When Cyberbullying Becomes Cyberstalking

Cyberbullying stories are popping up in the news more and more. An incredibly diverse range of people have fallen victim to the intimiation and life destroying intrusion.

Unfortunately I was one of those targetted.

In an attempt to find some form of a positive outcome of this horrific situation, I wanted to share my research and a small insight to my experience.

What is cyberbullying, stalking  and online harassment?

The definition of online harassment varies according to who is involved. Generally, when the victim and the perpetrtor are both children, the harassment is termed cyberbullying as detailed by Stop Cyberbullying. Whilst the actions are the same, once both parties are adult, the term, according to Wikipedia, changes to cyberstalking or cyberharassment.

Wikipedia defines cyberstalking as “the use of the Internet or other electronic means to stalk or harass an individual, a group of individuals, or an organization. It may include false accusations, monitoring, making threats, identity theft, damage to data or equipment, the solicitation of minors for sex, or gathering information in order to harass. Cyberstalking is different from spatial or offline stalking in that it occurs through the use of electronic communications technology such as the internet. However, it sometimes leads to it, or is accompanied by it. A cyberstalker may be an online stranger or a person whom the target knows.

“Cyberstalking may include false accusations, monitoring, making threats, identity theft, damage to data or equipment, the solicitation of minors for sex, or gathering information in order to harass. A repeated pattern of such actions and harassment against a target by an adult constitutes cyberstalking”.

Methods Used

Wired Safety put together a powerpoint presentation about a study in to cyberstalking and its findings. They identified the methods used in cyberstalking as:

• ¨     E-mail and instant messaging direct threats
• ¨     Identity theft
• ¨     Building websites targeting the victim
• ¨     Posting false profiles
• ¨     Hacking
• ¨     Posting fake sex ads
• ¨     Pasting the victim’s image onto a pornographic image or posting real sexual images of the victim online
• ¨     Provoking attacks against the victim by others
• ¨     Posing as the victim and attacking others
• ¨     Contacting victim’s family or employer
• ¨     Posting in a newsgroup or on a bulletin board, online
• ¨     Following the victim from site to site

My experience

After much research online, I’ve learnt that my particular experience is most likely defined as Corporate Cyberstalking. Wikipedia’s definition of which is: “when a company harasses an individual online, or an individual or group of individuals harasses an organization. Motives for corporate cyberstalking are ideological, or include a desire for financial gain or revenge”.

Paul Bocij – an expert in the field, goes in to much greater detail. His comprehensive work in this particular field has lead to the table below; a proposed typology of corporate cyberstalking.

Table 1: A proposed typology of corporate cyberstalking incidents

Stalker/Victim	Category Name	Description
Individual/Organisation	Vengeful	The individual wishes to exact some form of revenge against the organisation e.g. cyber-smearing.
Individual /Organisation	Individual Gain	The individual is seeking some form of benefit e.g. financial gain obtained via stock fraud.
Individual/Organisation	Ideological	The individual acts in support of beliefs e.g. cyberterrorism and hacktivism.
Organisation/Individual	Unwitting	The organisation is unaware of the actions of an employee and is an unknowing accomplice.
Organisation/Individual	For Profit	The organisation seeks to realise some form of (business) benefit by its actions, e.g. silencing critics using SLAPP. The victim is normally an individual.
Organisation/Individual	Competitive	The organisation seeks to improve its competitive position. The victim is another organisation.

Table copyright of Paul Bocij http://pear.accc.uic.edu/htbin/cgiwrap/bin/ojs/index.php/fm/article/view/1002/923

Mr Bocij explains; “The coloured part of the table represents categories of corporate cyberstalking where an organisation becomes a victim. Category names have been used as a simple way of identifying and describing a given category. These names also help to make clear the differences between categories”.

Mr Bocij goes on to detail each scenario with an actual case.

What laws exist?

Laws change from country to country. My knowledge is based around English laws, so this is what I refer to. As explained by the law firm Pinsent Masons in their article on Defamation; “Any disparaging statement made by one person about another, which is communicated or ‘published,’ may well be a defamatory statement and can give rise to an action for either libel or slander in English law”.

Cyberstalking is a criminal offense in the United Kingdom under the Malicious Communications Act  of 1998.

What needs to change?

Whatever term you chose to use; cyberstalking, cyberbullying, electronic/online harassment, it NEEDS TO STOP NOW. The fact that it happens through a particular media rather than face-to-face does not change the affect it has on an individual, nor should the laws be any different.

What should I do?

If you believe you have fallen victim to Cyberstalking of any description, the advice remains the same. As suggested by The Guardian; “gather evidence including times and means of stalking. Save any texts, emails, Facebook messages, screenshots. You should then assist police AND report to the network provider/ISP/Facebook. The service providers may not be able or willing to help, but you must log the complaint”.

Convicted Criminal? Maybe he can help

As unemployment rises, and competition for jobs gets increasingly stiffer, companies are often spoilt for choice with the creme-de-la-creme of potential employees. With an average of over 30 applicants for each position in London, many businesses are able to appoint higher caliber candidates than ever before.

Many firms are employing individuals capable of innovation and ‘thinking outside the box’ through purposefully hiring convicted criminals. Whilst on first consideration this may appear an odd choice, it appears to be producing the desired results. Some of the more high profile appointments are rumoured to include George Hotz, a hacker hired (reportedly) by facebook. Whilst not officially a convicted criminal, the youngster has settled a previous case out of court.

Many of the biggest names in technology are reputed to have hired hackers in the past too. Whilst few employers would openly admit to it, it is commonly believed that Apple, Microsoft, and Google have done so. Security firms and government agencies such as GCHQ in the UK even entice applicants by setting challenges for wannabe applicants to solve.

Whilst hiring, or even associating with hired hackers and convicted criminals is a risk for and company, it is a calculated risk considered by many to pay off. Not only will it create a certain amount of ‘buzz’ online, if the incentives are deemed sufficient by the individual, they may choose to invest in the company. Being able to manipulate the latest technology to a firms advantage, as well as the ability to see the bigger picture and truly improve and redesign the world in which we live is a genuinely exciting prospect.

In truth, employment in any context becomes a question of risk; how much a firm is content on risking, and how much an employee is prepared to risk in favour of, or indeed against, that position of trust.

Tero Pollanen is a online security specialist with years of experience on advising organisations on online fraud and security, he has experience from both sides of the security world.

Not really my normal blog post but still fraud

Hey Boy, Hey Girl… 

At a time when high-level fraud is in the news more and more, the story of Gemma Barker was unusual to say the very least. The story of the teenager hit newspapers across the country this week as the case was heard in court.

According to The Telegraph and The Metro newspapers, Gemma Barker created three male alter-egos for herself, and social media profiles to match. The 20 year old from Staines dressed as a boy to trick and seduce her female school friends. Despite already knowing Barker, who was 19 at the time, the 15-16 year olds had no idea that the ‘males’ were infact a female acquaintance of theirs. Some of the girls began relationships with Barker which “incolved kissing, cuddling and groping” according to Ruby Selva in court. To reinforce the lie, she created Facebook profiles and contact details for the three male characters Aaron Lampard, Conor McCormack and Luke Jones.

The police became involved after one of the victims grew suspicious. During the investigation Barker made allegations against one of her characters “Luke Jones”, claiming she had been assaulted by him. Furthermore, according to The Telegraph, she approached the Criminal Injuries Compensation Board in a bid to cheat money.

Miss Barker  appeared at Guildford Crown Court where the case is currently being heard. The defence is reported to have told Guildford Crown Court that Barker is autistic and a "rather lonely character". She admitted to two charges of sexual assault and one of fraud fraud, making it possible for her to receive a prison sentence of up to two years. For now she is remanded on bail until early March, when she faces sentencing and psychological reports.  Summing up in court, Judge Moss reportedly said "What concerns me is that it has got a very mean and manipulative streak to it. And it's very serious. The girls she preyed on are much younger than her." Miss Barker was forced to sign the Sex Offenders Register.

Whilst this incident is unusual, it does highlight the often faceless side to the crime. The human factor in this incident, whilst traumatic, does drive home the dark, manipulative, and dishonest side to fraud. 

Israel Hack Attack

At a time when credit card fraud and online hacking scams are becoming increasingly common, Israel has become the latest victim. On Saturday, January 7, the country announced that the details of thousands of credit cards had been publicised online.

The exact details and figures of the attack vary according to sources; whilst the credit card companies say the details of  around 25,000 cards (of which over 6,000 were current) had been exposed, the government says as many as 400,000 Israeli people have had their private information compromised. Israel is not used to attacks of this nature, and it is believed that this is the worst of its kind the country has seen. This kind of attack is not uncommon, a large cybercrime wave has recently swept across China, as reported on Tero Pollanen’s Online Fraud blog reports.

The hacker claiming responsibility, OxOmar, said he lives in Saudi Arabia. After initial investigations, there is apparently some evidence that it is infact a teenager living in Mexico. As yet, it is not thought that help from Mexican authorities has been sought.

Israel, clearly riled, has hit back strongly, "vowing to retaliate" according to the BBC. Speaking of such kind of attacks, Danny Ayalon, Deputy Foreign Minister, said they are "a breach of sovereignty comparable to a terrorist operation, and must be treated as such. Israel has active capabilities for striking at those who are trying to harm it, and no agency or hacker will be immune from retaliatory action".

Cybercrime and Phishing Scams Sweeping China

A wave of cybercrime has swept across China this past week, triggering the Chinese government to mount a counter campaign. Whilst the criminals attempt to steal online banking details, the government has sought expert advice on how to combat the issue. One of the key results, is that phishing sites will now appear below those of legitimate banks in search results.

The personal details of over 45 million Chinese people (almost 10% of China’s online population) were stolen during wave of attacks. China’s Ministry of Industry and Information is investigating the crimes, and has said "The department believes the recent leak of user information is a serious infringement of the rights of internet users and threatens internet safety". The phishing scams work by impersonating a legitimate bank (or similar), and sending messages directing people to the fake sites. Once people visit the fake sites, their login details are taken, and then used by the criminals to steal money from the account.

The way in which the Chinese government fought back was to employ SEO (search engine optimisation) tactics; that is to say ensuring what results users get from searching particular terms online. The Chinese government has managed to get the 10 biggest search engines in China on board the anti-phishing campaign. Furthermore, some of the Chinese search engines are going to introduce an icon, confirming the legitimacy of a site. These two techniques combined should reduce the number of people being tricked and scammed.

Phishing scams are common globally, and are relatively easy to avoid if you follow these simple tips:

-        Beware email messages!!

Look out for emails that claim to be from companies asking you to click-through to update your details or rectify a problem with your account. If you’re unsure about the authenticity of an email, don’t open it and contact the company it claims to be from.

-        Keep an eye on your accounts

Be vigilant for any transactions you don’t recognise. Contact your bank or credit card provider to query a transaction if it looks unfamiliar. You should also contact your bank or credit card provider if your statements fail to arrive. They may have been redirected by a fraudster.

-        Avoid attachments!

Genuine banks will never send emails with attachments.

-        View an example

There is a good example of what a phishing email might look like, with annotations of things to look out for on the Lloyds TSB site.

Up to date information, tips and more can be found on online blogs such as http://fightbankfraud.blogspot.com/

No More Mr Nice Guy?

Security analysts believe the US should clarify the repercussions of cyberattacks following sustained hacks from China.  It is also believed that the Chinese attacks are carried out by as few as 12 groups directed, for the most part, by the Chinese government. During the cyberattacks, the Chinese groups have stolen billions of dollars' worth of intellectual property and information from US companies and government agencies, according to online security experts.

Thanks to advances in technologies and increasing knowledge amongst experts, more cybercriminals are being identified by their ‘digital fingerprint’. The distinguishing characteristics of each attack is monitored by US experts enabling them to link individuals to particular groups of hackers, and sometimes where they are, or who they are. These techniques have, according to US security experts, shown an intensifying pattern. This escalating issue has sparked the recent concern amongst industry experts. As James Cartwright, a retired Marine general and former vice chairman of the Joint Chiefs of Staff puts it, "If you want to attack me you can do it all you want, because I can't do anything about it. It's risk free, and you're willing to take almost any risk to come after me."

The problems the US has in confronting the issue are the same as any other country has: firstly it is very hard to prove exactly who carried out the attack, and secondly both countries must have mutual agreements on such a situation. Mr Cartwright went on to say that the US "needs to say, 'if you come after me, I'm going to find you, I'm going to do something about it.' It will be proportional, but I'm going to do something ... and if you're hiding in a third country, I'm going to tell that country you're there, if they don't stop you from doing it, I'm going to come and get you."

The question is, how should the US proceed? Due to the nature of what is being stolen, the response is pretty much unanimous from  US government campaigners: a clear and firm message must be sent to those breaking the law. Online security specialist, Tero Pollanen, agrees Cartwright that "the US needs a clear policy on dealing with cyber attacks, and the countries through which the attacks are routed. This way, when an attck is apparent, the US can request the country to stop the attack. If the request is refused, the US then has the right to stop the computer server from sending the attack. "

The problem is, he goes on, "there is no international police force. Enforcing laws in another territory is always going to be tricky to manage."

This article is by Tero Pollanen; an online security and fraud prevention specialist. For the latest online security and financial news, tips and more, check out his blog: http://tero-pollanen.blogspot.com/

Cybersecurity Monthly Round Up

Novmber has seen both ups and downs in the world of cyberscurity. The video gaming service Steam fell victim to a devastating hack, potentially exposing personal information and credit card details of 35 million users. In a similar attck, Norway’s oil, gas, and defence firms was attacked by hackers. Norway’s National Security Agency confirmed that the details of contract negotiations along with industrial secrets had been stolen. The NSM said it was the biggest attack of its kind Norway had experienced with 10 or more businesses affected.

A report published found the UK consumer protection system to be failing to keep up with the digital revolution, leaving people at risk of scams. The result of this is online shoppers being at risk of email scams and fraud, says the Commons Public Accounts Committee. Online security experts also warned that a growing number of malwares are being disguised as seemingly innocent smartphone apps. The malware can send costly messages on the devices without the owner being aware, warn experts.

Facebook hit the headlines more than once, firstly as researchers from the University of British Columbia managed to steal information from the social netwroking site using social bots. The researchers were able to befriend genuine Facebook users, and then steal personal details. The second piece of news from camp Facebook was more positive; the site announced that it is changing the way it amends users’ privacy settings. Facebook will ask users to opt into any changes in the way it uses their personal information has been welcomed by privacy campaigners.

Continuing with more upbeat news, EU and US cybersecurity experts came together to stress-test their response to an online attack. Following a global rise in cybercrime and hacking attacks, Brussels played host to the European and US online security exercise this month. The event was the first time both had come together to role-play an emergency scenario. The beginning of November saw London play host to the London Conference on Cyberspace. The international conference gatherd representatives from 60 nations to discuss how to tackle the increasing levels of cybercrime. The attendees included foreign secretary William Hague, EU Commissioner Neelie Kroes, a variety of leading cybersecurity experts and technology entrepreneurs such as Wikipedia founder Jimmy Wales, Cisco vice-president Brad Boston and Joanna Shields, a senior executive at Facebook.