VIEWS: 5 PAGES: 4 POSTED ON: 9/22/2012
Privacy Awareness Week (29 April – 5 May 2012) Launch Speech by Detective Superintendent Col Dyson, Commander NSW Fraud and Cybercrime Squad Minister for Justice and Attorney General, The Honourable Greg Smith NSW Privacy Commissioner, Dr Elizabeth Coombs CEO NSW Trustee and Guardian, Ms Imelda Dodds. Ladies and Gentlemen. It is the consensus of crime forecasters that as opportunities are presented to criminal groups, the incidence of computer crime or ‘cyber’ crime as it is commonly referred, will continue to grow and become more technically complex exponentially. Criminals can now routinely commit crimes from any location in the world, confident that the tyranny of distance and anonymity the internet affords, will allow their various online criminal activities to present significant challenges to law enforcement. The internet creates many risks for its users, all of them insidious. One of the greatest, in my opinion, is via social media. From a NSW Police Force perspective, the most effective weapon against cybercrime and in particular crimes facilitated through social media, is user attitudes and behaviour. Yet, there is an apparent paradox that exists between Community concern, and on occasions, demand for privacy, and the behaviour of some people who wilfully post personal information on social media, and consciously decide to share it with people they don’t know. The posting of personal identifying information by children and teenagers may be used against them in later years. Organised Crime Groups have the resources to continually scan social media using bots or mules to collate personal identity information and warehouse the information until the user becomes 18, opening accounts in the user’s name and applying for lines of credit. A variety of social engineering tactics are used by organised crime groups including the use of photographs and other identifiers that portray them as young people with the same interests as those they prey upon. Their objective is to create a cover to ask personal questions in an attempt to guess passwords or elicit financial information. These same tactics are also used with other insidious intentions in mind. office of the privacy commissioner www.privacy.nsw.gov.au | (02) 8019 1600 information and privacy commission new south wales Page 1 of 4 Personal information is of great value to criminals. Data from the magnetic stripe of a skimmed credit card is worth $1 if sold online, full card details, with expiry date, from one card, are worth $9. Full identity details are worth $60 on illicit criminal online markets. This data is sold in blocks of sometimes hundreds of thousands of pieces of data. User accounts on social media can be used to financially profile likely victims. Shared information provides an effective picture of their lifestyle, their income, their finances and their potential as a victim. The car they drive, the clothes they buy, the holidays they take, the suburb they live in, the job they have, all paint a detailed picture for the criminal. Links to malicious websites are frequently downloaded and posted by unsuspecting users to their social network account. The link is generally a video, gossip about a celebrity or topical media story. When other friends click the link, malware is downloaded to their PC’s to obtain further personal information through phishing attacks, or to include the PC in a bot network to commit denial of service attacks. Some IT security companies report that 2 million new viruses and malware programs are reported to them every month. Whilst these are the risks, what are the perceptions of those that use the sites? According to a survey conducted recently in Australia, two-thirds of Australians think it is unlikely they will ever be victims of a cyber attack; so much so, more than half said they never changed their passwords nor bothered to update their anti-virus software. However the survey also found that 68% were worried about the faceless nature of the on- line world and the privacy repercussions. 85% also agreed that there were some things they wouldn’t do online as it wasn’t safe. 81% felt they were already doing the right things to keep them safe, however analysis of their claimed behaviour indicated only 20% are in fact, doing the right thing. These kinds of conflicting attitudes may be reflective of a global attitudinal trend towards Social media. In July 2010 there were over 50 billion photos on Facebook, with 220 million photos being added each week or over 550,000 images saved per second. This is nothing short of a goldmine for identity thieves. These attitudes appear very prevalent amongst young people: A 2008 UK report looked at the age of users and their attitudes to privacy: office of the privacy commissioner www.privacy.nsw.gov.au | (02) 8019 1600 information and privacy commission new south wales Page 2 of 4 41% of children aged 8-17 left the default privacy settings unaltered, or ‘open’- their accounts therefore were visible to anyone. 44% of young adults aged 18-24, who had a current profile, allowed their profile to be seen by anyone; The research found that 34% of 16-24 year olds willingly gave out sensitive personal information such as photographs and other content. This included details such as their phone number, home address or email address; This included photographs that had the potential to damage the reputation of the user, including posting provocative photos of themselves, or others; 17% of adult users said they talked online to people on social media that they didn’t know, including accepting people they didn’t know as ‘friends’. 35% spoke to people who were “friends of friends”. Lastly, the 2007 survey found that of the 11 million people across the UK registered to a social media site, 13% had posted information or photos of other people online without their consent. This trend is strongest amongst younger users, with 27% of 18-24 year-olds admitting that they have posted information and photos of other people without their consent online. And finally to reinforce the overseas research, Norton recently released the findings of Australian research they commissioned. With 13 million Australians on social media, the research found two thirds of Australians had little or no understanding of online security. In Conclusion The privacy paradox then is a reflection of different perspectives on privacy. And because Social media is global, this phenomenon is also global. The personality type and age of a social networker generally dictates the nature and extent of personal information posted. While certain personality types are reserved in what they post and who they share personal information with, others will post high-risk or damaging information and share it with others. While many users are confused about how to use privacy settings, younger generations are oblivious to the risk of posting personal identifying information which could be used to commit identity fraud. Most people in this room would not post their name, address and phone number onto a wall in Martin Place, yet others will grant access to that same information they have posted on their social media profile, including pictures of family and friends. office of the privacy commissioner www.privacy.nsw.gov.au | (02) 8019 1600 information and privacy commission new south wales Page 3 of 4 It is time for attitudinal change and a realisation that social media does not present a risk in itself, but does in the way it is used. The sites are here to stay and offer significant benefits. It is the attitudes of those that use it that create a risk, and unfortunately, also offer significant benefits to organised crime. Ends ‘Recent Australian survey’ – AustraliaSCAN (David Chalke) 2012. ‘2007 survey’- ‘get safe online’ report by the UK organisation getsafeonline.org. ‘2008 survey- ‘Social media, a quantitative and qualitative research’ report into attitudes, behaviours and use, compiled by Ofcom the independent regulator and competition authority for the UK Communications Industries. office of the privacy commissioner www.privacy.nsw.gov.au | (02) 8019 1600 information and privacy commission new south wales Page 4 of 4
"Detective Superintendent Col Dyson speech Office of the Privacy"