Cyberbullying Investigation

To put a stop to cyberbullying, a parent or school official needs to gather reliable evidence.   A common form of evidence is a text message on a cell phone.

Also, I have compiled a series of videos teaching how to capture and store cyber evidence for legal purposes.

Bank Sues Customer/Victim of Cyberheist

PlainsCapital Bank v Hillary Machinery is a Web 2.0 lawsuit, unlike anything we have seen in the history of computer law.

Not only is it remarkable because the bank is suing the customer; it is remarkable because the small customer is exploiting web PR tactics as an asymmetrical weapon against a much more powerful adversary.   The  lawsuit is a case study in modern conflict and public relations.  It demonstrates the web as a populist political machine.

–Ben Wright

Public Relations of an Information Security Crisis

Many organizations (banks, schools, hospitals, non-profits, corporations, government agencies) are being forced to announce to the public that they have experienced a data security breach, such as a compromise of social security numbers or credit card numbers.   An organization must prepare for and think carefully about its public statements and the perception created in the news media.   The public relations dimension of data security is just as important as the technical dimension.   IT professionals must learn new skills and come to understand their jobs differently.

–Benjamin Wright, Senior Instructor on IT Law, SANS Institute

I am G-Buzzing the power of  publicity in lawsuit over an online bank account break-in.

FB Business Records

Facebook Records

Update:   I have published fresh ideas on how to record Facebook messages when employees use them for official company or government business.  Social networks are becoming a more commonly-accepted tool of commerce.

They are also the source of many records needed for lawsuits, investigations and conflict resolution.  http://www.google.com/sidewiki/entry/benwright214/id/lr8I0ChURBgd6x6HWKssukeRgWo

–Ben

Block Viruses Distributed by Web Pages

Computer Security for Schools and Small Businesses

For a small-to-medium enterprise like a business or library, protection of its computer network is not easy.  Hackers are constantly concocting new ways to infect the network (with viruses and other malware) by way of the web pages that network users visit.  Although the enterprise can choose from an array of tools to protect its network, those tools can be expensive and cumbersome.  No tool or combination of tools is perfect.  Finding the right mix of cost, effectiveness and easy of use is a problem.

To answer this problem, CyberPatrol has developed a smart service for steering network users away from dangerous web sites.  Known as SiteSURV, the service relies on CyberPatrol’s SiteCAT system, which constantly crawls (spiders) the web to assess and categorize web pages.  The service provides two layers of filtering.  One layer examines sites according to their content and purpose, and then blacklists those that appear to be dangerous.  The second layer specifically analyzes files and downloads from each site to ascertain whether they contain signatures for known malware.

I asked Chris Overton, VP of CyberPatrol, to explain these two layers of protection.  First, he highlighted the security achieved just by keeping users away from sites of questionable content:  “Certain types of sites tend to deliver malware more than others.  Along with adult and XXX sites, “parked domains” and “warez” sites are more likely to deliver malware than other site categories.  We know this because files pulled from these sites have a higher percentage of malware infection than files from other sites.  So, we can infer that preventing access to these dangerous site categories will advance the fight against malware infections.  Preventing access to a dangerous site protects against all the malware at that site, regardless of whether anyone has developed signatures to detect any or all of the different malware there.”

Chris further described what SiteCAT does when it crawls a web site:  “SiteCAT’s algorithms analyze a web site based on several factors – content, structure, link count, link references, and so on.  Based on this analysis, our system decides which pages/files to download from that site.  Typically we’ll download the main index page of a site and analyze it; then our algorithms decide how much deeper to dig.  All files we want to analyze are pulled by the crawler and saved into our analysis archive.  Then the files feed into a malware detection engine, which looks for the signatures of malware such as a virus or a worm.  If we detect any malware when we crawl the site, we can blacklist it and prevent all of the malware the site might deliver, even malware that we have not specifically detected.”

In other words, SiteSURV allows an enterprise to adopt a conservative, one-strike-and-your-out approach toward web sites.  If a site either contains suspicious content or manifests one instance of infection, the enterprise can block it entirely.

–Ben Wright, advisor to CyberPatrol

Porn Sites as Malware Distributors

Library, School, Church and Hotel Network Security

Want to avoid viruses, botnets and trojans in workplace computers?  A key strategy is to prevent users from surfing to adult web pages.   According to Chris Overton, VP at Cyberpartol:   “Pornography sites are one of the major distributors of viruses and other malware.   To quote from the CyberSharks book we’re about to release, ‘Websites offering adult content are the single most significant security threat for Internet users, comprising 31 percent of dangerous websites.  Adult and XXX sites account for the largest percentage of web sites from which viruses are spread.  (Web of Trust, 2008)’  This means that companies can go a long way toward protecting their networks from malware simply by blocking pornographic sites.  SiteSURV can provide this protection.”

–Ben Wright, advisor to Cyberpatrol

Web Filtering for Hotels, Libraries, Schools

Service for Blocking Porn and Viruses

SiteSURV is Cyberpatrol’s Internet filtering service for small-to-medium organizations, like businesses.  Using a technology called SiteCAT, it filters web sites by inspecting (also known as crawling or spidering) their content and categorizing them according to their apparent purpose.  Categories include malware, pornography, drugs and so on.  User organizations can choose to filter selected categories.

I asked Cyberpatrol VP Chris Overton to discuss how SiteSURV stacks up for user organizations in terms of efficiency, effectiveness and resource requirements.  Chris said:

“Since SiteSURV is a completely in-the-cloud product, it takes up no system resources on the computers it’s protecting.  The only caveat to this is that customers with a dynamic external IP must run our Dynamic IP tool on a single computer behind their access point.

“As far as bandwidth, all the filtering decisions happen at our SiteSURV server, so we’re not using any more of the user’s bandwidth than they’d already be using to browse the web.

“The setup for SiteSURV is very simple, but our online configuration portal gives users the ability to tailor their protection to their needs.  Users that want a set-and-forget product can leave the default settings in place.  Users that want more control can adjust the filtering to their specific needs.

“Filtering the web is hard work because the web is so big and ever-changing.  Our SiteCAT technology holds many advantages over its competitors.  Notably, the categorization results from one user get applied to other users.  For example, if one user of our system tries to browse to a site that SiteCAT has never seen or analyzed, the SiteCAT crawler immediately starts analysis of that site.  The results support all users of our SiteCAT system.  This means that we’re able to find new sites somewhat faster than other systems that rely purely on spidering the web.”

–Ben Wright, advisor to Cyberpatrol

Follow

Get every new post delivered to your Inbox.