs are uniform and intuitive across all platforms.</p>
<h2>Web browser evolution</h2>
<p>Without a doubt, the browser, which is our point of entry to the world wide web, comes with a lot of responsibility on the part of web companies. It’s how we now visit web pages, so the browser has become an integral part of our daily lives. </p>
<p>It’s intriguing to look back and trace the evolution of the web’s design from the early 1990s to where we are today. Creating software that people wanted to use and found effective was at the heart of this <a href="https://www.interaction-design.org/literature/topics/human-computer-interaction">evolution</a>. The creation of functioning, satisfying, and most importantly, consistently designed user interfaces was an important goal in the 1990s. In fact, there was a drive in those early days to create web interface designs that were so consistent and intuitive that users would not need to think too much about how they work. </p>
<p>Nowadays, it’s a different story because the challenge is centred on helping people to think before they interact online. In light of this, it seems bizarre that the design of the web browser in 2023 still affords uncertainty through its design. Worse still, that it is inconsistently presented across its different providers. </p>
<p>It could be argued that this stems from the <a href="https://www.investopedia.com/ask/answers/09/browser-wars-netscape-internet-explorer.asp">browser wars</a> of the mid-1990s. That’s when the likes of Microsoft and former software company, Netscape, tried to outdo each other with faster, better and more unique products. The race to be distinct meant there was inconsistency between products. </p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/LOWOLJci8d8?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">The rise and fall of Netscape and the browser wars of the 1990s.</span></figcaption>
</figure>
<h2>Internet safety</h2>
<p>However, introducing distinct browser designs can lead to user confusion, misunderstanding and a false sense of security, especially when it is <a href="https://www.interaction-design.org/literature/article/principle-of-consistency-and-standards-in-user-interface-design">now widely known</a> that such inconsistency can breed confusion, and from that, frustration and lack of use. </p>
<p>As an expert in human-computer interaction, it is alarming to me that some browser companies continue to disregard <a href="https://www.nngroup.com/articles/ten-usability-heuristics/">established guidelines</a> for usability. In a world where web browsers open the doors to potentially greater societal risks than the offline world, it is crucial to establish a consistent approach for addressing these dangers. </p>
<p>As a minimum, we need web browser companies to join forces in a concerted effort to shield users, or at the very least, heighten their awareness regarding potential online risks. This should include formulating one unified design across the board that affords an enriched and safe user experience.</p><img src="https://counter.theconversation.com/content/216581/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Fiona Carroll does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>The padlock symbol simply means that the data being sent between the web server and the user’s computer is encrypted and cannot be read by others. But many people don’t know that.Fiona Carroll, Reader in Human Computer Interaction, Cardiff Metropolitan UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2054052023-05-11T05:16:47Z2023-05-11T05:16:47ZIt’s being called Russia’s most sophisticated cyber espionage tool. What is Snake, and why is it so dangerous?<figure><img src="https://images.theconversation.com/files/525550/original/file-20230511-15-nzjt8r.jpeg?ixlib=rb-1.1.0&rect=6%2C41%2C1016%2C981&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Shutterstock AI</span></span></figcaption></figure><p>Like most people I check my emails in the morning, wading through a combination of work requests, spam and news alerts peppering my inbox.</p>
<p>But yesterday brought something different and deeply disturbing. I noticed an alert from the American Cybersecurity and Infrastructure Security Agency (<a href="https://www.cisa.gov/news-events/cybersecurity-advisories">CISA</a>) about some very devious <a href="https://www.bing.com/videos/search?q=what+is+malware&qft=+filterui:duration-short&view=detail&mid=FE061B5C45296C83E456FE061B5C45296C83E456&&FORM=VRDGAR&ru=/videos/search?&q=what+is+malware&qft=+filterui:duration-short&FORM=VRFLTR">malware</a> that had infected <a href="https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-129a">a network of computers</a>.</p>
<p>The malware in question is Snake, a cyber espionage tool deployed by Russia’s Federal Security Service that has been around for about 20 years. </p>
<p>According to CISA, the Snake implant is the “most sophisticated cyber espionage tool designed and used by Center 16 of Russia’s Federal Security Service for long-term intelligence collection on sensitive targets”.</p>
<h2>The stealthy Snake</h2>
<p>The Russian Federal Security Service developed the Snake network in 2003 to conduct global <a href="https://www.techtarget.com/searchsecurity/definition/cyber-espionage">cyber espionage</a> operations against NATO, companies, research institutions, media organisations, financial services, government agencies and more. </p>
<p>So far, it has been detected on Windows, Linux and macOS computers in more than 50 countries, including <a href="https://www.cyber.gov.au/about-us/advisories/hunting-russian-intelligence-snake-malware">Australia</a>. </p>
<p>Elite Russian cyber espionage teams put the malware on a target’s computer, copy sensitive information of interest and then send it to Russia. It’s a simple concept, cloaked in masterful technical design.</p>
<p>Since its creation, Russian cyber spies have regularly <a href="https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-snake-malware-network-controlled">upgraded the Snake malware</a> to avoid detection. The current version is cunning in how it <a href="https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-snake-malware-network-controlled">persistently</a> evades detection and protects itself.</p>
<p>Moreover, the Snake network can disrupt critical <a href="https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-110a">industrial control systems</a> that manage our buildings, hospitals, energy systems, water and wastewater systems, among others – so the risks went beyond just intelligence collection. </p>
<p>There are warnings that in a couple of years bad actors may gain the capability to hijack critical Australian infrastructure and cause unprecedented harm by interfering <a href="https://ia.acs.org.au/article/2021/industrial-cyber-attacks-will-kill-someone-by-2025.html">with physical operations</a>. </p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1656064279148396546"}"></div></p>
<h2>Snake hunting</h2>
<p>On May 9, the US Department of Justice <a href="https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-snake-malware-network-controlled">announced</a> the Federal Bureau of Investigation had finally disrupted the global Snake <a href="https://www.digitalcitizen.life/what-is-p2p-peer-to-peer/">peer-to-peer network</a> of infected computers.</p>
<p>The covert network allowed infected computers to collect sensitive information. The Snake malware then disguised the sensitive information through sophisticated <a href="https://us.norton.com/blog/privacy/what-is-encryption">encryption</a>, and sent it to the spy masters.</p>
<p>Since the Snake malware used custom <a href="https://www.comptia.org/content/guides/what-is-a-network-protocol">communication protocols</a>, its covert operations remained undetected for decades. You can think of custom protocols as a way to transmit information so it can go undetected.</p>
<p>However, with Russia’s war in Ukraine and the rise in cybersecurity activity over the past few years, the FBI has increased its monitoring of Russian cyber threats.</p>
<p>While the Snake malware is an elegantly designed piece of code, it is complex and needs to be precisely deployed to avoid detection. According to the Department of Justice’s press release, Russian cyber spies were careless in more than a few instances and did not deploy it as designed. </p>
<p>As a result, the Americans discovered Snake, and crafted a response.</p>
<h2>Snake bites</h2>
<p>The FBI received a court order to <a href="https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-snake-malware-network-controlled">dismantle Snake</a> as part of an operation code-named MEDUSA.</p>
<p>They developed a tool called PERSEUS that causes the Snake malware to <a href="https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-snake-malware-network-controlled">disable</a> itself and stop further infection of other computers. The <a href="https://www.cyber.gov.au/about-us/advisories/hunting-russian-intelligence-snake-malware">PERSEUS</a> tool and instructions are freely available to guide detection, patching and remediation.</p>
<p>The Department of Justice <a href="https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-snake-malware-network-controlled">advises</a> that PERSEUS only stops this malware on computers that are already infected; it does not <a href="https://blogs.iuvotech.com/what-is-patching-and-why-is-it-important">patch</a> vulnerabilities on other computers, or search for and remove other malware. </p>
<p>Even though the Snake network has been disrupted, the department warned <a href="https://www.splunk.com/en_us/blog/learn/vulnerability-vs-threat-vs-risk.html">vulnerabilities</a> may still exist for users, and they should follow safe <a href="https://www.digitalguardian.com/blog/what-cyber-hygiene-definition-cyber-hygiene-benefits-best-practices-and-more">cybersecurity hygiene</a> practices. </p>
<h2>Snake bite treatment</h2>
<p>Fortunately, effective cybersecurity hygiene isn’t overly complicated. <a href="https://www.microsoft.com/en/security/business/microsoft-digital-defense-report-2022">Microsoft</a> has identified five activities that protect against 98% of cybersecurity attacks, whether you’re at home or work.</p>
<ol>
<li><p><a href="https://www.onelogin.com/learn/what-is-mfa">Enable multi-factor authentication</a> across all your online accounts and apps. This login process requires multiple steps such as entering your password, followed by a code received through a SMS message – or even a biometric fingerprint or secret question (favourite drummer? Ringo!).</p></li>
<li><p><a href="https://www.csoonline.com/article/3695697/what-is-zero-trust-and-why-is-it-so-important.html">Apply “zero trust” principles</a>. It’s best practice to authenticate, authorise and continuously validate all system users (internal and external) to ensure they have the right to use the systems. The zero trust approach should be applied whether you’re using computer systems at work or home.</p></li>
<li><p><a href="https://www.cyber.gov.au/protect-yourself/securing-your-devices/how-secure-your-device/anti-virus-software">Use modern anti-malware</a> programs. Anti-malware, also known as antivirus software, protects and removes malware from our systems, big and small.</p></li>
<li><p><a href="https://www.techtarget.com/whatis/feature/5-reasons-software-updates-are-important">Keep up to date</a>. Regular system and software updates not only help keep new applications secure, but also patch vulnerable areas of your system.</p></li>
<li><p><a href="https://geekflare.com/data-backup-best-practices/">Protect your data</a>. Make a copy of your important data, whether it’s a physical printout or on an external device disconnected from your network, such as an external drive or USB.</p></li>
</ol>
<p>Like most Australians, I have been a victim of a cyberattack. And between the recent <a href="https://www.abc.net.au/news/2023-04-21/optus-hack-class-action-customer-privacy-breach-data-leaked/102247638">Optus</a> data breach and the <a href="https://www.abc.net.au/news/2022-10-15/woolworths-mydeal-cyber-attack-hack-information-leaked/101539686">Woolworths MyDeal</a> and <a href="https://www.afr.com/technology/cyber-experts-worry-as-medibank-puts-hack-behind-it-20230223-p5cn10">Medibank</a> attacks, people are catching on to just how dire the consequences of these events can be. </p>
<p>We can expect malicious cyberattacks to increase in the future, and their impact will only become more severe. The Snake malware is a sophisticated piece of software that raises yet another concern. But in this case, we have the antidote and can protect ourselves by proactively following the above steps. </p>
<p>If you have concerns about the Snake malware you can read more <a href="https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3389044/us-agencies-and-allies-partner-to-identify-russian-snake-malware-infrastructure/">here</a>, or speak to the fine folks at your IT service desk.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/holding-the-world-to-ransom-the-top-5-most-dangerous-criminal-organisations-online-right-now-163977">Holding the world to ransom: the top 5 most dangerous criminal organisations online right now</a>
</strong>
</em>
</p>
<hr>
<img src="https://counter.theconversation.com/content/205405/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Greg Skulmoski works at Bond University and having it's academics comment on the news elevates Bond University's reputation. </span></em></p>The Snake network has been detected in more than 50 countries, including Australia.Greg Skulmoski, Associate Professor, Project Management, Bond UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1830412022-05-27T05:24:25Z2022-05-27T05:24:25ZThere are systems ‘guarding’ your data in cyberspace – but who is guarding the guards?<figure><img src="https://images.theconversation.com/files/465616/original/file-20220527-12-tn6xzn.jpeg?ixlib=rb-1.1.0&rect=247%2C166%2C3587%2C1988&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>We use internet-connected devices to access our bank accounts, keep our transport systems moving, communicate with our colleagues, listen to music, undertake commercially sensitive tasks – and order pizza. Digital security is integral to our lives, every day. </p>
<p>And as our IT systems become more complex, the potential for vulnerabilities increases. More and more organisations are being breached, leading to financial loss, interrupted supply chains and identity fraud. </p>
<p>The current best practice in secure technology architecture used by major businesses and organisations is a “zero trust” approach. In other words, no person or system is trusted and every interaction is verified through a central entity. </p>
<p>Unfortunately, absolute trust is then placed in the verification system being used. So breaching this system gives an attacker the keys to the kingdom. To address this issue, “decentralisation” is a new paradigm that removes any single point of vulnerability.</p>
<p>Our work investigates and develops the algorithms required to set up an effective decentralised verification system. We hope our efforts will help safeguard digital identities, and bolster the security of the verification processes so many of us rely on.</p>
<h2>Never trust, always verify</h2>
<p>A zero trust system implements verification at every possible step. Every user is verified, and every action they take is verified, too, before implementation.</p>
<p>Moving towards this approach is considered so important that US President Joe Biden made an <a href="https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/">executive order</a> last year requiring all US federal government organisations to adopt a zero trust architecture. Many commercial organisations are following suit. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/zero-trust-security-assume-that-everyone-and-everything-on-the-internet-is-out-to-get-you-and-maybe-already-has-160969">Zero-trust security: Assume that everyone and everything on the internet is out to get you – and maybe already has</a>
</strong>
</em>
</p>
<hr>
<p>However, in a zero trust environment absolute faith is (counter intuitively) placed in the validation and verification system, which in most cases is an Identity and Access Management (IAM) system. This creates a single trusted entity which, if breached, gives unencumbered access to the entire organisations systems. </p>
<p>An attacker can use one user’s stolen credentials (such as a username and password) to impersonate that user and do anything they’re authorised to do – whether it’s opening doors, authorising certain payments, or copying sensitive data. </p>
<p>However, if an attacker gains access to the entire IAM system, they can do anything the system is capable of. For instance, they may grant themselves authority over the entire payroll. </p>
<p>In January, identity management company Okta was hacked. Okta is a single-sign-on service that allows a company’s employees to have one password for all the company’s systems (as large companies often use multiple systems, with each requiring different login credentials). </p>
<p>When Okta was hacked, large companies who use their services, including FedEx, were <a href="https://www.reuters.com/technology/authentication-services-firm-okta-says-it-is-investigating-report-breach-2022-03-22/">concerned</a> their accounts could be compromised. The attacker accessed some data, but <a href="https://www.okta.com/blog/2022/04/okta-concludes-its-investigation-into-the-january-2022-compromise/">did not</a> gain control over any accounts. </p>
<p>So long as IAM systems are a central point of authority over organisations, they will continue to be an attractive target for attackers. </p>
<h2>Decentralising trust</h2>
<p>In our latest work, we refined and validated algorithms that can be used to create a decentralised verification system, which would make hacking a lot more difficult. Our industry collaborator, <a href="https://tide.org/">TIDE</a>, has developed a prototype system using the validated algorithms.</p>
<p>Currently, when a user sets up an account on an IAM system, they choose a password which the system should encrypt and store for later use. But even in an encrypted form, stored passwords are attractive targets. And although multi-factor authentication is useful for confirming a user’s identity, it can be circumvented.</p>
<p>If passwords could be verified without having to be stored like this, attackers would no longer have a clear target. This is where decentralisation comes in. </p>
<p>Instead of placing trust in a single central entity, decentralisation places trust in the network as a whole, and this network can exist outside of the IAM system using it. The mathematical structure of the algorithms underpinning the decentralised authority ensure that no single node that can act alone. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/465614/original/file-20220527-16-qism61.jpeg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/465614/original/file-20220527-16-qism61.jpeg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/465614/original/file-20220527-16-qism61.jpeg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=250&fit=crop&dpr=1 600w, https://images.theconversation.com/files/465614/original/file-20220527-16-qism61.jpeg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=250&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/465614/original/file-20220527-16-qism61.jpeg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=250&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/465614/original/file-20220527-16-qism61.jpeg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=314&fit=crop&dpr=1 754w, https://images.theconversation.com/files/465614/original/file-20220527-16-qism61.jpeg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=314&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/465614/original/file-20220527-16-qism61.jpeg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=314&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Decentralisation (the same concept which underpins the blockchain) refers to a transference of authority within a system, from a central point of control, to several different entities.</span>
<span class="attribution"><span class="source">Shutterstock</span></span>
</figcaption>
</figure>
<p>Moreover, each node on the network can be operated by an independently operating organisation, such as a bank, telecommunication company or government departments. So stealing a single secret would require hacking several independent nodes. </p>
<p>Even in the event of an IAM system breach, the attacker would only gain access to some user data – not the entire system. And to award themselves authority over the entire organisation, they would need to breach a combination of 14 independently operating nodes. This isn’t impossible, but it’s a lot harder.</p>
<p>But beautiful mathematics and verified algorithms still aren’t enough to make a usable system. There’s more work to be done before we can take decentralised authority from a concept, to a functioning network that will keep our accounts safe.</p>
<hr>
<p><em>Correction: this article was updated to reflect that, while the Okta data breach gave hackers access to certain data, follow-up investigations found they did not gain control over clients’ systems.</em></p><img src="https://counter.theconversation.com/content/183041/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Joanne Hall collaborated with TIDE foundation on this project. She received funding from the Australian National University (acting in partnership with the Defence Science Technology Group (DTSG)) to report on and present this project. Dr Hall is also recving funding from the Australian Women in Security Network.</span></em></p><p class="fine-print"><em><span>Dr. Geetika Verma collaborated with TIDE foundation on this project. She received funding from the Australian National University (acting in partnership with the Defence Science Technology Group (DTSG)) to report on and present this project. In past, Dr. Geetika Verma has worked on a mathematics research project at University of South Australia funded by ARC Discovery Grant . </span></em></p><p class="fine-print"><em><span>Matthew P. Skerritt collaborated with TIDE foundation on this project. He received funding from from the Australian National University (acting in partnership with the Defence Science Technology Group (DTSG)) to report on and present this project.</span></em></p>Many organisations abide by a “zero trust” rule wherein absolute trust is placed in nothing, apart from a central identity and access management system. But what happens when this system is breached?Joanne Hall, Senior Lecturer in Mathematics and Cybersecurity, RMIT UniversityGeetika Verma, Lecturer in Mathematics, RMIT UniversityMatthew P. Skerritt, Lecturer, RMIT UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1779092022-02-25T05:02:03Z2022-02-25T05:02:03ZAs Russia wages cyber war against Ukraine, here’s how Australia (and the rest of the world) could suffer collateral damage<figure><img src="https://images.theconversation.com/files/448466/original/file-20220225-25-17yxd19.jpeg?ixlib=rb-1.1.0&rect=35%2C0%2C5955%2C3997&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Getty Images</span></span></figcaption></figure><p>The <a href="https://www.cyber.gov.au/acsc/view-all-content/alerts/australian-organisations-encouraged-urgently-adopt-enhanced-cyber-security-posture">Australian Cyber Security Centre</a> is asking organisations and businesses to be on high alert amid Russia’s cyber attack <a href="https://theconversation.com/russia-is-using-an-onslaught-of-cyber-attacks-to-undermine-ukraines-defence-capabilities-177638">bombardment of Ukraine</a>. </p>
<p>The United Kingdom’s National Cyber Security Centre issued a similar <a href="https://www.ncsc.gov.uk/news/organisations-urged-to-bolster-defences">warning</a>, as have <a href="https://www.cisa.gov/uscert/ncas/current-activity/2022/02/18/ncsc-nz-releases-advisory-cyber-threats-related-russia-ukraine">New Zealand</a> and the United States <a href="https://www.cisa.gov/shields-up">Department of Homeland Security</a>.</p>
<p>The Australian Cyber Security Centre has said it is not aware of any specific direct threat to Australia, but that the country could be affected by “unintended disruption or uncontained malicious cyber activities”. </p>
<p>It wouldn’t be the first time a Russian cyber attack has caused serious collateral damage to nations that aren’t its intended target. </p>
<h2>Attacks so far</h2>
<p>Ukraine has suffered through a sustained digital assault from Russia over the past few weeks. One of the most penetrative attacks came on Wednesday, <a href="https://apnews.com/article/russia-ukraine-technology-business-europe-russia-9e9f9e9b52eaf53cf9d8ade0588b661b">cutting off access</a> to several Ukrainian government and banking websites – followed by more on Thursday. </p>
<p>These were distributed denial of service attacks, in which the perpetrator knocks targeted websites offline by flooding them with bot traffic.</p>
<p>Meanwhile, experts at the internet security company ESET <a href="https://www.reuters.com/world/europe/ukrainian-government-foreign-ministry-parliament-websites-down-2022-02-23/">identified</a> a malicious data-wiping malware called “HermeticWiper” circulating on hundreds of computers in Ukraine, Latvia and Lithuania – which they said may have been months in the making.</p>
<p>According <a href="https://www.theguardian.com/world/2022/feb/24/russia-unleashed-data-wiper-virus-on-ukraine-say-cyber-experts">to reports</a>, experts from software company Symantec found the malware had affected Ukrainian government contractors in Latvia and Lithuania and a Ukrainian bank.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/russia-is-using-an-onslaught-of-cyber-attacks-to-undermine-ukraines-defence-capabilities-177638">Russia is using an onslaught of cyber attacks to undermine Ukraine's defence capabilities</a>
</strong>
</em>
</p>
<hr>
<h2>How the impact will be felt</h2>
<p>Australia’s risk in the face of ongoing cyber attacks from Russia would almost certainly come in the form of a “spill over” effect. </p>
<p>For example, if a Ukrainian bank is targeted and goes offline, this would still impact Australians who use that bank to receive or send money to Ukraine. Attacks on banks are particularly alarming when you consider Ukraine’s dire need for <a href="https://www.politico.eu/article/eu-to-provide-emergency-financial-aid-to-ukraine/">financial aid and economic support</a> right now.</p>
<p>All global business conducted with, or through, the bank will be affected – and the impact could reach virtually anywhere in the world. Similarly, distributed denial of service attacks on Ukrainian news media would also have global ramifications, by limiting the exchange of crucial information. </p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1494685578834726916"}"></div></p>
<p>Another concern is the potential for Russia to cut off gas supplies flowing through Ukraine to Europe, either directly or through a cyber-enabled attack (the <a href="https://theconversation.com/the-colonial-pipeline-ransomware-attack-and-the-solarwinds-hack-were-all-but-inevitable-why-national-cyber-defense-is-a-wicked-problem-160661">Colonial Pipeline</a> attack being a recent example). This also introduces significant market instability, resulting in shortages and driving up prices (including for <a href="https://theconversation.com/what-russias-war-means-for-australian-petrol-prices-2-10-a-litre-177719">Australia</a>).</p>
<p>Australian companies are a part of global supply chains. Many will have interests in Russia and/or Ukraine. Thus they will also have digital, and potentially even direct network connections with them, through a virtual private network – which allows users to establish a private network over a public internet connection (and which can be used to spread malware between connected devices).</p>
<p>Once a “wiper” malware – the likes of that currently circulating in Ukraine – gets enough footing, it can spread across countries within minutes. If an office in Canberra with a virtual private network connection based in Ukraine becomes compromised, it can allow the malware to jump countries.</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1496581904916754435"}"></div></p>
<p>The NotPetya malware attack in 2017 is a pertinent example. This “self-propogating” malware spread globally and caused billions of dollars’ worth of damage. It, too, was attributed to a Russian source by investigators, and traced back to the update mechanism for a tax-accounting software application used widely <a href="https://arstechnica.com/information-technology/2017/07/heavily-armed-police-raid-company-that-seeded-last-weeks-notpetya-outbreak/">in Ukraine</a>.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/three-ways-the-notpetya-cyberattack-is-more-complex-than-wannacry-80266">Three ways the 'NotPetya' cyberattack is more complex than WannaCry</a>
</strong>
</em>
</p>
<hr>
<h2>Leveraging the chaos</h2>
<p>Apart from malicious Russian state-sponsored cyber crime, the current mayhem unfolding in Ukraine provides opportunity for cyber criminals more generally, too. </p>
<p>It’s very difficult to attribute cyber crime. While experts can analyse code taken from malware, this is usually a slow and costly process. Cyber criminals the world over may want to take advantage of the chaos, and try to carry out attacks they may not otherwise get away with.</p>
<p>Among all the noise, and with so many Ukrainians (including cyber security professionals) either displaced or fleeing, the chances of being caught may be lower. Also, it is likely any major cyber affliction will be blamed on Russia – at least initially.</p>
<p>At the same time, we might see an increase in phishing and scam attempts as a result of the crisis. Opportunistic criminals use global narratives to add credibility to their scams. For instance, they may send phishing emails posing as a Ukrainian citizen desperate for emergency funds. </p>
<h2>How can businesses protect themselves?</h2>
<p>A critical step in a defensive posture for companies and organisations in Australia is to determine their exposure level. This means being acutely aware of any direct or indirect connection with Ukraine and Russia, and the online systems and supply chains these countries partake in.</p>
<p>Employers also have a duty of care to employees who may have loved ones or other connections in Ukraine, and may be more vulnerable to various forms of cyber attacks exploiting the current situation. </p>
<p>And of course, the most basic cyber security advice is once more relevant. That is, individuals, businesses and organisations must take special care to ensure <em>all</em> devices are up-to-date and have software patches installed. </p>
<p>The 2017 NotPetya attacks were, in part, successful because the malware exploited a vulnerability in Microsoft Windows – even though a patch to fix it was available at the time. But the massive number of devices that hadn’t been patched meant NotPetya could spread without constraint. </p>
<p>In the case of Ukraine, where <a href="https://outsourcingreview.org/software-piracy-why-you-shouldnt-get-scared-of-outsourcing-to-ukraine/">pirated software is common</a>, this issue is particularly prevalent. Complications with (or a lack of) proper software licensing means updates may not be accessed or installed.</p><img src="https://counter.theconversation.com/content/177909/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Paul Haskell-Dowland does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>These days sophisticated malware can spread like wildfire, thanks to transnational businesses and organisations providing bridges across countries.Paul Haskell-Dowland, Professor of Cyber Security Practice, Edith Cowan UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1769802022-02-16T18:56:28Z2022-02-16T18:56:28Z‘You can’t stop it’: in rural Australia, digital coercive control can be inescapable<figure><img src="https://images.theconversation.com/files/446692/original/file-20220216-19-1g463uz.jpeg?ixlib=rb-1.1.0&rect=0%2C0%2C2000%2C1332&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>Domestic and family violence perpetrators commonly use technology such as phones and other devices as a weapon to control and entrap victims and survivors, alongside other forms of abuse. This “<a href="https://academic.oup.com/bjc/article/59/3/530/5172990?login=true">digital coercive control</a>” is not bound to a particular location and can follow targets anywhere, any time they access devices or digital media. </p>
<p>For women outside urban Australia, technology-enabled abuse can pose more risk than for those in cities. In research funded by the <a href="https://www.aic.gov.au">Australian Institute of Criminology</a>, we spoke to <a href="https://doi.org/10.52922/ti78405">13 such women who have been subjected to digital coercive control</a> to understand what it is like.</p>
<h2>The disturbing side of technology</h2>
<blockquote>
<p>… you see a side of a phone that you probably wish you didn’t know about [Shelly]</p>
</blockquote>
<p>The women reported that abusers used technology to harass and stalk. The majority experienced image-based sexual abuse (the creation and/or release of intimate images without consent) or recordings made of victims or survivors, overtly or covertly. </p>
<p>Some experienced doxxing (release of personal and identifiable information). Perpetrators in some cases impersonated real or fake people and initiated contact with women or their children. Authorised functions of phones and other devices and accounts were sometimes impaired, or unauthorised functions enabled. </p>
<blockquote>
<p>I think you can feel a lot safer knowing they are not in proximity; they can’t hurt me. When it comes to technology it can – I guess you’re more hyper-vigilant because they can come any time and you can’t stop it. Even if you block someone, they find another way. They do; he always found other means to make contact with me. I never – I guess you never got to escape, which I hadn’t experienced before, because every other type of abuse I was able to – it ended at some point. [Kira]</p>
</blockquote>
<h2>It is different outside the cities</h2>
<p>These behaviours have also been observed in <a href="https://accan.org.au/Domestic%20Violence%20and%20Communication%20Technology%20final%20report%2020190801.pdf">urban settings in Australia</a>. Also, like in cities, we found that violence persisted (and often increased) after separation. </p>
<p>However, women outside cities face higher barriers when seeking help and responding to family violence, and they can also be at greater risk.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/technology-enabled-abuse-how-safety-by-design-can-reduce-stalking-and-domestic-violence-170636">Technology-enabled abuse: how 'safety by design' can reduce stalking and domestic violence</a>
</strong>
</em>
</p>
<hr>
<p>Domestic violence agencies are further from women’s homes in non-urban areas, as we have observed in this study and in <a href="https://eprints.qut.edu.au/104420/13/Landscapes%2Bof%2BViolence%2BCW%2Bedit%2BFINAL.pdf">other work</a>. Legal services can be limited and there are shortages in alternative and crisis accommodation. </p>
<p>Complicated financial arrangements and pressures may hinder women’s ability to exit violent relationships, such as where they work on farms or other small businesses and there may be few employment and educational opportunities in the region. </p>
<h2>No anonymity</h2>
<p>Numerous survivors spoke of the lack of anonymity in rural areas, so they and/or their abusers were more likely to be known when disclosing and reporting violence. This can be confronting, especially when perpetrators are well-known and well liked. </p>
<blockquote>
<p>He is established - he knows people and he’s well liked … he’s in a boys’ club and knows lots of people … whereas I don’t. [Fiona]</p>
</blockquote>
<p>This could be heightened for women with family and networks out of the region or overseas, culturally and linguistically diverse women, criminalised women, or those viewed as “different” outsiders. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/migrant-women-are-particularly-vulnerable-to-technology-facilitated-domestic-abuse-110270">Migrant women are particularly vulnerable to technology-facilitated domestic abuse</a>
</strong>
</em>
</p>
<hr>
<p>As well as actively destroying women’s social networks, abusers would challenge women’s accounts of abuse and attempt to gather allies, as Claire explains: </p>
<blockquote>
<p>He went around the streets telling people that I’m crazy … Because we’re in a small country town he was going in and out of shops … He affiliated himself with one of the local churches and got them on his side. </p>
</blockquote>
<h2>Isolation and fear</h2>
<p>Abusers socially isolate women, and those in non-urban areas are often socially further from family, friends and support services than those urban areas. We found too, that some abusers sought to extend geographic isolation, by moving women to more remote locations. </p>
<p>Technology could provide channels to communicate with others and to seek assistance and support. Natalie had “a good amount of friends” and so would be “on the phone, or I’d be texting, and that was my outlet for a crazy situation”. However, some women felt this was not always possible when devices had been taken over or were monitored by abusers. </p>
<blockquote>
<p>[I was] too scared to use it [technology]. I just couldn’t reach out to people … I didn’t want to use it just in case [Lola]</p>
</blockquote>
<p>Fear loomed large in women’s accounts of digital coercive control. All those we spoke to had contact with police. </p>
<p>Some had positive encounters, most commonly with specialist (domestic and family violence liaison officers, who are less available in many rural areas) but more spoke of negative encounters. Women who were dissatisfied with police felt that officers were dismissive of digital coercive control. </p>
<h2>‘Homicide flags’</h2>
<p>We believe digital coercive control warrants attention. Coercive control, obsessive tendencies, stalking, and threats to kill or self-harm have all been noted as signals of fatal violence by <a href="https://www.courts.qld.gov.au/__data/assets/pdf_file/0003/586182/domestic-and-family-violence-death-review-and-advisory-board-annual-report-2017-18.pdf">death review teams</a>. </p>
<p>The women we interviewed reported all these behaviours. Non-fatal strangulation is another “homicide flag” and was reported by 46% of our participants. </p>
<p>Firearm ownership and threats to use firearms also signal high risk. Firearm ownership is common on farms and in many rural areas. </p>
<p>An assault can become a homicide in rural areas, because of the sheer distance between the site of an attack and a hospital or medic. </p>
<p>It is imperative that we acknowledge and address how technology is used against survivors and the impact that technology-facilitated abuse has on women across landscapes. We must also recognise that women in rural locations face elevated risks, and that digital coercive control can provide evidence and signal risk of fatal violence.</p>
<hr>
<p><em>Pseudonyms have been used for the women quoted in this article.</em></p>
<p><em>The National Sexual Assault, Family & Domestic Violence Counselling Line – <a href="https://www.1800respect.org.au">1800 RESPECT</a> (1800 737 732) – is available 24 hours a day, seven days a week for any Australian who has experienced, or is at risk of, family and domestic violence and/or sexual assault.</em></p><img src="https://counter.theconversation.com/content/176980/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Bridget Harris receives funding from the Australian Research Council and has previously received funding from The eSafety Commissioner. This work was funded by the Australian Institute of Criminology. She has completed and ongoing grants funded by this organisation. </span></em></p><p class="fine-print"><em><span>Delanie Woodlock has previously received funding from The eSafety Commissioner. This work was funded by the Australian Institute of Criminology. She has completed and ongoing grants funded by this organisation</span></em></p>For women outside urban Australia, technology-enabled abuse can pose more risk than for those in cities.Bridget Harris, Associate professor, Queensland University of TechnologyDelanie Woodlock, UNSW SydneyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1722032021-11-29T13:34:11Z2021-11-29T13:34:11ZHow vulnerable is your personal information? 4 essential reads<figure><img src="https://images.theconversation.com/files/433600/original/file-20211124-18-1bwu0dl.jpg?ixlib=rb-1.1.0&rect=0%2C0%2C2000%2C1128&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Chances are some of your data has already been stolen, but that doesn't mean you should shrug data breaches off.</span> <span class="attribution"><a class="source" href="https://www.gettyimages.com/detail/illustration/dark-red-bg-with-data-breach-glitch-effect-royalty-free-illustration/1159096315">WhataWin/iStock via Getty Images</a></span></figcaption></figure><p>When you enter your personal information or credit card number into a website, do you have a moment of hesitation? A nagging sense of vulnerability prompted by the parade of headlines about data breaches and hacks? If so, you probably push those feelings aside and hit the submit button, because, well, you need to shop, apply for that job, file that insurance claim, apply for that loan, or do any of the other sensitive activities that take place online these days.</p>
<p>First, the bad news. If you regularly enter sensitive information online, chances are you’ve had some data stolen somewhere at some point. By one estimate, the average American <a href="https://www.techrepublic.com/article/average-us-citizen-had-personal-information-stolen-at-least-4-times-in-2019/">had data stolen at least four times</a> in 2019. And the hits keep coming. For instance, a data breach at the wireless carrier T-Mobile reported in August 2021 <a href="https://www.vice.com/en/article/akg8wg/tmobile-investigating-customer-data-breach-100-million">affected 100 million people</a>. </p>
<p>Now for some good news. Not all hacks are the same, and there are steps you can take to protect yourself. The Conversation gathered four articles from our archives that illuminate the types of threats to your online data, what data thieves do with your stolen information, and what you can do about it.</p>
<h2>1. Take stock of your risk</h2>
<p>Not all cyberattacks are the same, and not all personal data is the same. Was an organization that has your information the victim of a ransomware attack? Chances are your information won’t be stolen, though the organization’s copy of it could be rendered unusable. </p>
<p>If an organization you deal with did have customer data stolen, what data of yours did the thieves get? <a href="https://theconversation.com/profiles/merrill-warkentin-570030">Merrill Warkentin</a>, a professor of information systems at Mississippi State University, writes that you should ask yourself some questions to <a href="https://theconversation.com/ransomware-data-breach-cyberattack-what-do-they-have-to-do-with-your-personal-information-and-how-worried-should-you-be-162404">assess your risk</a>. If the stolen data was your purchase history, maybe that won’t be used to hurt you. But if it was your credit card number, that’s a different story.</p>
<p>Data breaches are a good opportunity “to change your passwords, especially at banks, brokerages and any site that retains your credit card number,” he wrote. In addition to using unique passwords and two-factor authentication, “you should also consider closing old unused accounts so that the information associated with them is no longer available.” </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/ransomware-data-breach-cyberattack-what-do-they-have-to-do-with-your-personal-information-and-how-worried-should-you-be-162404">Ransomware, data breach, cyberattack: What do they have to do with your personal information, and how worried should you be?</a>
</strong>
</em>
</p>
<hr>
<h2>2. The market for your stolen data</h2>
<p>Most data breaches are financial crimes, but the hackers generally don’t use the stolen data themselves. Instead, they sell it on the black market, usually via <a href="https://qz.com/260716/these-are-the-websites-where-hackers-flip-stolen-credit-card-data-after-an-attack/">websites on the dark web</a>, for other criminals and scammers to use.</p>
<p>This black market is awash in personal data, so much so that your information is probably worth a lot less than you would guess. For example, stolen PayPal account information <a href="https://www.privacyaffairs.com/dark-web-price-index-2021/">goes for $30</a>. </p>
<p>Buyers <a href="https://theconversation.com/heres-how-much-your-personal-information-is-worth-to-cybercriminals-and-what-they-do-with-it-158934">use stolen data in several ways</a>, writes <a href="https://theconversation.com/profiles/ravi-sen-1224935">Ravi Sen</a>, an associate professor of information and operations management at Texas A&M University. Common uses are stealing your money or identity. “Credit card numbers and security codes can be used to create clone cards for making fraudulent transactions,” he writes. “Social Security numbers, home addresses, full names, dates of birth and other personally identifiable information can be used in identity theft.”</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/heres-how-much-your-personal-information-is-worth-to-cybercriminals-and-what-they-do-with-it-158934">Here’s how much your personal information is worth to cybercriminals – and what they do with it</a>
</strong>
</em>
</p>
<hr>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/jYOhtd-87n8?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">The T-Mobile breach revealed in August 2021 exemplifies the challenges consumers face when hackers steal their information from large corporations.</span></figcaption>
</figure>
<h2>3. How to prepare for the inevitable</h2>
<p>With all this bad news, it’s tempting to throw up your hands and assume there’s nothing you can do. <a href="https://theconversation.com/profiles/w-david-salisbury-664918">W. David Salisbury</a>, a professor of cybersecurity management, and <a href="https://theconversation.com/profiles/rusty-baldwin-664994">Rusty Baldwin</a>, a research professor of computer science at the University of Dayton, write that there are <a href="https://theconversation.com/data-breaches-are-inevitable-heres-how-to-protect-yourself-anyway-109763">steps you can take to protect yourself</a>.</p>
<p>[<em>Over 140,000 readers rely on The Conversation’s newsletters to understand the world.</em> <a href="https://memberservices.theconversation.com/newsletters/?source=inline-140ksignup">Sign up today</a>.]</p>
<p>“Think defensively about how you can protect yourself from an almost inevitable attack, rather than assuming you’ll avoid harm,” they write. The key is focusing on the information that’s most important to protect. Uppermost are your passwords, particularly for banking and government services. Use different passwords for different sites, and use long – though not necessarily complicated – passwords, they write.</p>
<p>The most effective way to protect your data is to add another layer of security via multifactor authentication. And rather than rely on websites to text or email you authentication codes, which can be hijacked, you should use an app or USB device that uses <a href="https://ssd.eff.org/en/module/deep-dive-end-end-encryption-how-do-public-key-encryption-systems-work">public-key encryption</a>, they write.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/data-breaches-are-inevitable-heres-how-to-protect-yourself-anyway-109763">Data breaches are inevitable – here's how to protect yourself anyway</a>
</strong>
</em>
</p>
<hr>
<h2>4. Don’t make it easy for the thieves</h2>
<p>The risk to your personal information isn’t just having it stolen from a third party. <a href="https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams">Phishing attacks</a> can get you to do the thieves’ work for them. These emails fool people into entering personal information and passwords on fake websites controlled by data thieves.</p>
<p>It turns out that you’re probably pretty good at sensing when something is off about an email message. <a href="https://theconversation.com/profiles/rick-wash-1266664">Rick Wash</a>, an associate professor of information science and cybersecurity at Michigan State University, found that the average person <a href="https://theconversation.com/you-know-how-to-identify-phishing-emails-a-cybersecurity-researcher-explains-how-to-trust-your-instincts-to-foil-the-attacks-169804">is as good as a cybersecurity expert</a> at sensing when something is weird about an email message. </p>
<p>The trick to protecting yourself from phishing attacks is remembering that phishing exists and could explain what you’re sensing about an email message. </p>
<p>“The people who were good at noticing phishing messages reported stories about specific phishing incidents they had heard about,” he wrote. “Familiarity with specific phishing incidents helps people remember phishing generally.”</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/you-know-how-to-identify-phishing-emails-a-cybersecurity-researcher-explains-how-to-trust-your-instincts-to-foil-the-attacks-169804">You know how to identify phishing emails – a cybersecurity researcher explains how to trust your instincts to foil the attacks</a>
</strong>
</em>
</p>
<hr>
<p><em>Editor’s note: This story is a roundup of articles from The Conversation’s archives.</em></p><img src="https://counter.theconversation.com/content/172203/count.gif" alt="The Conversation" width="1" height="1" />
Data breaches have become a fact of life. Here are articles from The Conversation that detail the threat, why it happens and what you can do to protect yourself.Eric Smalley, Science + Technology EditorLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1706362021-11-11T07:00:27Z2021-11-11T07:00:27ZTechnology-enabled abuse: how ‘safety by design’ can reduce stalking and domestic violence<figure><img src="https://images.theconversation.com/files/431411/original/file-20211111-17-5g2s2k.jpg?ixlib=rb-1.1.0&rect=0%2C0%2C2000%2C1335&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Dragana Gordic / Shutterstock</span></span></figcaption></figure><p>Mobile phones and online technologies are frequently used by <a href="https://eprints.qut.edu.au/199781/1/V1_Briefing_Paper_template.pdf">perpetrators of domestic and family violence</a> to coerce, control and restrict the freedoms of victims and survivors.</p>
<p>Recent death reviews have found that <a href="https://www.courts.qld.gov.au/__data/assets/pdf_file/0003/586182/domestic-and-family-violence-death-review-and-advisory-board-annual-report-2017-18.pdf">stalking by technology</a> and the use of fake social media identities are becoming more common elements in cases of <a href="https://www.coroners.nsw.gov.au/content/dam/dcj/ctsd/coronerscourt/documents/reports/2017-2019_DVDRT_Report.pdf">domestic and family violence homicide</a>. </p>
<p>In Australia, there are two leading agencies working to reduce this kind of technology-enabled abuse: <a href="https://wesnet.org.au/">WESNET</a> and the <a href="https://www.esafety.gov.au/women/domestic-family-violence">eSafety Commissioner</a>. Both provide training for advocates and practitioners, as well as resources for victims and survivors. WESNET also provides <a href="https://wesnet.org.au/ourwork/telstra/">replacement phones</a>. </p>
<p>Their work – and the “safety work” of people experiencing violence – is made more difficult by tech products and services that treat user safety as an afterthought. Platforms and the tech industry can do a lot to reduce harm by building in user safety from the earliest stages of product design.</p>
<h2>Creating risk</h2>
<p>At present, major tech companies often design and manage devices and digital media without considering user vulnerabilities. </p>
<p><a href="https://support.google.com/adspolicy/answer/9726908?hl=en&ref_topic=29265">Until 2020</a>, Google allowed <a href="https://www.techsafety.org/spyware-and-stalkerware-phone-surveillance">spyware and stalkerware</a> – software designed to be covertly installed on a phone to monitor and record photos, videos, texts, calls and other information – to be freely advertised on its platform. It banned the ads amidst mounting evidence that this kind of software is used to <a href="https://nyuscholars.nyu.edu/en/publications/the-spyware-used-in-intimate-partner-violence">enact intimate partner violence</a>.</p>
<p>In April 2021 Apple released coin-sized tiles called AirTags intended to help people keep track of belongings via Bluetooth signals. After they were criticised as presenting a serious security risk by enabling <a href="https://www.macobserver.com/news/airtags-pose-domestic-abuse-risk-leading-nonprofit-warns/">stalking of intimate partners</a>, Apple <a href="https://www.bbc.com/news/technology-57351554">updated the devices</a> to make them beep at random intervals if they were away from the owner’s phone.</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/431414/original/file-20211111-21-1fafwyu.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/431414/original/file-20211111-21-1fafwyu.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=372&fit=crop&dpr=1 600w, https://images.theconversation.com/files/431414/original/file-20211111-21-1fafwyu.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=372&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/431414/original/file-20211111-21-1fafwyu.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=372&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/431414/original/file-20211111-21-1fafwyu.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=467&fit=crop&dpr=1 754w, https://images.theconversation.com/files/431414/original/file-20211111-21-1fafwyu.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=467&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/431414/original/file-20211111-21-1fafwyu.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=467&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Apple’s AirTags had safety features added after release following criticism.</span>
<span class="attribution"><span class="source">Jack Skeens / Shutterstock</span></span>
</figcaption>
</figure>
<p>Facebook’s new smart glasses have also <a href="https://theconversation.com/can-facebooks-smart-glasses-be-smart-about-security-and-privacy-170002">sparked privacy concerns</a>, like <a href="https://mashable.com/article/snapchat-spectacles-privacy-safety">Snapchat’s Spectacles</a> and <a href="https://www.wired.com/story/google-glass-reasonable-expectation-of-privacy/">Google Glass</a> before them. The glasses contain cameras and microphones that enable (potentially covert) recording. </p>
<p><a href="https://tech.fb.com/ray-ban-and-facebook-introduce-ray-ban-stories-first-generation-smart-glasses/">Facebook did consult groups</a> such as the US National Network to End Domestic Violence in an effort to “innovate responsibly”, though there are still concerns about how the glasses might be used. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/can-facebooks-smart-glasses-be-smart-about-security-and-privacy-170002">Can Facebook’s smart glasses be smart about security and privacy?</a>
</strong>
</em>
</p>
<hr>
<h2>Recognising user realities and threat</h2>
<p>Traditional ideas of cybersecurity are focused on “stranger threats”. However, to reduce and combat digital domestic and family violence we need an “intimate threat” model. </p>
<p>Partners and family can compel others to provide access to devices. They may be linked to online accounts or able to guess passwords, based on their intimate knowledge of the owner. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/technology-facilitated-abuse-the-new-breed-of-domestic-violence-74683">Technology-facilitated abuse: the new breed of domestic violence</a>
</strong>
</em>
</p>
<hr>
<p>In this context, technologies that enable surveillance and recording can be used to constrain and threaten victims and survivors in alarming ways, in everyday life.</p>
<p>Understanding and seeking to alleviate risk posed by abusers requires platforms and industry to think proactively about how technologies may be co-opted or weaponised.</p>
<h2>Safety by Design</h2>
<p>The eSafety Commissioner’s <a href="https://www.esafety.gov.au/sites/default/files/2019-10/SBD%20-%20Quick%20guide.pdf">Safety by Design</a> initiative aims to make user safety a priority in the design, development and deployment of online products and services. The initiative revolves around three basic principles.</p>
<p>The first is that service providers are responsible for making user safety the number one priority. This means platforms and other companies work to anticipate how their products may facilitate, increase or encourage harm. In this way the burden of safety will not fall solely on the user.</p>
<p>The second is that users should have power and autonomy to make decisions in their own best interest. Platforms and services should engage in meaningful consultation with users, including diverse and at-risk groups, to ensure their features and functions are accessible and helpful to all.</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/431417/original/file-20211111-25-1jfylzm.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/431417/original/file-20211111-25-1jfylzm.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=314&fit=crop&dpr=1 600w, https://images.theconversation.com/files/431417/original/file-20211111-25-1jfylzm.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=314&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/431417/original/file-20211111-25-1jfylzm.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=314&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/431417/original/file-20211111-25-1jfylzm.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=394&fit=crop&dpr=1 754w, https://images.theconversation.com/files/431417/original/file-20211111-25-1jfylzm.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=394&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/431417/original/file-20211111-25-1jfylzm.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=394&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">‘Safety by design’ makes user safety the top priority in the design of new products and services.</span>
<span class="attribution"><span class="source">Shutterstock</span></span>
</figcaption>
</figure>
<p>The third principle is transparency and accountability about operations and published safety objectives is essential. This also helps users to address safety concerns.</p>
<p>There is growing support for these principles among tech companies. Last year IBM published its own guide to “<a href="https://www.ibm.com/blogs/policy/wp-content/uploads/2020/05/CoerciveControlResistantDesign.pdf">coercive control resistant design</a>”. </p>
<p>Effective approaches must also acknowledge how intersecting or overlapping forms of structural or systemic oppression shape an individual’s experience of technology and can deepen social inequalities. </p>
<p>To realise the goals of safety by design or coercive control resistant design, we will need to review not only the policies but also the actual practices of platforms and industry, as they emerge. </p>
<h2>How tech can improve</h2>
<p>eSafety has produced <a href="https://www.esafety.gov.au/about-us/safety-by-design/assessment-tools">Safety by Design assessment tools</a> to improve and innovate based on good practice and evidence-informed resources and templates. </p>
<p>Platforms and industry have a key role to play in addressing the impacts of domestic and family violence through design. They can and should do more in this space.</p><img src="https://counter.theconversation.com/content/170636/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Bridget Harris receives funding from The Australian Research Council. She has previously conducted research for the eSafety Commissioner and worked on research with WESNET.</span></em></p>When tech companies aim for ‘safety by design’, they can reduce the risk their products will be weaponised for stalking and domestic violence.Bridget Harris, Associate professor, Queensland University of TechnologyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1565832021-03-16T18:53:36Z2021-03-16T18:53:36ZApps that help parents protect kids from cybercrime may be unsafe too<figure><img src="https://images.theconversation.com/files/389505/original/file-20210315-19-4o18k0.jpg?ixlib=rb-1.1.0&rect=0%2C8%2C5391%2C3575&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/happy-boy-white-tshirt-socks-gray-1724276530">Shutterstock</a></span></figcaption></figure><p>Children, like adults, are spending more time online. At home and school pre-schoolers now use an array of apps and platforms to learn, play and be entertained. While there are reported <a href="https://journals.sagepub.com/doi/abs/10.1177/2043610617734985">benefits</a>, including learning through exploration, many parents are still concerned about <a href="https://blogs.lse.ac.uk/parenting4digitalfuture/2020/12/16/from-screen-time-to-online-experiences/">screen time</a>, <a href="https://revistes.ub.edu/index.php/der/article/view/30533">cybersafety</a> and <a href="https://www.commonsensemedia.org/technology-addiction/is-internet-addiction-real">internet addiction</a>.</p>
<p>An increasingly popular technical solution is parental control apps. These enable parents to monitor, filter and restrict children’s online interactions and experiences. Parental control apps that work by blocking dangerous or explicit content can be marketed as “<a href="https://useboomerang.com">taking the battle out of screen time</a>” and giving parents “<a href="https://mamabearapp.com">peace of mind</a>”. </p>
<p>But such a quick fix is inadequate when addressing the complicated reasons behind screen time. Much worse though, the apps expose users to privacy and other safety issues most people aren’t aware of.</p>
<h2>What apps do parents use?</h2>
<p>Research by Australia’s <a href="https://www.esafety.gov.au/about-us/research/digital-parenting/digital-families">eSafety Commission</a> shows 4% of preschoolers’ parents use parental control apps. This increases to 7% of parents with older children and 8% of parents with teenagers. Global trends suggest these figures are bound to rise.</p>
<p>Parents download parental control apps onto a child’s mobile phone, laptop or tablet. Most parental control apps <a href="https://dl.acm.org/doi/10.1145/2998181.2998352">enable parents to monitor or restrict</a> inappropriate online content from wherever they are. They provide parents with insights into which sites their child has visited and for how long, as well as who they have interacted with. </p>
<p><a href="https://www.qustodio.com/en/">Qustudio</a>, for example, claims to keep children “safer from cyber threats” by filtering inappropriate content, setting time limits on use and even monitoring text messages. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/389514/original/file-20210315-23-pn876f.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="Screenshot from Qustodio website that says 'Keep your child's screen time healthy and happy. Qustodio makes it simple to manage and supervise kids' device use.'" src="https://images.theconversation.com/files/389514/original/file-20210315-23-pn876f.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/389514/original/file-20210315-23-pn876f.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=220&fit=crop&dpr=1 600w, https://images.theconversation.com/files/389514/original/file-20210315-23-pn876f.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=220&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/389514/original/file-20210315-23-pn876f.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=220&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/389514/original/file-20210315-23-pn876f.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=277&fit=crop&dpr=1 754w, https://images.theconversation.com/files/389514/original/file-20210315-23-pn876f.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=277&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/389514/original/file-20210315-23-pn876f.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=277&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption"></span>
<span class="attribution"><a class="source" href="https://www.qustodio.com/en/family/how-it-works/">Qustodio</a></span>
</figcaption>
</figure>
<p><a href="https://useboomerang.com">Boomerang</a>, another popular parental control app, enables parents to set time limits per day, per app.</p>
<h2>Why they may not be safe</h2>
<p>Parental control apps need many permissions to access particular systems and functions on devices. <a href="https://content.sciendo.com/view/journals/popets/2020/2/article-p314.xml?language=en">80% of parental control apps</a> request access to location, contacts and storage. </p>
<p>While these permissions help the apps carry out detailed monitoring, some of them may not be necessary for the app to function as described. For instance, several apps designed to monitor children’s online activity ask for permissions such as “read calendar”, “read contacts” and “record audio” — none of which are justified in the app description or the privacy policy.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/83-of-australians-want-tougher-privacy-laws-nows-your-chance-to-tell-the-government-what-you-want-149535">83% of Australians want tougher privacy laws. Now’s your chance to tell the government what you want</a>
</strong>
</em>
</p>
<hr>
<p>Many are considered “dangerous permissions”, which means they are used to access information that could affect the user’s privacy and make their device more vulnerable to attack. </p>
<p>For example, <a href="https://content.sciendo.com/configurable/contentpage/journals$002fpopets$002f2020$002f2$002farticle-p314.xml">Boomerang requests more than 91 permissions</a>, 16 of which are considered “dangerous”. The permission “access fine location” for instance, allows the app to access the precise geographic location of the user. The “read phone state” allows the app to know your phone number, network information and status of outgoing calls. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/389515/original/file-20210315-23-yx32w4.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="Screenshot from Boomerang website. Kids using apps in the photo, with text saying 'Boomerang Parental Control Taking the battle out of screen time.'" src="https://images.theconversation.com/files/389515/original/file-20210315-23-yx32w4.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/389515/original/file-20210315-23-yx32w4.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=304&fit=crop&dpr=1 600w, https://images.theconversation.com/files/389515/original/file-20210315-23-yx32w4.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=304&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/389515/original/file-20210315-23-yx32w4.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=304&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/389515/original/file-20210315-23-yx32w4.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=382&fit=crop&dpr=1 754w, https://images.theconversation.com/files/389515/original/file-20210315-23-yx32w4.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=382&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/389515/original/file-20210315-23-yx32w4.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=382&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption"></span>
<span class="attribution"><a class="source" href="https://useboomerang.com/">Boomerang</a></span>
</figcaption>
</figure>
<p>It’s not just the apps that get that information. Many of these apps embed data hungry third-party <a href="https://en.wikipedia.org/wiki/Software_development_kit">software development kits</a> (SDKs). SDKs are a set of software tools and programs used by developers to save them from tedious coding. However, some SDKs can make the app developers money from collecting personally identifiable information, such as name, location and contacts from children and parents. </p>
<p>Because third-party SDKs are developed by a company separate from the original app, they have different protocols around data sharing and privacy. Yet any permissions sought by the host app are also inherited by third-party SDKs.</p>
<p>The Google Play Store, which is used for Android phones, does not force developers to explain to users whether it has embedded third-party SDKs, so users cannot make an informed decision when they consent to the terms and conditions. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/children-can-be-exposed-to-sexual-predators-online-so-how-can-parents-teach-them-to-be-safe-120661">Children can be exposed to sexual predators online, so how can parents teach them to be safe?</a>
</strong>
</em>
</p>
<hr>
<p>Apple’s App Store is <a href="https://www.apple.com/au/newsroom/2019/04/the-facts-about-parental-control-apps/">more transparent</a>. Developers must state if their apps use third-party code and whether the information collected is used to track them or is linked to their identity or device. <a href="https://fortune.com/2019/04/29/apple-parental-control-apps/">Apple has removed a number of parental control apps</a> from the App Store due to their invasive features.</p>
<p>Many <a href="https://madiba.encs.concordia.ca/reports/OPC-2019/">popular parental control apps</a> in the Google Play Store have extensive security and privacy vulnerabilities due to SDKs. For example, SDKs for Google Ads, Google Firebase and Google Analytics are present in over 50% of parental control apps in the Google Play Store, while the Facebook SDK is present in 43%. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/389748/original/file-20210316-23-81wwym.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="Man typing on computer." src="https://images.theconversation.com/files/389748/original/file-20210316-23-81wwym.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/389748/original/file-20210316-23-81wwym.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=324&fit=crop&dpr=1 600w, https://images.theconversation.com/files/389748/original/file-20210316-23-81wwym.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=324&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/389748/original/file-20210316-23-81wwym.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=324&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/389748/original/file-20210316-23-81wwym.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=407&fit=crop&dpr=1 754w, https://images.theconversation.com/files/389748/original/file-20210316-23-81wwym.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=407&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/389748/original/file-20210316-23-81wwym.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=407&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Many parental control apps make money by allowing third parties to take personal data gathered by the app.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/cyber-security-man-hacker-attack-438568531">Shutterstock</a></span>
</figcaption>
</figure>
<p>A <a href="https://content.sciendo.com/view/journals/popets/2018/3/article-p63.xml?language=en">US study</a> focusing on whether parental control apps complied with laws to protect the personal data of children under 13 found roughly 57% of these apps were in violation of the law. </p>
<p>Not all parental control apps request dangerous permissions. The <a href="https://apps.apple.com/us/app/saferkid-text-monitoring-app/id1143802529">Safer Kid</a> app, for example, does not request any dangerous permissions but costs US$200 per year. </p>
<h2>Why should I worry?</h2>
<p>Personal data has become a valuable commodity in the digital economy. Huge volumes of data are generated from our digital engagements and traded by data brokers (who collect information about users to sell to other companies and/or individuals) and tech companies. </p>
<p>The value is not in a singular data point, but the creation of huge datasets that can be processed to make predictions about individual behaviours. While this is a problem for all users, it is particularly problematic for children. Children are thought to be <a href="https://www.lse.ac.uk/media-and-communications/assets/documents/research/projects/childrens-privacy-online/Evidence-review-final.pdf">more vulnerable to online threats and persuasion</a> than adults due to more limited digital skills and less awareness of online risks. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/kids-need-to-learn-about-cybersecurity-but-teachers-only-have-so-much-time-in-the-day-112136">Kids need to learn about cybersecurity, but teachers only have so much time in the day</a>
</strong>
</em>
</p>
<hr>
<p>Data-driven advertising establishes habits and taste preferences in young children, positioning them as consumers by exploiting insecurities and using peer influence. </p>
<p>Parental control apps have also been <a href="https://www.vice.com/en/article/ywk8gy/spyware-family-orbit-children-photos-data-breach">targeted by attackers</a> due to their insecurities, exposing children’s personal information.</p>
<h2>There are better ways to reduce screen time</h2>
<p>It is also questionable whether parental control apps are worthwhile. <a href="https://ieeexplore.ieee.org/document/8328977">Research</a> suggests issues of screen time and cybercrime are best managed through helping children self-regulate and reflect on their online behaviour. </p>
<p>Rather than policing time limits for screen use, parents could focus on the <a href="https://blogs.lse.ac.uk/parenting4digitalfuture/2019/02/08/from-policing-screen-time/">content, context and connections</a> their child is making. Parents could encourage their children to talk to them about what happens online, to help make them more aware of risk and what to do about it. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/stop-worrying-about-screen-time-its-your-childs-screen-experience-that-matters-118610">Stop worrying about screen 'time'. It's your child’s screen experience that matters</a>
</strong>
</em>
</p>
<hr>
<p>Restrictive approaches also reduce opportunities for kids’ growth and beneficial online activity. Unsurprisingly, <a href="https://dl.acm.org/doi/10.1145/3173574.3173768">children report</a> parental control apps are overly invasive, negatively impacting their relationships with parents. </p>
<p>Instead of a technical “quick-fix,” we need an educational response that is ethical, sustainable and builds young people’s digital agency. Children will not be under their parents’ surveillance forever, so we need to help them prepare for online challenges and risks.</p><img src="https://counter.theconversation.com/content/156583/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Luci Pangrazio is a Chief Investigator in the Australian Research Council Centre of Excellence for the Digital Child (<a href="https://www.digitalchild.org.au">https://www.digitalchild.org.au</a>). </span></em></p>Many parents install apps onto their kids’ phone to restrict their online activity, especially if it may be dangerous. But a lot of personal data requested by the apps is sold to third parties.Luci Pangrazio, Postdoctoral Research Fellow, Deakin UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1470182020-09-30T04:37:28Z2020-09-30T04:37:28ZAirports, ATMs, hospitals: Microsoft Windows XP leak would be less of an issue, if so many didn’t use it<figure><img src="https://images.theconversation.com/files/360679/original/file-20200930-24-cu2eex.jpg?ixlib=rb-1.1.0&rect=0%2C0%2C5590%2C3640&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>The source code of the Windows XP operating system is now circulating online as a huge <a href="https://www.pcgamesn.com/microsoft/windows-xp-source-code-leak">43GB mega-dump</a>. </p>
<p>Although the software is nearly two decades old, it’s still used by people, businesses and organisations around the world. This source code leak leaves it open to being scoured for bugs and weaknesses hackers can exploit.</p>
<p>The leaked torrent files, published on the bulletin board website 4chan, include the source code for Windows XP Service Pack 1, Windows Server 2003, MS DOS 3.30, MS DOS 6.0, Windows 2000, Windows CE 3, Windows CE 4, Windows CE 5, Windows Embedded 7, Windows Embedded CE, Windows NT 3.5 and Windows NT 4.</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1309275918943301636"}"></div></p>
<p>Tech news site The Verge <a href="https://www.theverge.com/2020/9/25/21455655/microsoft-windows-xp-source-code-leak">claims</a> to have verified the material. And Microsoft said it was “investigating the matter”, <a href="https://www.thurrott.com/windows/241670/microsoft-is-investigating-windows-xp-source-code-leak">according to reports</a>. </p>
<p>The leak came with files containing bizarre misinformation related to Microsoft founder Bill Gates and various conspiracy theories. This is consistent with past leaks from <a href="https://www.mygc.com.au/university-of-tasmania-issue-security-alert-following-threat/">4chan</a>, a site often associated with extremist content and internet trolls. </p>
<p>Using the name “billgates3”, the leaker <a href="https://thehackernews.com/2020/09/windows-xp-source-code.html">reportedly</a> said: </p>
<blockquote>
<p>I created this torrent for the community, as I believe information should be free and available to everyone and hoarding information for oneself and keeping it secret is an evil act in my opinion.</p>
</blockquote>
<p>If the leak is genuine, this won’t be the first time a Microsoft operating system source code was released online. At least 1GB of Windows 10 source code was leaked <a href="https://www.theverge.com/2017/6/24/15867350/microsoft-windows-10-source-code-leak">a few years ago</a>, too.</p>
<h2>Vulnerabilities in the source code</h2>
<p>The source code is the “source” of a program. It’s essentially the list of instructions a computer programmer writes when they develop a program, which can then be understood by other programmers. </p>
<p>A leaked source code can make it easier for cyber criminals to find and exploit weaknesses and serious security flaws (such as bugs) in a program. It also makes it easier for them to craft <a href="https://support.microsoft.com/en-au/help/129972/how-to-prevent-and-remove-viruses-and-other-malware">malware</a> (software designed to cause harm).</p>
<p>One example would be “rogue” security software trying to make you think your computer is infected by a virus and prompting you to download, or buy, a product to “remove” it. Instead, the download or purchase introduces a virus to your computer.</p>
<p>According to a report from computer security company F-Secure, on average it takes about <a href="https://www.thenational.ae/arts-culture/microsoft-has-ended-its-support-for-windows-7-so-what-does-it-mean-for-users-1.964362">20 minutes for a Windows XP machine to be hacked</a> once it’s connected to the internet.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/australias-cybersecurity-strategy-cash-for-cyberpolice-and-training-but-the-devil-is-in-the-detail-144070">Australia’s cybersecurity strategy: cash for cyberpolice and training, but the devil is in the detail</a>
</strong>
</em>
</p>
<hr>
<h2>Is Windows XP still supported?</h2>
<p>Windows XP <a href="https://www.microsoft.com/en-us/microsoft-365/windows/end-of-windows-xp-support">hasn’t had</a> “official” support from Microsoft since 2014. This means there are currently no security updates or technical support options available for users of the operating system. </p>
<p>However, until as recently as <a href="https://www.wired.com/story/microsoft-windows-xp-patch-very-bad-sign/">last year</a>, Microsoft continued to release security fixes and virus preventive measures for it. </p>
<p>The most notable was an <a href="https://www.theverge.com/2017/5/13/15635006/microsoft-windows-xp-security-patch-wannacry-ransomware-attack">emergency patch</a> released in 2017, to prevent another incident like the massive WannaCry ransomware attack from happening again. This malware affected 75,000 computers in 99 countries – <a href="https://www.wsj.com/articles/english-hospitals-hit-by-suspected-cyberattack-1494603884">impacting</a> hospitals, Telefonica, FedEx and other major businesses.</p>
<p>Windows XP is <a href="https://www.forbes.com/sites/ajdellinger/2019/07/31/survey-finds-one-in-three-businesses-still-run-windows-xp/#5dfdb66357fc">still used</a> by people, <a href="https://japantoday.com/category/tech/skymark-airlines-still-using-windows-xp">airlines</a>, <a href="https://www.theregister.com/2018/06/25/indian_banks_on_notice_windows_xp_must_die/">banks</a>, organisations and in industrial environments the world over.</p>
<p>In 2016, the network which runs the Royal Melbourne Hospital, Melbourne Health, <a href="https://www.theage.com.au/national/victoria/royal-melbourne-hospital-attacked-by-damaging-computer-virus-20160118-gm8m3v.html">was infected</a> with a virus targeting computers using Windows XP. The attack forced staff to temporarily manually process blood, tissue and urine samples.</p>
<p>Online, users have posted photos of Windows XP being used at places such as Singapore’s <a href="https://twitter.com/Mami_AtTheDisco/status/1235467882307268609">Changi Airport</a>, Heathrow Airport and Zeventem Brussels Airport.</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1222175279751233537"}"></div></p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1202131713561956352"}"></div></p>
<p>Although the exact figure isn’t known, <a href="https://www.techradar.com/au/news/if-you-can-believe-it-millions-of-people-are-still-using-windows-xp">one estimate</a> suggests the operating system was running on 1.26% of all laptops and desktops, as of last month.</p>
<h2>Is there still incentive for hackers to target Windows XP?</h2>
<p>The availability of the Windows XP source code opens access for cyber criminals to search for “<a href="https://securityaffairs.co/wordpress/108762/data-breach/windows-xp-server-2003-code-leaked.html">zero-day threats</a>” in the code that could be exploited. </p>
<p>These are discovered flaws in software, hardware or firmware that are unknown to the parties responsible for patching or “fixing” them – in this case, Microsoft.</p>
<p>Zero-day threats are often found in older ATM machines, for example, as these can’t be patch-managed remotely. This is because they have an embedded version of Windows XP with limited connectivity. </p>
<p>To upgrade in such cases, a bank’s IT professionals would have to visit the machines one by one, branch by branch, to <a href="https://hackernoon.com/do-atms-running-windows-xp-pose-a-security-risk-you-can-bank-on-it-1b7817902d61">apply security patches for the embedded systems</a>. One report suggests hackers can break through the defences and security features of these older style ATMs within <a href="https://www.itproportal.com/news/security-firms-warn-that-most-atms-still-run-windows-xp/">10-15 minutes</a>. </p>
<p>There’s no easy way to confirm whether ATMs in Australia are still running this 19-year-old software, but <a href="https://www.techradar.com/au/news/atm-security-still-running-windows-xp">past</a> <a href="https://www.zdnet.com/article/is-running-windows-xp-on-atms-stupid/">reports</a> indicate this could be the case. <em>The Conversation</em> has reached out to certain parties to obtain this information and is awaiting a response. </p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1296670913287671815"}"></div></p>
<h2>Possible defences</h2>
<p>Windows XP was left to its own defences back in 2014 when Microsoft stopped mainstream support for the operating system.</p>
<p>But as one of Microsoft’s <a href="https://screenrant.com/microsoft-windows-xp-source-code-leak-matters/">most widely-used operating systems</a>, it’s still being run and could be around for many <a href="https://windowsreport.com/keep-using-windows-xp/">years to come</a>.</p>
<p><a href="https://support.microsoft.com/en-us/help/14223/windows-xp-end-of-support">According to Microsoft Support</a>, since Windows XP is no longer supported, computers running it “will not be secure and will still be at <a href="https://www.abc.net.au/news/2019-07-08/microsoft-windows-vulnerability-bluekeep-and-cyber-security-risk/11277270">risk for infection</a>”.</p>
<p>Any antivirus software has limited effectiveness on computers that don’t have the latest security updates. The number of holes in software also increases as machines are left unpatched. </p>
<p>Luckily, most organisations have strategies (requiring money and human resources) to manage large-scale upgrades and isolate their most critical systems.</p>
<p>If your computers are still running on the extremely <a href="https://www.cio.com/article/2371858/windows-xp-turns-10--what-tech-was-like-in-2001.html">outdated Windows XP operating system</a>, you too should migrate to a more modern one. No one can force you, but it’s certainly a good idea.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/apple-iphones-could-have-been-hacked-for-years-heres-what-to-do-about-it-122860">Apple iPhones could have been hacked for years – here's what to do about it</a>
</strong>
</em>
</p>
<hr>
<img src="https://counter.theconversation.com/content/147018/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>The authors do not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.</span></em></p>The outdated Microsoft operating system was recently dumped online in a huge leak. Hackers can now scour it for bugs to exploit.Brianna O'Shea, Lecturer, Ethical Hacking and Defense, Edith Cowan UniversityPaul Haskell-Dowland, Associate Dean (Computing and Security), Edith Cowan UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1425632020-07-15T07:20:09Z2020-07-15T07:20:09ZWe could lose $30 billion in weeks from cyberwar. But the real loss is the erosion of public trust<p>The Australian Cyber Security Growth Network (AustCyber) on Monday released a <a href="https://www.austcyber.com/resource/digitaltrustreport2020">report</a> modelling the potential impact of cyberattacks and sustained digital outages on Australia.</p>
<p>The Digital Trust Report’s modelling suggests four weeks of partial “digital disruption” could displace up to 163,000 jobs and <a href="https://www.austcyber.com/file-download/download/public/926">damage</a> the economy to the tune of A$30 billion. </p>
<p>According to AustCyber’s report, that’s about 1.5% of our gross domestic product, or three-quarters of our annual defence budget.</p>
<p>The report also emphasises the devastating impacts digital disruption can have on public trust.</p>
<h2>The monetary costs of cyber disruption</h2>
<p>The report includes economic modelling by consultants <a href="https://synergygroup.net.au/">Synergy Group</a> which looked at the general public’s digital activity, as well as revenue from some indicative sectors including online retail, digital health, space, solar, and cybersecurity. </p>
<p>The modelling estimates a one-week disruption to digital activity would cost the economy A$1.2 billion directly, and A$5 billion including indirect impact. A four-week disruption could cost A$7.3 billion directly, and A$30 billion in total.</p>
<p>In this context, disruption means a significant drop in digital activity including any resulting loss of public confidence. This could be due to cyberattacks, a natural disaster or other large accident. </p>
<p>The report’s modelling is based on current levels of digital activity. As Australia continues to move online, risks and impacts will grow. For example, online sales currently account for 9.6% of Australian retail spending, but on current trends this is expected to grow to 25% within a decade. </p>
<p>The report also notes increasing digital dependency across Australia’s sectors. Some have travelled so far down the digital path, they wouldn’t be able to “step back” if faced with serious digital interruption.</p>
<p>This is especially true for the financial sector. Referring to the Reserve Bank of Australia, the report states digital transformation “is occurring to a point that commerce without digital technologies has become nearly impossible”.</p>
<h2>An attack on trust</h2>
<p>That said, it could be argued the risks of cyber failure are much more insidious and far-reaching than impact on revenue alone. </p>
<p>The <a href="https://theconversation.com/australia-is-under-sustained-cyber-attack-warns-the-government-whats-going-on-and-what-should-businesses-do-141119">recent wave of cyberattacks</a> announced by the prime minister, like most cyberattacks, <a href="https://www.cyber.gov.au/sites/default/files/2020-06/ACSC-Advisory-2020-008-Copy-Paste-Compromises.pdf">worked by abusing trust</a>. They relied heavily on <a href="https://www.zdnet.com/article/microsoft-70-percent-of-all-security-bugs-are-memory-safety-issues/">memory corruption</a> attacks (where programmers trust users) and spear phishing attacks (where users trust other people). </p>
<p>By exploiting trust, attackers also <em>undermine</em> trust. <a href="https://www.afr.com/politics/federal/public-services-are-too-hard-to-use-online-and-aren-t-trusted-20200218-p541wa">The Australian Financial Review</a> reported a survey of 1,600 digital service users and 20 government leaders across Australia and New Zealand. Two-thirds said a poor customer experience <a href="https://www.consultancy.com.au/news/1905/the-customer-experience-imperative-for-trust-in-governments">damaged</a> their trust and confidence in government.</p>
<p>Trust is needed for societies to work. As social psychologist Robert Cialdini <a href="https://www.amazon.com/Influence-Practice-Robert-B-Cialdini/dp/0205609996">observes</a>, the universal human <a href="https://sites.google.com/site/724ecialdiniwiki/chapter-1-weapons-of-influence/chapter-2-reciprocation">drive to reciprocate</a> allows us to do good now and trust that we will be repaid in the future.</p>
<p>Moreover, a lack of trust is what leads to <a href="https://www.youtube.com/watch?v=xa75BfmXQH4">banks runs</a> (when large numbers of customers withdraw deposits due to solvency fears), <a href="https://www.reuters.com/article/healthcoronavirus-australia-supermarkets/australia-gets-second-wave-of-toilet-paper-hoarding-idUSL4N2E312T">hoarding toilet paper</a> and <a href="https://theconversation.com/dont-blame-social-media-for-conspiracy-theories-they-would-still-flourish-without-it-138635">conspiracy theories</a>.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/four-experts-investigate-how-the-5g-coronavirus-conspiracy-theory-began-139137">Four experts investigate how the 5G coronavirus conspiracy theory began</a>
</strong>
</em>
</p>
<hr>
<h2>Foreign influence potential</h2>
<p>Modern cyberwar involves information warfare and influence operations that have an effect beyond immediate financial impact. While not known, it’s possible the <a href="https://theconversation.com/australia-is-under-sustained-cyber-attack-warns-the-government-whats-going-on-and-what-should-businesses-do-141119">recent cyberattacks</a> on Australia also had a non-financial purpose. </p>
<p>If Australians start believing the country’s digital infrastructure can’t be trusted, faith in wider institutions may be damaged, too. We could see the emergence of the “fake news” narrative against media and politicians. Or we could see electronic <a href="https://www.washingtonpost.com/opinions/2020/05/14/we-need-prepare-possibility-trump-rejecting-election-results/">election outcomes come into question</a>. </p>
<p>These are just some examples of how an attack on digital infrastructure can be an attack on society itself. And all this may be in the interests of a foreign nation state wanting to unravel Australian society from within.</p>
<h2>The need to prepare and learn from the past</h2>
<p>In 2001, US leaders and policy makers ran a simulation exercise called <a href="https://www.centerforhealthsecurity.org/our-work/events-archive/2001_dark-winter/about.html">Dark Winter</a>, modelling what might happen if the nation were to suffer a pandemic as an act of bio-terror. The timing was remarkable, coming shortly before 9/11 and the notorious <a href="https://www.npr.org/2011/02/15/93170200/timeline-how-the-anthrax-terror-unfolded">anthrax attacks</a>. </p>
<p>But despite the prophetic modelling, the US neglected to properly prepare for the COVID-19 crisis. In fact, in 2018 the Centre for Disease Control and Prevention’s Office of Preparedness and Response cancelled (with dreadful timing) a project that could have enabled the US to <a href="https://www.washingtonpost.com/investigations/federal-government-spent-millions-to-ramp-up-mask-readiness-but-that-isnt-helping-now/2020/04/03/d62dda5c-74fa-11ea-a9bd-9f8b593300d0_story.html">generate 1.5 million N95 masks per day</a>. </p>
<p>Australia should learn from the US’s failures. AustCyber’s report says Australia’s “cyberattacks are increasing in number and severity over time”. Unfortunately, there’s no easy way to flatten this curve, so what matters is how we prepare and respond to future attacks.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/our-cybersecurity-isnt-just-under-attack-from-foreign-states-there-are-holes-in-the-governments-approach-137403">Our cybersecurity isn't just under attack from foreign states. There are holes in the government's approach</a>
</strong>
</em>
</p>
<hr>
<p>We must continue to build our national cyber capability, increase cyber awareness and training at all levels of society, ensure we have sovereign capability (rather than depending on others for critical infrastructure) and have contingency plans for when things do go wrong. </p>
<p>Perhaps even if voting becomes fully electronic one day, just in case of lost WiFi (or a blackout), it would be prudent to keep some good old fashioned pencils and paper ballots in the cupboard. </p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1282811970756857856"}"></div></p><img src="https://counter.theconversation.com/content/142563/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Richard Buckland does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Beyond the obvious risk of financial loss, cyberattacks can weaken our trust in digital infrastructure – and by extension, our trust in public institutions, too.Richard Buckland, Professor in Computer Security, Cybercrime, and Cyberwar, UNSW SydneyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1374032020-07-14T03:26:02Z2020-07-14T03:26:02ZOur cybersecurity isn’t just under attack from foreign states. There are holes in the government’s approach<p>Prime Minister Scott Morrison revealed last month Australia is <a href="https://theconversation.com/australia-is-under-sustained-cyber-attack-warns-the-government-whats-going-on-and-what-should-businesses-do-141119">actively being attacked</a> by hostile foreign governments. </p>
<p>An <a href="https://www.cyber.gov.au/acsc/view-all-content/advisories/advisory-2020-008-copy-paste-compromises-tactics-techniques-and-procedures-used-target-multiple-australian-networks">advisory note</a> posted on the government’s Australian Cyber Security Centre website said the attackers were targeting various vulnerable networks and systems, potentially trying to damage or disable them. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/chinas-disinformation-threat-is-real-we-need-better-defences-against-state-based-cyber-campaigns-141044">China's disinformation threat is real. We need better defences against state-based cyber campaigns</a>
</strong>
</em>
</p>
<hr>
<p>Governments – along with individuals and the private sector – have an important role in addressing cyber risks that threaten our national security. At some point this year, the federal government’s new cybersecurity strategy is set to be announced. </p>
<p>Many in the industry hope it will be comprehensive and backed by significantly more investment than the previous one, to address what is a growing threat. Currently, a cybercrime incident is reported every <a href="https://www.cyber.gov.au/sites/default/files/2019-12/Cybercrime%20in%20Australia%20%E2%80%93%20July%20to%20September%202019%20%28December%202019%29.pdf">ten minutes</a> in Australia. </p>
<p>However, due to the unexpected <a href="https://joshfrydenberg.com.au/latest-news/ministerial-statement-on-the-economy-parliament-house-canberra-12-may-2020/">budget impacts of the coronavirus pandemic</a>, there may simply not be enough money to invest in the programs we need to stay protected from large-scale cyberattacks.</p>
<h2>An underwhelming delivery</h2>
<p>We know governments <a href="https://www.theatlantic.com/ideas/archive/2018/07/the-us-has-a-long-history-of-election-meddling/565538/">test each other’s cyber defences</a> in the interest of their own national security. </p>
<p><a href="https://www.aljazeera.com/news/2020/04/senate-panel-confirms-russian-interference-2016-election-200421162844869.html">Information warfare</a> (such as through disinformation campaigns) between governments has taken place for many years.</p>
<p>In 2016, then prime minister Malcolm Turnbull released Australia’s first <a href="https://www.industry.gov.au/data-and-publications/australias-tech-future/cyber-security/what-is-the-government-doing-in-cyber-security">cybersecurity strategy</a>. It involved investments of more than A$230m across four years for five “themes of action” including including stronger cyber defences, and growth and innovation in the sector.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/bushfires-bots-and-arson-claims-australia-flung-in-the-global-disinformation-spotlight-129556">Bushfires, bots and arson claims: Australia flung in the global disinformation spotlight</a>
</strong>
</em>
</p>
<hr>
<p>The strategy envisioned making Australia a “cyber smart nation”, by ensuring we had the skills and knowledge needed to thrive in the digital age, while staying cyber safe. </p>
<p>But overall, the strategy was poorly implemented. </p>
<p>For instance, improving cybersecurity requires close collaboration between government, industry, academia and community. To this end, <a href="https://www.cyber.gov.au/acsc/view-all-content/programs/joint-cyber-security-centres">Joint Cyber Security Centres</a> were announced so various parties could share knowledge. </p>
<p>However, prior to COVID-19, plans were in motion to align these centres with the Australian Signals Directorate’s higher security classification. This would hinder a collaborative environment by restricting movement within, and access to, the centres.</p>
<p>Moreover, only <a href="https://www.aisa.org.au/common/Uploaded%20files/PDF/Submissions/AISA%202020%20Cyber%20Security%20Strategy%20Final%20update%202.pdf">32% of cybersecurity professionals</a> have visited a centre, highlighting the government’s failure to engage with the sector. </p>
<p>Four years on from the initial strategy’s release, the “smart nation” vision seems lost. The cybersecurity sector faces <a href="https://www.austcyber.com/resources/sector-competitiveness-plan/chapter3#:%7E:text=The%20first%20Sector%20Competitiveness%20Plan,%2Das%2Dusual%20demand">skills shortages</a>, and the public and businesses remain largely unaware of how to <a href="https://theconversation.com/2-5-billion-lost-over-a-decade-nigerian-princes-lose-their-sheen-but-scams-are-on-the-rise-141289">protect themselves</a>. </p>
<p>It’s clear a cybersecurity reset is required. </p>
<h2>We need a targeted, forward-thinking strategy</h2>
<p>The release of the Morrison government’s new strategy has been delayed due to COVID-19, but we have some idea of what to expect. </p>
<p>The government <a href="https://www.abc.net.au/news/2020-06-29/cyber-security-investment-link-attacks-scott-morrison/12404468">has announced</a> it will redirect existing defence funding to the Australian Signals Directorate (ASD) and Australian Cyber Security Centre (ACSC) to employ up to 500 additional staff to tackle cybercrime.</p>
<p>But how this will work in a market with skills shortages is unclear. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/morrison-announces-repurposing-of-defence-money-to-fight-increasing-cyber-threats-141629">Morrison announces repurposing of defence money to fight increasing cyber threats</a>
</strong>
</em>
</p>
<hr>
<p>Also, redirecting existing funding into cybersecurity is positive, but it is only one part of the solution. What’s missing from the conversation is strategic, long-term investment.</p>
<h2>A holistic, interdisciplinary approach</h2>
<p>Effective cybersecurity is about more than technology – it’s about people (from a range of backgrounds), user behaviour, business processes, problem solving capability, regulations, industry <a href="https://www.homeaffairs.gov.au/reports-and-pubs/files/cyber-strategy-2020/submission-90.pdf">standards</a> and policy.</p>
<p>I’ve read <a href="https://www.homeaffairs.gov.au/reports-and-publications/submissions-and-discussion-papers/cyber-security-strategy-2020">156</a> submissions to the upcoming cybersecurity strategy, which was open to <a href="https://www.homeaffairs.gov.au/reports-and-pubs/files/cyber-security-strategy-2020-discussion-paper.pdf">public comment</a>. I also have knowledge of confidential submissions not made public. </p>
<p>Drawing on these views, and my own expertise, here are five elements I believe the upcoming strategy should contain:</p>
<hr>
<h2>1. Educate to drive behavioural change</h2>
<p>The “Slip, slop, slap” <a href="https://www.sunsmart.com.au/downloads/about-sunsmart/sunsmart-20-years-on.pdf">health awareness campaign</a> was one of the most successful we’ve ever had. </p>
<p>It drove real <strong>social behavioural change</strong> in Australia. A similar change is required to help make Australians <a href="https://www.homeaffairs.gov.au/reports-and-pubs/files/cyber-strategy-2020/submission-182.pdf">more knowledgeable</a> about cybersecurity issues, and how technology can be exploited. </p>
<p>This isn’t a quick fix, and will likely be a long-term effort.</p>
<h2>2. Build resilience in critical infrastructure</h2>
<p>COVID-19 has demonstrated how easily societies can be disrupted, particularly key supply chains and systems. </p>
<p>We need <strong>improved processes, regulation and standards</strong> to ensure the <a href="https://www.homeaffairs.gov.au/reports-and-pubs/files/cyber-strategy-2020/submission-26.pdf">infrastructure</a> <a href="https://www.homeaffairs.gov.au/reports-and-pubs/files/cyber-strategy-2020/submission-191.pdf">we rely on</a> is cyber-resilient. When breaches occur, organisations must be prepared to resolve them and restore services. </p>
<p>Banks are a good example, as they rely on thousands of suppliers. On this front, the Australian Prudential Regulation Authority last year introduced a prudential standard called <a href="https://www.apra.gov.au/sites/default/files/cps_234_july_2019_for_public_release.pdf">CPS234</a>, aimed at improving resilience against information security incidents (including cyberattacks).</p>
<h2>3. Help small businesses</h2>
<p>More <strong>grants and tax incentives</strong> for <a href="https://www.homeaffairs.gov.au/reports-and-pubs/files/cyber-strategy-2020/submission-121.pdf">small businesses</a> will enable them to access technology and talent to improve their cybersecurity capabilities. </p>
<p>A coordinated approach is needed through all levels of government to raise awareness of the adverse impacts cyberattacks have on businesses. This includes the consequences of customer data and privacy breaches. </p>
<p>It’s also crucial businesses know where to independently seek <strong>clear and concise advice</strong> when required. </p>
<h2>4. Nurture the talent pipeline</h2>
<p>Almost every day I hear about the industry’s cybersecurity <a href="https://www.homeaffairs.gov.au/reports-and-pubs/files/cyber-strategy-2020/submission-182.pdf">skills</a> <a href="https://www.aisa.org.au/Public/Training_Pages/Research/AISA%20Cyber%20security%20skills%20shortage%20research.aspx?New_ContentCollectionOrganizerCommon=2">shortage</a>. I also hear from students how tough it can be to get a job in cybersecurity, even with any number of <a href="https://i.redd.it/yo33xlys53141.png">certifications</a>.</p>
<p>It’s easy for businesses to poach existing talent from other organisation rather than hire graduates or interns. To break this cycle, we need <strong>improved educational courses</strong> focused on the skills employers want. </p>
<p>There should also be incentives for businesses to employ interns and graduates.</p>
<h2>5. Cut the bureaucratic red tape</h2>
<p>The federal government needs to do more to address Australia’s cybersecurity problem holistically – not just with additional legislation and funding for existing government agencies. </p>
<p>Hierarchies and dealings within the sector are currently <a href="https://www.patrickfair.com/australian-cyber-infrastructure-cha">overly complex</a>. </p>
<p><strong>Simplification</strong> and common sense are required. </p>
<hr>
<p>Protecting Australians from outside parties intent on exploiting the technology we use isn’t something we can achieve overnight. </p>
<p>The digital cybersecurity strategy to be delivered by the Morrison Government needs to not only be impactful, but also built with future governments in mind. In such volatile times, it has never been more important to protect Australians.</p><img src="https://counter.theconversation.com/content/137403/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Damien Manuel is affiliated with AISA (Australian Information Security Association) as the chair, Oceania Cyber Security Centre (OCSC) as a director (representing Deakin University), mentor for CyRise founders (representing Deakin University), CompTIA as an exam writer and on the CompTIA Executive Advisory Committee in the USA and as an expert on the Standards Australia Committee for Information Security (IT-012).</span></em></p>Legislation expected to be put to Parliament later this year may very well fall short due to COVID-19’s budget impacts. But until we strengthen our cyber defences, we’re all at risk.Damien Manuel, Director, Centre for Cyber Security Research & Innovation (CSRI), Deakin UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1412892020-07-06T02:28:52Z2020-07-06T02:28:52Z$2.5 billion lost over a decade: ‘Nigerian princes’ lose their sheen, but scams are on the rise<figure><img src="https://images.theconversation.com/files/345461/original/file-20200703-33926-nxbl9g.jpg?ixlib=rb-1.1.0&rect=173%2C41%2C5329%2C3621&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>Last year, Australians reported more than A$634 million lost to fraud, a significant jump from $489.7 million the year before.</p>
<p>The Australian Competition and Consumer Commission (ACCC) has released its latest annual <a href="https://www.accc.gov.au/publications/targeting-scams-report-on-scam-activity/targeting-scams-2019-a-review-of-scam-activity-since-2009">Targeting Scams</a> report.</p>
<p>But despite increased awareness, scam alerts and targeted education campaigns, more Australians are being targeted than ever before. </p>
<p>With all the technological tools we have, why does fraud continue to be so pervasive? And how can the damage be reduced?</p>
<h2>Latest key findings</h2>
<p>According to the ACCC’s report, “<a href="https://eprints.qut.edu.au/200621/">business email compromise</a>” fraud rose to dominance in 2019. </p>
<p>At $132 million, it became the highest category of financial loss reported – the first time this has happened. This usually involves using <a href="https://www.scamwatch.gov.au/types-of-scams/attempts-to-gain-your-personal-information/phishing">phishing</a> and hacking to infiltrate company systems and email accounts. </p>
<p>Offenders can intercept payment invoices, or create their own, and funnel victims’ funds into their own accounts. Businesses and individuals make their payments as usual, but unknowingly pay the offender. </p>
<p>Investment and romance schemes also continue to defraud victims. Reports of investment fraud totalled $126 million, up from $80 million in 2018. And romance fraud losses totalled $83 million, up from $60.5 million in 2018.</p>
<p>Overall, men reported higher financial losses ($77.5 million) than women ($63.6 million).</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1273135104827756545"}"></div></p>
<h2>Years of statistics</h2>
<p>Reflecting on <a href="https://www.accc.gov.au/publications/targeting-scams-report-on-scam-activity/targeting-scams-report-on-scam-activity-2009">a decade</a> of the ACCC’s Targeting Scams reports, we can see how fraud has changed with the times. </p>
<p>Since the first report in 2009 (which recorded $69.9 million in losses) Australians have collectively reported more than <a href="https://www.scamwatch.gov.au/news-alerts/scams-cost-australians-over-630-million">$2.5 billion</a> in losses.</p>
<p>The number of reports has increased significantly. While this likely reflects a higher percentage of the population being targeted, it also represents more authorities receiving complaints and contributing statistics. </p>
<p>For instance, 2019 marked the first year the big four Australian banks (Westpac, NAB, Commonwealth Bank and ANZ) contributed their data. </p>
<h2>The ‘prince of Nigeria’ needs your help</h2>
<p>Today’s offenders have very different approaches to those of ten years ago. There were once many more stories of <a href="https://www.bbb.org/new-york-city/get-consumer-help/articles/the-nigerian-prince-old-scam-new-twist/">Nigerian princes</a> (although these <a href="https://theconversation.com/why-nigerian-prince-scams-continue-to-dupe-us-98232">still exist</a>). </p>
<p>These days, victims are most often contacted by telephone, although email, text message and social media communications are also common. </p>
<p>Payment methods have advanced, too, with <a href="https://www.consumer.ftc.gov/blog/2019/11/scams-telling-you-pay-bitcoin-rise">bitcoin</a> and cryptocurrencies becoming popular ways for offenders to receive money.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/345462/original/file-20200703-33947-9zlsc4.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/345462/original/file-20200703-33947-9zlsc4.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/345462/original/file-20200703-33947-9zlsc4.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=387&fit=crop&dpr=1 600w, https://images.theconversation.com/files/345462/original/file-20200703-33947-9zlsc4.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=387&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/345462/original/file-20200703-33947-9zlsc4.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=387&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/345462/original/file-20200703-33947-9zlsc4.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=486&fit=crop&dpr=1 754w, https://images.theconversation.com/files/345462/original/file-20200703-33947-9zlsc4.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=486&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/345462/original/file-20200703-33947-9zlsc4.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=486&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">According to the ACCC’s 2019 report, men were more likely to report losses to investment fraud, while women were the major target for romance fraud.</span>
<span class="attribution"><span class="source">Shutterstock</span></span>
</figcaption>
</figure>
<h2>Why is fraud still so successful?</h2>
<p>While technology has long helped scammers, it has also helped improve cyber security options such as antivirus software, and email filters to block spam. So why do we still have fraud?</p>
<p>Essentially, fraud takes a human approach. Criminals seek to capitalise on victims’ weaknesses in a calculated manner. For example, this year Australians looking to buy pets during lockdown lost almost $300,000 to <a href="https://www.scamwatch.gov.au/news-alerts/dont-get-scammed-looking-for-a-lockdown-puppy">puppy scams</a>.</p>
<p>Offenders have also shifted their focus to counteract fraud prevention messages to the public from police and other agencies. One prime example is the <a href="https://www.accc.gov.au/system/files/1557_Little%20Black%20Book%20of%20Scams%202019_FA%20WEB.pdf">Little Black Book of Scams</a> released by the ACCC <a href="https://www.scamwatch.gov.au/news-alerts/the-new-little-black-book-of-scams-is-here">in 2008</a>. </p>
<p>It provides comprehensive details of many common fraud schemes and has influenced fraud-prevention messaging across both the <a href="https://www.met.police.uk/SysSiteAssets/media/downloads/central/advice/fraud/met/the-little-book-of-big-scams.pdf">United Kingdom</a> and <a href="https://www.competitionbureau.gc.ca/eic/site/cb-bc.nsf/eng/04333.html">Canada</a>.</p>
<p>To counter prevention messaging, offenders now recruit Australians to launder their funds. Known as “<a href="https://www.acic.gov.au/media-centre/joint-media-releases/world-wide-week-action-targeting-money-mules">money mules</a>”, they are often victims themselves, asked to receive and transfer money on behalf of offenders. </p>
<p>From a victim’s perspective, there are fewer red flags when asked to send money to a Big Four bank account in Melbourne, compared to sending money to Lagos.</p>
<p>Similarly, since there has been a strong push against sending money to people you don’t know, offenders have embraced the use of romance fraud (which targeted more women than men in 2019). </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/from-catfish-to-romance-fraud-how-to-avoid-getting-caught-in-any-online-scam-115227">From catfish to romance fraud, how to avoid getting caught in any online scam</a>
</strong>
</em>
</p>
<hr>
<p>Offenders develop relationships and build trust to eventually cheat victims. And as last year’s report notes, they are now initiating relationships through channels other than dating apps, such as Instagram and even the online game <a href="https://www.scamwatch.gov.au/news-alerts/romance-scammers-move-to-new-apps-costing-aussies-more-than-286-million">Words with Friends</a>. </p>
<p>With a focus on building relationships with victims, fraud requests are no longer as outrageous as they once were (although this <a href="https://www.huffingtonpost.com.au/entry/nigerian-astronaut-space-trapped_n_56c2ced4e4b0c3c550527f0b?ri18n=true">Nigerian astronaut</a> scam was an exception). </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/345694/original/file-20200706-33913-35lkyg.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/345694/original/file-20200706-33913-35lkyg.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/345694/original/file-20200706-33913-35lkyg.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=415&fit=crop&dpr=1 600w, https://images.theconversation.com/files/345694/original/file-20200706-33913-35lkyg.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=415&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/345694/original/file-20200706-33913-35lkyg.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=415&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/345694/original/file-20200706-33913-35lkyg.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=522&fit=crop&dpr=1 754w, https://images.theconversation.com/files/345694/original/file-20200706-33913-35lkyg.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=522&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/345694/original/file-20200706-33913-35lkyg.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=522&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">As cybersecurity features such as email spam filters advance, attackers are finding new, innovative ways to deceive victims.</span>
<span class="attribution"><span class="source">Shutterstock</span></span>
</figcaption>
</figure>
<h2>Manipulation and monopolising on emotions</h2>
<p>As we gain a better understanding of how offenders operate, we’re starting to learn how effectively victims can be persuaded. </p>
<p>Fraud relies on the use of <a href="https://eprints.qut.edu.au/66444/">social engineering</a> techniques such as authority and urgency to gain compliance. Offenders often take on the identity of someone with power and status to persuade victims to send money. They also stress the urgency of the request, to stop victims from thinking too much. </p>
<p><a href="https://eprints.qut.edu.au/118434/">Psychological abuse</a> techniques are also used to isolate and monopolise on victims. In this way, offenders try to remove victims from their support networks and place an air of secrecy around their interactions. And this limits a victims ability to seek support when needed. </p>
<p>There has been a greater recognition of the problem across government and industry. Despite this, there’s still often a sense of <a href="https://eprints.qut.edu.au/83702/">shame and embarrassment</a> at being deceived, and victims have difficulty <a href="https://aic.gov.au/publications/tandi/tandi518">reporting</a>. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/inside-the-mind-of-the-online-scammer-127471">Inside the mind of the online scammer</a>
</strong>
</em>
</p>
<hr>
<h2>Defences for the future</h2>
<p>The latest Targeting Scams report shows us offenders are still looking to gain a financial advantage, and will do whatever it takes. While you can’t guarantee safety, there are some simple steps that can help reduce the likelihood of fraud:</p>
<ul>
<li><p>recognise your own vulnerability to fraud. Everyone is a potential target.</p></li>
<li><p>talk about fraud-related experiences with family and friends in a non-judgemental way. Offenders want victims to stay silent.</p></li>
<li><p>in an uncertain situation, don’t feel pressured to xfrespond, as offenders rely on people making quick decisions. Hang up the phone, delete the email, or simply step back.</p></li>
</ul>
<p>Now, more than ever, we must recognise the prevalence of fraud and the ways it impacts individuals and organisations across society. If we can learn from the past decade, maybe we can improve our defences for the next decade. </p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/TRDgOGf5VAM?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
</figure><img src="https://counter.theconversation.com/content/141289/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Cassandra Cross is affiliated with the Cybersecurity Cooperative Research Centre. She has also received funding from the Australian Institute of Criminology</span></em></p>Last year, men were more likely to report losses to investment fraud, while women were the main target for romance fraud. Overall, men reported higher financial loss.Cassandra Cross, Senior Research Fellow, Faculty of Law, Cybersecurity Cooperative Research Centre, Queensland University of TechnologyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1206612019-08-26T19:58:14Z2019-08-26T19:58:14ZChildren can be exposed to sexual predators online, so how can parents teach them to be safe?<figure><img src="https://images.theconversation.com/files/288014/original/file-20190814-136230-1bgob5.jpg?ixlib=rb-1.1.0&rect=8%2C0%2C5982%2C3970&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Children are gaining online access at younger and younger ages.</span> <span class="attribution"><span class="source">from shutterstock.com</span></span></figcaption></figure><p>Many teenagers use mobile phones and social media <a href="https://www.pewinternet.org/2015/04/09/teens-social-media-technology-2015/">almost constantly</a>. And children are <a href="https://www.pewinternet.org/2010/12/01/is-the-age-at-which-kids-get-cell-phones-getting-younger/">gaining access</a> to these devices and platforms at increasingly younger ages.</p>
<p>This is a challenge for parents who need to keep up with their children’s use, the evolution of devices, and how this changes how they have to parent.</p>
<p><a href="https://dl.acm.org/citation.cfm?doid=2818048.2819928" title="Managing Expectations: Technology Tensions among Parents and Teens">Studies show</a> parents feel anxious and lack sufficient knowledge about their children’s use of devices. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/how-to-make-good-arguments-at-school-and-everywhere-else-121305">How to make good arguments at school (and everywhere else)</a>
</strong>
</em>
</p>
<hr>
<p>They’re worried about their children being exposed to <a href="https://dl.acm.org/citation.cfm?doid=3171581.3134699" title="'No Telling Passcodes Out Because They're Private': Understanding Children's Mental Models of Privacy and Security Online">sexual images</a> and messages online. They’re anxious their children could provide <a href="https://www.sciencedirect.com/science/article/pii/S074756321630824X" title="Teenagers' perception of risk behaviors regarding digital technologies">personal information</a> to a stranger or, worse, <a href="https://d1e2bohyu2u2w9.cloudfront.net/education/sites/default/files/tlr_component/common_sense_education_digital_citizenship_research_backgrounder.pdf">develop a relationship with a stranger online</a> whom they might meet in person.</p>
<p>When parents try to restrict their children’s online interactions, children usually find a way around it. Instead, parents should have conversations with children from a young age about cybersecurity. This will help them develop the skills they need to be safe online.</p>
<h2>What are children exposed to?</h2>
<p>Social networking – which includes interactions through gaming, as well as texting and social media – brings with it exciting opportunities and unique risks. </p>
<p><a href="https://variety.com/2018/gaming/news/roblox-little-girl-avatar-raped-1202865698/">Online gaming</a> presents unique dangers because user-generated games (where content is developed by gamers on platforms such as <a href="https://www.roblox.com/">Roblox</a>) are not regulated. This means children can be exposed to inappropriate sexualised and violent content. </p>
<p><a href="https://www.stopbullying.gov/cyberbullying/kids-on-social-media-and-gaming/index.html">Children</a> are vulnerable when they interact with other users on social media, in chat rooms and within gaming. This could involve <a href="https://journals.sagepub.com/doi/10.1177/0022427815599426" title="Online Sexual Solicitation of Minors: How Often and between Whom Does It Occur?">grooming</a> by a sexual predator either to meet in person or send <a href="https://esafety.gov.au/parents/big-issues/unwanted-contact">sexually explicit images</a>.</p>
<p>A report, <a href="https://www.esafety.gov.au/-/media/cesc/esafety-corporate/research/esafetyresearchparentingdigitalage.pdf">Latest Research: Parenting in the Digital Age</a> by the <a href="https://www.esafety.gov.au/about-the-office/research-library">Office of the eSafety Commissioner</a>, found 24% of 8-17-year-olds met someone in real life after initial online encounters. </p>
<p>While the study by the eSafety Commissioner found children and teenagers usually attempted to assess the danger of meeting someone unknown face-to-face, such as by looking for similar interests and ensuring there was no sexual content in the online communication, sexual predators use deceptive tactics to lure their victims into meeting in person.</p>
<p>Another <a href="https://www.esafety.gov.au/-/media/cesc/documents/corporate-office/youth_and_gaming_doc.docx" title="State of play – youth and online gaming">Australian study</a> found half of children played online games with someone they didn’t know. Boys were more likely to do so than girls.</p>
<h2>How do children deal with online situations?</h2>
<p>Research has been mixed on how young people manage cybersecurity risks. </p>
<p>One <a href="https://www.tandfonline.com/doi/abs/10.1080/00909882.2016.1248465" title="‘Adults don’t understand’: exploring how teens use dialectical frameworks to navigate webs of tensions in online life">study</a> found that children who are at least 11 years old seem to have some awareness of the consequences of online interactions. They use safety measures including removing comments, tags and images and blocking and deleting content when interacting online. They also rarely use photos of themselves and disable their geolocations to protect their identities.</p>
<p>But children also engage in risky behaviours such as <a href="https://www.esafety.gov.au/state-of-play-social-media-usage">sharing passwords</a> and contacting strangers. <a href="https://www.tandfonline.com/doi/full/10.1080/0144929X.2016.1181210" title="An open book on Facebook? Examining the interdependence of adolescents’ privacy regulation strategies">Some findings indicated</a> the more teens use social media sites, the more they tend to disclose personal information.</p>
<p>In <a href="https://www.jstor.org/stable/26273881" title="Middle School Students’ Social Media Use">one US study</a>, researchers asked nearly 600 students aged 11-13 about cybersafety. The results indicated 40% accepted friend requests from people they do not know, and they were more concerned with protecting their personal information from parents than strangers online. </p>
<p>Several studies found children think parental restrictions are <a href="https://www.tandfonline.com/doi/abs/10.1080/1369118X.2016.1261169" title="Youth interaction with online strangers: experiences and reactions to unknown people on the Internet">intrusive</a> and invade their privacy. This includes teens feeling <a href="https://link.springer.com/chapter/10.1007%2F978-3-030-21905-5_1" title="Examining Parent Versus Child Reviews of Parental Control Apps on Google Play">disrespected</a> and even stalked by their parents, which leads to a loss of trust.</p>
<h2>What can parents do?</h2>
<p>Restricting children’s online use is unhelpful. Parents should talk to their children about healthy and age-appropriate online interactions.</p>
<p>This includes avoiding disclosing personal information (real name, date of birth, phone number, address, school, or pictures that reveal such information). Parents should provide guidance and explain the consequences of online dangers to their children in a way that does not instil fear but explains their concern. </p>
<p>Parents should talk to their children about online risk and safety behaviours from a <a href="https://dl.acm.org/citation.cfm?doid=3171581.3134699" title="'No Telling Passcodes Out Because They're Private': Understanding Children's Mental Models of Privacy and Security Online">young age</a>, as soon as they start using online games and engaging on social media sites, to help them build a stronger foundation for their <a href="https://dl.acm.org/citation.cfm?doid=3171581.3134699" title="'No Telling Passcodes Out Because They're Private': Understanding Children's Mental Models of Privacy and Security Online">transition to adolescence</a>. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/dont-fall-for-it-a-parents-guide-to-protecting-your-kids-from-online-hoaxes-113179">Don't fall for it: a parent's guide to protecting your kids from online hoaxes</a>
</strong>
</em>
</p>
<hr>
<p>Teenagers who have frequent conversations with their parents have a <a href="https://www.sciencedirect.com/science/article/pii/S0747563215300741" title="Adolescents' privacy concerns and information disclosure online: The role of parents and the Internet">greater awareness of online risks</a>.</p>
<p>Children deserve to play online games and participate on social media, but still be protected from harm. Internet technology does have many advantages, including connecting people through social networking, education and recreation. With caution and open communication, the risks can be managed together. </p>
<p>When children are supported and can discuss safety strategies with their parents, they’re more likely to reach out when something happens that makes them feel unsure or uncomfortable about certain online interactions.</p><img src="https://counter.theconversation.com/content/120661/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Marika Guggisberg does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Parents should have conversations with children from a young age about cybersecurity if they’re to develop the skills needed to be safe online.Marika Guggisberg, Lecturer, Domestic and Family Violence, CQUniversity AustraliaLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1120702019-02-21T19:06:55Z2019-02-21T19:06:55Z‘I think we should be very concerned’: A cyber crime expert on this week’s hack and what needs to happen next<p>When Prime Minister Scott Morrison announced this week that a “sophisticated state actor” had targeted the big Australian political parties in a major cyber attack, the revelation threw up more questions than answers. </p>
<p>Who did it and how? What data did they get their hands on? How vulnerable is our data – and our democracy? </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/weve-been-hacked-so-will-the-data-be-weaponised-to-influence-election-2019-heres-what-to-look-for-112130">We've been hacked – so will the data be weaponised to influence election 2019? Here’s what to look for</a>
</strong>
</em>
</p>
<hr>
<p>To make sense of it all, we’re hearing today from Nigel Phair, the director of UNSW Canberra Cyber and an expert on the intersection of crime, technology and society. </p>
<p>He said that while hacks like these should be seen as “the new normal” there was good reason to be concerned. </p>
<p>“Just merely having a breach is quite a big deal. Secondly, you look at the information that they hold. Political parties have information on donors – who they are and how much they give and what they want for it. They have information on the electorate, they have information on their own party politics and tactics for Senate Estimates for Question Time, those sorts of things,” he said.</p>
<p>“So that’s a lot of rich data that you could then use as a nation state to infiltrate other areas to perhaps change voter outcomes.”</p>
<p>The hackers may have used social engineering techniques such as phishing to gain access to the data, he said.</p>
<p>“They are quite unsophisticated attacks. It’s often spoofing an organisation or a person and getting someone, an end user, to reveal login credentials. And because we share passwords across multiple logins, that’s how you gain access to a trophy asset,” he said, adding that the hack served as a reminder to <a href="https://theconversation.com/au/topics/password-managers-38249">use a password manager</a> and ensure all passwords are long and strong.</p>
<p>“I think we should be very concerned. We’ve got a great case study from the US. We’re very allied to the US and when you look at how nation states have disrupted that election I think it’s a given that there are many out there that’ll disrupt ours.”</p>
<p>You can read an edited transcript of the interview below. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/a-state-actor-has-targeted-australian-political-parties-but-that-shouldnt-surprise-us-111997">A state actor has targeted Australian political parties – but that shouldn't surprise us</a>
</strong>
</em>
</p>
<hr>
<h2>New to podcasts?</h2>
<p>Podcasts are often best enjoyed using a podcast app. All iPhones come with the Apple Podcasts app already installed, or you may want to listen and subscribe on another app such as Pocket Casts (click <a href="https://pca.st/VTv7">here</a> to listen to Trust Me, I’m An Expert on Pocket Casts).</p>
<p>You can also hear us on Stitcher, Spotify or any of the apps below. Just pick a service from one of those listed below and click on the icon to find Trust Me, I’m An Expert.</p>
<p><a href="https://itunes.apple.com/au/podcast/trust-me-im-an-expert/id1290047736?mt=2&ign-mpt=uo%3D8"><img src="https://images.theconversation.com/files/233721/original/file-20180827-75984-1gfuvlr.png" alt="Listen on Apple Podcasts" width="268" height="68"></a> <a href="https://www.google.com/podcasts?feed=aHR0cHM6Ly90aGVjb252ZXJzYXRpb24uY29tL2F1L3BvZGNhc3RzL3RydXN0LW1lLXBvZGNhc3QucnNz"><img src="https://images.theconversation.com/files/233720/original/file-20180827-75978-3mdxcf.png" alt="" width="268" height="68"></a></p>
<p><a href="https://www.stitcher.com/podcast/the-conversation/trust-me-im-an-expert"><img src="https://images.theconversation.com/files/233716/original/file-20180827-75981-pdp50i.png" alt="Stitcher" width="300" height="88"></a> <a href="https://tunein.com/podcasts/News--Politics-Podcasts/Trust-Me-Im-An-Expert-p1035757/"><img src="https://images.theconversation.com/files/233723/original/file-20180827-75984-f0y2gb.png" alt="Listen on TuneIn" width="318" height="125"></a></p>
<p><a href="https://radiopublic.com/trust-me-im-an-expert-Wa3E5A"><img class="alignnone size-medium wp-image-152" src="https://images.theconversation.com/files/233717/original/file-20180827-75990-86y5tg.png?ixlib=rb-1.1.0&q=45&auto=format&w=268&fit=clip" alt="Listen on RadioPublic" width="268" height="87"></a> <a href="https://open.spotify.com/show/7myc7drbLJVaRitAMXLB7V"><img src="https://images.theconversation.com/files/237984/original/file-20180925-149976-1ks72uy.png?ixlib=rb-1.1.0&q=45&auto=format&w=268&fit=clip" width="268" height="82"></a> </p>
<p><em>Additional audio editing by Wes Mountain, production assistance from Bageshri Savyasachi.</em></p>
<hr>
<h2>Additional audio</h2>
<p>Kindergarten by Unkle Ho, from <a href="https://www.elefanttraks.com/">Elefant Traks</a></p>
<p>ABC news <a href="https://www.youtube.com/watch?v=ltCJa0FGcVA">report</a> </p>
<h2>Image:</h2>
<p>AAP (Various)/Shutterstock/The Conversation</p>
<h2>Transcript</h2>
<p>SUNANDA CREAGH: And so what’s the main concern? Why was everybody so worried about this, particularly earlier this week?</p>
<p>NIGEL PHAIR: I think when you look at the history with the attack in the US on the DNC (Democratic National Committee), and a lot that’s been reported in the US about nation states trying to infiltrate the election process over there and change people’s voting habits and we’re some weeks/months from an election here – it strikes at the heart of what could be our dear beloved democracy, when you have nation state actors trying to influence voting outcomes.</p>
<p>SUNANDA CREAGH: And what do you think this week’s events tell us about the cyber security weaknesses here in Australia?</p>
<p>NIGEL PHAIR: It tells us that no organisation is immune. It tells us that cyber is another vector for people trying to win the hearts and minds of people.</p>
<p>SUNANDA CREAGH: If I was a sophisticated nation state using this as a strategy to achieve that goal, how might this sort of hack help me achieve that goal? What do you think they were actually trying to do here?</p>
<p>NIGEL PHAIR: There’s a number of things that they’ve achieved. Firstly, is the goal of doing the hack. When we look at parliament house, we look at the political parties, when we think about it, they’re revered from a democratic perspective. Just merely having a breach is quite a big deal. </p>
<p>Secondly, you look at the information that they hold. Political parties have information on donors – who they are and how much they give and what they want for it. They have information on the electorate, they have information on their own party politics and tactics for Senate Estimates for Question Time, those sorts of things. So a lot of rich data that you could then use as a nation state to infiltrate other areas to perhaps change voter outcomes.</p>
<p>SUNANDA CREAGH: China has strongly denied that it was involved but a lot of speculation has focused on that country, as opposed to Russia or another state actor that’s been linked to this kind of behaviour in other contexts. In Australia, why do you think speculation has focused on China as a potential perpetrator?</p>
<p>NIGEL PHAIR: Basically because they’re a near neighbour to ours, they’re in our arc of instability. They’re well known for their theft of intellectual property online. They’re well known for not adhering to the international norms of cyberspace. Add that all up and that’s why people keep pointing the finger at them.</p>
<p>SUNANDA CREAGH: And I believe there’s news reports that China was linked to other previous hacks of universities and parliament and other key pieces of computer infrastructure around Australia. Is that right?</p>
<p>NIGEL PHAIR: That’s right. They’ve been well known to do a range of cyber attacks on a range of different organisations – government, non-government, commercial etc.</p>
<p>SUNANDA CREAGH: So in the context of concerns that Australians have about the government’s capacity to keep our personal information safe – and I’m thinking here about the talk around My Health Record, the census – what does this hack tell us, if anything, about how capable the government and people in power are at guarding our private details?</p>
<p>NIGEL PHAIR: I think we need to go back a couple of steps before we start to think about this. Government, what they haven’t done is take the citizenry of Australia on a journey. They haven’t explained to them what it means to participate in a digital economy. What it means to be a good online citizen and transact with government and social media, commercially, e-commerce. If we had that narrative from the outset then people could understand that the internet is just another public place where they act ethically and lawfully and responsibly to what they do in the real world, then I think we wouldn’t be having this discussion. Because people would be able to have an informed decision about what it means to participate with My Health Record, or participate in an online census or other government instruments. But at the moment we just never had that background and people don’t have the certainty and because of that they make knee-jerk reactions.</p>
<p>SUNANDA CREAGH: Where do you land on this issue, do you think the government is capable of keeping that data safe?</p>
<p>NIGEL PHAIR: I think the government is capable of keeping it safe. The systems around My Health Record for example are really quite secure and there’s a lot of technologies, a lot of process and a lot of policy to ensure. But the reality is if there is going to be a breach of my health record, it’ll probably happen at a doctor’s surgery where there’s an unpatched or unprotected computer, or a user not using a good password, or accidentally emailing the wrong patient records to someone. It will be the end user compromise which we’ll see will be the failure. And that’s what the government isn’t investing in. It’s great to say they have a great secure system themselves but again we need to wind the clock back several years and start telling people this is what it means.</p>
<p>SUNANDA CREAGH: Just on this hack, how might it have been actually perpetrated? Can you just explain that to me in really basic terms?</p>
<p>NIGEL PHAIR: We don’t know yet until the forensic examination is done about how it occurred. Invariably, it was most probably some sort of social engineering attack against someone on the network. Most probably a phishing attack or something similar, where a person is targeted rather than the network itself is targeted. But again, until we know the forensics, we’re just speculating.</p>
<p>SUNANDA CREAGH: And those phishing and social engineering attacks, am I right in thinking they mainly focus on trying to get somebody to reveal their password or their login details to another person who is perhaps impersonating somebody else or impersonating an official password reset type email. Is that the sort of thing you mean there about the social engineering?</p>
<p>NIGEL PHAIR: Invariably, they are quite unsophisticated attacks. It’s spoofing an organisation or a person. Getting someone, an end user, to reveal login credentials and because we share passwords across multiple logins, that’s how you gain access to a trophy asset.</p>
<p>SUNANDA CREAGH: So the lesson there for all of us really is never reuse your password details and get a password manager. Am I right?</p>
<p>NIGEL PHAIR: You are right.</p>
<p>SUNANDA CREAGH: We’ve heard some commentators saying that this is the new normal, that this type of attack really should be expected in this day and age. What do you think about that?</p>
<p>NIGEL PHAIR: It’s been the new normal for quite some time. The reality is, most organisations get hacked just don’t know they’ve been hacked. This is all of a sudden a trophy matter, it’s come at the time where parliament is sitting, so it’s really got some attention in society, which is a great thing. And added to that the government that’s come out and actually said this is what’s happened and that is a completely different policy shift, whereas before it was swept under the carpet.</p>
<p>SUNANDA CREAGH: Do you think that’s a positive policy shift?</p>
<p>NIGEL PHAIR: There’s a great positive. We need to start having a conversation about what it means to be online and what it means to participate. And the fact is there’s countries out there, there’s actors out there trying to do us harm and Australians need to be brought into that confidence.</p>
<p>SUNANDA CREAGH: There was a lot of talk about this at the start of this week, but it really has sort of shifted off the news headlines toward the end of the week and some people are now saying that was a lot of noise over what? And I’ve seen some media commentators saying that this was an announcement that fed into a narrative of fear as election day draws closer. And that is a criticism that’s been directed at the government in the past in their rhetoric around border control and security in more general terms. To what extent do you see this announcement as about safety and awareness and how much of it is politics?</p>
<p>NIGEL PHAIR: I couldn’t put a percentage on either way but I focus purely on the safety and awareness side of it. I just think that’s the value of the message – is the safety and awareness.</p>
<p>SUNANDA CREAGH: It’s an important message to get out to make people aware of those risks. And, as you say, bring them into that conversation around online security and online participation in an active globally networked world, is that right?</p>
<p>NIGEL PHAIR: That’s right.</p>
<p>SUNANDA CREAGH: So what needs to be done? What should governments do to reduce risks and educate people?</p>
<p>NIGEL PHAIR: So the first thing for their internal networks, they need to do a proper risk management exercise. They need to identify the key target assets they hold and work out how sensitive that information is and put appropriate controls around where that data sits. Whether it’s a technology stack, whether it’s internal, cloud-based, those sort of decisions. And secondly, who has access to it, why they have access to it and how they access it. And once you start doing some simple things like that, you’ll find the cyber security posture of parliament house or a political party or anyone else in corporate Australia can really change the way that they’re viewed from a cyber security perspective.</p>
<p>SUNANDA CREAGH: And if, and I know this is speculation, but if the source of the problem was somebody sharing their login credentials or being victim to a phishing scam or victim to some social engineering then it sounds like it’s possible that some education is needed around that issue and what to be aware of and how not to get tricked online.</p>
<p>NIGEL PHAIR: Well, that’s a tough one. There aren’t sufficient technical controls to protect our data and ourselves online. In fact, we should’ve looked for any technical silver bullet. Likewise, we know education doesn’t work either. But education is all we have. So all we can keep doing is reinforce the message, particularly amongst young people as they grow up and participate in the online economy, and hopefully as time goes on we’ll be better protected for it.</p>
<p>SUNANDA CREAGH: In other words, not forgetting to address the capacity for human error in our effort to cover off and protect ourselves from technical error.</p>
<p>NIGEL PHAIR: Human error, but also the use of third parties and outlying people that you might not have specific command and control over.</p>
<p>SUNANDA CREAGH: And going back to this week’s hack, if I am an individual who has given my details as a donor or as a supporter to a political party, what does this hack tell us about what we as individuals might do in future to protect our data?</p>
<p>NIGEL PHAIR: Well, if you think you’ve (experienced) a loss of your data through this process, the first thing to do – contact the party that you’ve made say the donation or whatever it might be to. Secondly would be to start thinking about how that data or information that’s been stolen might be used against you - whether it’s identity theft or takeover, for example. So you need to start monitoring your bank accounts, you need to start thinking about consumer credit that might be done in your name. So you should be probably doing a credit reference check.</p>
<p>SUNANDA CREAGH: What advice do you give to people who want to use best practice in keeping their details safe online?</p>
<p>NIGEL PHAIR: Best thing you can do is use strong and long passwords. More stealthy it is, the harder it will be to guess by anyone else. Second, don’t replay the same password across multiple logins. Thirdly, be really wary when online and navigating around social media and e-commerce and other places. Really think about where you put your personal information in and why you’re placing it into a particular website or a portal.</p>
<p>SUNANDA CREAGH: Now, in the US we’ve heard about state actors really appearing to have an influence on election outcomes. How concerned do you think Australians should be about that happening here?</p>
<p>NIGEL PHAIR: I think we should be very concerned, we’ve got a great case study from the US. We’re very allied to the US and when you look at nation states that have disrupted that election I think it’s a given that there’s many out there that’ll disrupt ours.</p>
<p>SUNANDA CREAGH: So what can we do about that?</p>
<p>NIGEL PHAIR: It’s a tough one. We need to start working with all the players involved. And this is where the social media companies come into it. Your Googles, your Facebooks, your Twitters, your Instagrams etc. Because that’s the place of choice that nation states will use to send out any bespoke messaging.</p>
<p>SUNANDA CREAGH: Should we be changing any progression we’re making in Australia towards electronic voting?</p>
<p>NIGEL PHAIR: We have zero progression towards electronic voting, unfortunately, and I think it’s a great thing. But because we had the census failure, because we had the robo-debt issues, because we had the My Health Record issues, as a population there’s no way in my generation that we will see electronic voting. We just won’t countenance it because of the perceived risks. I’m a pro-online guy. We doom and gloom everything online too much and I’m guilty for doing that. But we want people to participate online. We are great and early adopters of mobile smart devices and we love being online itself, so it makes sense for service delivery to be online, it makes sense to order your food online, to do social media, participate in everything, there’s a lot of good benefit. But because we hear this messaging all the time about the government can’t deal with online issues, there’s already this level of distrust and dissatisfaction out there that voting will just be another one of those things. And the facts just don’t support that.</p>
<p>SUNANDA CREAGH: Would there be anything that you’d change about the way political parties collect or are allowed to collect data on people given that they seem to be a perfect target or a growing target?</p>
<p>NIGEL PHAIR: Oh, there’s lots I’d change. Primary to that is the Privacy Act and adherence to the privacy principles of which political parties don’t need to.</p>
<p>SUNANDA CREAGH: In what way? What change would you make?</p>
<p>NIGEL PHAIR: Well, I’d ensure that political parties have to adhere to the privacy principles when it comes to the collection, the storage, retention and dissemination of personally identifying information.</p>
<p>SUNANDA CREAGH: And what are the privacy principles?</p>
<p>NIGEL PHAIR: Well the privacy principles, there’s 13 of them, inform organisations in Australia where they have a turnover of more than A$3 million about how they should collect data, how they should store that data, how they should disseminate it and how they should destroy it. There’s some simple advice that’s provided by the Australian Office of the Information Commissioner. And they’re quite easy to adhere to, but unfortunately political parties are exempt from that and I see that as being a bad thing.</p>
<p>SUNANDA CREAGH: So we’re at a point where I guess you’d have to assume that basically anybody could be a target for a hack and any organisation could be. So what options are there for organisations like political parties that don’t have My Health Record level of security set ups or government scale security set ups?</p>
<p>NIGEL PHAIR: Well, the first thing they have to do is acknowledge that they’re are a target. Then they have to go through a risked-based process to understand what their information assets are, what their technology stack is, and who has access to it and make sound investment decisions around that. We can no longer, as a society, just say “it’s not us that gets hacked, it’s always someone else”. I mean, there is a cost of participating online.</p>
<p>SUNANDA CREAGH: Nigel Phair, thank you so much for talking to us.</p>
<p>NIGEL PHAIR: Pleasure.</p><img src="https://counter.theconversation.com/content/112070/count.gif" alt="The Conversation" width="1" height="1" />
This week, a 'sophisticated state actor' hacked the big Australian political parties. In today's episode, an expert on crime and technology says 'it's a given' that some will try to disrupt elections.Sunanda Creagh, Senior EditorWes Mountain, Social Media + Visual Storytelling EditorBageshri Savyasachi, Editorial InternLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1079302018-12-04T13:23:05Z2018-12-04T13:23:05ZLocal councils are putting your data at risk – it’s a scandal waiting to happen<figure><img src="https://images.theconversation.com/files/248477/original/file-20181203-194950-18a9xbr.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/security-breach-cyber-attack-computer-crime-493281961?src=08b-4ECpyCkUY5IHCDuD3g-2-0">Rawpixel/Shutterstock</a></span></figcaption></figure><p>Sometimes we have no choice. The “I agree” buttons that now pop up all over the web may give us a chance to stop companies gathering our data. But when it comes to government we are often forced to hand over our details or miss out on essential services such as healthcare, education or social security.</p>
<p>Yet, while national governments can pour vast sums into <a href="https://www.gov.uk/government/publications/national-cyber-security-strategy-2016-to-2021">cybersecurity</a> to protect all this compulsorily gathered data, local authorities don’t have the same resources or expertise. The campaign group <a href="https://bigbrotherwatch.org.uk/wp-content/uploads/2018/02/Cyber-attacks-in-local-authorities.pdf">Big Brother Watch</a> found in 2018 that UK councils recorded over 98m cyberattacks over the last five years, with at least one in four councils having experienced an actual cybersecurity breach. So, how confident can you be that local government can protect the confidentiality of your personal information?</p>
<p>We recently worked with a UK local government authority to test its cybersecurity, producing a confidential report. Over the course of two months, our team gained unauthorised access and even modified the personal details of several (unknown) citizens. No hacking skills, specialist software or hardware were required. We only used social engineering techniques. These included <a href="https://theconversation.com/phishing-scams-are-becoming-ever-more-sophisticated-and-firms-are-struggling-to-keep-up-73934">scam “phishing” emails</a>, leaving memory sticks with potentially malicious software in public spaces, and impersonating people over the phone using details available online. </p>
<p>Over 650 members of the council staff released their login credentials to us without realising by responding to our scam emails, which in some cases offered a chance to win an iPad. In giving up their details, these workers opened the door of the council’s information infrastructure to unknown, potential cybercriminals. When speaking to people on the phone, we found some staff who were open to releasing, though sometimes reluctantly, the personal information of local citizens.</p>
<p>The National UK <a href="https://www.gov.uk/government/publications/national-cyber-security-strategy-2016-to-2021">government recognises</a> that it needs to take stringent measures to safeguard information and protect citizens and their rights. As such, the <a href="https://www.ncsc.gov.uk/">National Cyber Security Centre</a> is leading a series of countrywide initiatives to make Britain secure and resilient in cyberspace. For example, it is carrying out <a href="https://www.ipsos.com/ipsos-mori/en-uk/cyber-security-breaches-survey-2018">annual surveys</a>, running an <a href="https://www.cyberessentials.ncsc.gov.uk/">accreditation scheme</a> and <a href="https://www.techuk.org/cyber-growth-partnership">encouraging information sharing</a> to raise awareness of cybersecurity issues among businesses. It is also encouraging initiatives such as the <a href="https://www.ukcybersecurityforum.com/">UK Cyber Security Forum</a>, a social enterprise for small businesses actively working in cybersecurity.</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/248690/original/file-20181204-34142-1ni9bnp.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/248690/original/file-20181204-34142-1ni9bnp.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=401&fit=crop&dpr=1 600w, https://images.theconversation.com/files/248690/original/file-20181204-34142-1ni9bnp.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=401&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/248690/original/file-20181204-34142-1ni9bnp.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=401&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/248690/original/file-20181204-34142-1ni9bnp.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/248690/original/file-20181204-34142-1ni9bnp.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/248690/original/file-20181204-34142-1ni9bnp.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Open to scammers.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/businessman-mask-office-hypocrisy-concept-662294494?src=iXepXE2la_67QdrLh6dKwA-1-8">Elnur/Shutterstock</a></span>
</figcaption>
</figure>
<p>Unfortunately, these efforts don’t seem to be having an impact at local government level. Councils and their services still rely on a diverse array of departments and agencies that hold large, sensitive, partly overlapping and intersecting datasets and responsibility for keeping them safe is often widely shared.</p>
<p>Cybersecurity is still perceived as a purely technical issue, and managers have a limited understanding of the human dimension of the problem. Human error or lack of staff awareness is still <a href="https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/702074/Cyber_Security_Breaches_Survey_2018_-_Main_Report.pdf">among the most common factors</a> contributing to the most disruptive breaches. With many councils using more technology to maintain and even <a href="https://www.pwc.co.uk/local-government/publications/the-local-state-2018.pdf">improve services while reducing costs</a>, this provides ideal opportunities to cybercriminals. </p>
<h2>Intervention needed</h2>
<p>Unsurprisingly, the Local Government Association <a href="https://www.ukauthority.com/articles/taking-stock-of-cyber-security-in-local-government/">recently argued</a> that councils may not be giving cybersecurity the same attention as threats to physical infrastructure. And that councils still need educating on the risks and consequences of a cyber-incident, as well as how to deal with it when it happens. National government must help councils develop the leadership, governance, training and incident management skills that will enable them to ensure strong cybersecurity.</p>
<p>Technology is becoming an <a href="https://www.sciencedirect.com/science/article/pii/S0740624X14001208">ever more important tool</a> for encouraging citizens to engage with their local authorities, but it won’t work if people don’t feel they can trust councils to look after their personal information. What’s more, a data breach would break the psychological contract between citizens and government and lead to a loss of mutual trust.</p>
<p>Back in 2008, UK local government data handling was deemed a <a href="https://www.computerweekly.com/news/2240085249/UK-local-authority-datasets-held-up-as-a-fine-example-to-Europe">model for Europe</a>. Today, the failure of local authorities to protect citizen data may well be the next big scandal waiting to happen.</p><img src="https://counter.theconversation.com/content/107930/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Funding has been received from a local government authority for the research that informs this article.</span></em></p>We found hundreds of local council workers willing to give out login details for government systems without realising.Alexeis Garcia Perez, Reader in Cyber Security Management, Coventry UniversityAnitha Chinnaswamy, Senior Lecturer in Cyber Security Management, Coventry UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/987082018-06-27T19:56:04Z2018-06-27T19:56:04ZShould mobile phones be banned in schools? We asked five experts<figure><img src="https://images.theconversation.com/files/224824/original/file-20180626-19416-ap3yzp.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">We should teach students how to use technology appropriately, rather than banning it.</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>NSW Minister for Education Rob Stokes <a href="https://www.smh.com.au/politics/nsw/massively-overdue-smartphone-review-to-tackle-predators-cyberbullies-20180621-p4zmsz.html">has ordered</a> a review into phone use in schools. He <a href="http://www.abc.net.au/news/2018-06-21/ban-on-smartphones-in-nsw-schools-on-the-cards/9893186">said</a> the review would look at the risks and rewards of social media. The review will ultimately decide whether to ban mobile phones in NSW schools.</p>
<p>Finnish education expert Pasi Sahlberg also recently <a href="https://www.smh.com.au/national/nsw/schools-need-to-react-quickly-education-expert-urges-smartphone-ban-20180525-p4zhm4.html">said</a> he believed mobile phone-related distraction is a main reason for Australia sliding down in <a href="https://www.acer.org/ozpisa">PISA</a> rankings.</p>
<p>Parents and teachers have similar concerns about cyberbullying and safety, as well as technology distracting from schoolwork. But do the benefits of having phones in classrooms (such as contact with parents, access to mental health text lines, and learning opportunities) outweigh the risks?</p>
<p>We asked five experts if schools should ban mobile phones in classrooms.</p>
<h2>Four out of five experts said no</h2>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/224844/original/file-20180626-19385-9y1neu.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/224844/original/file-20180626-19385-9y1neu.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=99&fit=crop&dpr=1 600w, https://images.theconversation.com/files/224844/original/file-20180626-19385-9y1neu.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=99&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/224844/original/file-20180626-19385-9y1neu.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=99&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/224844/original/file-20180626-19385-9y1neu.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=125&fit=crop&dpr=1 754w, https://images.theconversation.com/files/224844/original/file-20180626-19385-9y1neu.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=125&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/224844/original/file-20180626-19385-9y1neu.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=125&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption"></span>
</figcaption>
</figure>
<p><strong><em>Here are their detailed responses:</em></strong></p>
<p><iframe id="tc-infographic-284" class="tc-infographic" height="400px" src="https://cdn.theconversation.com/infographics/284/0ff3874bcae0a177558e633d0f48b8f5d311b11e/site/index.html" width="100%" style="border: none" frameborder="0"></iframe></p>
<hr>
<p><em>If you have a “yes or no” education question you’d like posed to Five Experts, email your suggestion to: sophie.heizer@theconversation.edu.au</em></p>
<hr>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/210303/original/file-20180314-113452-h7un11.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/210303/original/file-20180314-113452-h7un11.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=399&fit=crop&dpr=1 600w, https://images.theconversation.com/files/210303/original/file-20180314-113452-h7un11.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=399&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/210303/original/file-20180314-113452-h7un11.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=399&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/210303/original/file-20180314-113452-h7un11.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=501&fit=crop&dpr=1 754w, https://images.theconversation.com/files/210303/original/file-20180314-113452-h7un11.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=501&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/210303/original/file-20180314-113452-h7un11.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=501&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption"></span>
</figcaption>
</figure>
<p><em>Disclosures: Matthew Kearney receives funding from the ARC and Erasmus+.</em></p><img src="https://counter.theconversation.com/content/98708/count.gif" alt="The Conversation" width="1" height="1" />
Four out of five experts say we shouldn’t ban mobile phones in classrooms.Sophie Heizer, Commissioning Editor, Education, The ConversationLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/930002018-03-21T19:34:43Z2018-03-21T19:34:43Z#MeToo must also tackle online abuse<figure><img src="https://images.theconversation.com/files/210968/original/file-20180319-104699-1gux8n5.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Sharing experiences of #MeToo can open the flood gates for online abuse and physical threats. </span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/teenage-girl-night-on-street-harassment-790842256?src=h7HlrZnD69R4KxjlJosxBA-1-1">from www.shutterstock.com </a></span></figcaption></figure><p><em>Six months after the explosive <a href="https://www.nytimes.com/2017/10/05/us/harvey-weinstein-harassment-allegations.html">allegations of sexual harassment</a> against Hollywood producer Harvey Weinstein came to light, giving impetus to the #MeToo movement, this <a href="https://theconversation.com/au/topics/after-metoo-50716">series</a> looks at the aftermath of the movement, and if it has brought about lasting change to sexual harassment and gender equality.</em></p>
<hr>
<p>Although Tarana Burke’s <a href="https://www.nytimes.com/2017/10/20/us/me-too-movement-tarana-burke.html">#MeToo movement</a> arose initially as a way to capture and share experiences of abuse and harassment in the physical world, there’s another layer we must acknowledge – online abuse. It’s real, and it’s creating harm. </p>
<p>Women who share experiences of #MeToo, or who write about gender issues and political content more broadly, are frequent targets of one-off and sometimes sustained experiences of online abuse. This includes not only abusive comments and trolling, but also rape threats, death threats and offline stalking. </p>
<p>Any actions that are created as a result of #MeToo must include the online space. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/metoo-is-not-enough-it-has-yet-to-shift-the-power-imbalances-that-would-bring-about-gender-equality-92108">#MeToo is not enough: it has yet to shift the power imbalances that would bring about gender equality</a>
</strong>
</em>
</p>
<hr>
<h2>Women are targets</h2>
<p>Writer Laura Gianino knows only too well what can happen when women speak up. After writing about <a href="https://www.bustle.com/articles/135171-i-didnt-say-no-but-it-was-still-rape">her own sexual assault</a>, she was viciously attacked online. She describes <a href="https://www.washingtonpost.com/news/posteverything/wp/2017/10/18/i-went-public-with-my-sexual-assault-and-then-the-trolls-came-for-me/?utm_term=.1f662f2201ef">her concern</a> for women sharing their experiences through the #MeToo hashtag:</p>
<blockquote>
<p>I applaud these women, and I also fear for them. I fear that they will be beaten down by the slut-shamers, and the victim-blamers, by the internet trolls, and the possible real-life trolls.</p>
</blockquote>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"920670617019584512"}"></div></p>
<p>The stats back up Gianino’s fears. Recent research by the <a href="http://www.pewinternet.org/2017/07/11/online-harassment-2017/">PEW Center for Media</a> in the US shows women are twice as likely to experience abusive and/or harassing behaviours online. This finding is supported by <a href="https://www.amnesty.org.uk/files/Resources/Online-abuse-briefing.pdf">research from Amnesty International UK</a>. </p>
<h2>When your job requires social media</h2>
<p>For women working in public-facing roles in politics, business and the media (and even academia) – where social media use is often seen as “part of the job” – the problem is worse. The 2016 Australia’s Women in Media’s (WiM) “Mates over Merit” <a href="https://www.meaa.org/download/mates-over-merit-full-report/">report</a> noted that “41% of women said they’d been harassed, bullied or trolled on social media, while engaging with audiences”. </p>
<p>In their more <a href="https://www.aph.gov.au/Parliamentary_Business/Committees/Senate/Legal_and_Constitutional_Affairs/Cyberbullying/Submissions">recent submission</a> to the ongoing Senate Legal and Constitutional Affairs Inquiry into cyberbullying in Australia, WiM says the problem is getting worse. </p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"965413155626106881"}"></div></p>
<h2>Online life is real life</h2>
<p>Cyber psychologists report that the psychological harms of online harassment are as severe, and <a href="http://journals.sagepub.com/doi/10.1177/1461444816688457">sometimes more severe</a>, as harassment endured in the physical world. Online, victims can feel there’s <a href="http://www.huffingtonpost.ca/2011/08/06/trauma-from-cyberstalking-more-intense_n_920088.html">no escape</a>. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/metoo-exposes-legal-failures-but-trial-by-twitter-isnt-one-of-them-92683">#MeToo exposes legal failures, but ‘trial by Twitter' isn’t one of them</a>
</strong>
</em>
</p>
<hr>
<p>Online abuse also has economic and social impacts, particularly when women choose to quit or avoid work where threats of harm and abuse are not uncommon (such as politics). </p>
<p>For example, WiM reports that some members had left journalism as a result of their experiences online. A communications manager with more than 20 years’ experience said:</p>
<blockquote>
<p>It’s had a huge impact, including being the cause of changing my career as a journalist. </p>
</blockquote>
<h2>Social media platforms can do more</h2>
<p>Unsurprisingly, social media is social – it’s people interacting with people. What happens in comments sections, on Facebook posts or Twitter threads is a reflection of the social power structures we all deal with on a daily basis. When social media platforms fail to act in a timely or consistent manner, or at all when users report abuse or harassment online, it reinforces those structures. </p>
<p>Last year, Amnesty International UK <a href="https://www.amnesty.org.uk/files/Resources/Online-abuse-briefing.pdf">pointed to</a> the need for better training for all staff – including developers, researchers, and especially moderators – at social media companies. </p>
<p>In particular, platforms must be proactive rather than reactive in addressing these issues, and conduct public imposition of policies to ensure abusers are held accountable.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/facebook-turns-to-real-people-to-fix-its-violent-video-problem-77156">Facebook turns to real people to fix its violent video problem</a>
</strong>
</em>
</p>
<hr>
<h2>The workplace can step up</h2>
<p>In workplaces where social media use is expected or encouraged, the additional dangers women face in this environment need to be acknowledged and acted upon. Adequate training and support for staff members should be provided - including education about available legal options, and the creation of internal reporting mechanisms.</p>
<p>An example to consider is the ABC’s <a href="http://www.abc.net.au/radionational/programs/mediareport/social-media-self-defence/6958872">Social Media Self Defence</a> course. Started by Rod McGuinness in 2015, its aim is to equip ABC journalists, in particular women, with the skills and knowledge they need to make their experiences on social media less stressful. For McGuinness, this is part of a “duty of care” the ABC has to its employees.</p>
<p>We also need to consider how we support freelance or contract workers, like journalist Ginger Gorman, who has <a href="https://www.smh.com.au/lifestyle/staring-down-internet-trolls-my-disturbing-cat-and-mouse-game-20170616-gwsmld.html">written extensively</a> about her online experiences. Workers like these often don’t have access to workplace training and support, and also rely more heavily on their social media presence to generate paid work.</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"967897618436194304"}"></div></p>
<h2>Better responses from law enforcement</h2>
<p>In 2016, Prime Minister Malcolm Turnbull pledged millions to <a href="https://www.sbs.com.au/news/turnbull-calls-australia-s-domestic-violence-a-disgrace">address online abuse and “revenge porn”</a>. The Senate’s <a href="https://www.aph.gov.au/Parliamentary_Business/Committees/Senate/Legal_and_Constitutional_Affairs/Cyberbullying">current inquiry</a> into the adequacy of existing law enforcement measures to deal with cyberbullying is a step in the right direction. Hopefully it will lead to the establishment of clearer guidelines around reporting. The committee is due to report on March 28. </p>
<p>Similarly, recent initiatives by state and territory police forces to better educate their officers around the issue are to be praised, as is the establishment of the Australian Cybercrime Online Reporting Network (<a href="https://www.acorn.gov.au/about-acorn">ACORN</a>). </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/how-metoo-can-guide-sex-education-in-schools-93268">How #MeToo can guide sex education in schools</a>
</strong>
</em>
</p>
<hr>
<p>That said, as submissions to the inquiry show, much still needs to be done to ensure that the police and the public are aware not just that cyberharassment or bullying is a crime, but how they might report it. These regulations need to be consistent across the country in recognition of the borderless nature of the online environment. </p>
<p>The #MeToo and #TimesUp movements feel like a great moment of reckoning. As we work through these discussions, we also need to acknowledge that today’s workplace now extends beyond physical spaces. This means recognising the additional dangers women face in online spaces, such as social media, and acting to combat this.</p><img src="https://counter.theconversation.com/content/93000/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Monica Whitty receives funding from RCUK.</span></em></p><p class="fine-print"><em><span>Jennifer Beckett does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Today’s workplaces extend beyond physical spaces, so movements like #metoo must trigger change in how we behave online.Jennifer Beckett, Lecturer in Media and Communications, The University of MelbourneMonica Whitty, Professor in Cyberpsychology, The University of MelbourneLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/796272017-07-13T01:53:28Z2017-07-13T01:53:28ZRace, cyberbullying and intimate partner violence<figure><img src="https://images.theconversation.com/files/177745/original/file-20170711-13828-1sbom74.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Though popular culture might suggest otherwise, cyberbullying isn't just a white problem.</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/young-girl-using-her-mobile-night-510758131?src=SgsVzU0SITina_cEnh-gOg-2-64">tommaso79/shutterstock.com</a></span></figcaption></figure><p>Over the past two decades, cyberbullying has become a major focus for parents, educators and researchers. <a href="https://www.stopbullying.gov/">Stopbullying.gov</a> lists several effects of cyberbullying, including depression, anxiety and decreased academic achievement.</p>
<p>Judging from popular culture, the narratives surrounding cyberbullying tend to have at least one of two themes. One, cyberbullying is a mob-like phenomenon: Television shows such as <a href="http://www.imdb.com/title/tt3488298/">“American Crime”</a> depict a group of teens preying on a vulnerable individual by using social media and text messaging. Second, the face associated with cyberbullying is often a white one. Both in the aforementioned “American Crime,” for example, and in the television movie <a href="http://www.imdb.com/title/tt1930315/">“Cyberbu//y</a>,” the victim is white.</p>
<p>Without discounting youth bullied by groups of their peers or young white men and women who have been cyberbullied, there’s a missing piece of this equation. As a researcher of technology usage and racial inequality, I am interested in the racial differences in cyberbullying.</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/177765/original/file-20170711-14468-13e5u9c.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/177765/original/file-20170711-14468-13e5u9c.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=314&fit=crop&dpr=1 600w, https://images.theconversation.com/files/177765/original/file-20170711-14468-13e5u9c.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=314&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/177765/original/file-20170711-14468-13e5u9c.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=314&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/177765/original/file-20170711-14468-13e5u9c.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=394&fit=crop&dpr=1 754w, https://images.theconversation.com/files/177765/original/file-20170711-14468-13e5u9c.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=394&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/177765/original/file-20170711-14468-13e5u9c.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=394&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">In Cyberbu//y, 17-year-old Taylor Hillridge is pushed to the point of attempting suicide when she’s harassed by her classmates online.</span>
<span class="attribution"><span class="source">ABC Family</span></span>
</figcaption>
</figure>
<h2>Why study racial differences?</h2>
<p>Studies from the Pew Research Center have shown that African-American youth <a href="http://www.pewinternet.org/2010/07/07/mobile-access-2010/">own smartphones</a> at higher rates and <a href="http://www.pewinternet.org/2012/11/25/cell-phone-activities-2012/">use them more frequently</a> than youth of other backgrounds. My own research has shown that young African-Americans have <a href="https://doi.org/10.1177/1461444809341436">more positive views toward technology</a> than other segments of the population.</p>
<p>Their frequency of use and willingness to engage with new technologies suggest that black youth may frequently find themselves in contexts that can lead to cyberbullying – both as victims and perpetrators.</p>
<h2>Cyberbullying as intimate partner violence</h2>
<p>One of those contexts is in digital communication within a current or past relationship. Although much media attention has been paid to the mob characteristics of cyberbullying, there’s <a href="https://doi.org/10.1007/s12103-016-9358-2">ample opportunity</a> for cyberbullying in one-to-one situations. In these scenarios, cyberbullying is a form of intimate partner violence, which the <a href="https://www.cdc.gov/violenceprevention/intimatepartnerviolence/index.html">CDC describes</a> as physical, sexual or psychological harm by a current or former partner or spouse. </p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/177742/original/file-20170711-14423-1v7awfj.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/177742/original/file-20170711-14423-1v7awfj.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/177742/original/file-20170711-14423-1v7awfj.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/177742/original/file-20170711-14423-1v7awfj.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/177742/original/file-20170711-14423-1v7awfj.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/177742/original/file-20170711-14423-1v7awfj.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/177742/original/file-20170711-14423-1v7awfj.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Online harassment is likely to come from people close to the victim.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/smiling-teenage-black-girls-using-mobile-89886766">Samuel Borges Photography/Shutterstock.com</a></span>
</figcaption>
</figure>
<h2>Cyberbullying and race: The data</h2>
<p>I used survey data collected from <a href="http://www.pewinternet.org/2015/10/01/teens-technology-and-romantic-relationships/">September 2014 to March 2015</a> by the <a href="http://www.pewresearch.org/">Pew Research Center</a> to explore connections between race and cyberbullying.</p>
<p>I focused on the 361 teens in that study who replied “yes” to the question: “Have you ever dated, hooked up with or otherwise had a romantic relationship with another person?”</p>
<p>These teens were then asked a series of yes or no questions about their experiences with cellphones in intimate relationships. Nine questions were about their partners attempting to control or harass them through cellphones. These questions measure cyberbullying victimization. Six questions were about how the respondents themselves attempted to control or harass their partners. These questions measured offensive cyberbullying.</p>
<p>My analysis showed that African-American youth as a group responded “yes” to questions about cyberbullying victimization and perpetration more than other groups. </p>
<iframe src="https://datawrapper.dwcdn.net/gAVFM/3/" scrolling="no" frameborder="0" allowtransparency="true" allowfullscreen="allowfullscreen" webkitallowfullscreen="webkitallowfullscreen" mozallowfullscreen="mozallowfullscreen" oallowfullscreen="oallowfullscreen" msallowfullscreen="msallowfullscreen" width="100%" height="570"></iframe>
<p><a href="https://www.academia.edu/33514331/African-American_Digital_Practices_and_Cyberbullying_Exploring_Cyberbullying_Victimization_and_Perpetration_Within_Relationships">More in-depth analysis</a> shows that common criminological and sociological explanations do not explain the racial differences.</p>
<p>For example, one common theory is that students who have unpleasant experiences (what are often called “strains”) <a href="http://cyberbullying.org/cyberbullying-and-strain">are more likely to lash out and bully others</a>. The Pew survey asked questions about unpleasant experiences online such as seeing people post events they weren’t invited to or feeling pressure to post things online that make you look good to others. However, African-American teens are more likely to be perpetrators and victims of cyberbullying – even when they report similar amounts of strain. </p>
<p>The difference in reported cyberbullying is also not a result of social class. Middle-class black teens are more likely to be perpetrators and victims when compared to their white middle-class peers. </p>
<h2>Why are there racial differences in cyberbullying?</h2>
<p>Given the relatively small sample size (361 teens), it would be unwise to jump to any major conclusions. Moreover, we don’t have sufficient data on Asian-American students, so African-American youth can only be compared to white and Hispanic youth. With these caveats, the results still warrant further explanation. </p>
<p>The CDC <a href="https://www.cdc.gov/violenceprevention/pdf/Bullying_Factsheet.pdf">does not list</a> race as a risk factor in bullying in general, and academic research has been <a href="http://dx.doi.org/10.1080/01639625.2013.822209">inconclusive</a> as to whether African-Americans are more likely to bully (or be bullied) than their white peers. </p>
<p>This suggests that the relationship between cyberbullying and race is not powered by a disproportional desire to bully per se, but instead by the interest and ease in using technology for social ends. </p>
<p>The high rates of cyberbullying among black youth are likely to be tied to a general cultural orientation toward using cellphones to navigate the ups and downs of a relationship. Black youth, because of their agility online, simply find technology more amenable to reaching their goals; they’re more likely to turn to technology when choosing to bully their romantic partners.</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/177761/original/file-20170711-13828-glit6h.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/177761/original/file-20170711-13828-glit6h.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/177761/original/file-20170711-13828-glit6h.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/177761/original/file-20170711-13828-glit6h.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/177761/original/file-20170711-13828-glit6h.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/177761/original/file-20170711-13828-glit6h.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/177761/original/file-20170711-13828-glit6h.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">There is a correlation between rates of cyberbullying and frequency of technology use.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/male-high-school-student-by-lockers-198896987?src=xpFGV4LbSCi0vk2oIH9Nkg-1-26">Monkey Business Images/Shutterstock.com</a></span>
</figcaption>
</figure>
<p>This unique adoption of technology appears in other aspects of life. The phenomenon of <a href="http://www.rollingstone.com/culture/news/black-twitter-contains-multitudes-20150716">“Black Twitter”</a> and its ability to influence the national dialogue is a prime example. My own research has identified several <a href="http://dx.doi.org/10.3726/978-1-4539-1335-2">digital practices</a> that distinguish African-Americans from other racial groups. For example, African-Americans are more likely to use social networking sites to make new professional contacts than other racial groups. </p>
<p>This explanation for greater rates of cyberbullying among African-American teens conforms most closely to the data. It also suggests positive recommendations. If black youth are simply more active in the digital environment, the answer for parents and educators may not lie in banning or restricting cellphone use. The answer instead may be to find ways to harness this interest and channel it in more fruitful directions.</p><img src="https://counter.theconversation.com/content/79627/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Roderick S. Graham does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>A recent Pew survey reported that young African-Americans are more likely to be both victims and perpetrators of cyberbullying. Why?Roderick S. Graham, Assistant Professor of Sociology, Old Dominion UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/734192017-04-04T00:44:13Z2017-04-04T00:44:13ZCan better advice keep you safer online?<figure><img src="https://images.theconversation.com/files/163331/original/image-20170330-4557-40z4g9.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Who's giving you advice?</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/women-said-woman-listening-gossip-44414353">Advice via shutterstock.com</a></span></figcaption></figure><p>Many Americans are <a href="http://www.pewinternet.org/2015/05/20/americans-attitudes-about-privacy-security-and-surveillance/">worried about their online privacy and security</a>. And rightly so: <a href="http://dx.doi.org/10.13016/M2FV4T">Nearly half of Americans</a> have encountered at least one serious problem with online safety.</p>
<p>There are a wide range of potential problems: Some people fall victim to criminally malicious attackers who steal personal information like Social Security or bank account numbers, compromise online accounts and conduct online scams stealing people’s money. Other people find friends or family members have shared private information without their consent. And still others lose jobs or other opportunities because prospective employers find unflattering information about them online. What all these situations have in common is simple: We do not have control over the information we believe to be private.</p>
<p>One key to staying safer online may be getting advice from the right places – people and sources with accurate, helpful information that can let you take control of your online privacy and security. My own research, in collaboration with <a href="http://seankross.com/">Sean Kross</a> and <a href="https://www.umiacs.umd.edu/%7Emmazurek/">Michelle Mazurek</a>, explores where people get their advice about online security, and how useful it actually is. </p>
<p>Those sources include librarians, government websites and co-workers. They offer a wide range of advice, such as customizing social media privacy settings and using password managers, which can make it easier to use strong, complex passwords without having to remember them.</p>
<p><a href="http://dx.doi.org/10.13016/M2FV4T">We analyzed a survey of 3,000 internet users across the United States</a>, and found that where people get advice has a lot to do with their online safety experiences. We found that no matter how wealthy or how poor a person is, no matter her education level, the speed of her internet service or whether she has a smartphone, a person’s online safety is closely related to where, and from whom, she gets advice about online security. </p>
<iframe width="100%" height="350" src="https://cs.umd.edu/~eredmiles/lschart.html" allowfullscreen="allowfullscreen" frameborder="0"></iframe>
<h2>Finding good advice</h2>
<p><a href="http://dl.acm.org/citation.cfm?id=2978307">Approximately 70 percent of Americans</a> learn about online security behaviors as a result of advice shared by friends, family and co-workers, or on websites they visit. Often they get this advice in casual conversation or web browsing. The advice they get can influence their behavior, ideally making them better at protecting themselves in the future.</p>
<p>Many people get privacy and security advice from their friends and relatives: 38 percent of Americans received assistance from people close to them. But they may not get very good information: 49 percent of them reported at least one online safety incident, such as identity theft or falling victim to an online scam. Emotional closeness doesn’t necessarily mean someone has good information to share.</p>
<p>Twenty percent of Americans sought out advice from their co-workers. One in four of those who did so also reported an online safety incident – half as many as those who took advice from friends and family.</p>
<p>The 25 percent of Americans who take advice from websites report fewer incidents than those who took advice from friends and coworkers. Only 14 percent of people who took advice from a government website reported an online safety problem. And just more than one in five people who took advice from a nongovernmental website reported an online safety incident. </p>
<p>The 13 percent of Americans who get advice from teachers or librarians, however, report the lowest frequency of online negative experiences: 8 percent of them had an online safety problem.</p>
<iframe src="https://datawrapper.dwcdn.net/YV24c/8/" frameborder="0" allowtransparency="true" allowfullscreen="allowfullscreen" webkitallowfullscreen="webkitallowfullscreen" mozallowfullscreen="mozallowfullscreen" oallowfullscreen="oallowfullscreen" msallowfullscreen="msallowfullscreen" width="100%" height="500"></iframe>
<h2>Evaluate the source</h2>
<p>With so much security advice available, of such varied quality, our research suggests people should not just follow their friends’ advice, or do something they read about online. Instead, when asking for advice from co-workers, friends and family, people should also ask how they learned this information. And they should think critically about the answers they get. Do those answers jibe with other advice from other sources? Seeking out people who work in internet or technology fields can also give useful perspectives, either about others’ advice or their own suggestions.</p>
<p>Our findings also suggest that librarians are underutilized but potentially very valuable sources of online safety information. We asked local librarians for a few suggestions of good resources for getting started with protecting your information. They recommended <a href="https://www.sjpl.org/privacy/get-started-today">Get Started With Privacy</a>, the <a href="https://hackblossom.org/cybersecurity/">Security Cheat Sheet</a> and <a href="https://ssd.eff.org">Security Starter Pack & Tutorials</a> as good first steps to making an online security plan. </p>
<p>To help keep children safe online, the librarians also recommended the <a href="https://staysafeonline.org/data-privacy-day/privacy-library/privacy-basics-for-parents-and-families">National Cybersecurity Alliance</a> website, with security and privacy activities and information for kids and parents alike. Our research also suggests that teachers may be a good source of high quality online security advice.</p>
<p>Research suggests that <a href="https://www.usenix.org/system/files/conference/soups2015/soups15-paper-ion.pdf">people should keep their software updated</a>, use a <a href="https://www.cnet.com/how-to/how-and-why-to-set-up-and-use-a-password-manager/">password manager</a> to assist with having strong and unique passwords and use <a href="https://theconversation.com/the-age-of-hacking-brings-a-return-to-the-physical-key-73094">two-factor authentication</a> to further secure their online accounts. With better advice from better sources, more people will stay safer online.</p><img src="https://counter.theconversation.com/content/73419/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Elissa Redmiles has received funding or data from the ACM Special Interest Group on Computer Science Education, Data&Society, Facebook, and the National Center for Women in Technology. She is also an editorial board member at Data4America. </span></em></p>Where people get advice about online safety may affect how safe they are.Elissa M. Redmiles, Ph.D. Student in Computer Science, University of MarylandLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/627732016-07-27T18:09:49Z2016-07-27T18:09:49ZAs surveillance gets smart, hackers get smarter<figure><img src="https://images.theconversation.com/files/131903/original/image-20160726-26512-1pubab8.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">It's a cat and mouse game that could put our online privacy and security at risk.</span> <span class="attribution"><span class="source">Shutterstock/welcomia</span></span></figcaption></figure><p>There is an escalating technological arms race underway between governments and <a href="http://nms.sagepub.com/content/7/5/625.short">hacktivists</a>. As governments step up their surveillance, the hacktivists find new ways to subvert it.</p>
<p>This cat and mouse game has been described as a <a href="http://www.bbc.com/news/magazine-26581130">crypto war</a> and it’s been going on for decades.</p>
<p>Top secret documents released by <a href="https://theconversation.com/au/topics/edward-snowden">Edward Snowden</a> confirmed the extent of global internet surveillance by government agencies. For example, the United States National Security Agency (NSA) obtained access to systems maintained by <a href="https://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data">tech companies</a> and <a href="http://www.smh.com.au/it-pro/security-it/edward-snowden-reveals-tapping-of-major-australianew-zealand-undersea-telecommunications-cable-20140915-10h96v.html">intercepted undersea cables</a> to monitor global internet traffic. </p>
<h2>New laws, new powers</h2>
<p>The motivation behind the expansion of surveillance powers is to use intelligence gathering to improve security. We see this in recent Australian legislative developments.</p>
<p>Australian <a href="https://www.legislation.gov.au/Details/C2014A00108">laws</a> allow the Australian Security Intelligence Organisation (<a href="https://www.asio.gov.au/">ASIO</a>) to infiltrate computer networks. Other new <a href="https://www.legislation.gov.au/Details/C2015A00039">laws</a> require internet service providers (ISPs) to retain <a href="https://theconversation.com/au/topics/metadata">metadata</a> for two years.</p>
<p>A <a href="http://www.abc.net.au/news/2016-01-18/government-releases-list-of-agencies-applying-to-access-metadata/7095836">range of government agencies</a> enjoy access without warrant, including many unrelated to criminal justice or national security. </p>
<p>But past experience shows how online surveillance can provoke hacktivists to develop and disseminate technologies that enhance privacy.</p>
<p>The <a href="https://www.penguin.com.au/products/9781863957717/cypherpunk-revolutionary-julian-assange-short-black-9">Cypherpunk</a> movement arose in direct opposition to state surveillance. They promoted privacy online and released <a href="http://www.pgpi.org/">cryptographic code</a> to thwart prying eyes.</p>
<p>Contemporary advocates for surveillance self-defence include the <a href="https://ssd.eff.org/en">Electronic Frontier Foundation</a> and Australian Greens Senator <a href="http://scott-ludlam.greensmps.org.au/stopdataretention">Scott Ludlam</a>. </p>
<p>Public figures like Snowden continue to raise awareness and provide advice on how to evade surveillance. Use of TOR, a network that allows people to browse the internet anonymously, <a href="http://www.theregister.co.uk/2013/08/29/tor_usage_up_by_more_than_100_in_august/">increased dramatically</a> following Snowden’s revelations about NSA snooping.</p>
<p>The <a href="http://fortune.com/2016/04/25/snowden-encryption-james-clapper/">US Director of National Intelligence</a> said Snowden’s disclosures accelerated the uptake of encryption by seven years. Just last week it <a href="https://www.theguardian.com/us-news/2016/jul/21/phone-case-privacy-data-monitor-bluetooth-wifi-snowden-introspection-engine">was reported</a> that Snowden is developing a new tool to show when mobile phone communications are being monitored.</p>
<p>What all this means is that technologies that enhance privacy are now readily available and widely used. There has already been a marked <a href="http://www.scmagazineuk.com/encryption-increasingly-used-to-hide-attacks-says-new-report/article/478222/">increase in encrypted internet traffic</a>. </p>
<p>Even Australian Prime Minister <a href="http://www.abc.net.au/news/2015-03-03/malcolm-turnbull-uses-secret-messaging-app-instead-of-sms/6276712">Malcolm Turnbull</a> admitted he used <a href="https://www.wickr.com/">Wickr</a> to encrypt communications. </p>
<p>Hacktivists have also launched cyber-attacks in protest to government activities and surveillance. Distributed denial-of-service attacks have been targeted at both government and corporate websites in response to <a href="http://www.bbc.com/news/uk-17648852">email surveillance and extradition</a> and the <a href="https://wikileaks.org/Protesters-against-WikiLeaks.html">banking blocks</a> against WikiLeaks.</p>
<h2>Encryption facilitates crime online</h2>
<p>Although arising from benevolent motives, these same tools can be used for more sinister purposes. Illicit marketplaces abound in the <a href="http://www.tandfonline.com/doi/full/10.1080/00396338.2016.1142085">dark web</a>. Anyone can anonymously buy drugs, firearms, stolen identification or distribute child pornography online.</p>
<p>Hackers are now using encryption <a href="https://www.sonicwall.com/whitepaper/2016-dell-security-annual-threat-report8107907">to defeat firewalls</a> and overcome anti-virus protection. This has resulted in an upsurge in malware attacks around the world. </p>
<p>The ability to conceal identities, communications and locations <a href="http://www.smh.com.au/technology/technology-news/police-follow-the-silk-road-to-online-drug-marketplace-20120810-23ztk.html">poses more challenges</a> for law enforcement and security agencies. It makes identifying offenders and accessing evidence even harder. </p>
<p>This means additional resources and new technical skills are needed. Earlier this year the Australian Government announced <a href="http://www.budget.gov.au/2016-17/content/bp2/html/bp2_expense-20.htm">A$230 million</a> in funding to implement the <a href="https://cybersecuritystrategy.dpmc.gov.au/assets/img/PMC-Cyber-Strategy.pdf">Cyber Security Strategy</a>. This outlines plans for increased intelligence and offensive cyber capabilities.</p>
<p>And so the arms race in the crypto-war continues.</p>
<h2>Security through surveillance?</h2>
<p>Despite all this, questions remain about the success of blanket surveillance programs. There is currently no evidence to indicate this actually increases security. </p>
<p>We know surveillance can be effective under <a href="http://www.campbellcollaboration.org/lib/project/49/">narrow conditions</a>, but only for specific crimes. Collecting too much information can also be a <a href="http://euc.sagepub.com/content/1/3/307.short">barrier</a> to effective intelligence systems.</p>
<p>Recent terrorist attacks in Paris reveal how data retention programs that attempt to identify every possible threat are <a href="http://www.slate.com/articles/technology/future_tense/2015/11/the_paris_attacks_weren_t_stopped_by_metadata_surveillance_that_hasn_t_stopped.html">not failsafe</a>. Security agencies become overwhelmed with data. Collecting as much information as possible about as many people as possible may be positively harmful. </p>
<p>Significant resources are being spent on strategies with questionable efficacy. These strategies impact privacy, provoke opposition and create new challenges to overcome. </p>
<h2>The privacy-security paradox</h2>
<p>Governments are seeking to detect threats through surveillance. But hacktivists are responding to a perceived injustice. Namely, the invasion of the privacy of all internet users. </p>
<p>Successive governments <a href="http://www.abc.net.au/news/2014-09-22/abbott-warns-of-shifting-balance-freedom-security/5760818">have argued</a> for the need to balance security and privacy. But there are both political and practical problems with this approach. </p>
<p><a href="http://www.tandfonline.com/doi/abs/10.1080/08109020601030001">Leading academics</a> argue security interests will always outweigh individual rights. But encroaching on the privacy of all internet users just antagonises hacktivists and inspires further development and use of tools to enhance privacy. </p>
<p>The security versus privacy trade-off becomes a self-defeating paradox.</p>
<p>So we need to rethink this balancing act in a way that respects the rights of internet users. The public needs to have confidence that their privacy is respected and that governments are collecting and using information appropriately. </p>
<p>Certainly governments have a responsibility for countering threats like terrorism. But it is important to realise that mass indiscriminate surveillance, and the development of technologies to circumvent it, are evolving together.</p>
<p>Governments may think they are smart in surveillance, but those evading it are even smarter.</p><img src="https://counter.theconversation.com/content/62773/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Monique is a member of the Australian Privacy Foundation.
While at the Australian Institute of Criminology Monique consulted for the CrimTrac agency. The views expressed here are those of the author and do not represent the views of any Australian Government agency.</span></em></p><p class="fine-print"><em><span>Michael Wilson does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>As governments look to new ways to step up surveillance, hackers find new ways to subvert it. Is there a way to end this cat and mouse game, described as a crypto-war?Monique Mann, Lecturer, School of Justice, Faculty of Law, Crime and Justice Research Centre, Queensland University of TechnologyMichael Wilson, PhD Candidate, School of Justice, Faculty of Law, Queensland University of TechnologyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/488242015-10-15T22:45:14Z2015-10-15T22:45:14ZFour things you should be doing to protect yourself from cyberattack<figure><img src="https://images.theconversation.com/files/98483/original/image-20151015-19348-siwk0p.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">There are a few things you can do to keep yourself safe online.</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>It is easy to get lost in a sea of information when looking at cybersecurity issues. And hearing about hacks and cyberattacks as they happen is a surefire way to feel helpless and totally disempowered. </p>
<p>What follows is a sort of future shock, where we become fatalistic about the problem. After all, <a href="http://www.pwc.com.au/consulting/publications/global-information-security/index.htm">86% of organisations</a> from around the world surveyed by PwC reported exploits of some aspect of their systems within a one year period. That represented an increase of 38% on the previous year. </p>
<p>However, once the situation comes into focus, the problem becomes much more manageable. There are a range of things that can we can easily implement to reduce the risk of an incident dramatically. </p>
<p>For example, Telstra estimates that <a href="http://www.telstra.com.au/business-enterprise/download/document/telstra-cyber-security-report-2014.pdf">45% of security incidents</a> are the result of staff clicking on malicious attachments or links within emails. Yet that is something that could be fairly easily fixed.</p>
<h2>Confidence gap</h2>
<p>There is currently a gap between our confidence in what we can do about security and the amount we can actually do about it. That gap is best filled by awareness. </p>
<p>Many organisations, such as the <a href="http://www.accs.unsw.adfa.edu.au/">Australian Centre for Cyber Security</a>, <a href="https://www.americanexpress.com/australia/">American Express</a> and <a href="http://www.distilnetworks.com/">Distil Networks</a> provide basic advice to help us cope with future shock and start thinking proactively about cybersecurity.</p>
<p>The Australia Signals Directorate (<a href="http://www.asd.gov.au/">ASD</a>) – one of our government intelligence agencies – also estimates that adhering to its <a href="http://www.asd.gov.au/publications/protect/top_4_mitigations.htm">Top Four Mitigation Strategies</a> would prevent at least 85% of targeted cyberattacks. </p>
<p>So here are some of the top things you can do to protect yourself from cyberattacks:</p>
<h3>1) Managed risk</h3>
<p>First up, we need to acknowledge that there is no such thing as perfect security. That message might sound hopeless but it is true of all risk management; some risks simply cannot be completely mitigated. </p>
<p>However, there are prudent treatments that can make risk manageable. Viewing cybersecurity as a natural extension of traditional risk management is the basis of all other thinking on the subject, and a <a href="https://www.cert.gov.au/system/files/614/679/2013%20CERT%20Australia%20Cyber%20Crime%20%2526%20Security%20Survey%20Report.pdf">report by CERT Australia</a> states that 61% of organisations do not have cybersecurity incidents in their risk register. </p>
<p>ASD also estimates that the vast majority of attacks are not very sophisticated and can be prevented by simple strategies. As such, think about cybersecurity as something that can managed, rather than cured.</p>
<h3>2) Patching is vital</h3>
<p>Patching is so important that ASD mentions it twice on its top four list. Cybersecurity journalist Brian Krebs say it three times: “<a href="http://resources.distilnetworks.com/h/i/67802950-16-world-renowned-it-security-experts-provide-their-website-security-tips-and-what-you-should-never-do/181642">update, update, update</a>”. </p>
<p>Update your software, phone and computer. As a rule, don’t use Windows XP, as Microsoft is no longer providing security updates. </p>
<p>Updating ensures that known vulnerabilities are fixed and software companies employ highly qualified professionals to develop their patches. It is one of the few ways you can easily leverage the cybersecurity expertise of experts in the field.</p>
<h3>3) Restricting access means restricting vulnerabilities</h3>
<p>The simple rule is: don’t have one gateway for everything. If all it takes to get into the core of a system is one password, then all it takes is one mistake for the gate to be opened. </p>
<p>Build administrator privileges into your system so that people can only use what they are meant to. For home businesses it could mean something as simple as having separate computers for home and work, or not giving administrator privileges to your default account.</p>
<p>It could also be as simple as having a content filter on employee internet access so they don’t open the door when they accidentally click on malware. </p>
<h3>4) Build permissions from the bottom up</h3>
<p><a href="http://www.asd.gov.au/publications/protect/application_whitelisting.htm">Application whitelisting</a> might sound complicated, but what it really means is “deny by default”: it defines, in advance, what is allowed to run and ensures that nothing else will. </p>
<p>Most people think of computer security as restricting access, but whitelisting frames things in opposite terms and is therefore much more secure. Most operating systems contain whitelisting tools that are relatively easy to use. When used in conjunction with good advice, the result is a powerful tool to protect a network.</p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/meEu_0UZ9l0?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">The Australian Signals Directorate released a video in 2012 with an overview of cyber threats.</span></figcaption>
</figure>
<h2>Simple things first</h2>
<p>Following these basic rules covers the same ground as ASD’s top four mitigation strategies and substantially lowers your vulnerability to cyberattack. If you want to delve deeper, there are <a href="http://www.asd.gov.au/publications/protect/home_computer_security.htm">more tips</a> on the ASD site.</p>
<p>There are many debates that will follow on from this, such as: developing a national cybersecurity strategy; deciding if people should have to report an incident; the sort of insurance that should be available; what constitutes a proportionate response to an attack; and a whole range of others. </p>
<p>Each of those debates is underpinned by a basic set of information that needs to be implemented first. Future shock is something that can be overcome in this space, and there are relatively simple measures that can be put into place in order to make us more secure. Before embarking on anything complicated, we should at least get these things right.</p><img src="https://counter.theconversation.com/content/48824/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Robert Potter does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Getting the basics of cybersecurity right could eliminate 85% of the threats overnight. Here are some tips to get you started.Robert Potter, PhD Candidate Political Science, The University of QueenslandLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/437162015-07-10T03:34:13Z2015-07-10T03:34:13ZAustralia could become a leader in cybersecurity research<figure><img src="https://images.theconversation.com/files/87885/original/image-20150709-10879-11msbt8.jpg?ixlib=rb-1.1.0&rect=354%2C75%2C2067%2C1774&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Cybersecurity is becoming increasingly important.</span> <span class="attribution"><span class="source">nikcname/Flickr</span>, <a class="license" href="http://creativecommons.org/licenses/by/4.0/">CC BY</a></span></figcaption></figure><p><em>This article is part of our series on the <a href="http://www.science.gov.au/scienceGov/news/Pages/PrioritisingAustraliasFuture.aspx">Science and Research Priorities</a> recently announced by the Federal Government. You can read the introduction to the series by Australia’s Chief Scientist, Ian Chubb, <a href="http://theconversation.com/australias-chief-scientist-on-getting-our-research-priorities-right-43833">here</a>.</em></p>
<hr>
<p><strong>Alex Zelinsky</strong><br>
<em>Chief Defence Scientist, Defence Science and Technology</em></p>
<p>The national science and research priorities have been developed with the goal of maximising the national benefit from research expenditure, while strengthening our capacity to excel in science and technology. </p>
<p><a href="https://theconversation.com/au/topics/cybersecurity">Cybersecurity</a> has been identified as a research priority due to Australia’s increasing dependence on cyberspace for national well-being and security. Cyberspace underpins both commercial and government business; it is globally accessible, has no national boundaries and is vulnerable to malicious exploitation by individuals, organised groups and state actors. </p>
<p>Cybersecurity requires application of research to anticipate vulnerabilities, strengthen cyber systems to ward off attacks, and enhance national capability to respond to, recover from, and continue to operate in the face of a cyber-attack.</p>
<p>Cyberspace is a complex, rapidly changing environment that is progressed and shaped by technology and by how the global community adopts, adapts and uses this technology. Success in cyberspace will depend upon our ability to “stay ahead of the curve”. </p>
<p>Research will support the development of new capability to strengthen the information and communications systems in our utilities, business and government agencies against attack or damage. Investment will deliver cybersecurity enhancements, infrastructure for prototype assessment and a technologically skilled workforce.</p>
<p>Accordingly, priority should be given to research that will lead to: </p>
<ol>
<li><p>Highly secure and resilient communications and data acquisition, storage, retention and analysis for government, defence, business, transport systems, emergency and health services </p></li>
<li><p>Secure, trustworthy and fault-tolerant technologies for software applications, mobile devices, cloud computing and critical infrastructure</p></li>
<li><p>New technologies for detection and monitoring of vulnerabilities and intrusions in cyber infrastructure, and for managing recovery from failure.</p></li>
</ol>
<hr>
<p><strong>Andrew Goldsmith</strong><br>
<em>Director of the Centre for Crime Policy and Research, Flinders University</em></p>
<p>Sensible science and research on cybersecurity must be premised upon informed, rather than speculative, “what if”, analysis. Researchers should not be beholden to institutional self-interest from whichever sector: government; business; universities; or security/defence agencies.</p>
<p>We need to be clear about what the cybersecurity threat landscape looks like. It is a variable terrain. Terms such as “cyber-terrorism” tend to get used loosely and given meanings as diverse as the <a href="https://theconversation.com/au/topics/stuxnet">Stuxnet</a> attack and the use of the internet by disenchanted converts to learn how to build a pipe bomb.</p>
<p>We need to ask and answer the question: who has the <a href="https://ccdcoe.org/publications/2012proceedings/2_6_Dunn%20Cavelty_TheMilitarisationOfCyberspace.pdf">interest and the capability to attack us and why</a>?</p>
<p>References to “warfare” can be misleading. A lot of what we face is not “war” but espionage, crime and political protest. More than two decades into the lifecycle of the internet, we have not yet had an electronic Pearl Harbour event.</p>
<p>Cybersecurity depends upon human and social factors, not just technical defences. We need to know our “enemies” as well as ourselves better, in addition to addressing technical vulnerabilities.</p>
<p>We should be sceptical about magic bullet solutions of any kind. Good defences and secure environments depend upon cooperation across units, a degree of decentralisation, and built-in redundancy. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/87992/original/image-20150710-24068-1aeu5tu.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/87992/original/image-20150710-24068-1aeu5tu.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/87992/original/image-20150710-24068-1aeu5tu.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=450&fit=crop&dpr=1 600w, https://images.theconversation.com/files/87992/original/image-20150710-24068-1aeu5tu.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=450&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/87992/original/image-20150710-24068-1aeu5tu.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=450&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/87992/original/image-20150710-24068-1aeu5tu.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=566&fit=crop&dpr=1 754w, https://images.theconversation.com/files/87992/original/image-20150710-24068-1aeu5tu.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=566&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/87992/original/image-20150710-24068-1aeu5tu.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=566&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Cybercrime is a growing problem, and it’ll take concerted efforts to prevent it escalating further.</span>
<span class="attribution"><span class="source">Brian Klug/Flickr</span>, <a class="license" href="http://creativecommons.org/licenses/by-nc/4.0/">CC BY-NC</a></span>
</figcaption>
</figure>
<hr>
<p><strong>Jodi Steel</strong><br>
<em>Director, Security Business Team at NICTA</em></p>
<p>Cybersecurity is an essential underpinning to success in our modern economies. </p>
<p>It’s a complex area and there are no magic bullet solutions: success requires a range of approaches. The national research priorities for cybersecurity highlight key areas of need and opportunity.</p>
<p>The technologies we depend on in cyberspace are often not worthy of our trust. Securing them appropriately is complex and often creates friction for users and processes. Creation of secure, trustworthy and fault-tolerant technologies – security by design – can remove or reduce security friction, improving overall security posture. </p>
<p>Australia has some key capabilities in this area, including cross-disciplinary efforts. </p>
<p>The ability to detect and monitor vulnerabilities and intrusions and to recover from failure is critical, yet industry reports indicate that the average time to detect malicious or criminal attack is around six months. New approaches are needed, including improved technological approaches as well as collaboration and information sharing. </p>
<p>Success in translating research outcomes to application – for local needs and for export – will be greater if we are also able to create an ecosystem of collaboration and information sharing, especially in the fast-moving cybersecurity landscape. </p>
<hr>
<p><strong>Vijay Varadharajan</strong><br>
<em>Director, Advanced Cyber Security Research Centre at Macquarie University</em></p>
<p>Cyberspace is transforming the way we live and do business. Securing cyberspace from attacks has become a critical need in the 21st century to enable people, enterprises and governments to interact and conduct their business. Cybersecurity is a key enabling technology affecting every part of the information-based society and economy. </p>
<p>The key technological challenges in cybersecurity arise from increased security attacks and threat velocity, securing large scale distributed systems, especially “systems of systems”, large scale secure and trusted data driven decision making, secure ubiquitous computing and pervasive networking and global participation. </p>
<p>In particular, numerous challenges and opportunities exist in the emerging areas of <a href="https://theconversation.com/au/topics/cloud-computing">cloud computing</a>, <a href="https://theconversation.com/au/topics/internet-of-things">Internet of Things</a> and <a href="https://theconversation.com/au/topics/big-data">Big Data</a>. New services and technologies of the future are emerging and likely to emerge in the future in the intersection of these areas. Security, privacy and trust are critical for these new technologies and services. </p>
<p>For Australia to be a leader, it is in these strategic areas of cybersecurity that it needs to invest in research and development leading to new secure, trusted and dependable technologies and services as well as building capacity and skills and thought leadership in cybersecurity of the future. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/87886/original/image-20150709-10889-1oo52e3.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/87886/original/image-20150709-10889-1oo52e3.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/87886/original/image-20150709-10889-1oo52e3.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=338&fit=crop&dpr=1 600w, https://images.theconversation.com/files/87886/original/image-20150709-10889-1oo52e3.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=338&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/87886/original/image-20150709-10889-1oo52e3.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=338&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/87886/original/image-20150709-10889-1oo52e3.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=424&fit=crop&dpr=1 754w, https://images.theconversation.com/files/87886/original/image-20150709-10889-1oo52e3.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=424&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/87886/original/image-20150709-10889-1oo52e3.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=424&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">As more information is stored in the cloud, we need to be mindful of how to protect it from attack.</span>
<span class="attribution"><span class="source">FutUndBeidl/Flickr</span>, <a class="license" href="http://creativecommons.org/licenses/by/4.0/">CC BY</a></span>
</figcaption>
</figure>
<hr>
<p><strong>Craig Valli</strong><br>
<em>Director of Security Research Institute at Edith Cowan University</em></p>
<p>ICT is in every supply chain or critical infrastructure we now run for our existence on the planet. The removal or sustained disruption of ICT as a result of lax cybersecurity is something we can no longer overlook or ignore. </p>
<p>The edge between cyberspace and our physical world is blurring with destructive attacks on physical infrastructure already occurring. The notion of the nation state, and its powers and its abilities to cope with these disruptions, are also significantly being challenged. </p>
<p>The ransacking of countries’ intellectual property by cyber-enabled actors is continuing unabated, robbing us of our collective futures. These are some of the strong indicators that currently we are getting it largely wrong in addressing cybersecurity issues. We cannot persist in developing linear solutions to network/neural security issues presented to us by cyberspace. We need change.</p>
<p>The asymmetry of cyberspace allows a relatively small nation state to have significant advantage in cybersecurity, Israel being one strong example. Australia could be the next nation, but not without significant, serious, long-term, collaborative investments by government, industry, academy and community in growing the necessary human capital. This initiative is hopefully the epoch of that journey. </p>
<hr>
<p><strong>Liz Sonenberg</strong><br>
<em>Professor of Computing and Information Systems, and Pro Vice-Chancellor (Research Collaboration and Infrastructure) at University of Melbourne</em></p>
<p>There are more than two million actively trading businesses in Australia and more than 95% have fewer than 20 employees. Such businesses surely have no need for full-time cybersecurity workers, but all must have someone responsible to make decisions about which IT and security products and services to acquire. </p>
<p>At least historically, new technologies have been developed and deployed without sufficient attention to the security implications. So bad actors have found ways to exploit the resulting vulnerabilities. </p>
<p>More research into software design and development from a security perspective, and research into better tools for security alerts and detection is essential. But such techniques will never be perfect. Research is also needed into ways of better supporting human cyberanalysts – those who work with massive data flows to identify anomalies and intrusions. </p>
<p>New techniques are needed to enable the separation of relevant from irrelevant data about seemingly unconnected events, and to integrate perspectives from multiple experts. Improving technological assistance for humans requires a deep understanding of human cognition in the complex, mutable and ephemeral environment of cyberspace. </p>
<p>The cybersecurity research agenda is thus only partly a technical matter: disciplines such as decision sciences, organisational behaviour and international law all must play a part. </p>
<hr>
<p><strong>Sven Rogge</strong><br>
<em>Professor of Physics and Program Manager at the Centre for Quantum Computation & Communication Technology at UNSW</em></p>
<p>Cybersecurity is essential for our future in a society that needs to safeguard information as much as possible for secure banking, safe transportation, and protected power grids.</p>
<p><a href="https://theconversation.com/au/topics/quantum-computing">Quantum information technology</a> will transform data communication and processing. Here, quantum physics is exploited for new technologies to protect, transmit and process information. Classical cryptography relies on mathematically hard problems such as factoring which are so difficult to solve that classical computers can take decades. Quantum information technology allows for an alternative approach to this problem that will lead to a solution on a meaningful timescale, such as minutes in contrast to years. Quantum information technology allows for secure encoding and decoding governed by fundamental physics which is inherently unbreakable, not just hard to break.</p>
<p>Internationally, quantum information is taking off rapidly underlined by large government initiatives. At the same time there are commercial investments from companies such as Google, IBM, Microsoft and Lockheed Martin.</p>
<p>Due to long term strategic investments in leading academic groups Australia remains at the forefront globally and enjoys a national competitive advantage in quantum computing and cybersecurity. We should utilise the fact that Australia is a world leader and global player in quantum information science to provide many new high technology industries for its future.</p>
<hr>
<p><strong>Read more in our Science and Research Priorities series</strong></p>
<p><a href="https://theconversation.com/the-future-of-manufacturing-in-australia-is-smart-agile-and-green-43645">The future of manufacturing in Australia is smart, agile and green</a></p>
<p><a href="https://theconversation.com/on-the-road-research-can-improve-transport-across-australia-43643">On the road: research can improve transport across Australia</a></p>
<p><a href="https://theconversation.com/research-priority-make-australias-health-system-efficient-equitable-and-integrated-43547">Research priority: make Australia’s health system efficient, equitable and integrated</a></p><img src="https://counter.theconversation.com/content/43716/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Alex Zelinsky is the Chief Defence Scientist of the Department of Defence; research within Defence Science and Technology is Government funded.</span></em></p><p class="fine-print"><em><span>Andrew Goldsmith receives funding from the Australian Research Council.</span></em></p><p class="fine-print"><em><span>Craig Valli is Research Director of the Australian Cyber Security Research Institute. He has received funding from NSST/PMC, European Union FP7 Program, NCRIS and various Australian agencies. Craig is a Fellow of the Australian Computer Society.</span></em></p><p class="fine-print"><em><span>National ICT Australia is funded by the Australian Government as represented by the Australian Research Council and the Department of Communications through the ICT Centre of Excellence program.</span></em></p><p class="fine-print"><em><span>Liz Sonenberg receives funding from the Australian Research Council and has conducted joint projects with DSTO scientists.</span></em></p><p class="fine-print"><em><span>Sven Rogge receives funding from the Australian Research Council.</span></em></p><p class="fine-print"><em><span>Vijay Varadharajan receives funding from Australian Research Council, NSST/PMC</span></em></p>Online infrastructure and business are becoming increasingly important, as is our need to focus research efforts on securing them from cyber-attack.Alex Zelinsky, Chief Defence Scientist, Defence Science and Technology OrganisationAndrew Goldsmith, Strategic Professor of Criminology, Flinders UniversityCraig Valli, Director of Security Research Institute, Edith Cowan UniversityJodi Steel, Director, Security Business Team, Data61Liz Sonenberg, Professor, Computing and Information Systems, and Pro Vice-Chancellor (Research Collaboration and Infrastructure), The University of MelbourneSven Rogge, Professor of Physics, UNSW SydneyVijay Varadharajan, Director: Advanced Cyber Security Research Centre, Macquarie UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/433882015-06-21T20:19:52Z2015-06-21T20:19:52ZRape threats and cyberhate? Vote no to the new digital divide<figure><img src="https://images.theconversation.com/files/85327/original/image-20150617-23343-1iknqs6.png?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Blogger and media critic Anita Sarkeesian in a Feminist Frequency video.</span> <span class="attribution"><a class="source" href="http://feministfrequency.com/2012/01/30/lego-gender-part-1-lego-friends/">from www.feministfrequency.com</a></span></figcaption></figure><p><em>This article is part of the <a href="https://theconversation.com/au/topics/democracy-futures">Democracy Futures</a> series, a <a href="http://sydneydemocracynetwork.org/shortcodes/images-videos/articles-democracy-futures/">joint global initiative</a> with the <a href="http://sydneydemocracynetwork.org/">Sydney Democracy Network</a>. The project aims to stimulate fresh thinking about the many challenges facing democracies in the 21st century.</em></p>
<p><em>WARNING: This article contains graphic language of a violent sexual nature.</em></p>
<hr>
<p>Have you noticed that variations on the phrase “as a woman online” are kick-starting more and more conversations in the cybersphere? A recent example involves the writer Alex Blank Millard. </p>
<p>Millard conducted a <a href="http://www.xojane.com/it-happened-to-me/i-was-a-man-on-twitter?utm_source=huffpost_women&utm_medium=pubexchange">Twitter experiment</a> in which she changed her profile photo to that of a man. When Millard tweeted as a woman about rape culture, fat shaming and systemic oppression, the standard response was a deluge of rape and death threats, and a bunch of guys calling her fat. When she tweeted about these exact same things as a straight-looking white man, something incredible happened. Instead of cyberhate, she got retweeted and favourited.</p>
<p>As a woman on the internet, Millard’s tweets resulted in abuse. As a man, they sparked debate.</p>
<p>The phrase “as a woman online” reflects the fact that engaging on the internet has become a very different experience for women as opposed to men. I have certainly noticed that if you express an opinion on pretty much anything, odds are it is just a matter of time before a horde of furious man-trolls tell you that you’re too fat/ugly/gay to rape/maim/kill, but they’ll do it anyway because that’s just the kind of generous individuals they are.</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"600636784557608960"}"></div></p>
<p>Gendered cyberhate is not a private problem but a public crisis. Among other ramifications, it poses a challenge for digital citizenship and raises serious questions about how we do democracy in the digital century.</p>
<h2>Feminism, democracy and the digital divide</h2>
<p>The traditional feminist critique of democracy is that – as per George Orwell’s Animal Farm – on paper all genders may be equal, but in practice some are more equal than others. While universal suffrage is a good start, it’s simply not the end of the story with regards to equity of citizenship and political participation. </p>
<p>Political theorist <a href="https://en.wikipedia.org/wiki/Carole_Pateman">Carole Pateman</a> begins <a href="https://books.google.com.au/books?id=Vlq73L-2T2oC&pg=PA210&lpg=PA210&dq=For+feminists+democracy+has+never+existed&source=bl&ots=ul6eqnJfS6&sig=qr6qpUsEbQa5dmbDPq5nfffJjuM&hl=en&sa=X&ved=0CCAQ6AEwAWoVChMI4vjzuPiVxgIV4eKmCh2uYAA6#v=onepage&q=For%20feminists%20democracy%20has%20never%20existed&f=false">Feminism and Democracy</a> with the wry observation that feminists could dispose of this subject extremely briskly.</p>
<blockquote>
<p>For feminists, democracy has never existed; women have never been and still are not admitted as full and equal members and citizens in any country known as a “democracy”. </p>
</blockquote>
<p>Pateman’s point here is that confining “the political” to voting obscures many economic and social inequities. A parallel scenario emerges when we look at issues of equity and citizenship in digital domains. While everyone in a given community may have the raw tools to access the internet – let’s call it the computer version of universal suffrage – people’s actual experiences are not the same.</p>
<p>Gender, class and race are all key markers of difference and inequality in terms of digital citizenship. For many women, this manifests in a stark choice: put up with the deluge of misogynist abuse, withdraw from the internet or find ways of e-engagement that don’t attract attention – like tweeting in drag. </p>
<p>Around this point in the conversation, sceptics often chime in with some variation on “surely it is not that bad”. I have also been called a princess and told to lighten up. Rather than attempting to argue the point in the abstract, my usual response is to suggest they check out some unexpurgated examples. </p>
<h2>But first, an adult content warning…</h2>
<p>One of the big dilemmas when attempting to speak of gendered cyberhate is that so much of it is metaphorically unspeakable. It is often referred to via generic descriptors such as “unpleasant”, “sexually explicit”, “in bad taste” and so on. My concern is that euphemisms do an exceptionally poor job of capturing the toxic nature of what has become a lingua franca in much of the cybersphere. </p>
<p>Compare the difference between the following two sentences:</p>
<p>One: Women online are receiving rape threats.</p>
<p>Two: Women online are receiving rape threats <a href="http://tigerbeatdown.com/2011/11/10/but-how-do-you-know-its-sexist-the-mencallmethings-round-up/">such as</a>, “I will fuck your ass to death you filthy fucking whore. Your only worth on this planet is as a warm hole to stick my cock in.”</p>
<p>Call me old-fashioned but version one really doesn’t capture the je ne sais misogyny of version two. To really understand what it’s like to be a woman online in 2015 we must examine actual examples of gendered cyberhate regardless of how unpleasant the experience might be. </p>
<p>So let’s brace ourselves and have a look.</p>
<figure class="align-left ">
<img alt="" src="https://images.theconversation.com/files/85305/original/image-20150617-12987-mal1rc.png?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/85305/original/image-20150617-12987-mal1rc.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=904&fit=crop&dpr=1 600w, https://images.theconversation.com/files/85305/original/image-20150617-12987-mal1rc.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=904&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/85305/original/image-20150617-12987-mal1rc.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=904&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/85305/original/image-20150617-12987-mal1rc.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=1136&fit=crop&dpr=1 754w, https://images.theconversation.com/files/85305/original/image-20150617-12987-mal1rc.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=1136&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/85305/original/image-20150617-12987-mal1rc.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=1136&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">GTFO the video game.</span>
<span class="attribution"><span class="source">@GTFOthemovie/Twitter</span></span>
</figcaption>
</figure>
<p>A good place to start is the experience of women in video-game culture. This is the subject of a <a href="http://gtfothemovie.com/">new documentary</a>, GTFO, by Shannon Sun-Higginson. The title stands for “Get The F— Out” and refers to the response many women receive when they participate in the $20 billion gaming industry. This is despite – or maybe because of – half of all gamers being women. </p>
<p>None of this is new. Women in the technology and gaming industries have historically been subjected to an especially noxious version of what I call <a href="http://www.tandfonline.com/doi/abs/10.1080/14680777.2012.741073">e-bile</a>, or online vitriol. </p>
<p>In 2007, for instance, <a href="http://www.theverge.com/2013/9/12/4693710/the-end-of-kindness-weev-and-the-cult-of-the-angry-young-man">Kathy Sierra</a>, then one of the most visible women in computing, withdrew from public life after a campaign of harassment. This included the circulation of doctored images of her as a sexually mutilated corpse accompanied by posts <a href="http://www.salon.com/2007/03/31/sierra/">such as</a> “fuck off you boring slut … i hope someone slits your throat and cums down your gob”.</p>
<p>Five years later, feminist blogger and gamer <a href="http://feministfrequency.com/about/">Anita Sarkeesian</a> was targeted after launching a <a href="http://feministfrequency.com/about/">crowd-funding campaign</a> for a series of short films examining sexist stereotypes in video games. Her efforts to expose new media misogyny prompted a <a href="http://feministfrequency.com/2012/07/01/image-based-harassment-and-visual-misogyny/">cyber mob attack</a> that included the usual deluge of ultra-violent “rape rape” and “kill kill” communiqués, plus a dash of “Jew Jew” hate speech for good measure. </p>
<p>The rampant discrimination and sexism in gaming came to the fore again in 2014 thanks to that misogynist-fuelled storm dubbed <a href="http://www.washingtonpost.com/news/the-intersect/wp/2014/10/14/the-only-guide-to-gamergate-you-will-ever-need-to-read/">Gamergate</a>. Gamergate began when the disgruntled ex-boyfriend of a games designer called Zoe Quinn implied (baselessly) that Quinn had slept with a journalist to secure positive reviews for her game Depression Quest.</p>
<p>Quinn’s attackers used two common e-bile tactics: </p>
<p>1) <a href="http://www.theguardian.com/technology/2014/sep/12/zoe-quinn-gamergate-online-hate-mobs-depression-quest">“doxxing”</a>: publishing personally identifying information to incite internet antagonists to hunt targets in offline domains; and</p>
<p>2) <a href="http://www.independent.co.uk/news/people/zoe-quinn-on-gamergate-its-not-about-ethical-journalism-its-glorified-revenge-porn-by-my-angry-ex-9829176.html">“revenge porn”</a>: uploading sexually explicit material – usually of a former female partner – without the consent of the pictured subject. </p>
<p>As Gamergate unfolded, both Quinn and Sarkeesian cancelled their public speaking engagements. They left their homes after receiving graphic death threats that included their home addresses. </p>
<p>Female journalists and gamers who publicly defended Quinn and/or who questioned the Gamergate movement were also attacked. In October, for instance, the personal details of American game designer Brianna Wu were posted online. Within minutes she had begun receiving threats such as: “I’ve got a K-bar and I’m coming to your house so I can shove it up your ugly cunt”.</p>
<p>Wu also left her home because she feared for her safety. This was not, she <a href="http://www.theguardian.com/technology/2014/oct/17/brianna-wu-gamergate-human-cost">observed</a> “just casual sexism, it’s angry, violent sexism”. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/85302/original/image-20150617-18876-tn4uct.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/85302/original/image-20150617-18876-tn4uct.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/85302/original/image-20150617-18876-tn4uct.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=285&fit=crop&dpr=1 600w, https://images.theconversation.com/files/85302/original/image-20150617-18876-tn4uct.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=285&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/85302/original/image-20150617-18876-tn4uct.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=285&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/85302/original/image-20150617-18876-tn4uct.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=358&fit=crop&dpr=1 754w, https://images.theconversation.com/files/85302/original/image-20150617-18876-tn4uct.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=358&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/85302/original/image-20150617-18876-tn4uct.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=358&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Results from the 2013 Cyber Civil Rights Initiative’s ‘Effects of Revenge Porn’ Survey.</span>
<span class="attribution"><span class="source">from http://www.endrevengeporn.org</span></span>
</figcaption>
</figure>
<h2>Signal characteristics of e-bile</h2>
<p>Four striking features of gendered e-bile can be observed by looking at these examples. </p>
<p>First, e-bile spikes in response to feminist activism and perceived feminist gains.</p>
<p>Second, attempts by women to “call out” online attacks or to support other targets tend to result in an escalation of abuse. </p>
<p>Third, gendered e-bile has a quasi-algebraic quality in that the names of the targets can be substituted infinitely without affecting in any way the structure of the discourse. It always sounds like the exact <a href="http://tigerbeatdown.com/2011/11/10/but-how-do-you-know-its-sexist-the-mencallmethings-round-up/">same man talking to the exact same woman</a>. </p>
<p>Fourth, attacks online are more and more frequently moving offline, to the extent that it’s not possible to separate online and offline anymore. This often occurs via the aforementioned practices of doxxing and revenge porn. </p>
<p>Media outlets have also <a href="http://www.washingtonpost.com/local/i-live-in-fear-of-anyone-coming-to-my-door/2013/07/14/26c11442-e359-11e2-aef3-339619eab080_story.html">reported an increase</a> in the number of men publishing faux advertisements claiming their ex-partners are soliciting sex. One US man posted a Craigslist ad entitled “Rape Me and My Daughters”. He was sentenced to <a href="http://www.theverge.com/2013/9/12/4693710/the-end-of-kindness-weev-and-the-cult-of-the-angry-young-man">85 years in prison</a> after more than 50 men arrived at his ex-wife’s home. </p>
<p>In addition to these attempts at <a href="http://articles.baltimoresun.com/2014-02-03/news/bs-ed-internet-sexual-assaults-20140203_1_victim-prince-george-jilted-lover">rape by proxy</a>, online abuse has been linked to <a href="http://www.ibtimes.co.uk/domestic-violence-online-abuse-half-uk-survivors-experience-trolling-tidal-wave-hate-1438420">offline domestic violence</a> against women. The significance of such studies is not just that violent partners and ex-partners are using the internet as another dimension of their abuse of women, but that violent partners and ex-partners are able to use the internet to incite others to join their attacks. </p>
<h2>Déjà vu</h2>
<p>As with rape, domestic violence and workplace sexual harassment in the 1960s, gendered e-bile is frequently trivialised, mocked, dismissed as a personal matter and framed as legally intractable. In her <a href="http://www.hup.harvard.edu/catalog.php?isbn=9780674368293">new book</a>, American legal scholar Danielle Keats Citron provides a meticulous survey of the various ways gendered cyberhate, cyber-harassment and cyber-stalking is underplayed, overlooked or ignored by those responsible for law enforcement, policy development and platform management. </p>
<p>Also paralleling more “traditional” forms of sexual assault and harassment is the tendency to blame the female victims. Media commentator Brendan O’Neill <a href="http://blogs.telegraph.co.uk/news/brendanoneill2/100115868/the-campaign-to-stamp-out-misogyny-online-echoes-victorian-efforts-to-protect-women-from-coarse-language/">has dismissed</a> female targets as being “peculiarly sensitive”, while another <a href="http://www.spiked-online.com/newsite/article/stop-taking-twitter-death-threats-seriously/16895#.VYEEmvmqqko">accuses</a> those complaining about online death threats of indulging in “narcissistic victimhood”. Law-enforcement officers are known to counsel female cyberhate targets to simply “take a break” from the cybersphere. </p>
<p>Such attitudes shift the responsibility for e-bile to targets. What’s more, they penalise women by advising them to withdraw from a domain that is widely acknowledged as being an integral – and essential – part of contemporary life and citizenship.</p>
<p>The cybersphere in 2015 is no longer an optional extra or adjunct to “real” life. As American technology journalist Nilay Patel <a href="http://www.theverge.com/2014/2/25/5431382/the-internet-is-fucked">puts it</a>:</p>
<blockquote>
<p>You don’t do things “on the internet”, you just do things.</p>
</blockquote>
<p>As a woman online, I certainly reject the <a href="http://www.spiked-online.com/newsite/article/stop-taking-twitter-death-threats-seriously/16895#.VYEFdvmqqko">suggestion</a> that complaining about gendered e-bile is akin to “jumping into a dustbin and then complaining that you’re covered in rubbish”. I don’t accept that the price of entry to the public cybersphere should include having to endure threats of death, rape, K-barring and so on.</p>
<p>After all, the whole point of it being public is that you don’t tell half the population to GTFO. </p>
<hr>
<p><em>Acknowledgement: Many thanks to Nikki Stevens for alerting me to the prevalence of “as a woman online”.</em></p>
<p><em><a href="http://emmajane.info/">Emma A. Jane</a> is recruiting interviewees for a new, three-year, government-funded <a href="http://www.cyberhateproject.unsw.edu.au">study into gendered cyberhate</a>. If you have experienced rape threats or other hostility online and would like to participate, visit: <a href="http://www.cyberhateproject.unsw.edu.au">cyberhateproject</a>.</em></p><img src="https://counter.theconversation.com/content/43388/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Emma A. Jane is currently receiving funding from the Australian Research Council (ARC) under the Discovery Early Career Research Award (DECRA) scheme. </span></em></p>Cyberhate would deny women their full democratic rights as citizens, yet this is trivialised and dismissed – just as sexual violence, discrimination and workplace harassment have been for decades.Emma A. Jane, Senior Lecturer in Media, Journalism and Communication, UNSW SydneyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/377152015-03-05T19:27:34Z2015-03-05T19:27:34ZHackers’ kit bag: the tools that terrorise the internet<figure><img src="https://images.theconversation.com/files/73557/original/image-20150303-15981-39nh7e.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">These days anyone can download the tools used for cyber crime.</span> <span class="attribution"><a class="source" href="https://www.flickr.com/photos/mrcacahuate/5825972240/in/photolist-9SPCzf-bFZqyB-7z7QTr-pVcw6r-uop9t-dipTch-bt5yG3-4XbwhY-RBbbj-RBaPJ-5fV2aB-nurBWm-2he9dV-aSoKyH-bF6kV9-o6ukzJ-dipToE-av6N1N-58caSN-bkA1Lm-bWU33u-chqjK5-imUhy-dsfA1f-e6vNa7-dhqrKt-9rJJBk-dQw8Hq-4FEK5Y-bkA1WE-4GUsTW-bkA1UQ-byuUnB-byuUFD-j6baQm-eemWai-oiNCtj-bvb41q-5j4syQ-byuUAr-bkA1PW-byuUrp-fi31ew-9vsQaz-oiNuFg-73TcSY-4E78g1-qfkL9C-76rZMS-76rWGu">Ivan David Gomez Arce/Flickr</a>, <a class="license" href="http://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA</a></span></figcaption></figure><p><a href="https://theconversation.com/explainer-what-is-hacking-13039">Hacking</a> is a state of mind. Traditionally, hackers like to discover, understand and share the secrets they expose. They like to laugh at the dumb things they find. They’re not necessarily in it for the money, more so for the glory of mastering the arcane technicalities of computing. Hackers form a community where the most “<a href="http://www.urbandictionary.com/define.php?term=l33t">l33t</a>” (pron. “leet”, short for “elite”) hackers gain the most respect.</p>
<p>But these days any “noob” (short for “newbie”) can download software tools from the internet that take the hard work out of hacking. These tools are often written by malicious hackers, professional security testers or enthusiasts to increase productivity. For example, it’s hard work typing in three million <a href="https://theconversation.com/the-end-of-the-internet-ipv4-versus-ipv6-145">IP addresses</a>. Much easier to write a program that does it for you. </p>
<p>Add some features, such as automatic <a href="http://www.pcmag.com/encyclopedia/term/49515/port-scanning">port scanning</a>, <a href="http://www.firewalls.com/blog/banner_grab_ethical_hack/">banner grabbing</a> and <a href="http://news.hitb.org/content/footprinting-basics-hacking">footprinting</a>, and share it with fellow hackers and your “cred” (credibility) goes up. If it’s a really good tool, then you can sell the rights to a commercial cyber security company and retire (or work as a consultant). It’s a career path.</p>
<p>Here are some of the easiest and most potent tools being used by hackers, l33t and noob for both good and ill. </p>
<h2>NMAP</h2>
<p>Port scanning is a process of finding all of the computers on a network, and finding out all about them. It is a precursor to a malicious hacker (or a <a href="http://www.forbes.com/sites/ericbasu/2013/10/13/what-is-a-penetration-test-and-why-would-i-need-one-for-my-company/">penetration tester</a>) launching an attack. It’s like a lion finding the slowest gazelle in the herd. Find all of the gazelles, test their weaknesses, pick the slowest.</p>
<p><a href="http://insecure.org/fyodor/">Fydor</a> wrote the <a href="http://www.pcmag.com/encyclopedia/term/48010/nmap">NMAP</a> port scanner in 1997 and has been adding functionality ever since. NMAP finds responding computers (by scanning IP addresses), finds services running on them (by scanning ports) and identifies operating systems. </p>
<p>It runs from the <a href="http://www.computerhope.com/jargon/c/commandi.htm">command line</a>. Something as simple as “nmap 192.168.1.0/24” will scan your local network and find your router, PC, game console and phone (if they are connected) and tell you all about them. </p>
<p>There is a <a href="http://www.computerhope.com/jargon/g/gui.htm">GUI</a> version called Zenmap if you don’t like typing. It also has visualisation tools which display the network.</p>
<p>NMAP is an essential tool for network maintenance, and I use it all the time when setting up computers, to diagnose networking problems and to find out just what my <a href="https://technet.microsoft.com/en-us/library/dd145320%28v=ws.10%29.aspx">DHCP</a> server has been doing. </p>
<h2>SQLMap</h2>
<p>Daniele Bellucci and Bernardo Damele A. G. wrote <a href="http://resources.infosecinstitute.com/sql-injection/">SQLMap</a> in 2006, using the <a href="https://www.python.org/about/gettingstarted/">Python programming language</a>. This tool takes all of the hard work out of <a href="http://www.acunetix.com/websitesecurity/sql-injection/">SQL injection attacks</a>. </p>
<p><a href="http://www.sqlcourse.com/intro.html">SQL</a> injection normally requires considerable knowledge of how web sites and programs like <a href="http://www.mysql.com/">MySQL</a> store and retrieve information from databases. SQLMap systematically scans for errors while injecting portions of SQL scripts into the target web site. </p>
<p>It collates the results and by brute force (trial and error) and finds the names of the databases, tables, fields in the tables and even the passwords stored in the database. </p>
<p>The user has to run the program from a command line (by running a Python script) and has to progressively enter longer, and more specific, commands to get the entire contents of the database, but there are handy YouTube videos which <a href="https://www.youtube.com/watch?v=HnVQcCdgYWA">illustrate the process</a>.</p>
<p>SQLMap really lowered the bar for random hacker groups, hacktivists, cyberpunks and <a href="https://theconversation.com/lulzsec-anonymous-freedom-fighters-or-the-new-face-of-evil-2605">LulzSec</a>. It has arguably facilitated massive disclosures of private information, including names, addresses, credit card numbers and medical records. Everybody with a website should run this on their own web applications before they go live on the internet. </p>
<h2>PUNKSpider</h2>
<p>A small group of hackers started <a href="http://www.hyperiongray.com/">Hyperion Gray</a> in 2013, demonstrating PunkSPIDER, a web application (a web site) vulnerability search tool and scanner, which allows the user to check for common vulnerabilities without having to conduct noisy and potentially illegal port-scans on a target. </p>
<p>PunkSPIDER does not attack or exploit web sites, but it does make it easy for web site owners to test their sites for many of the most obvious vulnerabilities. Unlike port-scanners, scans are launched from the punkSPIDER servers, so it’s less likely to get you into trouble. </p>
<h2>Wikto</h2>
<p>This tool <em>will</em> get you into trouble. Wikto is an enhanced Windows version of <a href="http://en.wikipedia.org/wiki/Nikto_Web_Scanner">Nikto</a> –- a web application (a web site) vulnerability scanner which blasts <a href="http://www.webopedia.com/TERM/H/HTTP.html">HTTP</a> requests at a target web site relentlessly. </p>
<p>It is a brute-force tool that tries to access admin pages, configuration scripts, misconfigured password files (281,000 of them) just in case they are present. After that it tests for 3,000 known web site vulnerabilities, followed by 1,500 <a href="https://code.google.com/p/googlehacks/">GoogleHacks</a>, which lists web site vulnerabilities identifiable by Google search strings. </p>
<p>This tool will produce so much traffic and log entries –- at the victim’s server, your ISP and the NSA -– that everybody will know what you are up to. Wikto is a great tool for automatically checking for vulnerabilities on a complex web site, particularly if you don’t know it’s history and you need to maintain it.</p>
<h2>LOIC</h2>
<p>No discussion of entry-level <a href="http://www.urbandictionary.com/define.php?term=script+kiddie">script-kiddie</a> tools would be complete without the <a href="http://en.wikipedia.org/wiki/Low_Orbit_Ion_Cannon">Low Orbit Ion Cannon</a>, a “stress testing” (<a href="http://www.webopedia.com/TERM/D/DoS_attack.html">denial of service</a>, or DOS) tool. </p>
<p>Many versions exist, written in <a href="http://www.webopedia.com/TERM/C/C_sharp.html">C#</a>, <a href="http://www.webopedia.com/TERM/J/Java.html">Java</a>, <a href="http://www.webopedia.com/TERM/J/JavaScript.html">Javascript</a>, and all should be identified by your anti-virus software as malware. </p>
<p>LOIC blasts a web site with traffic, overwhelming it and making it unavailable to legitimate users (hence the “denial of service”). Some versions allow thousands of users to simultaneously attack a single target, where the target is chosen by just one of them. Just type in the <a href="http://www.webopedia.com/TERM/D/domain_name.html">domain name</a> or IP address, and click on “IMMA CHARGIN MA LAZER”). </p>
<p>LOIC and its variants (LOWC, HOIC) have been used by hacktivist members of <a href="https://theconversation.com/au/topics/anonymous">Anonymous</a> and <a href="http://www.pocket-lint.com/news/131070-what-is-4chan-the-underbelly-of-the-internet-explained">4Chan</a> to attack (or as they might say, “exercise civil disobedience” against) businesses and governments in response to unpopular decisions, policies, laws or actions. Like any DOS tool, LOIC can have legitimate uses. Stress testing tools allow a web site developer to verify that their site can handle real-world traffic.</p>
<h2>Don’t try this at home</h2>
<p>A word of warning: these tools (with the possible exception of PUNKSpider) should not be used on the internet.</p>
<p>There are criminal laws about using these improperly. They should not be used to scan/profile/attack (“test”) web sites or networks that you do not own or have no legal authority to “test”. </p>
<p>However, they are great fun to play with and great for testing your own locally-hosted or pretend web sites. Just turn off your internet connection (your router, cable modem or WiFi) before unleashing them -– to be sure.</p><img src="https://counter.theconversation.com/content/37715/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>James H. Hamlyn-Harris does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Hacking is a state of mind. Traditionally, hackers like to discover, understand and share the secrets they expose. They like to laugh at the dumb things they find. They’re not necessarily in it for the…James H. Hamlyn-Harris, Senior Lecturer, Computer Science and Software Engineering, Swinburne University of TechnologyLicensed as Creative Commons – attribution, no derivatives.