Posts for Tag: dearcomputrix

Dear Computrix: What’s Up, Dox?

Dear Computrix, I’m a video game developer for a small company. We’re about to release our latest title – written and developed by a primarily female team. This is our first release. A review of the game is scheduled for next week. After hearing about #Gamergate and how women often get harassed online generally my fellow developers and I are concerned that we are going to be assailed not only online, but for real, at home. The stories are frightening: many women are told they will be raped or killed and then their personal phone numbers and addresses are published online through social media. I was reading through Facebook today and saw a story about journalists at a non-profit news agency, ProPublica, who had to have their work email turned off from a scam email subscription bombing attack. Our company only has one IT person and we don’t have the resources to withstand the sort of assault that ProPublica got.  Up to this point no one who doesn’t already know us hasn’t paid much attention to us online. How do we keep safe, both online and at our homes? Signed, My cat won’t handle a bomb threat well.

Dear Cat,

Congratulations on your upcoming title release! I hope that your video game is well received and your justifiable fears do not come to fruition. When angry people online decide to take it to the physical world and publish personal details about their target – details not only involving phone numbers and home addresses, but also birthdates and Social Security numbers – it is called doxxing (you might see it spelled with only one x – standard spelling and grammar aren’t concerns of the Internet). The name derives from “documents” – someone who has been doxxed has had their documents released and it is a form of information warfare. To make matters worse, the doxxing is usually accompanied by threats of violence and bodily harm. You have every right to be concerned. In the ProPublica case they had to give up their well-known work addresses and get new ones – and their organization suffered inconvenience and dread - but they luckily were not threatened in the physical realm. In the #GamerGate situation the women targeted had to leave their homes out of fear. Men get doxxed, too, but it’s more likely to happen to women. Once someone’s personal contact information is released onto the Internet it cannot be taken back. You can change phone numbers, yes, but you cannot easily move – and changing your birthdate and Social Security number is not going to happen.

One solution to avoid being doxxed is to never do anything that draws the attention of the Internet, but that isn’t a realistic course of action for anyone who has a technology-related job. There are less drastic measures you and your colleagues can take, but they should be taken before you draw any attention from the Internet. (Yes, this is horrible that I have to give this advice, but that is the world we live in now.)

First, you need to think like a doxxer: if you wanted to discover someone’s private information, how would you go about it? Google-stalk yourself and see what comes up. (This will be a depressing exercise, by the way, so make sure your cat is handy for emotional support.) I will be honest: nearly all of the private information that someone can find online cannot be erased permanently. You can make requests to some of the data brokers to remove your information but unless you find the source of their data and rip it out, it will just keep coming back to them to aggregate. If someone owns a house the property tax records are a matter of public record and therefore the physical address is available to anyone who knows the homeowner’s name and city. It is a good idea to have a friend or family member you can stay with if you start to receive threats and you feel your safety (and that of your cat) is threatened. It’s even better if you don’t mention this friend or family member on social media. Of course, if you are seriously threatened, notify local law enforcement. Keep a log of whatever sort of harassment you receive – that could help them if it comes down to legal action.

Next, even though the physical threat is a possibility, prepare for an online threat, too. If you aren’t already using multi-factor authentication – where an account makes you enter another code before you can login, start using it. Change your passwords and have different passwords for every account. If you were using those security questions that ask “what grade school did you attend?” go through and change the answers to something random and false – but keep a record of your mis-information in case you need to get into your accounts! This is especially important for any public social media accounts. You might want to consider changing your social media audience to private, so only your friends and business acquaintances have access to your posts and information. If you need to speak out publicly about something controversial on the Internet think about using a pseudonym that could never be traced back to you. Last, it doesn’t hurt to call your utility companies and financial institutions and ask them to set a password on the account.

As far as your work email and avoiding the ProPublica email subscription bombing attack, before your game releases and any reviews are published maybe change any known work email addresses and make sure your current contacts have the new one. Then, use a single email address for developer contact purposes; if that email address is attacked it is easy to turn it off to avoid blocking the entire system. Those who need to contact you legitimately can still do so through your new and improved and relatively secret email address. These are not perfect solutions, but if the worst case happens it can protect your company’s resources better than nothing.

Wired magazine published “The Wired Guide to Digital Security” last December. You and your fellow developers might want to check their advice for journalists, which is probably the best category for your situation. You can find the guide online here, https://www.wired.com/2017/12/digital-security-guide/ And while your video game doesn’t fall into the category of activism, you might find Equality Labs’ Anti-doxing guide valuable, as well: https://medium.com/@EqualityLabs/anti-doxing-guide-for-activists-facing-attacks-from-the-alt-right-ec6c290f543c

Stay safe out there!

- The Computrix


Sources

Angwin, J. (2017). Cheap tricks: the low cost of Internet harassment. ProPublica and Wired. Retrieved from https://www.propublica.org/article/cheap-tricks-the-low-cost-of-internet-harassment

Equality Labs. (2017). Anti-doxing guide for activists facing attacks from the Alt-Right. Medium. Retrieved from https://medium.com/@EqualityLabs/anti-doxing-guide-for-activists-facing-attacks-from-the-alt-right-ec6c290f543c  

Kain, E. (2014). GamerGate: a closer look at the controversy sweeping video games. Forbes. Retrieved from https://www.forbes.com/sites/erikkain/2014/09/04/gamergate-a-closer-look-at-the-controversy-sweeping-video-games/#532844a934f8

Matisse, N. (2015). Anti-doxing strategy – or how to avoid 50 Qurans and $287 of Chick-Fil-A. Ars Technica. Retrieved from https://arstechnica.com/information-technology/2015/03/anti-doxing-strategy-or-how-to-avoid-50-qurans-and-287-of-chick-fil-a/3/

Newman, L. (2017). What to do if you’re being doxed. Wired. Retrieved from https://www.wired.com/story/what-do-to-if-you-are-being-doxed/

Vaas, L. (2014). Another game developer flees her home following Gamergate death threats. Sophos. Retrieved from https://nakedsecurity.sophos.com/2014/10/14/another-game-developer-flees-her-home-following-gamergate-death-threats/

Dear Computrix: Turning the Tide on Money Laundering Gains

Dear Computrix, I’m home recovering from knee surgery (too many times jumping out of perfectly good airplanes). I’ve run through every Netflix series there is and ended up watching CSPAN. I found a livelier session than most called “Combating Money Laundering and Other Forms of Illicit Finance: Administration Perspectives on Reforming and Strengthening BSA Enforcement” by the Senate Committee on Banking, Housing, and Urban Affairs. The last Netflix show I binged on was Ozark, which is about money laundering (“FinCEN” is mentioned), so I felt I had some background to appreciate what the good senators would be saying. In a nutshell, they want to modernize the money laundering to make it easier for banks to comply (some banks have more compliance officers than lending officers) and also account for Bitcoin. Everything they said made sense (and both groups were getting along, surprise, surprise), but I couldn’t help wondering about a scene in the first episode of the Ozark series where the main character tries to take all his money out of the bank and the FBI is asking him why – that must be these banking laws. Anyhow, he says it’s his money and if he wants to put it all in a hot tub and sit with it that’s his business. That got me thinking: why does the government have the right to track our money like this? Shouldn’t they be worried about those banks like the one in the hearing that cleaned over half a trillion for some Mexican drug lords and got away with just a slap on the wrist? Signed, So Desperate I Watched CSPAN

Dear So Desperate, Ozark is a good series – you probably heard they’re bringing it back for a second season! I wondered about that bank vault scene myself, knowing the Bank Safety Act (BSA) law and other anti-money laundering (AML) laws would mean the bank had to notify the federal authorities - that amount was clearly over the $10,000 threshold for currency transactions reporting. The series is obviously fictional – I can’t imagine someone in real life being allowed to take $8 million dollars in cash out the door – but at least the FBI is following him. The Senate Banking committee hearing you watched is an engaging one – and available online for watching, as well (see the list of references at the end). The bank you mentioned from the hearing - that’s been in the news lately for other misdeeds related to currency rigging - is HSBC, a British bank. HSBC, through supposed negligence, allowed billions of dollars associated with Mexican drug cartels to go unmonitored and unreported. They were fined and put on a deferred prosecution agreement, meaning that if they behaved the charges would be dropped. The US government seems satisfied that HSBC has reformed its processes related to AML; I cannot speak for the US government but it seems the end game is to have banks’ cooperation in AML, which may be worth more than stronger fines or jail time for the banking executives.

Money laundering – the taking of money that you don’t want someone to know you got, and “cleaning” it to make it look like legitimately-gained assets – as a concept has been around since governments, such as they were at the time, started to care about getting taxes. Modern anti-money-laundering laws exist to thwart mainly drug trafficking and terrorism, but also to curb tax evasion and non-drug-trafficking-derived income. The government feels that the surveillance and inconvenience to the ordinary person who wishes to engage in financial transactions of large sums (this includes jewelers, as well) is worth it to protect society as a whole against the effects of drug trafficking, terrorism, tax evasion, and other financial crimes. Some Libertarian groups disagree, finding the laws ineffective and too invasive, citing the Bill of Rights. That’s the beauty of our country, though, that we can disagree. For now, the various AML regulations are the law of the land and financial institutions (and jewelers), along with citizens, have to comply. If you feel strongly about these measures I encourage you to write to our legislators. The Banking committee is having another hearing next month and they won’t know how you feel unless you let them know.

Speedy recovery on that knee!

- The Computrix 


Sources

Bray, C. (2017). HSBC says US is preparing to dismiss criminal charges against it. The New York Times. Retrieved from https://www.nytimes.com/2017/12/11/business/dealbook/hsbc-us-charges.html

Mitchell, D. (2016). Money laundering laws: ineffective and expensive. International Liberty. Retrieved from https://danieljmitchell.wordpress.com/2016/10/11/money-laundering-laws-ineffective-and-expensive/

Netflix. (2017). Ozark. Netflix.com. Retrieved from https://www.netflix.com/title/80117552

Otterson, J. (2017). ‘Ozark’ renewed for season 2 at Netflix. Variety. Retrieved from http://variety.com/2017/tv/news/ozark-renewed-season-2-netflix-1202527992/

Schoenberg, T. (2018). HSBC to Pay $100 Million to end U.S. currency-rigging probe. Bloomberg. Retrieved from https://www.bloomberg.com/news/articles/2018-01-18/hsbc-to-pay-100-million-to-end-u-s-currency-rigging-probe

United States Department of Justice Office of Public Affairs. (2012). HSBC Holdings Plc. and HSBC Bank USA N.A. admit to anti-money laundering and sanctions violations, forfeit $1.256 billion in deferred prosecution agreement. United States Department of Justice. Retrieved from https://www.justice.gov/opa/pr/hsbc-holdings-plc-and-hsbc-bank-usa-na-admit-anti-money-laundering-and-sanctions-violations

United States Department of the Treasury. (2018). FinCEN: Financial Crimes Enforcement Network. Fincen.gov. Retrieved from https://www.fincen.gov/

United States Senate Committee on Banking, Housing, & Urban Affairs. (2018). Executive session and combating money laundering and other forms of illicit finance: administration perspectives on reforming and strengthening BSA enforcement. United States Senate. Retrieved from https://www.banking.senate.gov/public/index.cfm/2018/1/executive-session-and-combating-money-laundering-and-other-forms-of-illicit-finance-administration-perspectives-on-reforming-and-strengthening-bsa-enforcement

Dear Computrix: Catphishing: Pawsitively Clawful

Dear Computrix, my cousin, who lives in North Carolina, shared a local news story on Facebook about a man who had been arrested for scamming women on online dating sites. Here is the story: http://www.wral.com/fake-millionaire-tycoon-gets-prison-for-online-dating-scam/17234727/ This is scary! My daughter has recently started doing some online dating and I’m worried she will run into one of these criminals. Why isn’t the government doing something about this? Signed, Worried Mom.

Dear Worried Mom, several other community members have expressed alarm related to the news that John Edward Taylor, the man in the WRAL news story, was charged with stealing “money, credit, and personal information from more than a dozen women”, according to the US Attorney’s Office (see a link to their formal release at the end of this article). People have been deceiving each other since the beginning of time – the ancient Romans were doubtless plagued by confidence tricks. In fact, “confidence” is where we get the word “con” from. Romance is an area where confidence schemes thrive, because it’s hard to think straight when one’s heart is involved. Confidence schemes manipulate emotions, such as compassion, but also vanity and greed; they find someone’s buttons and push them, to the benefit of the con artist and the detriment of the victim. What the man in the article did has a name – not a legal name, but a popular name: catphishing. It sounds just like “cat fishing”, but it has nothing to do with cats and fishing poles. It is a scam that is (pardon the pun) pawsitively clawful in its effect on victims.

Catphishing as a term comes from the cybersecurity world and the sport fishing world: a “phish” is a deceptive email using an emotional lure to obtain information, and catfish can be caught by dangling a hand in the water and patiently waiting for a catfish to grab on, at which point the catfish is dragged into the boat. You might also see it spelled as catfishing. Some catphishers use their own identities and then deceive the people they date into giving them money or information. A catphisher can also take photos they find on the Internet – typically someone conventionally attractive – and use those to create their fake dating profile, from whence they execute the same scam. There are multiple victims in that case: the innocent person being impersonated and the people the catphisher is trying to lure in. Here are some things your daughter can keep in mind that should set off alarm bells in her mind:

  • The person does not want to meet face to face or through a video chat service like Skype.
  • The person is too good to be true: too attractive, too charming, too wealthy.
  • The person is difficult to find on social media or through an Internet search.
  • The relationship escalates quickly into talk of love and long-term relationships.
  • The person wants a home address to send gifts to.
  • The person asks too many personal, financial-related questions early in the relationship.
  • The person has sudden, strange financial difficulties.

Last, you asked why the government isn’t doing anything about this. Catphishing is not a federal crime – the perpetrator in the WRAL story was charged with wire fraud, bank fraud, aggravated identity theft, and threatening communication, not catphishing. Oklahoma is the only US state that has made catphishing (they use the catfishing spelling) illegal and its law protects only Oklahomans who are impersonated, not catphishing victims.

I hope this gives you and your daughter something to think about. Catphishing is a risk on online dating sites, but not everyone on those sites is a catphisher. Good luck to you both! – The Computrix


Sources

Malwarebytes Labs. (2017). Bad romance: catphishing explained. Malwarebytes.com. Retrieved from https://blog.malwarebytes.com/cybercrime/2017/11/bad-romance-catphishing-explained/

Neumeister, L. (2018). Fake millionaire tycoon gets prison for online dating scam. WRAL.com. Retrieved from http://www.wral.com/fake-millionaire-tycoon-gets-prison-for-online-dating-scam/17234727/

United States Attorney’s Office Southern District of New York. (2018). Alleged confidence man charged with luring victims through matchmaking and networking sites to commit fraud and identity theft. United States Department of Justice. Retrieved from https://www.justice.gov/usao-sdny/pr/alleged-confidence-man-charged-luring-victims-through-matchmaking-and-networking-sites