MN WEBCHAT GUIDELINES 1. One question per member plus a follow-up question if appropriate, ie once you've had a response. 2. Keep your question brief 3. Don't be disappointed if your specific question doesn't get answered and do try not to keep posting "What about me?". 4. Do be civil/polite. See guidelines in full here.

Live webchat about cybercrime with broadcaster and author, Misha Glenny 1 - 2pm Monday 3rd October

(53 Posts)
RachelMumsnet (MNHQ) Thu 29-Sep-11 10:30:43

We're joined on Monday at 1pm by Misha Glenny, broadcaster and author of numerous books including McMafia - Seriously Organised Crime and his latest DarkMarket: CyberThieves, CyberCops and You.

The benefits of living in a digital, globalised society are clearly enormous, but so too are the dangers. The world has become a law enforcer's nightmare and every criminal's dream. We bank online, shop online, date, learn, work and live online. But have the institutions that keep us safe on the streets learned to protect us in the burgeoning digital world? Have we become complacent about our personal security? sharing our thoughts, beliefs and the details of our daily lives with anyone who cares to relieve us of them?

Misha Glenny has gone behind the scenes in the murky world of cybercrime and has talked to the criminals, the police and the government security forces for his new book DarkMarket: CyberThieves, CyberCops and You. He is excellently placed to advise us on how to keep our personal details from being hacked online. Join Misha for a live webchat on Monday 3rd October at 1pm or send in your question to him in advance to this thread.

Hello, I would like to leave a question for Mr Glenny if I may...

Mr Glenny, I am a researcher in this area, and a big fan of your previous book (McMafia). I have a question regarding the possibility of reducing the threat from cybercrime. Given that some of the countries from which cybercrime originates (China, Russia) are in strategic competition with Europe and the US, do you think it's actually possible for our governments to work with them to reduce the threat?

Thank you, I'm very much looking forward to the webchat!

brookeslay Sat 01-Oct-11 14:31:05

hello

Apart from mixing up passwords what is the best way to protect your personal details online?. I use alot of internet banking and even Lloyds has been cloned in that the website wanted additional passwords etc.

I am fed up with scam phising emails drive me up the wall are people that thick they don`t know not to pressthe link ?

My partner works away and his computer is riddled with stuff when he is back even though he has norton. He only ever send mail never access paypal or the bank.So its annoying the lengths we have go to.

strandednomore Sat 01-Oct-11 19:20:15

Hi Misha
Thanks for doing this webchat. I wonder what you think about sites such as Facebook, Linked In etc (and even sometimes Mumsnet) where people often inadvertently leave a lot of personal details, which could lead to you being hacked or cloned (is that the right terminology?). My husband works for a law enforcement agency and is very anti Facebook (he doesn't even like me pasting pictures of our daughters on it), do you think he is right to be so paranoid? What do you think we could we do to protect ourselves and our children on these sites?
Thanks.

Gincognito Sat 01-Oct-11 19:31:43

Hello

Do you think more needs to be done to raise awareness of the prevalence of cybercrime? I think that, especially amongst teenagers, posting a huge amount of exploitable information about ourselves online these days is the norm.

What could be done? What about a website that pulled together all the easily available info about you and presented it with a description of how it could be exploited? I'm sure that's actually far too expensive to implement, but is this subject at least being covered in PSHE? I think we are all (myself included) far too complacent on this issue.

EdithWeston Sun 02-Oct-11 11:27:14

I won't be there for the web chat. But if I was, I'd have questions in two areas:

a) what is his opinion on the collection and storage of biometric information? Are the big firms like Rayethon and Safran accumulating too much data about individuals? Especially as governments could access such data. The prospect of abuse of information held - by using it in a big brother-ish way - or by criminals to substitute an innocent person's identity to a criminal's fingerprint algorithm, strike me as worrying scenarios. Especially as these systems are being used more and more in schools (which seems to me to be softening up a whole generation to see such control by multinationals of identities as normal).

b) you wrote in the 1990s a thoughtful history of Yugoslavia and its break up. The former Yugoslavia has dropped out of the headlines. Does this mean that the communities are really reconciled, or is there potential for further strife or even conflict?

Blueberties Sun 02-Oct-11 11:44:39

Hi Misha

I have a couple of pretty stupid questions really

How much information can be retrieved about us? in one country I lived in the aparatus of the state was said to be able to retrieve every single text message every person had sent. Can this be true?

Where's the greatest "danger" to the individual with stored data? Is it state/civil liberties, commerical exploitation or is it criminal?

After all your research, do you think you're slightly paraniod? Were you shocked by what you'd found?

Blueberties Sun 02-Oct-11 11:46:44

I'm definitely going to get this book. I feel like what's missing sometimes is very very simple guidelines for people to help protect their privacy. For example, cookies deletions, people need to know a. it's easy b. it won't break your computer c. you'll still be able to get into your bank account.

Do you think it's still too much of a mystery for people sometimes? Is this part of your aim in writing the books?

MrMan Sun 02-Oct-11 13:17:47

In some countries (eg Nordics) lots of personal info (incl complete tax returns) are widely published. Yet those countries don't seem to have higher rates of fraud, ID theft, etc. Why?

BootyMum Sun 02-Oct-11 13:33:00

I am a complete ignoramus when it comes to stuff like this. I even tend to use the same password for lots of stuff but mainly for entry to shopping websites where I don't store my bank details...

My question is, is this okay to do or completely stupid?
Otherwise I would have to write all the different passwords somewhere as I couldn't remember them all!

Is Norton security enough to protect your home computer?

And for the average Joe, what is the most important thing you suggest we do to avoid being hacked or cloned?

Thank-you. Looking forward to the webchat and learning more!

Blueberties Sun 02-Oct-11 13:35:11

Yy - in Belgium your name and bank acc number is known to all. I don't know about the rates of ID theft.

Also how do you know when you check your retained data status or whatever it's called, how do you know you're not being fobbed off?

eg I asked not to be in the NHS central computer, now abandoned but still I've asked not to be in whatever's left of it. I have no idea if I'm in there anyway and no way of finding out.

Blueberties Sun 02-Oct-11 13:37:12

I like gincognito's idea - what do you think?

Rather like a credit record site where you can pull up all thsose details

an internet record site, that sort of thing

aristocat Sun 02-Oct-11 23:26:46

i am another that is so fed up with scam phising emails - i just delete them, what else can you suggest please?

Tianc Mon 03-Oct-11 00:06:21

Hi there

Are you aware of the looming cybersecurity disaster that is Smart Meters for electricity (and possibly gas) and in-house "smart" socket networks?

The in-house networks allow individual sockets to be controlled from outside the house via an oh-so-hackable website (naively gungho article in Guardian, Saturday) or by mobile phone; the Smart Meters will allow the power supply to the entire house to be cut off remotely by electronic means.

Ross Anderson, prof of security engineering at Cambridge, has been banging the drum about this for a while (eg "Who Controls the Off Switch") but I've yet to see mainstream media pick up on the problem.

Was this something that had come to your notice, and anyway what are your thoughts?

I have another question about personal security, if I may.

Do cyber-criminals somehow 'filter out' people who don't have much money?

I ask because my DH and I have (knock on wood) not had problems in this area, but then we never have much money in our accounts, don't own a home or car, etc. Whereas a friend of mine who is hyper-protective of her online security, to the point of paranoia, has still had her bank account accessed twice. She has a reasonable amount of money in the bank though.

So is relative poverty a form of protection?

Blueberties Mon 03-Oct-11 11:41:18

Hi there, I can't be there at lunch but would really appreciate any answers to my questions, sorry it's more than one.

I'm a bit tin-foil-hattish on these issues blush

Blueberties Mon 03-Oct-11 11:41:48

And thanks in advance.

personanongrata Mon 03-Oct-11 11:54:24

Hi Misha, I know (from Google, obviously!) that you have children.

What has your advice been to them about sharing personal info via Facebook etc? Is there one absolutely essential thing all parents should be doing vis-a-vis their children's online security, or is that too simplistic?

I read that some children are creating multiple accounts on social media sites, so their parents see the 'official' one but they're busy doing their real networking under other guises (today's equivalent of getting changed at the bus stop, I guess).

I suppose I'm asking how high in the panoply of parental anxieties online security should come!

Thanks in advance.

JustineMumsnet Belgium (MNHQ) Mon 03-Oct-11 12:50:13

Misha is here in the building so he'll be getting started in a few minutes.

MishaGlenny Mon 03-Oct-11 13:01:27

Hello everyone and thanks for all your questions so far - I'll be doing my level best to answer as many and in as much detail as possible.

But just briefly to explain where I'm coming from on cyber security...when I was writing my last book, McMafia, about global organized crime, I came across a group of criminal hackers (half were in jail but half had escaped the police) who explained to me how they made tens of millions of pounds using a phishing scam (sending out emails with links to mocked up bank sites) which succeeded in extracting people's login details.

I also spoke to the Brazilian cops who had busted them and then to an American private security company whose chief cyber investigator was a former officer of the CIA. When I realised how much money was involved both in the crime and, increasingly, in the prevention of cyber crime, I was convinced that I should write my next book on the subject....which has turned out as DarkMarket.

In researching this I had to teach myself a lot about IT security but I remain a lay person. But in order to try and make the subject comprehensible and (more importantly) entertaining and interesting to people who don't speak the arcane language of IT security, I tracked down the virtual cops and robbers involved in the English-language's largest criminal website, DarkMarket, until it was closed down in 2008. I also followed their fates since then.

I think the most important thing I discovered is that most of the young men (I use the gender advisedly - 95% of hackers are male) who become involved in this, do so at an incredibly young age before their moral compass has been fully formed.

On the bright side - cybercrime generally doesn't involved violence although it can of course lead to extreme levels of distress on the part of victims.

Sorry for wittering on...now to your questions...

MishaGlenny Mon 03-Oct-11 13:02:49

dreamingbohemian

Hello, I would like to leave a question for Mr Glenny if I may...

Mr Glenny, I am a researcher in this area, and a big fan of your previous book (McMafia). I have a question regarding the possibility of reducing the threat from cybercrime. Given that some of the countries from which cybercrime originates (China, Russia) are in strategic competition with Europe and the US, do you think it's actually possible for our governments to work with them to reduce the threat?

Thank you, I'm very much looking forward to the webchat!

This is a complicated but very important question. Cooperation between US and Western law enforcement and their counterparts in Russia and China is very limited. Police here and in America have a big problem trying to run down the many cyber criminals operating out of the former Soviet Union in particular. In DarkMarket, I explain how this works in detail – in particular how the Russian intelligence services monitors all traffic going across the Internet there.

At the same time, all the great powers around the world (and many smaller ones too) are engaged in cyber espionage trying to ascertain one another’s weaknesses. China’s espionage programme is regarded (including by the Russians) as the most extensive in the world – involving hoovering up so much confidential documentation from companies, governments and international institutions around the world that Beijing cannot possibly have enough capacity to analyse it all.

The West, in turn, is also probing its competitors’ networks establishing where their weaknesses lie – so there everyone is engaged in a lot of murky activity out there. However, we must not forget that economically we are now deeply dependent on each other. If the US economy were to collapse, so would the Chinese and so Beijing has a vested interest in not inflicting excessive damage on the Americans. Likewise, if Russia were to attempt a major disruption of Western Europe’s economy through a cyber attack, it would lose its most lucrative energy market by far.

So although ALL major powers are using cyber as a way of getting some advantage or other over their rivals, for the moment they are unlikely to tip things over the edge.

Western police forces are particularly concerned at the moment about the leaps and bounds being made in Africa with mobile technology as West African criminals in particular have proven most adept at developing highly theatrical but often very successful scams using spam email. Police fear that this type of activity will shoot up as Africa leapfrogs over PCs and becomes a continent that does the great majority of its computing on hand-held devices.

fivegomadindorset Mon 03-Oct-11 13:06:00

How better can we protect ouselves from account take overs? Two years ago I discovered that somone had taken my idenity, switched my address and taken over £10k off my credit card. apparnetly my details had been taken from ancestry.com which now makes me very wary about using anything like this. Living rurally though I do do 90% of my purchases on line which does make it difficult.

MishaGlenny Mon 03-Oct-11 13:10:06

brookeslay

hello

Apart from mixing up passwords what is the best way to protect your personal details online?. I use alot of internet banking and even Lloyds has been cloned in that the website wanted additional passwords etc.

I am fed up with scam phising emails drive me up the wall are people that thick they don`t know not to pressthe link ?

My partner works away and his computer is riddled with stuff when he is back even though he has norton. He only ever send mail never access paypal or the bank.So its annoying the lengths we have go to.

First things first. Mixing up passwords is a VERY GOOD THING which goes a long way to protecting your assets if somebody has managed to crack one of them. Most cybercrime is perpetrated not by cracking somebody’s account digitally but by what we call social engineering. This comes in two forms – the first is guessing passwords or anticipating behavioural patterns on the web. The overwhelming majority of individual passwords remain easily guessed, using information available on the web. This is stuff like the names of family members, dates of birth, default words like ‘admin’ and the dumbest password of all – ‘password’.

The second is by persuading people to act online in a manner that is objectively not in their interests, i.e. clicking on a link which will download malware of some sort (viruses, Trojans, worms) or a link which takes you to a fake website, purporting to come from your bank in which you type your username and password that can immediately be read by a criminal who can then access your real account.

That takes us to the phishing emails. They are very tedious but MOST email systems now have very effective filtering and warning systems. This is one area where gmail is especially good but most email systems using algorithms which are excellent at detecting them so that you don’t have to worry about them.

Nonetheless, you should ALWAYS read the subject line and (where possible) the opening line of an email even if it comes from a close friend who regularly writes to you. The point is to check whether the linguistic pattern and content conform to the usual style of your correspondent – you would be amazed at how much crap you can detect by doing this.

As regards your partner, if he is picking up that much malware notwithstanding his Norton defences (which are, I trust, up to date), then you should ask him what sort of stuff he is doing on the web when he is travelling. If he is only doing email, then unless he is a habitual victim of phishing, he should not be experiencing such a high incidence of malware and you may want to ask him what sort of websites he is browsing (or you may not).

MishaGlenny Mon 03-Oct-11 13:10:54

BootyMum

I am a complete ignoramus when it comes to stuff like this. I even tend to use the same password for lots of stuff but mainly for entry to shopping websites where I don't store my bank details...

My question is, is this okay to do or completely stupid?
Otherwise I would have to write all the different passwords somewhere as I couldn't remember them all!

Is Norton security enough to protect your home computer?

And for the average Joe, what is the most important thing you suggest we do to avoid being hacked or cloned?

Thank-you. Looking forward to the webchat and learning more!

Hello, BootyMum!

You really SHOULD use different passwords - if necessary by writing them down and hiding them somewhere which is easily accessible to you. By not storing your card details with the supermarkets and shops, you are INCREASING your security.

In the past year, we have seen breaches in the credit card data held by several major companies (some of whom like Citigroup in American pride themselves on their impregnability - wrongly as it turns out!)

Norton and all the other major anti-virus manufacturers are fine but you MUST keep them up to date. As soon as they lapse, you are vulnerable to all manner of opportunistic viruses - so-called drive-by attacks.

The next thing I'm going to say comes with a warning - I have no commercial interest in the following statement.

The simplest way you can increase your computer security dramatically is by abandoning your PC and investing in a Mac. Over 90% of the world's computer systems use a Windows-based operating system and so on the whole cyber criminals don't bother producing viruses and other malware for Macs (there are a few sloshing about but Mac users can easily protect themselves against them).

Your likelihood of being hacked using a Mac is in the region of 90% less than if you use windows. Also most major anti-virus software companies like Sophos and F-Secure offer their Mac anti-virus programmes for free.

When I started researching cybercrime, I put my whole family onto Macs. Their security will not last for ever due to the popularity of iPhones and iPads - as Macs gain a greater market share, criminals and spies will start deploying greater amounts of Mac malware.

MishaGlenny Mon 03-Oct-11 13:17:46

strandednomore

Hi Misha
Thanks for doing this webchat. I wonder what you think about sites such as Facebook, Linked In etc (and even sometimes Mumsnet) where people often inadvertently leave a lot of personal details, which could lead to you being hacked or cloned (is that the right terminology?). My husband works for a law enforcement agency and is very anti Facebook (he doesn't even like me pasting pictures of our daughters on it), do you think he is right to be so paranoid? What do you think we could we do to protect ourselves and our children on these sites?
Thanks.

Facebook is a difficult one and I have real sympathy with your husband’s position. There are two different problems – the first relates to what we can best call Online Child Protection. There is no doubt that grooming happens on the web and for those who are victims, it is unbelievably distressing. And Facebook is now the primary vehicle for grooming because it is so easy for a potential sex offender to develop a virtual relationship with an unsuspecting child by using the techniques of social engineering, i.e. pretending to be somebody that he isn’t.

At the same time, we have to recognise that Facebook is not going to go away and for many young people, it is now the preferred (and adored) means of communication with their peers and sometimes with their family. In my case, my children refuse point blank to allow me any access to their Facebook pages, although with my experience in writing DarkMarket, I have found it easy to establish an espionage network if I need to find out what they are up to (in the case of my daughter who went missing for a few hours, this turned out to be incredibly useful – usually I am not interested in their frequently inconsequential musings).

But the exploitable information, as Gincognito describes in the next question, is really critical. Children and teenagers simply do not get how easily information can be exploited in a way that can seriously harm their prospects. It exposes their weaknesses, parts of their character that potential employers or university admissions tutors find off-putting – and, believe me, Facebook pages are being checked regularly (especially by employers) for a character read-out. Any mention of drugs can jeopardise a child’s chances later on as does excessive amounts of drinking and even the habitual use of bad language.

Furthermore, social networking sites (especially Facebook) are now a favoured ‘vector’, as they are known, for cyber attacks by organised criminal groups. One of the most successful in recent years, called Koobface, a virus which was rapidly transmitted across the world via Facebook and which could cull login information – it led to the emergence of huge botnets – this is when a virus places thousands, tens or even hundreds of thousands of so-called zombie computers across the world under the influence of a Command and Control computer. The infected computers then do the bidding of the C&C without its owner actually realising it.

I also think Gincognito’s suggestion that this subject be covered in PSHE is an excellent one. It is VITAL that computer users learn about security as it will increasingly affect all of us. But unfortunately it is usually discussed in arcane language amongst techies who are not always the best communicators.

Remember, one can easily protect oneself from at least 80% of criminality on the web by just following sensible practises like keeping your anti-virus software up to date.

MishaGlenny Mon 03-Oct-11 13:18:22

Blueberties

Hi Misha

I have a couple of pretty stupid questions really

How much information can be retrieved about us? in one country I lived in the aparatus of the state was said to be able to retrieve every single text message every person had sent. Can this be true?

Where's the greatest "danger" to the individual with stored data? Is it state/civil liberties, commerical exploitation or is it criminal?

After all your research, do you think you're slightly paraniod? Were you shocked by what you'd found?

Hi - at the moment, an EU directive requires member states to store all traffic going through European ISPs for up to two years (in this country, it is six months). Within the framework of local laws, various government agencies can access this material with a warrant.

If the government wants to find out something about you, it isn't too difficult for them but they do have to work within a legal framework.

The issue of the amount of private data being stored by corporations is rather different - the two biggest depositories of personal data in the world are the servers of google and Facebook. The US government can access anything on their servers with a court order within a 24 hour period (that includes all of us in the UK using Google and Facebook). For even friendly law enforcement agencies like the British, it can take up to 6 months to get authorisation from a US court to have a look at something.

This of course speaks to the weirdness of the web - it is global but it also has many national jurisdictions.

We cannot know who is looking at our private traffic but please let me tell you that you MUST assume that somebody is monitoring what you are doing (usually passively but they can go back to the records). Never ever write anything in an email that is too private or intimate that you would not mind seeing in a newspaper!

MishaGlenny Mon 03-Oct-11 13:23:45

EdithWeston

I won't be there for the web chat. But if I was, I'd have questions in two areas:

a) what is his opinion on the collection and storage of biometric information? Are the big firms like Rayethon and Safran accumulating too much data about individuals? Especially as governments could access such data. The prospect of abuse of information held - by using it in a big brother-ish way - or by criminals to substitute an innocent person's identity to a criminal's fingerprint algorithm, strike me as worrying scenarios. Especially as these systems are being used more and more in schools (which seems to me to be softening up a whole generation to see such control by multinationals of identities as normal).

b) you wrote in the 1990s a thoughtful history of Yugoslavia and its break up. The former Yugoslavia has dropped out of the headlines. Does this mean that the communities are really reconciled, or is there potential for further strife or even conflict?

I’ll take Edith Weston and Blueberties questions together.

Cybercrime is one sub-section of the overall malfeasance presence on the web. The other two pillars are cyber industrial espionage or extortion and, finally, cyber espionage and warfare between states or between states and so-called non-state actors (insurgent groups, hacktivists like Anonymous and LulzSec, and terrorist groups).

They are all connected in odd ways but for state agencies charged with protecting the network in the first instance, they all look the same. The need to protect networked computer systems is provoking ever more vocal calls for the introduction of monitoring and regulating of the internet.

The greatest challenge of all that we face in dealing with bad stuff on the web is to ensure that people are protected without having their civil liberties violated. We already know that in Russia and Iran, for example, people’s Internet activity is monitored, stored and used in evidence by the security forces as an excuse to violate individual human rights.

The Internet is a technology that is analogous to the invention of sedentary farming techniques, gunpowder, industrial processes in the 18th/19th centuries and the development of nuclear technology in the 20th as it is having a huge social impact in a very short space of time. I would argue that its impact is even greater than the preceding technological breakthroughs. But like all these technologies, it can be used for good purposes and for bad – it is no longer just the great democratiser that its idealistic pioneers believed it to be.

The desire of government to encroach on our privacy is now visible throughout the Western world as well as in more repressive places. The Arab spring and the riots in the UK offered ample proof that the technology has an extraordinary ability to mobilise (Egypt did monitor individual bloggers but its rather crusty gerontocracy had not taken into account the impact of social media). The kneejerk reaction of many politicians in this country in suggesting that we restrict Blackberry, Twitter and other devices and sites suggests to me that they haven’t understood how the world is changing – wholesale assault on networked activity will not be a solution (especially as those with a minimum of skills will always be able to get round this).

So we need increased education about the basics of cyber security which recognises that the government certainly DOES have a responsibility in this area. But there MUST be checks and balances, preferably through the court system, when it comes to accessing information from individuals’ computers.

MishaGlenny Mon 03-Oct-11 13:28:02

MrMan

In some countries (eg Nordics) lots of personal info (incl complete tax returns) are widely published. Yet those countries don't seem to have higher rates of fraud, ID theft, etc. Why?

Hello, Mr Man!

As I understand it, you are not compelled to publish your personal info online in the Nordic countries but there are a couple of things, I would point out. Firstly, the bulk of cybercrime takes place against the following language groups - English (by far the greatest), Chinese (the authorities have a growing internal cybercrime problem, especially based around Massive Multiple Online Games - this is an interesting sub-section because of the proliferation of digital currencies like the linden dollar in Second Life which can be bought and sold for real dollars), Spanish, Portuguese (as a consequence of the high incidence of cybercriminal groups in Brazil) and German. There is, interestingly, comparatively little online crime directed at French speakers and relatively few aimed at speakers of Scandinavian languages.

Having said that Sweden is a major centre of Intellectual Property theft via piracy and has a thriving card-cloning community although their targets tend to be other European and Canadian consumers.

Sweden and other Scandinavian countries have some of the most liberal laws regarding the Internet with relatively little state intervention (other than financial support for hi-tech start-up companies) and this is partly responsible for the extraordinary success these countries have had in developing some of the most successful companies in the world (Skype was a joint Estonian-Danish operation before it was sold to the Americans - then you have Eriksson, Nokia etc.).

And so the Scandinavian philosophy, it could well be argued, has demonstrated the advantages of embracing web technology. Increasingly, however, the Scandinavians are now talking about the need for greater security to prevent attacks on their Critical National Infrastructure (electric grid, telecoms, utilities etc.).

Hope this goes some way to answering your questions.

MishaGlenny Mon 03-Oct-11 13:43:06

personanongrata

Hi Misha, I know (from Google, obviously!) that you have children.

What has your advice been to them about sharing personal info via Facebook etc? Is there one absolutely essential thing all parents should be doing vis-a-vis their children's online security, or is that too simplistic?

I read that some children are creating multiple accounts on social media sites, so their parents see the 'official' one but they're busy doing their real networking under other guises (today's equivalent of getting changed at the bus stop, I guess).

I suppose I'm asking how high in the panoply of parental anxieties online security should come!

Thanks in advance.

The kids issue!

First - we must always remember that children have grown up with the environment of the Internet as a given. It is as natural to them as playing in the park or hanging out at shopping malls.

This means that they possess an instinctive feel for the Internet and its immense potential, entertainment and educational value that their parents lack.

Let us take one critical issue which governments (under pressure from the music and film industries) have attempted to regulate heavily through legislation - the downloading of music and movies.

In theory, this is illegal in this country and subject to really tough penalties. In practice, I know of nobody under the age of 35 who does not understand it as their right and perfectly natural to download anything they want from the Internet for free.

This is unstoppable and as one friend remarked to me recently, 'Darwinism is not about the strongest or most cunning surviving, it is about the most adaptable.' And we have to adapt to the fact that kids will increasingly refuse to buy music, films or books but download them. I say this as somebody who makes his living from intellectual production and so know that even at my old age, I am going to have find something else to do.

And now another thing about Facebook. Your kids will generally not let you look at their Facebook. You may want to insist but similarly you may not be able to face the resulting tantrums, not to mention the now habitual rhetoric of human rights and privacy that they throw in your face.

Recently, however, my 19 year-old daughter went missing en route between my home and her mother's. At 1 in the morning I got a call from my ex-wife explaining that she hadn't turned up as agreed and did I know where she was as she was travelling aboard at the crack of dawn.

I checked her room and her unpacked suitcase and passport was there. Her phone was off and she hadn't been answering messages since early afternoon.

I decided to hack her Facebook account - in order to do this, I guessed that she uses the same password as she has done for years (and which she had once revealed to me). Bingo! I was in.

The first thing I would say is how stunned I was by the number of her friends (about 50%) were trolling about the Internet at 2.30 on a Monday morning - they just sit their all night moaning about stuff, giggling and doing general teenage stuff.

But I put out a message explaining that I was her Dad and I needed to contact her urgently. It worked - she was checking her messages...she was just too embarrassed to fess to her parents that she was with some boy. However, as soon as she realised, I had got into her Facebook account, she got in touch with my ex.

On the one hand, she was livid that I had hacked her Facebook (it might teach her to vary her passwords - I hope so) - on the other hand, she knew that she had caused her parents incredibly distress.

But fundamentally, kids see the Internet as a private zone from which their parents, ABOVE ALL, must be excluded. What they don't know is that their habits are attracting all sorts of other people with far less benign intentions that their parents!

TheRhubarb Mon 03-Oct-11 13:50:52

One question if I may? I am a copywriter and I regularly put SEO content directly onto websites as well as owning a couple of my own sites.

I am very aware of the dangers of using the same password and so all my passwords are a mixture of letters, numbers and symbols. I currently save these on an excel spreadsheet on my hard drive for quick and easy access. Is this wise or could my hard drive also be hacked into? If not, what do you suggest for people who have numerous different usernames and passwords for a number of different sites? And how often do you recommend changing passwords?

caramelwaffle Mon 03-Oct-11 13:51:45

Hello.
Is it advisable to change passwords on a weekly basis, or is this overkill?

MishaGlenny Mon 03-Oct-11 13:52:59

fivegomadindorset

How better can we protect ouselves from account take overs? Two years ago I discovered that somone had taken my idenity, switched my address and taken over £10k off my credit card. apparnetly my details had been taken from ancestry.com which now makes me very wary about using anything like this. Living rurally though I do do 90% of my purchases on line which does make it difficult.

Firstly, I am so sorry to hear what happened to you. Until people experience the digital violation of cyber crime, I am not sure that they fully understand quite how distressing it can be. Researching McMafia and DarkMarket, I have spoken to many victims of cybercrime (including one whose house by thieves who broke into his email and found a scanned copy of the title deeds in his account - I'm not kidding).

It can often turn their lives upside down - I have also spoken to people who were the victims of identity theft and then arrested at a national border (Swiss in this case) because the thief had used their identity to perpetrate a major crime. This poor person had to spend several days in an unforgiving Swiss jail before this was cleared up.

What you describe is a classic case of ID theft and I would make sure that ancestry.com is made fully aware of this breach and, if you can face, you should demand to know how these details were taken and what they intend doing about their security.

I trust that the bank recompensed you without question but the issue of the banks and internet crime is problematic. Banks make much more money by persuading us to do all our banking online (because they can close down their branches) than they do in cybercrime losses. A much greater concern for them is their loss of reputation if evidence of their vulnerabilities were to become public knowledge.

In researching, DarkMarket I spoke to police officers who were appalled at the lack of cooperation they received from banks because the banks were afraid that if the case reached open court (and hence the public domain), that it would reflect badly on them.

Some banks, like HSBC, have a sensible policy of NOT recompensing online customers who do not install their anti-virus software RAPPORT (although ironically Rapport was found to have a serious vulnerability recently). This means that they educate us to take our security seriously which is a GOOD thing.

However, I firmly believe that the government should also impose regulatory sanctions on the directors and executives of banks whose systems are breached in the same way - they should be subject to the negative incentive that they impose on us, their clients. If they were, their security systems would shape up pdq!

Porpoise Mon 03-Oct-11 13:54:01

Hi Misha

I'm a bit ridiculous about online privacy after a nasty scare (stalked on Facebook yadda yadda)

But is it really possible NOT to be found on the web?

caramelwaffle Mon 03-Oct-11 13:54:48

Are Social sites such as Facebook really allowed to use the photographs we post there as they wish? (now, and any time in the future?)
Someone mentioned to me that it is in the very small, smallprint.

fivegomadindorset Mon 03-Oct-11 13:55:41

Is Rapport a good thing then? I get offered it by NatWest, now my main bank as I ended up going into Lloyds weekely to get the money back.

personanongrata Mon 03-Oct-11 13:56:17

Thank you for your reply. V glad your daughter was safe. Will drone on to my teens more about internet safety and passwords. Part of the problem is that their generation knows they're far more sussed than we are/ever will be when it comes to the net and They Won't Be Told.

MishaGlenny Mon 03-Oct-11 13:58:15

Blueberties

Yy - in Belgium your name and bank acc number is known to all. I don't know about the rates of ID theft.

Also how do you know when you check your retained data status or whatever it's called, how do you know you're not being fobbed off?

eg I asked not to be in the NHS central computer, now abandoned but still I've asked not to be in whatever's left of it. I have no idea if I'm in there anyway and no way of finding out.

You will often be fobbed off. But my message is PERSIST. The EU has very good data protection laws and data protection commissioners in this country and in Europe are often quite zealous in securing our rights in this area.

Generally, I would say that the larger a data base is, the more reason you have to be concerned.

Having said all of this - let us not forget what a miraculous thing the Internet is...it has changed so many lives for the better and we should encourage its use and development. But we MUST take care.

We are creatures of convenience and so we love to get the latest labour-saving or fun gadgets as soon as they are on the market. But the proliferation of these exposes us to greater dangers so do take care.

Before long, there will be few areas of human activity which will not be mediated by networked computer technology in some way and this does mean greater opportunities for the bad guys.

MishaGlenny Mon 03-Oct-11 14:01:21

Porpoise

Hi Misha

I'm a bit ridiculous about online privacy after a nasty scare (stalked on Facebook yadda yadda)

But is it really possible NOT to be found on the web?

There is a growing movement of people who find the Internet so intrusive that they are going 'offline,' i.e. ceasing to use the internet altogether or reducing their use to the minimum.

This is still possible but it is becoming increasingly difficult as both commercial and public sector institutions place incentives on you to do your business online.

You can still do your banking via your branch; you can still shop locally with a bag; you can still communicate with friends and businesses by letter.

So yes - you can do it but you will find it sometimes extremely difficult and inconvenient. But good luck - there are times when I seriously consider going offline (as if!).

MishaGlenny Mon 03-Oct-11 14:02:17

fivegomadindorset

Is Rapport a good thing then? I get offered it by NatWest, now my main bank as I ended up going into Lloyds weekely to get the money back.

They have now fixed the bug on Rapport and it does improve your security - I use it and I would recommend it.

MishaGlenny Mon 03-Oct-11 14:04:39

personanongrata

Thank you for your reply. V glad your daughter was safe. Will drone on to my teens more about internet safety and passwords. Part of the problem is that their generation knows they're far more sussed than we are/ever will be when it comes to the net and They Won't Be Told.

That's right - they know that they hold the technical advantage over us and they will exploit that mercilessly - handheld devices (i.e. all their mobiles) make monitoring their activity much more difficult. And of course when you see what goes on on Facebook, one begins to understand where much of our fears about early sexualisation of kids, drinking etc. come from.

MishaGlenny Mon 03-Oct-11 14:09:49

caramelwaffle

Are Social sites such as Facebook really allowed to use the photographs we post there as they wish? (now, and any time in the future?)
Someone mentioned to me that it is in the very small, smallprint.

When we put material on Facebook, we are giving FB a degree of copyright control over it as they are regarded as the publisher. In theory, they should ask you if they want to use material although it is a moot point - Google for example gets its revenues from collating the information they see you using and then selling that info (anonymously) to third party advertisers so that those advertisers can target you with products that you specifically want.

Facebook has not yet unveiled its money making strategy but it is valued so highly as a company BECAUSE it can access all that personal data....We should know about this within in a year and then individuals will have to choose whether they want to grant FB and its commercial allies the privilege to use this data - the only way not to grant it, is by not joining FB or trying to close your existing a/c.

MishaGlenny Mon 03-Oct-11 14:12:13

Okay everyone - time for me to tootle off. Thank you very much for your interest - it's all a bit depressing, I know, but in DarkMarket I've tried to tell the tale of cyber criminals in the most entertaining fashion possible, combining the thriller genre with a little bit of comedy here and there - but it's all true!

I must now confess that I have been a Mumsnet member for some time and have drawn considerable solace from other members in particular when discussing the nightmare that is parenting teens!

All the best and cheerio!

caramelwaffle Mon 03-Oct-11 14:13:05

Thank you for answering.

If an account is deleted, are they denied Rights to use text/pictures that was previously posted?

caramelwaffle Mon 03-Oct-11 14:13:25

*that were

caramelwaffle Mon 03-Oct-11 14:14:00

Thank you.

RachelMumsnet (MNHQ) Mon 03-Oct-11 14:14:17

Thanks so much to all those who sent in questions and big thanks to Misha for joining us today for such an interesting webchat. If you're interested in reading more about this, Misha's latest book is DarkMarket: CyberThieves, CyberCops and You

TheRhubarb Mon 03-Oct-11 14:20:20

caramel, it's there forever more depressingly enough.

Thank you for answering my question!

I am perhaps inappropriately excited to hear that Misha Glenny, one of my fave authors, is on Mumsnet <swoon>

strandednomore Mon 03-Oct-11 14:20:53

Thanks, this is really interesting reading and I think everyone with children should take note. So what's your MN name then? Come on, out yourself wink

Tianc Mon 03-Oct-11 14:20:58

Thanks, Misha, very interesting reading.

caramelwaffle Tue 04-Oct-11 22:11:16

Depressing indeed, Rhubarb0...

caramelwaffle Tue 04-Oct-11 22:12:04

Oh. Very good Webchat. Very informative.

filter4kids Sun 02-Dec-12 13:30:16

Message deleted by Mumsnet for breaking our Talk Guidelines. Replies may also be deleted.

Join the discussion

Join the discussion

Registering is free, easy, and means you can join in the discussion, get discounts, win prizes and lots more.

Register now