Staying Safe Online: IMPORTANT Online Safety Information

   PUBLISHED BY THE ARMY OF CLUB PENGUIN   
Written by King Mondo, ACP Legend & Advisor

                                 
Do you know about the threats of malicious software, dangerous websites, sketchy links, and weak encryption? How about Denial of Service and Distributed Denial of Service (DoS/DDoS) attacks? Doxxing? If you're feeling like you could use some help understanding these threats and their core cybersecurity concepts, this guide is definitely for you to utilize!

                                                

Today, many individuals are targeted by malicious individuals seeking to gain stolen assets and highly sensitive information. Additionally, entire groups exist for this same purpose. Some more than others are intent on doing actual harm to unsuspecting people by using the internet to manipulate others. The threats are real and it is imperative that we have a common understanding about this and of the importance of having an ever-growing knowledge base to help us navigate the digital world. These threats exist here, too, because of the inherent nature of our community and the fact that we are operating online.

Although the internet has tremendous benefits, it is critical that you develop the skills and cultivate a knowledge base that will help keep yourself and others SAFE when on the internet. Don't fall into traps and share what you learn. We're all in a fight for a secure internet community, and it is my ardent hope that this online safety and cybersecurity guide will aid us in this fight.

I implore you, please share this guide and other great resources actively in your communities. Online safety is, unfortunately, not always taught in schools and people are constantly victimized because of this lack of knowledge and understanding. We have a duty to help others and be part of the solution when in the position to do so, and today, we can all be armed with the information to protect ourselves and each other. The good of one will have a great impact on many, and can even lead to others being contributive global citizens. In this increasingly interconnected world, we need more of that.


Introduction

I want to start off by asking a question: when you think of the internet, what comes to mind first? Second? Third? There's a lot to think about, and the list of platforms and services can go on and on. While it's true that there are many wonderful benefits that the internet can provide, there is still a great need to protect oneself from the dangers of being so interconnected.

As technology advances, our society strengthens and advances with it. Unfortunately, while progress is made, the disastrous potential of malicious schemes is strengthened as well. This is why it is imperative to be aware of online threats to security, and how to protect yourself from these threats. And it all starts with knowledge; after all, knowledge is power. In this post, I will share some valuable information to get you started, and hopefully, we can all learn to safely navigate the digital world together!

I would also like to add that while much of this information may already be considered common knowledge for some of you, there is a staggering amount of individuals that simply are not aware of this information. It is my hope that I can help you all more effectively protect yourselves and your friends from the very real threats that exist all over the web. And if you find something particularly intriguing to confusing, I highly encourage you to look more into the concept or topic yourself. If you do find out something new, share it with us via the Discord server or the ACP Twitter (@ACPArmy)!

Remember: if you see any suspicious activity on the ACP Discord server or receive a message that makes you uncomfortable, please alert staff immediately. We are here to ensure a safe, fun, and friendly environment, so don't hesitate to ask questions and message us!

Table of Contents
  1. Protecting Yourself Online
    • Passwords and personal information
    • Look closely and avoid traps
    • Lessen vulnerabilities
  2. Other Threats
    • DoS and DDoS attacks
    • Doxing
  3. What to You Can Do Next
    • Continue learning about online safety
    • Educate your friends and family
    • Take advantage of great resources
  4. Helpful Resources to Check Out
    • My online safety infographic
    • Federal Bureau of Investigation Safe Online Surfing game
    • Federal Bureau of Investigation Don't Be A Puppet game
    • Code.org Cybersecurity
    • Khan Academy
    • Any other resources you know about? Let me know!


1. Protecting Yourself Online

Today, our technology that makes the digital world possible provides us with better ways to collaborate, solve problems, and advance the human condition. However, just as those who want to use technology for good are able to expand their capabilities, so do others who wish to steal your sensitive information and identity and do harm to you. Though it's not exactly pleasant to deeply ponder, the reality is that someone is most likely after your information in one way or another.

Fortunately, if we're aware of how attackers attempt to compromise our information, we can have confidence in our ability to repel such attacks. The following sections will explain how you can better protect yourself online, so be sure to read on!

Passwords and personal information
What protects your accounts from being breached? Passwords. Often times, for whatever reason, users do not adequately protect their accounts and instead use easy-to-guess passwords like "abc1234," "qwerty," or "passwordpassword."

In order for passwords to be STRONG, they must be:

  • Diverse in characters
  • 12 characters or longer
  • Varied across websites and services
  • Free of personal information and dictionary words
The last point is a very important one: keeping your passwords free of personal information and dictionary words is critical to password security. If someone uses words, or worse, personal information in their passwords, it is very easy for someone else to gain access to the account because it's much easier to crack a password with words or information others already know. 

You can bet that malicious individuals will use every bit of information against their targets, so be careful what you set as your password and aim to randomize. Give them a run for their money and concede no clues or advantage.

For example, intelligence and national security agencies may use a database of personal information to try cracking a device password. Attackers do this as well, so be sure to keep a tight hold of your personal information and strongly consider the possible consequences of sharing particular pieces of information about yourself. You could easily be painting a target on your own back. Sharing too much personal information can lead to being doxed too (discussed later).

Essentially, if any part of your password can be known to someone easily or is a common arrangement of characters (a dictionary word for example), you will be leaving your information main line of defense open to attack. And as we get older and have more serious accounts with information and finances to protect, we have to ensure we take the necessary steps to SECURE our accounts.


Look closely and avoid traps
There are plenty of people after information for a variety of reasons. Maybe they want to sell that information to the highest bidder or use it to compromise someone's account themselves. Whatever the case, attackers will set traps that you have to look out for. How can you spot and avoid them?

  • Use only SECURED (HTTPS) connections
  • DON'T click unfamiliar links
  • DON'T install unfamiliar software
  • Recognize suspicious offers


Secured connections will always have "https://" at the front of URLs (double click links in Google Chrome to check. HTTPS stands for Hypertext Transfer Protocol Secure, meaning that the website is using an encrypted connection to transfer data between your computer and the server taking your computer's requests to submit information. If you share information on a website that does not have a secure connection, your information is vulnerable and visible to attackers.


If you are not already familiar with encryption, here's an infographic that explains the basics


For those of you that may be familiar with VPNs (Virtual Private Networks), a very similar process happens when you decide to wisely access the internet via a VPN. Sometimes you'll encounter security threats that are not entirely deliberate. Public wifi is one of those things. Because of the public nature of such networks, anyone can unleash attacks and intercept your information. 

So when using a device in a coffee shop or library or hotel, strongly consider using one of the many free and paid VPN options to surf on a secured connection!


Another serious threat online is clicking unfamiliar links, which often come with suspicious offers. There are many approaches one might take to getting one to click a link that may appear harmless or look like a legit website at first glance. These links, however, are actually incredibly dangerous. Here's why:

  1. Malicious links can be anything. Here are some possible surprises awaiting unsuspecting users:
    • Malware: Malicious software that is installed on your computer that can damage your machine and even your network itself as well as other devices on that network. There also exist programs that can take over your computer and gain access to all local data.
    • IP grabber: Services that can be shared via links used to 'grab' your Internet Protocol address (unique to each device and each router) & have personal information attached to them. IP address exposure can lead to a DoS/DDoS attack on your network or device.
    • Phishing scam: Websites that trick you into giving your account information by making it seem like you're visiting the correct website. These are often shared through scam emails.  

  2. Do NOT click on short links (these mask the actual website; use an online tool to expand such links and reveal what the actual destination is). An example of this is below:
  3. Your device could become part of a botnet, a network of computers used by someone to attack big websites and cause tremendous damage to digital systems by overwhelming a server with packets of information, a DDoS attack.
Note: if you encounter something unfamiliar but do not want to run the risk of exposing your system to a threat online, consider researching that website or link (not the URL; enter the name in a search engine).

In the first picture, I was sent a fake message from someone attempting to impersonate the popular YouTuber, Mr. Beast. I had recently watched his videos and have been following some of his social media accounts. This could have been a targeted attempt based on my interest that this person may have been already aware of.

In the second picture, after finding an online tool, I unshortened the link (without clicking it) and discovered through research that the website (again, I did not visit the actual site) was related to some sort of malware-affiliated site. I'm unsure of what exactly would have happened if I visited, but I was not intent on finding out.

I find it very interesting that not long after this, another account attempting to impersonate another YouTuber that I follow regularly sent me another link. This is a good example of how knowledge gives you the power to control the outcome of a situation, especially when it comes to online safety.

Additionally, installing unfamiliar software on unfamiliar online websites is another way to damage your computer. Even if you think a download is safe, consider the source of that software, and evaluate the situation by researching the source of the download. The best method of prevention for damaging your machine as a result of malicious software is not taking the risk in the first place.


Lessen vulnerabilities
Although there are websites that you may accidentally visit and people that are out there for your data and sensitive information, there's a lot one can do besides playing it safe and learning to spot and dodge attempts to steal your information. Some ways you can fight back are:

  • Turning on 2FA, Two Factor Authentication. This allows you to further secure your accounts by linking a phone number to your account. In the event that someone does breach your account by cracking your password, your account will be locked by the 2FA feature and require a confirmation only achievable from the actual user's phone.
  • Installing your security updates! Out of date software opens up holes in your device's ability to defend itself and your data from attacks. Ensure you are actively checking for critical system updates and keeping up with the important installations.
  • Spreading your knowledge and helping others is a huge way to fight back against the threats to users of the open web. Unfortunately, the internet is fundamentally insecure and was never built for the purpose it now serves. But we have to roll with it, and we can make that easier by teaching each other and helping educate ourselves about the very real and possible threats to your information, devices, and even personal safety lurking around the internet.
There's a lot each of us can do ourselves, and we can wage this fight against scams and online threats together. But to do that effectively, we'll need to have a strong foundation of knowledge. And this guide is most certainly a great start.


2. Other Threats

There are quite a lot of threats to your devices and safety to look out for, and there are certain ones that fall into categories all their own. Two common examples of these would be doxing and DoS/DDoS (Denial of Service/Distributed Denial of Service) attacks. These are often conducted with the intent to control and even do harm to other people. If you aren't careful, these threats could slip into your reality and make it a nightmare to deal with. Therefore, the best protection is prevention.

So where does the threat begin? Specifically, what leads to users being victims of DoS/DDoS attacks or doxing, and how do I prevent it? Consider the previous section's information on deceptive links, where the main tool that attackers use to steal assets and more information can easily be your own information. Our world is so interconnected today, that we give lots of information about our lives and personalities away online.

And guess what? That's free game for attackers, and you can bet they're going to use that valuable intelligence in any way the can in order to find an angle - a vulnerability, a chance, an opportunity - to take advantage of you. That's why it's important that each of us carefully considers what information we share, how we share it, who sees it, and what the consequences of sharing that information might be for us.

The prevention? Don't overshare. You'd be surprised how easily criminals can locate people and make attempts on their sensitive data. Here's just one example of the dangers of sharing images online:

            Photos.  Photos taken from smartphones embed the GPS Coordinates in the photo, which will allow others to know the location of where the picture was taken and may be used to find you.  Beware of this when posting photos to online social media sites.  Remember that pictures posted online may be copied, altered, and shared with many people without your knowledge or consent, unless you use privacy settings to limit who has access to the pictures. (United States Department of Justice US Attorney's Office, Northern District of Georgia website)                                                                                                   

We're still not all aware of what one individual (let alone organized groups) can do to use technology against a target. It's important to learn as much as you can about online safety and how the internet of today works so that you can protect yourself and teach others to do the same. We're in this together, but we won't win the battles if we don't know what's out there and what may be coming for our data.

Now, there's another similar threat that attackers will have up their sleeves. It involved gathering information about someone and releasing that information either right away or blackmailing the person whose information could be released without their consent. In our online community, this threat is very real. This threat is called doxing.

How do I protect myself? Don't overshare and risk people being able to figure out your true identity. The more information someone knows about you, the more likely it is for someone to dox you and even extort you by using the info to get something out of you. Keep yourself safe. Keep your family safe. Keep your friends safe. Don't overshare online. It is a real danger to be mindful of, and it has real impacts!


Denial of Service attacks are where someone uses one's IP address (unique to each device) to flood the bandwidth of a specific device, router, or server with the intent to manipulate one's ability to access and use their internet connection. This can have serious consequences for those reliant on a strong internet connection, even big websites since they tend to be DDoSed.

DDoS attacks specifically are largescale botnet attacks, meaning that a vast network of devices is being used to simultaneously send packets to a machine. DoS attacks are not distributed; they only take place using one connection between the attacking device and the system under digital siege.

So what does this mean for you? It depends on the source of the attack and the circumstances.

I've been attacked and lost access to the internet for one hour (and I know this was a targeted, deliberate attack on my machine). Following that, there were no further issues. However, my IP address was exposed at some point, and there are many ways for someone to exploit websites and collect IPs that even I did not know about. It's possible to reset IP addresses, but why bother going through the trouble if you can prevent it from happening?

Here are some basic ways to protect yourself against exposing your IP:

  • Be aware of how your IP is collected by the sites you visit and interact with (ex. when commenting on WordPress websites, your IP is viewable to those running the website)
  • Don't accidentally share it in pictures.





[More to be added]

3 comments: