; Detective Superintendent Col Dyson speech Office of the Privacy
Learning Center
Plans & pricing Sign in
Sign Out
Your Federal Quarterly Tax Payments are due April 15th Get Help Now >>

Detective Superintendent Col Dyson speech Office of the Privacy


  • pg 1
									        Privacy Awareness Week (29 April – 5 May 2012) Launch

Speech by Detective Superintendent Col Dyson, Commander NSW Fraud and
Cybercrime Squad

Minister for Justice and Attorney General, The Honourable Greg Smith
NSW Privacy Commissioner, Dr Elizabeth Coombs
CEO NSW Trustee and Guardian, Ms Imelda Dodds.
Ladies and Gentlemen.

It is the consensus of crime forecasters that as opportunities are presented to criminal
groups, the incidence of computer crime or ‘cyber’ crime as it is commonly referred, will
continue to grow and become more technically complex exponentially.

Criminals can now routinely commit crimes from any location in the world, confident that
the tyranny of distance and anonymity the internet affords, will allow their various online
criminal activities to present significant challenges to law enforcement.

The internet creates many risks for its users, all of them insidious. One of the greatest, in my
opinion, is via social media.

From a NSW Police Force perspective, the most effective weapon against cybercrime and in
particular crimes facilitated through social media, is user attitudes and behaviour.

Yet, there is an apparent paradox that exists between Community concern, and on
occasions, demand for privacy, and the behaviour of some people who wilfully post
personal information on social media, and consciously decide to share it with people they
don’t know.

The posting of personal identifying information by children and teenagers may be used
against them in later years. Organised Crime Groups have the resources to continually scan
social media using bots or mules to collate personal identity information and warehouse the
information until the user becomes 18, opening accounts in the user’s name and applying
for lines of credit.

A variety of social engineering tactics are used by organised crime groups including the use
of photographs and other identifiers that portray them as young people with the same
interests as those they prey upon. Their objective is to create a cover to ask personal
questions in an attempt to guess passwords or elicit financial information. These same
tactics are also used with other insidious intentions in mind.
office of the privacy commissioner
www.privacy.nsw.gov.au | (02) 8019 1600
information and privacy commission new south wales                                Page 1 of 4
Personal information is of great value to criminals. Data from the magnetic stripe of a
skimmed credit card is worth $1 if sold online, full card details, with expiry date, from one
card, are worth $9. Full identity details are worth $60 on illicit criminal online markets. This
data is sold in blocks of sometimes hundreds of thousands of pieces of data.

User accounts on social media can be used to financially profile likely victims. Shared
information provides an effective picture of their lifestyle, their income, their finances and
their potential as a victim. The car they drive, the clothes they buy, the holidays they take,
the suburb they live in, the job they have, all paint a detailed picture for the criminal.

Links to malicious websites are frequently downloaded and posted by unsuspecting users to
their social network account. The link is generally a video, gossip about a celebrity or topical
media story. When other friends click the link, malware is downloaded to their PC’s to
obtain further personal information through phishing attacks, or to include the PC in a bot
network to commit denial of service attacks. Some IT security companies report that 2
million new viruses and malware programs are reported to them every month.

Whilst these are the risks, what are the perceptions of those that use the sites?

According to a survey conducted recently in Australia, two-thirds of Australians think it is
unlikely they will ever be victims of a cyber attack; so much so, more than half said they
never changed their passwords nor bothered to update their anti-virus software.

However the survey also found that 68% were worried about the faceless nature of the on-
line world and the privacy repercussions. 85% also agreed that there were some things they
wouldn’t do online as it wasn’t safe.

81% felt they were already doing the right things to keep them safe, however analysis of
their claimed behaviour indicated only 20% are in fact, doing the right thing.

These kinds of conflicting attitudes may be reflective of a global attitudinal trend towards
Social media.

In July 2010 there were over 50 billion photos on Facebook, with 220 million photos being
added each week or over 550,000 images saved per second. This is nothing short of a
goldmine for identity thieves.

These attitudes appear very prevalent amongst young people:

A 2008 UK report looked at the age of users and their attitudes to privacy:

office of the privacy commissioner
www.privacy.nsw.gov.au | (02) 8019 1600
information and privacy commission new south wales                                  Page 2 of 4
      41% of children aged 8-17 left the default privacy settings unaltered, or ‘open’- their
       accounts therefore were visible to anyone. 44% of young adults aged 18-24, who
       had a current profile, allowed their profile to be seen by anyone;

      The research found that 34% of 16-24 year olds willingly gave out sensitive personal
       information such as photographs and other content. This included details such as
       their phone number, home address or email address;

      This included photographs that had the potential to damage the reputation of the
       user, including posting provocative photos of themselves, or others;

      17% of adult users said they talked online to people on social media that they didn’t
       know, including accepting people they didn’t know as ‘friends’. 35% spoke to people
       who were “friends of friends”.

Lastly, the 2007 survey found that of the 11 million people across the UK registered to a
social media site, 13% had posted information or photos of other people online without
their consent. This trend is strongest amongst younger users, with 27% of 18-24 year-olds
admitting that they have posted information and photos of other people without their
consent online.

And finally to reinforce the overseas research, Norton recently released the findings of
Australian research they commissioned. With 13 million Australians on social media, the
research found two thirds of Australians had little or no understanding of online security.

In Conclusion

The privacy paradox then is a reflection of different perspectives on privacy. And because
Social media is global, this phenomenon is also global.

The personality type and age of a social networker generally dictates the nature and extent
of personal information posted. While certain personality types are reserved in what they
post and who they share personal information with, others will post high-risk or damaging
information and share it with others.

While many users are confused about how to use privacy settings, younger generations are
oblivious to the risk of posting personal identifying information which could be used to
commit identity fraud.

Most people in this room would not post their name, address and phone number onto a
wall in Martin Place, yet others will grant access to that same information they have posted
on their social media profile, including pictures of family and friends.

office of the privacy commissioner
www.privacy.nsw.gov.au | (02) 8019 1600
information and privacy commission new south wales                              Page 3 of 4
It is time for attitudinal change and a realisation that social media does not present a risk in
itself, but does in the way it is used. The sites are here to stay and offer significant benefits.
It is the attitudes of those that use it that create a risk, and unfortunately, also offer
significant benefits to organised crime.


      ‘Recent Australian survey’ – AustraliaSCAN (David Chalke) 2012.
      ‘2007 survey’- ‘get safe online’ report by the UK organisation getsafeonline.org.
      ‘2008 survey- ‘Social media, a quantitative and qualitative research’ report into
       attitudes, behaviours and use, compiled by Ofcom the independent regulator and
       competition authority for the UK Communications Industries.

office of the privacy commissioner
www.privacy.nsw.gov.au | (02) 8019 1600
information and privacy commission new south wales                                  Page 4 of 4

To top