I have been listening to, and reading the debate relating to the safety of children when they are on-line, and the associated privacy/dangers which are ever-present when such young person’s engage with the World Wide Web – and I have become increasingly irritated, and frustrated by the comments made by those who call themselves professionals, or ‘experts’ within the field of Social Media. Add to this pot of my moodiness, the conversation which is taking place about creating/appointing yet another commissioner post at some inflated salary, and I am afraid, my hands were forced toward the keyboard – with the title of this article shouting out to me ‘Just What Planet Are We On?’
At the outset, I would wish to assert that the situation relating to the on-line dangers which children face has been with us for some considerable time now. Yet up to this juncture, has, at worst been ignored, and at best part-acknowledged! For example, it was way back circa 2002 when I was in the US at Black Hat/DefCon events when I met up with two US Agents who shared with me a then past case under the codename of ‘Operation Julie’. In this circumstance, the case related to what had been the on-line grooming of a young girl by a 50+ US citizen [disguised as a 15 year old boy] which had been thankfully detected by this watchful agency. They monitored the conversation, noted the danger point of entry into a Private Chat Room and acquired the logical artifacts of interest and set the trap. The two agents then went on to share the real-life sting at the point at which the perpetrator arrived to meet his selected target – instead he was met by the more daunting prospect of the hand of Law Enforcement. OK, so what? Well my point here is, this case was 16 years ago, yet since which time very little has been done to even consider what was [is] a known known threat – a period over which I am aware of far too many cases of children committing suicide post on-line bullying, young persons who have been groomed and paid the ultimate price with their lives, and more recently the sad situation of a young man who was compromised by an image of himself, who saw suicide as the only solution to his demise!
Within this very same period we have observed the creation of multiple agencies who have sought to seemingly protect children – but then this would have seemed to have been delivered in a menu-driven style, cherry picking only some select profiles of danger, whilst ignoring others – for example, it was only in the last five years when one high profile child protection agency acknowledged the danger of Tourist Abuse – very similar to the case of long-term Tourist Abuser Richard Huckell who was found guilty of multiple offences in 2016! This was not at the time something new, but was again a long-standing known known danger which had not been properly considered. Thus, it is for this reason why I have my doubts about setting up yet another high-profile, high-salary role to preside over the micro area, of what, in my opinion should come under an overarching framework of joined-up thinking Child Protection Programme, with a joined up, interconnected and proactive response force.
Now getting back to the radio debate re online dangers, this was a revelation in its entirety. Most of the ‘experts’ who were involved in the broadcast I had personally never herd of – let alone understanding just where the tag ‘expert’ was allocated from. However, it was some of the side-swipe comments that were made overall which raised my blood-pressure, ranging from a suggestion that ‘there was no such dangers existing in the on-line world’, right though to elements of the lowest form of, and inappropriate sarcasm which suggested that ‘if most children were abused by those they know, so why tell them not to talk to strangers?’. There was also a slant on placing the responsibility of policing the of activates children onto the parents. However, given a) that children in most cases are for more computer savvy than their parents, and b) that there is a wide proliferation out-of-house opportunities available via which young persons can interface with the on-line world – here we have two factors which create a challenge to be overcome by even the most responsible of parents – do we now expect parents to become Cyber Security certified to manage the provisioning, and access of their families to assure that they are safe?
And to top this off, whilst many of the big name Social Media providers talk a good job – and have documented policies to back them up. These organisations are possibly amongst some of the most culpable when it comes to safeguarding their user base. Some examples here offer proof to demonstrate they can be lacklustre. Slow to react to notified cases of unsuitable content, and dismissive of requests to take down accounts (even when those accounts are not aligned to the agreed User Acceptance Policies (UAP)). Thus, here I feel many professionals will agree, there is room for significant improvement. In fact, it was very interesting that the radio broadcast I mentioned sent many of the Social Media giants an invite to participate – they all declined.
As an example of the real dangers, it is possible with the use of some specialist, yet simple skills derived from OSINT (Open Source Intelligence) to obtain some form of media content (see Image) – say an image, and then exploit it to locate School, Names, Address, Date of Birth, and any other associated persons [be they child or otherwise]. In some cases, this may then be extrapolated out to geo-locate and map the child’s physical residence, and to intercept and map their on-line conversations and communications. From this juncture, our potential attacker has all the information (intelligence) they require to set off on a mission of Social Engineering, potential Grooming, and the ultimate act of exploitation.
So, what can be done to try to mitigate the known known on-line threats?
- Well first, I would encourage parents to attend those classes on Internet Security and Safety so many schools run to educate their associated parents.
- Secondly, I would urge parents and guardians to get involved with the on-line world of Social Media to understand it, and possibly to create an opportunity to oversee the activities of their young-ones – this is not spying, it is a matter of taking up parental responsibilities.
- And communicate/talk within the family about the dangers of the on-line world, and try to infill conversations with a little security educational advice.
- And finally, If parents have any suspicions whatsoever, report them on to the police as a matter of concern.
There are of course other more proactive approaches which may be taken by parents and guardians – such as installing background monitoring apps on cell phones, and computers. But this in my opinion does approach a breach between Parent/Guardian and Children Trust, and should only be considered as a last-ditch attempt to safeguard those who are showing signs of high-potential of high risk vulnerability.
The conclusion here however must be. To deliver security to the benefit of all those young people who utilise the internet [and this is the majority] we must work as a society, ranging from Security Professionals, to Parents/Guardians, from Schools to the Police and Agencies who are empowered to protect such persons. Hopefully we may also see a shift by the Social Media Giants toward serving better their concerned user public – after all we are now very much aware of the ultimate cost that lacklustre policies can manifest in – the death of an exposed party.
As a codicil, a family friend of ours [Miss Molly Windsor] has bravely agreed to take a key acting-role in a BBC production in the UK screening February 2017. This is a very graphic account of the Bradford case of abuse titled ‘Three Girls’ and for the sake of educating the wider related topics I would urge any concerned parent to watch this horrific past event to take a grip of what reality has gone before.
[su_box title=”About Professor John Walker” style=”noise” box_color=”#336588″][short_info id=’66024′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.