temporarily removing bluemonster from all pages

Archive

Category Archives for "Features"
7

The 45 Best Forensic Tech Blogs

Forensic technology encompasses a wide range of fields and technologies and is often used, with some controversy, in criminal trials. The blogs below examine forensic tech from all angles, from professionals active in the field, to journalists covering the impact and evolution of forensic technology, to skeptics concerned about the ramifications of junk science being labeled as forensic science being used to convict in trials.

Forensic Science

West Midlands Police Forensic Science Lab - Photo by West Midlands Police

West Midlands Police Forensic Science Lab – Photo by West Midlands Police

  1. Anti-Polygraph BlogOpened: April 2006 with regular updates in the last few years. Style and Focus: Detailed and supported articles about the ways in which polygraph tests are used and abused, information about the deficiencies of the technology, and news. Also very active on Twitter. What to Read: Polygraph Countermeasures: What Polygraph Operators Say Behind Closed Doors, for a glimpse at the concerns even polygraph operators have with the reliability of the technology.
  2. Zeno’s MonthOpened: July 2004, with biweekly or monthly posts since then. Style and Focus:   Much more of a personal blog than an informative one, this blog, run by a forensic scientist, touches a bit on his work and life. Expect vacation adventures to be mixed in with news and conference details related to the forensics industry. What to Read: October 2012: Some Challenges in Digital Evidence, for a glimpse at what forensic science was concerned with and preparing for in late 2012.
  3. FSN: Forensic Science NewsOpened: April 2008 with post frequency varying but highly active since then. Style and Focus: This frequently updated blog provides opinionated responses to news and events related to forensics from the point of view of a professional forensic scientist. Well written and timely responses to criminal cases and forensic news and advances. What to Read: Institutional Bias Examined, for a great introduction to how insidious institutional bias can be and some thoughts on how it plays out.
  4. All About Forensic ScienceOpened: May 2012 with fairly regular posts each month. Style and Focus: Despite the busy look of this site, it contains a wealth of information for individuals looking at entering the field of forensics. Regular posts focus on information relevant to potential forensic students or those with a casual interest. Posts are short and sweet but informative. What to Read: Mathieu Orfila, for a wonderful brief bio on one of the forefathers of forensic medicine.
  5. UF Forensic Science BlogOpened: March 2012, fairly consistent with bimonthly posts. Style and Focus: This blog provides its readers with reasonably fascinating posts covering different types of forensic science along with forensic analysis in the news. Not the most frequently updated and the author is not a native English speaker (and it shows in the writing), but it is worth a gander. What to Read: Untying the Knots, for a quick and dirty overview of the importance of forensic knot analysis and the rarity of such expects (with a link for more information).
  6. Forensic Odontology: Bitemark EvidenceOpened: January 2011 with regular updates about once a week since. Style and Focus: With a minimalist look and easy to navigate interface, this blog welcomes readers to explore the world of bite mark evidence, with a focus on educating readers to the potential negative legal ramifications of relying on it as evidence. The author is a highly experienced professional forensic odontologist, with plenty of background to provide invaluable expertise to the posts. What to Read: Ted Bundy Bitemarks and Richard Milone: How DNA, bitemark research and failed cases have changed bitemark analysis, for an examination of how these high profile cases used bitemark evidence questionably and how it is used today.
  7. Forensic DNA Testing Blog Opened: December 2007 with irregular posts since then. Style and Focus: This blog allows posts from both DNA Diagnostic Center staff and clients that concern forensic DNA testing. While DDC moderates the posts, the authors can vary and thus the style of writing as well. The blog is easy to navigate and contains a wealth of information for readers interested in keeping up news, advancements, and case studies involving forensic DNA. What to Read: New DNA Test Predicts Eye Color, for a quick article introducing a new advancement in forensic DNA analysis – the ability to predict eye color from samples left at crime scenes. Not strong enough as a sole source of information, but an asset to an investigative team.
  8. Forensic AstrologyOpened: July 2007 with irregular posts that appear at least once a month since. Style and Focus: Admittedly, this site is a bit of an outlier amidst genuine scientific research blogs and companies and the site reinforces this general feel with its dark background and starry banner, but the information presented makes for an interesting read. The author has a 30 year background in utilizing astrology to analyze case files with an eye for forensics and provides detailed case file information, often sent in by readers, as well as the process by which astrology is used to hunt for new details in the case. Even if you do not buy into the premise of astrology, the blog is worth a look. What to Read: Shemika Cosey – Young Lady Leaves Her Aunts Home and Disappears, for a typical case study that details the process of forensic astrology and paints a narrative of what might have happened in this disappearance.
  9. GunSim Ballistics Blog Opened: March of 2009 with irregular but generally biweekly posts since then. It has slowed a bit recently. Style and Focus: No-nonsense style reminiscent of the early days of the internet, this blog’s pared down appearance suits the straight forward information it provides to readers. It focuses specifically on technology and software used in ballistics testing with helpful tips on getting the most out of it, news, and more.  What to Read: Zero in the warm, shoot in the cold, for a quick look at how ballistics information can help improve cold weather sharpshooting.
  10. Empirical Legal Studies Opened: February 2006 with regular and frequent posts ever since.  Style and Focus: Another early internet era styled site, this collaborative effort was founded by a group of professors from a few different Law Schools with the intent to bring together empirical methodologies and legal theory. Posts can greatly vary in length, but are usually well-written and informative. They bring commentary to news, changes in legal policy, useful resources, and more. What to Read: Kahan on National Research Council critique of multivariate regression, for review of one professor’s concerns about the potential problems in research and how they influence policy view.

Forensic Medicine

Medical evidence collection - Photo by Army Medicine

Medical evidence collection – Photo by Army Medicine

  1. Forensic Science for NursesOpened: February 2011 with consistent weekly posts. Style and Focus: RN Patricia Bemis provides her readers with straightforward, to the point blog posts that give other nurses tips on how to preserve potential evidence, information on forensic nursing, and news related to the field. She also discusses the importance of keeping forensics in mind as a nurse of any stripe. What to Read: Evidence Collection in the ED, for a quick review of simple steps ED nurses can take to preserve potential evidence.
  2. Digital Pathology BlogOpened: Active since 2007. Style and Focus: More like an information hub than a typical blog, this site features regular posts from experts in digital pathology on news, advancements, cast studies, and educational information. The site is a bit busy, but easy to navigate and features a lot of resources for those with an interest in the field. What to Read: The Anxiety of the Biopsy from NY Times Health Blog, for Dr. Kaplan’s response to a NY Times article on the mental health effects biopsies can have on patients.
  3. Forensic Medicine with Dr. Cox Opened: Started September of 2009 with semi-sporadic posts, generally once a month. Style and Focus: While sporadically updated, this blog is nevertheless a wonderful resource for those with an interest in forensics, particularly with a medical bent. Written by professional forensic pathologist and neuropathologist, Dr. Cox, each post is designed to inform and instruct readers on an aspect of forensics. Often, the blog posts are short introductions to longer papers linked in the post. What to Read: Human Skeletal Remains – An Introduction to Forensic Anthropology, for an introduction to a well-written and informative article introducing readers to the important concepts in forensic anthropology.

Forensic Museums and Historians

Forensic Anthropology Lab - National Museum of Natural History - Photo by Leticia  (Tech Savvy Mama)

Forensic Anthropology Lab – National Museum of Natural History – Photo by Leticia (Tech Savvy Mama)

  1. Crime Museum’s Criminal Convictions BlogOpened: February 2009 with consistent weekly posts since. Style and Focus: This blog is run by a museum and readers can expect highly entertaining, detailed, and well-written posts covering crime, criminals, and forensics. Recently, they posted the story of a potential real-life inspiration for the American mythical hero the Lone Ranger. The site itself is well designed and easy to navigate and offers readers more than just a lively and engaging blog. What to Read: The Vidocq Society: ‘The Heirs of Sherlock Holmes’? A glimpse into first real life French undercover detective agency and the fascinating character who helped found it, former criminal reformed into detective, Eugene Vidocq.
  2. The Writer’s Forensics BlogOpened: May 2009 with regular posts since. Style and Focus: This blog’s intended audience is writers who want realistic, informative advice and information on forensics. It includes general writing advice, like how to make your first few pages shine, and detailed information on a whole range of forensic science. A fascinating read if you have an interest in forensics at all. The design is clean and easy to navigate, with lots of resources and great organizational tools. What to Read: Connecticut Massacre Not New, Just Disturbing, for a quick and dirty guide to the assorted classifications of multiple murderers and real-life examples of such.
  3. Jen J. Danna ~ Forensic Crime WriterOpened: April 2011 with regular posts since, generally updated Tuesday evenings. Style and Focus: Another writer’s blog, this one expands beyond simply advice for authors, it chronicles this author’s journey in writing, provides information on research, writing processes, and the path to publication. She also does an excellent job in covering forensic science and how it can be effectively used in writing. She has a particular focus on forensic anthropology. What to Read: Forensic Case Files: Cannibalism in Jamestown in the Early 17th Century, for a gruesome look, figuratively and literally, at some of the evidence illuminating the meal-times at Jamestown colony, courtesy one 14 year old immigrant.

Computer Forensics

Digital Recovery Storage for Child Online Safeguarding Team in the West Midlands Police Dept.

Photo by West Midlands Police

  1. Computer Forensics BlogOpened: August 2008 with very frequent posts ever since, generally more than twice a week. Style and Focus: This highly active blog is a fantastic resource for any computer forensics professional or individual interested. They keep readers informed of product information, news, and events while also providing lots of tips and guides to improve one’s computer forensic tool bag. What to Read: Four Focus Areas of Malware Analysis, for an informative post briefly explaining one method of analyzing malware.
  2. Digital Forensics BlogOpened: November 2010 with sporadic updates, generally once a month. Style and Focus: While this blog isn’t frequently updated, it does provide excellent information and tips targeting other computer forensic personnel. The author provides advice born from practice, events relevant to the field, news, advancements, and more. What to Read: No Partition Table? No Problem, for a helpful post targeting newer computer forensic professionals who need a way around disks lacking partitions they need to mount.
  3. Random Thoughts of ForensicsOpened: February 2010 with posts generally updated once a month. Style and Focus: More of a personal blog than one designed to provide a great deal of professional advice and resources, it provides a glimpse into the journey of one student of computer forensics and includes his experiences with different forensics techniques and triumphs along with personal and professional experiences alike.What to Read: Tools in the Toolbox Mandiant Red Curtain, a quick and dirty overview of a free software for Incident Responders analyzing malware.
  4. Didier StevensOpened: June 2006 with regular posts from that point forward. Style and Focus: This is not a blog for those with a casual interest, it is full of technical details and step-by-step instructions designed to share ideas, tactics, and resources with other professionals.  Regularly updated and  on a wide variety of related topics, this is a highly useful tool for any computer professional interested in forensics. What to Read: Quickpost: TeamViewer and Proxies, a quick and dirty how-to post.
  5. Windows Incident Response BlogOpened: December 2004 with very active and regular posts, at least one a week, frequently more. Style and Focus: This long running blog is focused on providing resources to professionals involved in computer and digital forensics with Windows systems. Most posts are focused on explaining different analysis approaches or techniques, but it also informs readers of news updates, products, and events. What to Read: There Are Four Lights: The Analysis Matrix, for an explanation of analysis matrix and how it can be used to more effectively analyze data.
  6. Forensic Focus Blog Opened: November 2007, generally updates often. Style and Focus: Focused on providing news and tools for other computer forensic professionals, this blog features well written and tool-packed articles, interviews with folks in the industry, news, reviews, and more. The site itself is slightly busy, but well organized and easy to navigate. What to Read: Generating computer forensic supertimelines under Linux: A comprehensive guide for Windows-based disk images, for a guide to the assorted solutions available to assist with creating digital forensic timelines with code files.
  7. Forensic 4:castOpened: January 2008 with regular and fairly consistent weekly updates. Style and Focus: This sleek and well-designed site offers its visitors a wealth of information related to digital forensics delivered in podcast format with discussions from a range of industry experts. They also run a regular newsletter that supplements the information provided in the podcasts. They also host the 4:cast awards to acknowledge great forensic tools, resources, and individuals in the field.   What to Read: How to do the worst job possible, presenting a very poorly written forensic report.
  8. Mobile & Technology eDiscoveryOpened: November 2006, with somewhat sporadic posts, but generally at least one a week since open. Style and Focus: While it doesn’t present the most elegant design ever, the blog delivers excellent content for readers involved or interested in digital forensics. It features regular articles on tools, best practices, resources, case studies, and more.  What to Read: Signal Strength and Distance, for a discussion on what cellular signal strength and distance is and how to discuss it in court.
  9. CSItechOpened: May of 2008, with bimonthly posts since. Style and Focus: The clean layout allows readers to focus on the content, which is focused on informing readers about newly developed tools and tactics designed to improve the computer forensics industry. Expect lots of reviews and guides on using new tech and practices. What to Read: Password extraction fun, for a good review of a program that can help uncover passwords on devices first responders need to access quickly.

Forensic Technology & Techniques

Fingerprint - Image by CPOA

Fingerprint – Image by CPOA

  1. Crime Scene TrainingOpened: December 2010 with fairly consistent, frequent posts. Style and Focus: This very well organized blog has been regularly providing advice, insight, product reviews, and more targeting any investigators who do any part of their work directly at the crime scene. Articles are informative and practically useful. What to Read: Avoiding Hazards at the Crime Scene, for a well-written, thorough, and extremely handy article for any forensic tech who goes on scene.
  2. The Truth about Forensic ScienceOpened: February 2010, with frequent and regular updates. Style and Focus: This blog targets DUI lawyers and criminal defense attorneys and helps educate its readers on the different types of forensic evidence that can be brought to a trial, with a focus on weaknesses and defenses against them. The blog is authored by a highly respected criminal defense and DUI attorney. What to Read: Limitations of Forensic Odontology, for an overview of the problems with forensic odontology.
  3. The Hacker Factor BlogOpened: November of 2006, with fairly regular posts at least once a month since then. In the last two years, it has trended towards weekly updates. Style and Focus: This blog is a treasure, with entertaining and informative posts that are often designed to generate discussion amidst the readers. The primary focus is on the tools and techniques designed to help computer techs of all sorts, but it occasionally drifts into completely unrelated but often fascinating territory.  What to Read: Chasing Rainbows, for a really fascinating article discussing super-senses.
  4. Forensic MethodsOpened: August 2009 with sporadic but fairly regular posts since then. Style and Focus: The layout of this blog makes it feel more like a digital magazine than a traditional blog, and its posts take a non-traditional spin too. Some are simply quick Twitter updates; others are snippets of a great article found elsewhere with a shortened link to the primary article. Still, the original content here is not to be missed; the articles are well-written and informative and often offer a behind the scenes glance at the writing process. What to Read: Digital Forensics Magazine: Big Brother Forensics, for an article on an article, also a brief introduction to the potential ramifications of geo-location technologies.
  5. Forensic ResourcesOpened: July 2011 with frequent posts, often more than once a week, since then. Style and Focus: A sleek and well-written blog providing detailed information about forensic science, including techniques, news, legal issues, and advancements. It caters primarily to attorneys based in North Carolina, but is a worthy read for anyone who needs to increase their armchair knowledge of the science. What to Read: Improving Arson Investigations, a resource-filled article pointing readers towards new developments in science that shook up fire investigation.

Cold Cases & Wrongful Convictions

  1. Defrosting Cold CasesOpened: November of 2009 with prolific posting habits, though slightly slower in recent months. Style and Focus: The blogger clearly cares about justice for victims who have been left behind by time. Posts are frequently focused on bringing light to cold cases that may have been gathering dust, telling the stories of the victims, and sharing information about the crimes. The author also focuses on wrongful convictions and forensic information that may help solve some of these cases. The site is beautifully designed, easy to navigate, and the articles are well-written. What to Read: In Loving Memory: Jimmy Stanaway, for a heartfelt memorial to a cold-case victim, providing a personal face to a dusty file.
  2. The Wrongful Convictions BlogOpened: It’s hard to pinpoint the open date of this blog, but it is currently highly prolific, with often multiple posts in a day. Style and Focus: Informative, well-written, and prolific, this blog features a panel of expert authors from a variety of backgrounds to bring readers the latest in news about wrongful convictions, including forensic analysis changes, case studies, legal changes, and more. The site is a little difficult to navigate, as it lacks a proper archive; users can search, or sort through categories to find what they are after. What to Read: Calculating Bad Math’s Contribution to Wrongful Convictions, for an interesting analysis of how a judge or jury’s failure to comprehend mathematics might lead to miscarriages of justice.

Fraud & Crime Blogs

Fraud Tech on a $20 - Image by Jack Spades

Fraud Tech on a $20 – Image by Jack Spades

  1. The Fraud Files BlogOpened: November 2005, with prolific and regular posts since. Style and Focus: This blog is focused on fraud of all kinds, from small to massive, on a national scale. Expect lots of links to related information, quality writing, and informative posts. What to Read: MckMama House Fire is Not Suspicious In the Least, for a tale of a bloggess gone bad.
  2. Expert Witness BlogOpened: March of 2007, with near daily posts. Style and Focus: Most posts are very brief and present readers with information about what expert witnesses are testifying about in trials around the nation. Some posts focus on preparing witnesses for trial, news, or other relevant information. What to Read: Environmental Health Expert Witnesses & Hanford Nuclear Reservation, for a typical post example.
  3. Grits for BreakfastOpened: January 2004, with highly prolific and regular posts since then. Style and Focus: A very well-respected blog focused on Texas criminal justice. The author has been recognized for his excellence from a number of Texas newspapers, organizations, and other criminal justice bloggers and even won a handful of awards over the years. Except quality writing, well-researched content, and no-nonsense (and often contrary) opinion delivered near daily. What to Read: A forensic science ‘blockbuster’ and limits of accreditation, taking a glance at several forensic science news articles and points to the shaky ground some forensic data is built upon.

Forensic Anthropology & Psychology

Bones in the Monasterio de San Francisco, Lime, Peru. Photo by Phil Whitehouse.

Bones in the Monasterio de San Francisco, Lime, Peru. Photo by Phil Whitehouse.

  1. Forensic PsychologistOpened: April of 2007, with at least a post a week consistently since then. Style and Focus: The site itself is a little aged, but that has no impact on the quality of its contents. Blogger Karen Franklin, Ph.D. is an experienced forensic psychologist and adjunct professor who has served as a criminal investigator and legal journalist. She has the chops and the ability to write effectively about what she knows. Her posts cover news, resources, case studies, methodologies, and more in the fields of criminology, forensic psychology, and psychology law. What to Read: Beware “voodoo” brain science, for an examination of some of the controversial claims made by proponents of brain imaging as a way to distinguish potentially dangerous traits in an individual.
  2. Mind HacksOpened: November 2004 with consistent and prolific posts since. Style and Focus: Clean design with easy navigation introduces readers to a site loaded with information presented from very prolific bloggers. Posts focus on the fascinating world of neuroscience and psychology. Well-written responses to news articles, explanations of weird brain quirks, neuroscience history and notable figures, and much more can be found here. What to Read: A brief history of narcoanalysis, for a fascinating introduction to the use and history of the administering of ‘truth drugs’ to elicit supposedly truthful confessions.
  3. Smith ForensicOpened: September of 2004 with consistent and prolific posts since. Style and Focus: This blog offers a simple, clean style and easy navigation with a focus on forensic pathology as presented by blogger Harold Levy, a Toronto Star investigative journalist who gained an interest through his reporting on once famed doctor Charles Smith. His blog examines flawed pathology and delves into the cases they impact around the world. He also examines junk science and its impact in criminology broadly.  What to Read: Marvin Wilson: How Texas is using literature rather than scientific methodology to kill a clearly retarded man – to circumvent the U.S. Supreme Court. – For a heart-rending examination of an abuse of the justice system, forensic science, and one man’s life.
  4. Bones Don’t LieOpened: Style and Focus: Written by mortuary archaeology and bioarchaeology graduate student Katy, this blog shares her discoveries, like a recent dig in Oakington containing the burials of over 100 Saxons. She also writes about forensic techniques, archeological history, news, and more on a blog that is beautiful and easy to navigate. What to Read: Displaying the Famous Political Dead, for an interesting glimpse into the practice of preserving the notable dead for public display.

Forensic Companies

  1. Forensic Technology NewswireOpened: April 2009 with frequent but irregular posts. Style and Focus: Their style is much more like a newsfeed than a personal blog, they keep readers up to date on how their products are being used and received around the world, as expected from a company blog, but they do so with solid and informative writing.  What to Read: CSI: Miami & Real Forensics: We Won’t Get Fooled Again, for a post examining the relationship between CSI and real life crime solving.
  2. Forensics Blog (BCIT)Opened: July 2010 with consistent weekly posts since. Style and Focus: A simple interface greets visitors in this Forensic Institute’s blog focused on forensic education, Canadian forensics, news, events, and advancements in forensic science. Most posts are short and sweet. Those local to the area will also find timely related job postings and course updates. What to Read: Forensics’ Grad Bringing Backpacks to the Homeless, for a lovely quick bio on a recent BCIT graduate doing good for her community.
  3. The Forensic GroupOpened: Style and Focus: Clean and straightforward writing designed to inform and educate readers on the methods and developments in computer forensics tactics and technology. Some news and events are introduced as well as case studies. Clean interface but somewhat difficult to navigate. What to Read: Computer Forensic Artifacts: Windows 7 Shellbags, for an informative introduction to how Win7 Shellbags can be used to trace activity and contents in computer forensics.

Forensic Imagery & Artists

1940 Mugshot - Image by Lisa Bailey

1940 Mugshot – Image by Lisa Bailey

  1. Four And SixOpened: June 2011 with regular posts, about one a week, consistently since day one. Style and Focus: Four and Six offers its readers a clean style with useful posts ranging from image forensics techniques to thoughtful posts on ethical treatment of imaging tools and news and information related to image tampering.   What to Read: The Case of the Pole in the Middle of the Road, for a nifty inside glimpse into what photographic forensic investigation.
  2. Forensic Video and Image AnalysisOpened: September 2007 with consistent and prolific posts ever since. Style and Focus: An absolutely fantastic resource for anyone who is involved or interested in image forensics, this highly active blog provides readers with information or resources on tools, software, product reviews, technique basics, image forensic cases, educational opportunities, and a mix of personal insight. Very informative, well-written, and easy to navigate. What to Read: Learn new Photoshop features in a click, for an introduction to a free and handy tool available to improve your Photoshop CS6 experience.
  3. Ask a Forensic ArtistOpened: January 2010 with regular and prolific posts since. Style and Focus: This well-designed blog is a great tool for other forensic artists, those who want to be, and those who are just simply fascinated by the process. It includes techniques, news, educational opportunities, fascinating interviews from other forensic artists, and more. What to Read: The “Pencil Trick” for Edentulous Skulls… Debunked, for a great breakdown of what the pencil trick is, and why it doesn’t at all work as it is supposed to, with photographic evidence.

 

Solitary Confinement in the United States is Worse then Iran [INFOGRAPHIC]

EMBED THIS INFOGRAPHIC ON YOUR SITE

(use this code to ensure proper source attribution)

PRISM: Everything you need to know [Infographic]

EMBED THIS INFOGRAPHIC ON YOUR SITE 

(use this code to ensure proper source attribution)

Working with People: An Introduction to Social Engineering

Humans are inherently social creatures who have developed a world strongly based on interacting with others. Just like the world of information technology, the human social protocols are a complex series of rules and guidelines for how people behave when interacting with each other, and just like any other system, there are methods to use and abuse it once you understand the rules that govern it. Social engineering is a broad subject, but in this article we will focus mostly on social engineering as it is used to gain access to social groups and sensitive information.

Social Engineer is one of the few blogs dedicated to the topic.

Photo by OUTography.com

 

What Is Social Engineering?

Social engineering is using the common tendencies of how people interact with others in order to gain information or a benefit of some kind. Effectively, social engineering can be referred to as the hacking of people. Before the Internet age, social engineering would more likely be referred to as conning, but the scope of social engineering’s applications goes beyond tricking people out of money. It is about causing people to act according to your wishes. Getting someone to say yes to a date is social engineering. So is getting your company a contract from a tough client. In regards to information security, social engineering is getting people to give up protected information.

A social engineering definition can be found here.

 

How Effective Is Social Engineering?

 

Even companies that place a high focus on securing their information networks can prove extremely vulnerable to social engineering attacks. DefCon, one of the largest hacking conferences in the world, routinely features a social engineering competition that has demonstrated over and over again that simple tactics can be used to get enough information to potentially do harm to a company. Position in the company also seems to have almost no effect on how susceptible a person is to social engineering; a big wig is just as likely to give up information as a cashier, but the big wig also usually has access to more pertinent info.

Social engineering is gaining attention for its insidious effectiveness, and is starting to get recognized in the media and the corporate world. Check out these news articles for an idea of how it is being perceived:

Smooth-Talking Hackers Test Hi-Tech Titan’s Skills – A look at DefCon hacking competitions, utilizing social engineering within legal boundaries to ferret out intelligence designed to weaken a company’s security.

Social engineering to blame in Syrian Electronic Army hijack of the Onion – The targets of these sorts of attacks aren’t always the ones you might expect, the Onion was a recent victim of a phishing scheme.

Facebook Social Engineering Attack Strikes NATO – Often, the targets are important, such as this attack against NATO. Every organization contains a human element, the target of savvy social engineers.

How a lying ‘social engineer’ hacked Wal-Mart – Many people are naturally biased to trust based on a set of subtle criteria; a tone of voice, a style of dress, even word choices can lead people to give credence to otherwise nonsensical ideas or situations, like this Wal-Mart store manager being duped into giving away company data in exchange for a non-existent contract possibility.

 

General Tips for Social Engineering

These are common guidelines and methods used by social engineers before and during any assignment on which they are working. These focus more on the preparation and mindset of the social engineer than the actual attack methods that are used.

Do Your Research

Take a look at this seminar on social engineering strategies.

Information is everywhere. If there is a topic you want to know about, you usually only need to glance at the Internet. Reading the news and press releases from a company can give you a firm background history from which to work. A social media site may give you insights into the temperament of a person or give you an idea of the social scene in which they operate. If you are trying to infiltrate a group or become closer to a person with any notable focus, then the Internet can be used to familiarize yourself with the topic.

Hackers may go above and beyond in this regard. If they manage to gain access to someone’s email account or messaging service, there may be records of conversations that can be used to mimic the person in electronic communications or learn about key topics that anyone on the inside should know about.

Look the Part

Photo by Viktor1558

Imagine for a moment that you are watching a movie set in modern times and focused on the happenings in a government or business office.  If there was someone dressed in jeans and a hoodie in the middle of a meeting of executives or elected officials, you would likely immediately feel the character was out of place or at least question why they were there. The same holds true whenever you want to interface with another social group, whether it is a company or a club.

Also worth noting is that looking professional – wearing a nicely tailored and well-kept business suit – can generate an obscene level of trust in your social interactions. The suit conveys a lot of subtle messages: this person is a successful member of society, they likely have money, and you can trust then a bit more than the average person. You may not gain complete trust and unlimited access, but the difference between the trust levels shown to someone in a suit and someone in casual clothing is palpable.

Learn to Read People

This article gives you a glimpse into the advancement of research into the integration of robotics and emotions.

If computers are getting to the point that they can recognize and react to the emotional displays of people, then there is no reason that a person should not be able to better do the same task. Taking the time to read on facial expression theory and other psychological articles can help point you in the right direction, but the only way to really learn is to go out and talk with people. Doing this with new people consistently will also give you practice on learning how to pick up the subtleties in a new person’s expression and tone.

Backup Your Backup Plans

Just having an idea of how to work a plan does not mean you should ignore contingency plans. Even if a failure in one portion of a plan only leaves breaking off the attempt, you should be prepared for the possibility and have a clear idea of how you will break it off. This is not going to eliminate having to think on your feet, but having a guideline for your actions can mean the difference between a smooth response and something haphazard that sends the wrong signal.

Strength in Numbers

Unlike the world of open conflict, more numbers on the side of the target can be a firm advantage. Working your way into a small firm can be a dogged task, but it can be easy to turn into “just another suit” at larger offices. It is almost always easier to work your way into social situations when the target has a larger number of people involved.

Take the Time to Do It Right

If you were to take movies and shows as fact, you would think social engineers waltz into a business with a suit and savvy and somehow manage to make their way into the confidence of the boss or gain access to sensitive areas within a few minutes. A real social engineering effort may take weeks or months to accomplish properly.

 

The Social Engineer’s Toolkit

Photo by _sarchi

A number of techniques have become common practice for social engineers. The list here is not exhaustive, and the variations on these techniques makes covering them all a task better suited for a textbook.

Phishing, Vishing, and SMiShing

This rainbow of techniques is typically meant to refer to scenarios where the attacker poses as a person or service the target already knows via electronic communications. One of the most common phishing emails is one that mimics the company’s style and email address while telling the target that their account has been locked out due to potentially malicious activity. A link is supplied to the target to reset their password. The site looks like the company’s to the smallest degree, but the reset instead sends your old and new passwords to the phisher.

The delineation between the terms is based on the attack vector. Phishing is done through the computer, vishing is done through the phone, and SMiShing is done through text messaging.

Pretexting

Pretexting is the art of constructing a scenario in which the target is more inclined to go along with the wishes of the attacker. The most common example of this in action might be taken from the ways people try to convince traffic cops to not give them tickets: “My friend is in the hospital”, “My wife is delivering our baby”, or “I’m on my way to stop the love of my life from getting on a plane and never coming back.” In the movie Live Free or Die Hard, a character uses the pretext of his grandfather in the hospital to get an OnStar agent to activate a car he wants to steal.

There is always a host of information for any company that is not considered protected, but social engineers can piece these bits together to create the façade that they are a member of the company or an associate. For example, instead of just sending an email to the tech support desk for a password reset, a social engineer might send it directly to one of the IT staff members with a message stating that there is a vital report wanted immediately by a big name at the company on that computer, and you need your password reset immediately.

Sex Appeal

When dealing with a pretty face, a person can become distracted and lose focus on the things that matter. Not every social engineer will be a model, but you can expect the ones that have been favored with good looks and charm to use the advantage.

Tech Support

Most people simply have no idea what is going on with their computers beyond interfacing with the applications they use to work. Computers also have an unfortunate tendency to break down due to misuse or just over time. In larger companies, it may not be uncommon for the IT department to be behind on fixing all the computer issues that are active. By masquerading as tech support, savvy social engineers can troubleshoot for the employee while also placing themselves in a trusted position to ask for personal information like passwords.

The Indirect Approach

Coming up to a person directly and asking them about secure, private topics may immediately trigger warning signals. If the social engineer instead approaches a person via a secondary topic and befriends them, then later probing for the information has a higher chance of success due to the longer time for which trust has developed. As an example, if the target is an avid golfer, then a social engineer might find a way to arrange for them to end up playing together. This would let the engineer strike up a conversation naturally due to the common event.

 

Spy Versus Spy: Counteracting Social Engineering

Photo by tr.robinson

It is nigh on impossible to stamp out the threat that social engineering represents even when utilizing proper security methods at a business or simply trying to avoid falling victim to it yourself. Much of the research and the supported methods for handling the threat of social engineering are to educate people on the dangers of it, develop security policies based on what needs to be protected, install Data Leak Prevention (DLP) software, and do penetration testing to get a real idea of the level of security in place.

Enforce Strict Information Release Policies

Both in your personal life and in the business world, sensitive information should be treated with respect and controlled properly. That does not mean you have to give someone trouble every time they ask  for personal information, but taking the time to double check that the person is who they say they are and that you can feel comfortable handing over sensitive information can be done with a high degree of trust.

Education

To use an analogy, the human minds that reside within a social group can be thought of as computers on that social network. Where you would patch a computer, you would educate a mind. The ways in which you can be educated are numerous: you could have an article on social engineering (like this one) made mandatory reading, make social engineering news part of your company newsletter, or hold a class every couple of months. At the very least, people should be aware of the information policy on which you decide. The patch may not take on every person, but you should at least try.

Data Leak Prevention Software

An up and coming type of software is joining the ranks of applications like antivirus and firewalls on the list of things any network trying to be secure should have: Data Leak Prevention (DLP) tools. The software can monitor data in storage, in use, or going over the network, and it can perform tasks like preventing the data from sending or triggering an alert if something is sent. This is limited to just helping to prevent social engineering mishaps on computer networks, but social engineers are likely to use a combination of methods to try and gain access to the most valuable information.

Penetration Testing

Just like your hardware and software, your people can benefit from penetration testing in order to ascertain their awareness of social engineering as a threat and the information security policies that protect from it. This usually requires the aid of an outside entity to get a proper simulation of an attack from someone currently outside the company.

Social Engineering Fundamentals: Part II: Combat Strategies – An article on preventative measures against social engineering from Symantec, a notable information security software company.

 

How Can You Use Social Engineering in Your Everyday Life?

You  may not want to con someone out of their account passwords or savings fund, but that does not mean that the methods of social engineering cannot find their place in your life. They can even be used effectively for altruistic purposes. For example, making new friends can benefit from the inclusion of social engineering information.

Social engineering as a way to gain access to secure information is a threat of which everyone should be aware. Like almost any form of science or technology, it can be used for good and for evil. Taking the time to learn social engineering methods is the best way to use them to your benefit and know how to defend against them. Unless you move to a deserted island with no technology, you are going to be subject to the designs of social engineering, so you may as well stay informed on the subject.

The Top 40(+) Private Eye Blogs

A great number of excellent PI and related blogs have fallen in the last few years, but there are still quite a few worthy of perusing. They are pretty evenly divided between a focus on other PI’s and educated potential clientele. Most of the quality PI blogs come from professional investigative firms, but some are from individual PIs. This list also includes interesting criminal justice blogs from the perspective of police investigators as well as detective and murder mystery oriented writing blogs, as they often pull heavily from real investigation and often contain interesting or useful information.

Photo by It'sGreg

Professional PI’s

  1. G.E. Investigations – This Arizona based private investigation firm run a blog that responds to news related to the industry, posts about wanted criminals and persons-of-interest, investigative tactics, announcements, hacking, and more. The blog is easy to navigate and well organized. Must Read: West Virginia Private Investigator Arrested for Illegal Wiretapping!
  2. The Marriage Detective – A newly utilized blog for a professional detective agency, this blog focuses on partner investigations and the topics they post about reflect information that would be useful to a potential client. They offer national reference servicing and are sales oriented, but there is some good information in the posts. Must Read: 5 Myths About Private Investigators – What They Cannot Legally Do
  3. Diligentia Group Blog – This professional agency provides some excellent advice in this well designed blog, both for other private investigators and for potential customers considering hiring one. Frequently updated and easy to navigate. Must Read: 101 Things a Private Investigator Can Do
  4. AFX Search Blog – This Florida based investigative firm provides regular blog posts on of use to both potential clientele and other investigators ranging from different research strategies, to legal issues, and more. Must Read:  Asset Recovery – Dangers of delaying civil action until criminal cases are completed
  5. ICORP Investigations Blog – A newer blog run by a Florida-based investigative firm, they have started off strong with quality articles focused on informative articles on investigative methods and responses to relevant news. Must Read: Is Someone Recording This? It’s Harder to Find Out
  6. Orange County Private Investigator Blog – Full of useful information for people interested in doing their own investigation, including product reviews, practical skills, information about PI services, and general information. Must Read: Social Media: Your Private Life Made Public!
  7. JFA Brisbane Blog – Updates, advice, and stories from the trenches, this blog is written from the perspective of an Aussie licensed private detective firm.  A great resource for the prospective client or wanna-be investigator alike. Must Read: So You Think You Might Like To Be A Private Investigator? 
  8. Jan B. Tucker: The Detective Diary – Long-lived and frequently updated, The Detective’s Diary has been recognized for its quality before. Jan Tucker focuses on more than just PI topics; he’s also a progressive political activist and keeps tabs on topics important to hislocal area and national issues. You may even find a review of local venues or notices of interesting events tucked away here and there. Must Read: The Small Freaky World of White Collar Crime
  9. Private Eye Confidential – This California-based investigator keeps us updated on local news, personal stories, and fascinating history related to his area alongside practical tips for other investigators. Must Read: My First Domestic Success
  10. Handcuffed to the Ocean – Repeatedly noted as one of the best PI blogs around, this fantastic combination of well-told stories from real investigations and beautiful introductions to the beaches and dive sites he’s explored. Must Read: Spearman’s Barge
  11. Mass Private I – This blog’s focus is on issues of criminal justice and civil rights, and takes a watchdog stance on issues of state and federal government stepping over the boundaries of ethics and the spirit of law in their own investigations. Must Read:  NYPD’s rationale for stop & frisk quotas: some of their police officers are lazy.

Photo from Conner395

The Criminal Justice World

  1. Criminal Justice USA – This site illuminates its readers on a wide array of criminal justice topics with playful design and accessible writing. It regularly features infographs meant to quickly provide statistics in an easy to comprehend manner. Must Read: A Timeline of Police in the U.S.
  2. Tickle The Wire – This blog keeps its readers updated on the news and issues relating to federal law enforcement. Updated frequently and featuring a number of experienced columnists, it is a worthy addition to anyone who wants to get a feel for the national crime beat. Must Read: Column: The Justice Department’s Seizing of Associated Press Phone Records is Disgusting!
  3. Murder by Gaslight – A fascinating look into the crime of 19th Century America. It includes profiles, histories, stories, photographs, and resources for researchers. A great read for those who are interested in the history of investigation, crime writers, or historical crime aficionados. Must Read: The Legend of Lavinia Fisher
  4. Crime Magazine – All the stories about crime, historical and modern, that you could wish to read. Organized by type of crime, regularly updated, and very much worth reading. Helpful for investigators in studying case files to gain a greater understanding of how criminals operate. Useful for crime writers for inspiring the imagination. Must Read: Nixon, Sinatra and the Mafia
  5. Crime Library – This regularly updated blog shares interesting crime stories from all around the world, including the notorious and mundane, with insight into the criminal mind. An excellent resource for investigators learning more about criminal methodology or fictional crime writers looking for new ideas. Must Read:  The Definitive Rodney Alcala
  6. The True Crime Report – Keeping readers up to date on the latest unsolved crimes, homocides, sex crimes, missing persons, and my personal favorite category – douchebags. Regularly updated with quick and dirty updates on real crime, with links back to the original sources. Must Read: Carmen Wysong, Girl Scout Troop Leader, Steals Thousands in Cookie Money
  7. The Crime Scene – Updates on crime from the southwest Missouri region. Murders, missing persons, and your typical medley of hooligans and mischief. Regularly updated with fairly detailed accounts of each crime and links to further information on each case. Must Read: Oklahoma Cold Case Heats Up With Discovery of Three Sets of Human Remains
  8. My Life of Crime – Despite a rather busy format, this blog does an excellent job of keeping its readers up to date on criminal investigations, upcoming executions and trials, and notable sentencing. It features monthly themes and historical tidbits as well. Regularly updated with lots of linked resources relating to each crime. Not much in the way of personal perspective on each case, but lots of data.  Must Read:  Deadly Wives: Nancy Mancuso Gelber, true crime writer, tried to hire a hitman to kill her husband
  9. The Thin Blue Line – A UK based blog focused on issues relating to crime and criminal justice matters in the region. Regularly updated, well written and researched, with excellent analysis from professionals with experience in the field. Must Read: Contempt of Cops – The Thing End of the Wedge
  10. Constable Chaos – This UK policeman’s blog contains both criminal justice insights and some playful steaming off from a man behind that thin blue line. A recent post includes a picture and lyrics to a lively tune about policemen rounding up drunks on a Friday night. Another details the unexpected rescue of a Norwegian Blue parrot. Must Read: #GangnamPoliceman
  11. The Thinking Policeman – Opinion and updates about criminal justice matters and behind the scenes accounts from his peers still on the job are frequently seen on this retired UK police inspector’s blog. Issues are primarily relevant to his side of the pond. Must Read: Gadget Lives On – The iPhone Resolution
  12. Tales of a Public Defender Investigator – This blog is a fascinating look at investigative work done on the part of a public defender. Lots of useful tidbits in here, plus legal updates and events relevant to the industry. The color scheme leaves something to be desired, however. Must Read:  GANGS 101
  13. LAPD Blog – Any investigator in the LA area might want to keep up with the goings-on in the LAPD. This blog keeps readers informed about recent criminal cases, recruitment information, legal changes, and more. Must Read: Suspects Attempt to Lure Young Girls into Cars
  14. Bounty Hunter Discussion – All sorts of information useful for bounty hunters or private investigators found here, including product reviews and updates, news, tips and tactics, and practical business matters. Must Read: Judge in Favor of Private Bail
  15. Guns, Gams, and Gumshoes – This blog exists in a strange balance point between the writing world and the world of the working PI. It includes resources and information handy for PI’s and writers chronicling the adventures of literary private dicks. Must Read: Staying Legal in a Shady Business: When PIs Are Asked to Break the Law
  16. L.A. Noir – An enjoyable read, this blog is a combination of personal stories from a crime writer’s perspective and interesting tidbits from real-life crime stories in the LA area. Must Read:  The Dead Lady in the Water Tank Story Just Got Weirder
  17. Detectives Beyond Borders – Reviews of great literature, news about upcoming noir events, behind the scenes news about the writers in the genre, and more. Frequently updated, well written, and easy on the eyes. Must Read: “Ah refuse tae be victimized”: William McIlvanney and Glasgow patter

Photo by mark Coggins

Great Detective Story Blogs

  1. Guns, Gams, and Gumshoes – This blog exists in a strange balance point between the writing world and the world of the working PI. It includes resources and information handy for PI’s and writers chronicling the adventures of literary private dicks. Must Read: Staying Legal in a Shady Business: When PIs Are Asked to Break the Law
  2. L.A. Noir – An enjoyable read, this blog is a combination of personal stories from a crime writer’s perspective and interesting tidbits from real-life crime stories in the LA area. Must Read:  The Dead Lady in the Water Tank Story Just Got Weirder
  3. Detectives Beyond Borders – Reviews of great literature, news about upcoming noir events, behind the scenes news about the writers in the genre, and more. Frequently updated, well written, and easy on the eyes. Must Read: “Ah refuse tae be victimized”: William McIlvanney and Glasgow patter

 

International Private Investigators

  1. Crown Intelligence PI & Intelligence Services Blog – This is a company blog, so it is primarily focused on articles geared for potential customers. It discusses various tactics used by private investigators, how to pick a PI suitable to your needs, the role of investigators, and news related to the industry. Written in an accessible style with an easy to navigate format. Must Read: Things to Consider Before Hiring a Private Investigator
  2. PI Telegraph – This e-zine based out of the UK targets investigative professionals who are interested in free resources, relevant news, product reviews, and other tidbits that can help hone skills.  The design is elegant and the site is well-organized, making it easy to locate topics of interest. Must Read: How Much Should I Charge? Pricing For Profit
  3. Keynorth Blog – A professionally oriented blog from Canada reporting on changes to laws, professional development, and information that can be applied in the field. Must Read:  Primer on the Federal Administration Act, Asset Recovery, Reporting and Deterrence
  4. Bali Eye Private Investigation – This blog provides useful information on how to protect oneself and avoid scams as a potential client, and offers advice and tactics to other investigators. Based in Indonesia, it provides a unique perspective on private investigations in other parts of the world. Must Read: Dating Cons Games in Indonesia

E-zines, News, and Community Blogs for PI’s

  1. PIbuzz.com – This hub of information is made for and by private investigators. It features news important to the industry, product reviews, tips and tricks, and useful research links. The design is pretty clean and the site is easy to navigate and offers a newsletter. Must Read: Dynamic Internet Searching with Google Products
  2. PI Stories – Covering a wide range of stories of interest to the PI industry, including personal perspectives, responses to news, case studies, examinations of technology, and more. Long running and easy to navigate. Must Read: Parents Find Out About Their Daughter’s Death Through Facebook
  3. Fraud Magazine – Technological updates, headline responses, regular columns, professional development tips, product and book reviews, and much more are featured in this bimonthly magazine focused on white-collar crime and fraud examination techniques. Their articles are focused on providing actionable, practical information.  Must Read: Cyber-attack vector? Who, me?
  4. The Background Investigator – This is essentially an aggregate source of news relating to information gathering. It covers popular stories, national, and international news. The news is primarily focused on background screening but covers related topics as well. Must Read: Washington State Courts Office Suffers Data Breach

 

Advice, Tactics, and Resource Oriented Blogs

  1. PI Advice – A comprehensive blog designed to aid new and veteran P.I.’s interested in honing their craft. The blog features a minimalist style and includes podcasts, apps, and an online store with tools for investigators. The posts range from advice, to real-life stories, to product reviews, and more. Must Read:#58: Investigation Stories – The Lessons I Learned with a Bit of Luck – Part 1
  2. The Confidential Resource  – As the title suggests, the focus of this blog is on providing useful sources and methodology for investigators and researchers.  It is well designed with a clean and modern look, easy to navigate, and searchable. Must Read:  The Cost of Investigative Internet Research
  3. BPI Security Blog – This blog is full of excellent advice from the field, practical skills development, and great information about the business of running an investigative services firm from the perspective of a successful firm. Must Read: Slight of Hand(lers)
  4. Title Search Blog – This blog is focused on real-estate oriented investigative work and news. It includes up to date legal information, news reports related to the industry, practical advice, and even videos with step-by-step instructions. Must Read: Case Law on Invalid Mortgages

Small Business Owner’s Guide to PCI Compliance

Information theft and the damage it can cause to consumers and businesses have been featured extensively in the news for most of the past decade as we move to an almost entirely online way of doing business. The usage of the Internet for business has changed the landscape of the commercial world for the better, but it does provide an avenue of attack that allows malicious entities to acquire sensitive data without ever stepping foot inside an office. For this reason, the PCI DSS was created.

Chances are high that, as a modern business owner, you at least have a passing knowledge of the need for PCI compliance. For those less technologically savvy or who do not have the time to read through extensive regulations, this need can seem like an unnecessary burden, both to your budget and your time. To help you at least become more familiar with the PCI DSS, this guide will give a high level overview of the purpose and requirements of the regulations and provide advice and resources for becoming PCI compliant.

Photo by eliazar

What Is the PCI DSS?

PCI stands for “Payment Card Information,” and the appended DSS often seen accompanying it stands for “Data Security Standards.” The PCI DSS was created by the PCI Security Standards Council, which consists of the five largest credit card companies: MasterCard, Visa, JCB, American Express, and Discover. Its intent was to establish a system for protecting payment card data which can be used for malicious purposes easily once it is in the hands of unauthorized persons. It details the baseline security procedures that companies who interact with payment card information should follow, assists in providing information so the companies can do so, and establishes penalties for noncompliance.

To Whom Do PCI Regulations Apply?

The PCI security guidelines apply to anyone who stores, processes, or transmits consumer payment card data. It does not matter if you run a restaurant, work from home, or have a small chain of stores. If you directly interact with payment card data in any fashion, even by just processing one payment, you are almost assuredly under the purview of PCI DSS. Even if you utilize a payment gateway or merchant account service, your business is responsible for adhering to the regulations as long as it interacts with the payment data in any fashion.

Steps to Adhering to PCI Guidelines

This is a general, step-by-step guide to becoming compliant with the PCI DSS. The PCI regulations themselves outline this process, though the sections are broken down a bit further. These steps do not address every action you need to take through the process. For the exact details on how to follow these steps, consult the PCI DSS version 2.0, available on the PCI security standards site. This especially applies to the more technical sections of firewall and encryption usage.

Photo by: Aman Deshmukh

Step 1: Install a secure firewall and establish good system passwords.

Firewalls are used to monitor and manage the network traffic running through a system. There are a number of free software firewalls available online, but a high quality, commercial firewall is typically going to be more secure. You can also opt for a hardware firewall for increased security.

Password policy is a simple security procedure that many people fail on regularly. A complex password system may be inconvenient, but when people use generic passwords such as “firstnamelastnamenumber,” “password1,” “qwerty,” or “abc123,” it becomes easier for rudimentary cracking programs to bypass this first level of defense and even makes it so an account could be accessed by an unauthorized user without the use of such a program. Passwords should be case sensitive and use a mixture of upper case letters, lower case letters, and numbers. They should also avoid common dictionary words and should not be recycled.

Step 2: Protect consumer data with encryption.

Data encryption renders a file virtually unreadable without a proper decryption key. Encryption technology has evolved to the point where, even if a hacker somehow accesses the encrypted data, decrypting the data is still a difficult task. The method is not foolproof, and you cannot store certain pieces of information even if you encrypt it.

Step 3: Consistently run and update anti-virus and anti-malware software.

Viruses and malware can find their way onto a computer through a number of seemingly harmless methods, such as installing a new program or browsing a website. Once compromised, an infected system may be more easily subjected to hacker attacks or the activity on that system, including network traffic that contains payment data, can be monitored remotely. The capabilities of these malicious programs are extensive, making the use of software to detect and remove them essential for information security.

Step 4: Maintain proper access control over sensitive systems.

Limiting the ability of unauthorized personnel to gain access to sensitive information is aided intuitively by limiting who can access it, both electronically and physically. With more people who can access the data through normal operations, the risk of a security breach increases. Payment data access should be restricted to specific user accounts based on need, and you should not utilize any group or public access accounts on sensitive systems. The physical access to the data should be limited as well and be situated in a secure and monitored area. Additional levels of access control such as managing user accounts, password cycling, secondary login verification methods like biometric data or access cards, and lockouts on repeated login attempts are also required.

Photo by: JermJus

Step 5: Monitor and test network security regularly

Keeping track of the systems which interact with sensitive data can be useful in determining intrusion attempts or discovering the source of a data breach. All activities should ideally be monitored, but the PCI DSS specifically calls for keeping logs of access attempts, creation of system-level objects, the activities of root and administrator accounts, any accessing of payment card data, and audit trails with specific attention paid to recording the time, outcome, origin, type, and effected components of the event.

Once all the security measures are in place, the PCI DSS necessitates a variety of regular testing procedures. Quarterly procedures include penetration testing performed by an Approved Scanning Vendor (ASV), scanning for unauthorized access points, and vulnerability scans. Extensive penetration testing is required at least once per year, and additional testing should be performed after any significant changes to your systems.

Step 6: Establish an information security policy

This is one of the more detailed and overarching requirements of the DSS. Put simply, it requires that your business has established operating procedures relating to information security. Obviously, part one of this policy is to ensure that your systems remain PCI DSS compliant. Other considerations include maintaining a list of approved electronic devices for your systems and clear information as to who and what the devices are intended. The responsibilities of “information security manager” should be assigned to an individual or group, which can be an outside security provider. These responsibilities include account management, educating personnel on information security procedures, and monitoring the company’s networks. Security procedures should be discussed with any third-party vendors the company uses, and a formal, written agreement should be composed. The plan should also specify when testing procedures should take place, and the plan itself should be subject to testing and scrutiny.

Also, bear in mind that the individual payment card companies may place extra requirements onto merchants. For example, this is a list of Visa’s requirements. While not too far off from the main PCI DSS, it is important to be aware of these requirements to avoid issues.

Penalties for Failure to Comply

While the PCI regulations are not enforced by law, the major credit card companies and banks level fines that are tiered to the volume of transactions a company processes. The exact amount of the penalty also varies based on a case by case basis, but they can range from $5,000 to $500,000. They may also continue fines on a monthly basis if non-compliance is not rectified.

Help for Becoming PCI Compliant

While the overall concept of becoming PCI compliant is fairly straightforward, the intricacies of actually adhering to all the various guidelines and regulations can be difficult for small business owners to handle, and it can often eat up the limited time of the fewer employees that the smaller companies possess. Enlisting the help of companies certified to validate and assist with PCI compliance is recommended by the PCI regulatory body and is required in some cases, such as the regular testing by an ASV made necessary in the regulations. QSAs (Qualified Security Assessors) can be used to verify that you are adhering to the PCI DSS.

Aside from the companies directly related to PCI compliance, the help of a Managed Security Service Provider (MSSP) is good practice for enhancing your general security and thus helping your systems to comply with PCI guidelines. These organizations are experienced in setting up information security functions for businesses and individuals, and utilizing them is often more inexpensive for small businesses who cannot afford to bring on several IT staff members just to handle information security. Many MSSPs can also function as QSAs, but it is better practice to use different companies for these services, even if it is not required to do so.

A report detailing some of the best MSSPs based on various criteria can be found here and the lists of PCI Security Standards Council approved QSAs and ASFs are located in the resource section at the bottom of this guide.

You can also engage in further reading with tools like this free PCI for Dummies ebook, courtesy of Qualys.

Photo by: kchbrown

Is PCI Compliance Enough?

PCI represents a baseline level of security that should be adhered to by companies that handle sensitive data. While it may seem to be an unnecessary burden, information security breaches have been responsible for trillions of dollars lost through fraud and secondary expenses. Even if your business does not handle high volumes of transactions from a number of different customers, neglecting to properly secure your information systems can result in data breaches that put you and your customers at risk and do extensive monetary damage. It is in your best interest to take information security extremely serious and even go beyond the security standards set by the PCI DSS.

Helpful Resources

PCI Security Standards – The main PCI DSS site. It contains the regulations, supplemental information, links to certified assistant companies, and more.

Approved Scanning Vendors –  The official list of ASVs certified by the PCI regulatory body.

QSA List – A searchable database of QSAs certified by the PCI regulatory body.

PCI Compliance Guide –  A helpful reference for PCI compliance questions and information.

Emerging Managed Security Service Providers, Q1 2013 – A detailed analsys provided by Forrester of the most promising MSSPs.

Becoming ‘PCI Compliant’ If You Accept Credit Cards – A checklist of tasks for becoming PCI compliant from the BBB.

32

How to be a secret Agent: 101 Tools and Tricks to spy on your friends and family for under $100

Photo by: .:Mat:.

Rules of Engagement

On Laws and Home-Brewed Espionage

The laws regarding eavesdropping and spying on family vary on a state-by-state basis and in many cases the legality is not extremely clear. There are cases to support, for example, a husband using GPS  software to track his wife’s car without her knowledge or keylogging his home computer to spy on his wife without legal repercussion. Conversely, some have been convicted and jailed for keylogging family computers. Particularly with regard to information gathered with the intent to go to court, it is wise to seek legal counsel before beginning. Be aware that encouraging others to spy on your behalf using illegal methods, whether they are friends or professional investigators, may still leave you legally culpable. Play it safe and educate yourself.

On the subject of digital spying:

Keylogging has become a very popular activity for keeping track of your loved ones and colleagues. Be aware that it is a felony offense to be caught keylogging in the US. It is legal only if an employer has reason to believe an employee may be divulging trade secrets, when a company policy allows for workplace surveillance, if a computer user is clearly notified that their online activities may be monitored, or to track children’s activities online and protect them from predators and other risks. Use against a spouse is legally murky, as seen in the previous examples, and has the potential to land the spy in legal hot water.

Legitimate Cases for Becoming a Spy

There are a multitude of reasons people choose to spy on one another: parents keeping track of suddenly independent teenage children, spouses concerned with infidelity, or perhaps someone requires evidence that a friend has sticky fingers. Perhaps it is simply fun and games – a child play-acting as Bond, James Bond. Whatever the reason, it is important to examine motivations before engaging in spying. In many cases it constitutes a major invasion of privacy as well as being potentially illegal depending on the tools and strategies used, and many would view it as highly unethical. Be sure of what you are doing before you begin. For spouses who may be dealing with infidelity, particularly those with a lot of assets or prenuptial agreements on the line, espionage can be a highly effective means of ensuring smooth divorce proceedings should it become necessary. For parents, it is a surefire way to ensure a child’s online safety. In these cases in particular, the sense of security born from an unalterable truth may outweigh the ethical and moral concerns.

The Value of Social Engineering

Fortunately, there is a tried and true method of gathering information that is wholly legal and requires only a bit of charm and planning. Social engineering has gotten a lot of attention recently for its role in major hacking attempts, but it is equally useful to those seeking information. People are, by and large, inclined to be helpful to someone that does not appear alarming. Take some time to read up on social engineering in depth to make the most of it, here are a few books worth acquiring on the subject.

1)      Influence: Science and Practice by Robert B. Cialdini – This book is written in an approachable tone and combines research with experience as a salesperson to instruct its readers in the art of getting a ‘yes’. All about the power of persuasion. Offered on Amazon in paperback for $19.20 or on Kindle for $6.99.

2)      Social Engineering: The Art of Human Hacking by Christopher Hadnagy – This book, written by the man who coined the phrase ‘social engineering’, explains through personal experience, real-world examples, and the science that drives it, how social engineering works. It explains how to utilize social engineering and how to minimize risks associated with it. Amazon offers it for $19.12 in paperback or $18.16 on Kindle.

3)      What Every BODY is Saying: An Ex-FBI Agent’s Guide to Speed-Reading People by Joe Navarro – Written by a former FBI counterintelligence officer, this book instructs its readers on how to pick up on and translate non-verbal cues as well as how to maximize your own non-verbal cues to subtly influence people. Offered for $13.98 in paperback form on Amazon or $9.99 on Kindle.

4)      Introducing NLP: Psychological Skills for Understanding and Influencing People by Joseph O’Conner – This book is well known for its ability to effectively teach the subtle ways in which people can be influenced in the reader’s favor. Written in an accessible style with a clear progression from basics to more challenging concepts, it is considered one of the most definitive NLP texts available.  Offered for $10.28 on Amazon.com

Photo by: AJC1

On Tactics

Planting Devices

Private Space

–          Private places are the most likely to get you into legal trouble, so be aware before you start spying within businesses or private homes. You will need to pick a location that is extremely unlikely to be examined or disturbed by others but that is close enough to main activity centers to pick up useful sound. High shelves, beneath coffee and end tables, behind sofas and chairs pressed against walls.

Public Space

–          Placing a listening device in a public location is primarily about determining a place that will usefully return you interesting tidbits of conversation without being drowned out by ambient noise like the sound of traffic, the movement of people, and group conversation. Place microphones, if possible, as far from ambient noise sources as you can be and preferably in enclosed spaces.

On Your Person

–          Clothing often muffles the sound incoming, so hiding listening devices on the body can be tricky. You must balance sound quality with visibility. There are listening devices meant to be worn visibly and go unnoticed, meant to resemble buttons or Bluetooth devices. You can also transform your cellphone or similar electronic devices into spy gear and most people will never question it, given the commonality of having such a device at the ready these days.

Inside Things

–           Many listening devices are designed to pick up sound through vibrations, so can be safely tucked away within items that have a solid exterior. So long as the device is secured against the internal wall, it can detect and record sound from without. If the device in question can play sound, it will mask any other noise, so items like computers, stereos, cell phones, and TVs are useful to hide devices in but may occasionally interfere as well.

Social Engineering Strategies

5)      Dress well – People are much more inclined to be friendly towards someone who looks like they might be important or well connected. Dress the part.

6)      Be pleasant – Charm is disarming. Playful flattery of a casual nature, genuine attention, and a warm smile can go a long way towards making another comfortable enough to share information with you.

7)      Ask appropriate questions – If you are trying to find out, for example, if your wife is leaving work early it would make sense to ask a company receptionist about her hours so you could schedule a meeting with her. Have a suitable reason for wanting the meeting. Tailor your questions and background to the environment and your needs.

8)      Have a reason! – This follows up on the previous idea, but expands it to include accessing private journals or other personal items. If you wish to acquire something in a space you do not belong in, find a good, justifiable reason for you to be rooting around in there. If it is a child, bring them folded clothes to put away. A husband? Dust the shelves in his office. Make it an action that would not be out of place for your behavior. If you never clean, a sudden interest in dusting his things is going to create red flags.

Photo by: *Kicki*

Effective Camouflage

Personal Surveillance

9)      If you are intending to actively listen in, there is the chance that someone may encounter you. Dress appropriate to the environment you are in, and be prepared with a good excuse. Despite the title of this section, wearing –actual- camouflage is almost never a good idea.

Remote Surveillance

10)   Some of this has already been addressed in ‘Planting Devices’ but be aware that eyes may settle on your device. To increase effectiveness, it is best to conceal the device is possible. Some devices are already meant to appear to be something other than they are – a pen, an innocuous electronic device, a button, or similar. If you are hiding a listening device on a high shelf, consider hiding it within a junk book hollowed out.

Intelligent Preparation

11)   Target – Have a clear idea of who you need to speak to, or where you need to be, to obtain the information or items you are after.

12)   Goal – Know precisely what you are interested in obtaining. Fishing aimlessly is a sure way to stumble and raise triggers in other people. If you know what you need, you can determine the most likely avenue to acquire that information before you begin speaking. You gain control of the conversation before it begins.

Nifty Gadgetry

Audio & Video Surveillance

13)   USB Drive Voice Recorder – This useful little devices looks like a sleek USB stick, but has the added capacity to record up to 45 or 90 minutes of audio with a 15 hours of battery life. It recharges as soon as its insert into a USB port. It does not flash or have any visible notification when it is actively recording and it features incredibly simple operation. $$44.95 for the 4GB (45 minute) option from Pen Recorder Pro.

14)   2.5” HD Dashcam – Designed to affix to your windshield via suction, this camera records clear, quality images even at night. It supports Micro SD cards from 1-32 GB and charges while you are driving with an included cord for your cigarette lighter. It automatically begins recording when you turn it on and includes a date and time stamp (handy if the footage ends up in court proceedings). Just $99.00 from Proof Pronto.

15)   Wall Listening Ninja Spy Device – This small tool is designed to be pressed against a solid surface with the intent of picking up sound from the other side. It can ‘hear’ through up to 20cm of thickness and includes a built-in rechargeable battery and an audio jack. It comes with a headset, but you could also conceal the device within an object and connect it to an audio recorder with the right cabling. It costs $49.50 from DX.

16)   500 Meter Spying Transmitter and Receiver Set – This set includes a micro audio spying bug that can be concealed easily and transmits up to 500 meters away. It has adjustable volume and allows for active remote listening with the included reciever or recording on micro SD cards up to 8 GB. It uses a built-in rechargeable battery. Just $90.30 from DX.

17)   Cigarette Lighter Hidden Camera Recorder – This faux lighter includes a rechargeable li-ion battery and has the capacity to capture video and picture. It features sound-triggered recording and offers a simple and subtle manual recording mode. It can support MicroSD cards up to 16GB, though they do not include one with the device. The lens is located on the bottom of the lighter. The button that you would normally use to strike the lighter turns it on, and the top removes to access the USB port to upload images to a PC or Mac. Amazon offers it for $99.99, and it is currently on sale for $20.99.

18)   Orbiter Electronic Listening Device – This thing isn’t going to win points for stealth, but it is highly effective at detecting audio from up to 300 feet away. It comes with quality headphones and allows for digital recording with a 120 second playback features. It also includes a view finder that can magnify up to 10x.

19)   Mini Spy Cam Pen – This executive-style pen in black and gold conceals a HD 3 megapixel camera capable of producing high res color photographs in JPG format or recording video at 1280×960 resolution at 30 FPS. It has a concealed USB 2.0 interface at its end and has driver support for Windows, Linux, and Mac computers. It comes standard with 2 GB of memory and can be upgraded up to 8 GB with a microSD chip. It has a built-in rechargeable lithium ion battery capable of recording up to 100 minutes of video or 6+ hours of photography. Offered for $23.90.

20)   Avangard Optics Waterproof Spy Watch – This clever watch features a built-in HD camera recorder, capable of capturing video or stills with 640×480 resolution at 30 FPS. It includes an onboard mic, date and time stamp, with 4GB of built-in NAND flash memory, and connects via USB to a PC to capture gathered data. The watch itself is dust and water resistant and uses a rechargeable lithium battery which lasts for about an hour with a full charge. Priced at $35.00 from B&H.

21)   Concealed Camera within a Toyota Car Key – This key records video at 640×480 resolution with 30 FPS and allows storage up to 16GB via MicroSD. It uses a high capacity lithium polymer battery to support roughly one hour of life from a full charge. It connects to a PC with a USB cable for data extraction. Priced at $65.95 from Sears.

22)   Spy Clock Camera with Motion Detection – This innocuous camera comes in the form of a sleek and fashionable bedside alarm clock. The concealed HD 2.0 megapixel camera is capable of recording at 1280×960 resolution up to 30FPS. It begins recording when activated via motion detection and can record continuously for up to 2 hours. The AVI files can be transferred directly to a microSD (it comes with a 4GB SD card that can be upgraded for more storage). Costs $48.95 from Newegg.

Photo by: nikos providakis

23)   Super High Gain Microphone – This microphone is incredibly lightweight and miniscule, making it easy to conceal nearly anywhere. It weighs less than half an ounce, and the preamp features low noise, powerful high gain and automatic level adjustment with its onboard IC. The output is line level and the device comes with 6 feet of power/audio cables so you can connect it anywhere you need. It needs a 6-15 volts DC battery.  Offered for $37.50 from Spy Associates.

24)   Coat Hook Hidden Camera – Cleverly hidden, this camera is situated at the top of this hook, ensuring that it will function even while in use. The camera can be activated manually or automatically start when it senses motion. Video is recorded in 1280 x 960 resolution. Available in white or black for $49.95 from Brickhouse Security.

25)   Sonic Sleuth Parabolic Microphone – Parabolic microphones help you pick up and isolate sounds at a distance. This particular one is designed for children so the cost is not prohibitive. It can pick up sounds up to 300 feet away and offers a frequency controller to remove unnecessary background noise. It comes with a set of headphones but not the necessary 9-volt battery. Offered by Amazon for $23.21.

26)   Uzi Parabolic Microphone – This parabolic microphone also features a monocular capable of viewing up to 8x. The microphone can pick up sounds up to 100 meters (roughly 328 feet) away. It features an integrated chip to record sounds. It includes high quality headphones, but not the necessary 9-volt battery. Offered for $42.95 from Amazon.

27)   Sonic Sound Amplifier – While still not necessarily subtle, this sound amplifier is much less obvious to the casual observer than a parabolic microphone. The handheld device can detect sounds up to 300 feet away and can attach via clip to a pocket, belt, and many binoculars. It includes the necessary ‘AAA’ battery and stereo headphones. Offered for $22.95 from Amazon.

28)   Smoke Detector Hidden Camera – This pinhole camera is tucked within a nonfunctional smoke detector casing. The camera itself utilizes a CCD (charged coupled device) solid-state imaging device, ensuring top quality image capturing and exceptional reliability. It features auto-white balancing and automatic gain control to provide clear images under normal lighting conditions. It adjusts automatically based on light levels, but will not function well in a dark room. Users will need to acquire power supply and cable separately. Currently on sale at Amazon.com for $34.99.

29)   Miniature Wireless Color Camera Set – This set includes a miniature wireless camera with microphone pickup that allows for quality color imaging at a range of 150’ with no obstacles. The camera runs on a 9-volt battery or an AC adapter. The receiving tuner can be fine-tuned to acquire a better picture. The receiver can be set up to record, and can mount on a wall or lay flat for a more permanent set up. Price is just $22.64 via Amazon.

30)   Wireless Pan/Tilt/Nightvision Camera with Remote Monitoring – This remote camera can pickup quality images even at night and allows remote access to its pan and tilt functions. It requires a power connection and access to a network and it comes with a power adapter and network cable. Offered for $59.99 from Amazon.

31)   Mirror Spy – This security mirror holds a powerful secret camera capable of recording color footage at a 420 TVL resolution. It has a wide angle lens and a coverage range of 82 degrees, ensuring that it can cover an average sized room or hallway. It requires access to a power plug, but does not rely on batteries so once it is installed you can let it run without fear that it will die at a critical moment.

 

Simple Devices

32)   Right Angle Mirrored Lens – This nifty lens attachment will fit any lens with a 58 mm filter thread. It’s simple to install – just screw on and you are ready to use it. It allows you to snap pictures around corners easily without raising attention to yourself. $28.99 from Amazon.com.

33)   Telescoping Mirror – These delightful tools generally feature a telescoping handle and flexible neck, allowing you to peak into hard to access places or around the corner without being obtrusive. Generally, they cost a little less than $10. This model from Amazon sells for just $7.29

34)   Spy Periscope – While you can make your own simple periscope with a cardboard tube, small inexpensive mirrors, and a hot glue gun, the more dedicated might want to put up the cash for this professional-grade periscope. It makes it easy to see around corners, over, and under all kinds of obstacles and allows magnification up to 5x. Its design ensures that the picture is always displayed right side up regardless of how the periscope itself is set up. SpyVille offers it for $119.99 (on sale for $79.99 at the time of this article).

35)   ViewPoint Mirror – Now you too can have eyes in the back of your head, motherhood not required! This handy little mirror is meant to adhere to the inside of your sunglasses and grants users a clear view of what is behind them. Discrete and inexpensive, at just $15.00 from CycleAware.

36)   “Safe” Books – A two-piece false book set to conceal your valuables, or a hidden observation device, within. Each book features faux-leather spine and felt lining within the concealed compartments. They are large enough to easily conceal pinhole miniature cameras or listening devices as well as extended media storage or other accessories. The set is currently on sale on Amazon for $29.98.

37)   Hide-A-Mic Rocks – Fashioned to resemble a rock, this concealed compartment is designed to secure an extra key, but it can easily be used to conceal a hidden audio recording device designed to pick up sound via vibration through a solid surface. It would not be a challenge to conceal cabling leading to the false rock beneath the ground surface. Currently on sale for $6.02 from Amazon.

38)   Make your own false compartment – Any container can easily be provided with a false bottom. There are a number of quick how-to guides online that can walk you through the process. Pick a new item or one that does not get used much. A bedside drawer that is rarely opened or an inexpensive jewelry box. Match the interior when you prepare the false addition. Make sure your measurements are absolutely correct. Create just enough hidden space to conceal your device; the larger the compartment, the more likely it is to be noticed.

39)   Concealed pocket clothing – When you are attempting to walk out with potentially incriminating items, or walk in with bugging devices, having concealed pockets can come in handy. Even those with minimal sewing skill can create simple pockets tucked away inside waistbands or jeans. There are also many styles of clothing that come with an abundance of pockets that are easily accessible. Take advantage of functional fashion.

40)   Spy Coin (MicroSD concealment) – This realistic looking coin comes in a variety of denominations – A U.S. Nickel, Half Dollar, or Dollar, a British Pound, a 50 cent Euro piece, or an Aussie 20 cent piece. They seal tightly and are completely undetectable from a typical coin and require a special device (included with purchase) to open them once more. Each will fit a microSD card (the U.S. quarter will not, which they also offer). Available for just $18.49 from Amazon.

41)   BIC Lighter Secret Stash – This non-functional lighter offers subtle concealment for small items. The size makes it perfect for a microSD card, which is what many spy devices utilize. It looks identical to a typical lighter. Offered for $9.95 via Amazon.

42)   Wireless Network Detector Keychain – This simple keychain device detects and displays wireless networks and displays their signal strength via visible LED lights. It comes with batteries. Costs just $5.55 from DX.

Intel Acquisition

43)   Wireless Scanning Pen – This silver and purple pen allows users to scan up to 1000 pictures or voice memos up to 1 minute long. It syncs with Evernote and features a storage capacity of 1GB. Offered for $87.73 from DX.

44)   Mini Portable Document Scanner – When a pen-sized scanner won’t cut it, this portable scanner can step in. It allows fast scanning of standard sized documents, up to 2 seconds per page with lower resolution. It can scan high resolution images at a slower rate. It stores data on a Micro SD slot and is powered by 2 AA batteries. Costs $54.50 from DX.

45)   Spy Remote Control Helicopter – This helicopter can serve as your own personal flying spy. It obviously requires that your target be viewable from an outdoors location. The RC ‘copter can fly for roughly 10 minutes full charged and features a 1G Micro SD card, which can be upgraded. It has a hi-res built-in camera and has a solid state gyroscope for stable control when in use. Users can take snapshots or record video in flight. The RC has an integrated rechargeable LiPo battery that comes included, and the transmitter requires 6 ‘AA’ batteries that are not. It costs $59.95 from Hobby Tron.

46)   Spy Mini RC Drone Helicopter – This miniature RC helicopter can fly for 20-30 minutes with a full charge and has a range of 100’ from the transmitter. Multiple bands allow up to 3 RC helicopters to be flown at once. It includes 2 LED search lights, built in gyro for stability, and a mini HD camera to capture and record visual information. The receiver requires ‘AA’ batteries, not included. It costs just $59.98 from Trend Times.

47)   Make Your Own Drone – DIY Drones has a ton of information for those interested in crafting their own miniature drones. With the assortment of miniscule audio and visual recording devices on the market and accessible miniaturized RC components, a little technical knowledge and a penchant for DIY is all one needs to create their own spy drone at home. Check out this site for inspiration.

B&E Tools

48)   8 Piece Spring Steel Lock Pick Set – This is a good starter set of quality lockpicking tools. It comes with a double ball lock pick, two different hook lock picks, a snake rake lock pick, a jagged rake lock pick, two different single sided lock picks, and a double ended tension wrench. Each piece is made with black diamond spring steel and have re-enforced handles. Costs $24.95 from Newegg.

49)   Super Lock Pick Set – For the more demanding lock-picker, this set includes any style pick you might need, all wrapped up in a faux-leather case. It includes a guide-book to walk you through most lock styles. Costs $96.59 from WayFair Supply.

50)   Practical Lock Picking – This guide walks even newbie lock picks through the process of breaking through most lock styles. It includes detailed, full-color diagrams and step by step instructions using a multitude of the most common techniques and tools. Amazon offers this book for $32.72 in paperback and $31.08 on Kindle.

Surveillance Software

51)   ISpy Connect – iSpy connects your existing cameras, webcams, microphones and other related equipment into a dynamic surveillance system. Users can set up three types of motion detection and four types of motion processing, with record automated upon detection, or scheduled recording with audio and remote access. It also offers desktop recording and SMS/MMS/emailed alerts.  It can be run across multiple computers simultaneously and can even be integrated into iOS devices.

52)   I-Can-See-You WebCam Spy Software – This sneaky software runs silently on your PC and allows you to remotely watch it. Whenever your computer goes online, the program sends you an email with an address to connect and watch live. Offered for $29.99.

53)   Real Time GPS Tracker App – This application sends an exact location of the mobile device to Google Maps, but only works if the user keeps the program running. Good for tracking children, not good for tracking stealthily. Offered for free for Android devices.

54)   GPS Tracking Pro – Another GPS-enabled mobile tracking app, it works best for children as it requires the user to keep the application running on their device. It uses proprietary maps that display local safety points like hospitals and police stations. For any of the GPS phone trackers, you can conceal a locked phone in a vehicle to track its movements more stealthily. This application is free and available for Android devices.

55)   Follow Mee – This application turns a smartphone or tablet into a GPS tracker. The app records whatever location the device goes to periodically and sends that data to a secured server. Users can track location data from any browser. It can track multiple devices, establish geo-fences for children, and it runs silently and starts up automatically when the device is turned on. It is designed to stealthily monitor the whereabouts of children, spouses, employees, or stolen devices.

Photo by: z_fishies

56)   Mobistealth – This service offers stealth applications for your computer and mobile device designed to monitor all activities and provide you with a comprehensive report. Cell phone monitoring can allow you to listen in on calls, read text messages, and view videos and pictures sent to and from the phone being monitored. Similarly, the computer program allows you to read emails sent and received, as well as record and listen in on Skype calls, and monitor online chatting. Both can be set up to track GPS coordinates in the case of laptops and mobile phones. Available for Android, iOS, BlackBerry, and Nokia/Symbian phones and Windows and Mac computers.

57)   Stealth Genie – This application lets you record and intercept live calls, review call history, redirect or view sent and received SMS messages, view incoming and outgoing emails, and track GPS coordinates. The GPS tracking allows you get updates if it enters ‘restricted areas’ or ‘safe areas’.  You are also able to view an assortment of instant message chats, photos, music, videos, and voice recordings as well as view their phone’s calendar and internet activities. Phones can even be bugged to pick up the surroundings and record them or allow you to listen live. Available for nearly any mobile phone and network.

58)   XPCspy – A simple to use PC surveillance software. It monitors and reports on all activities on the target computer while running unobtrusively. It allows you to review the log at any time, from any location. Recorded activities including keystrokes, web browsing history, application usage, clipboard history, system activities, emails, and chat conversations. Free trial, $59.95 to purchase after that.

59)   IamBigBrother – This keylogging software is designed to run quietly without alerting users and protect against attempts to disable it. It does not show up in the start menu, nor will it be visible in the Task Manager. It can be set up to capture screen shots when certain keywords are typed, it creates a list of all web sites visited, with a title, and the length of the visit. It records everything typed, including incoming and outgoing emails and web chats, and records passwords.

60)   SniperSpy7 – This remote computer surveillance software allows users to watch live what is happening on the computer it is installed to. It allows you to browse file systems remotely, view chats, visited websites, keystrokes (in any language), and capture screen shots. You can install it to your computer via email and it is compatible with any firewall. It allows you to remotely download files from the computer, to view and kill active processes, control the mouse, restart or shutdown the computer, and much more. A single 3 month user license costs $39.97.

61)   eBlaster7 – Designed to monitor the activities of children and employees, this program is designed to record everything being done on the computer it is installed into, report the activities in an organized fashion to your email as often as you wish, forward to you every email and online conversation, and alert you when certain keywords (pulled from a list you create) are detected, and block web sites or individuals. Costs $99.95.

Photo by: Aaron Landry

62)   Refog Personal Monitor 7 – Another stealthy program designed to run in the background and monitor the activities of your children. It captures both sides of chats from IM programs, blogs, forums, chatrooms, and more. It can automatically capture screen shots, send alerts when configurable keywords are triggered, and update you via email so you can remotely monitor activities. They offer a free trial version and the cost is $69.95 for the full-featured version.

63)   Elite Keylogger Pro – This program claims to be completely invisible when running, able to avoid detection from anti-virus and anti-keylogging software and not show up through any method to computer users. It records keystrokes, including passwords, monitors emails and online chats and allows you to search and analyze online communication, and allows you to capture automatic screen shots. It also offers a deployment installation method, granting you the right to remotely install the software. Monitoring one PC costs $79.

64)   Spector Pro – One of the better known computer surveillance programs, Spector Pro offers a completely undectable software package capable of recording and analyzing everything any user on a monitored computer does in a format that is easy to review, search, and analyze. You can receive remote access and get alerted when certain keywords or sites are accessed. It grants you the control to block websites or access to individuals on the web. You can watch live or use the video-style playback of what they are doing online. Offered for $99.95.

65)   PC Pandora 7 – Another stealthy keylogger, PC Pandora’s ability to avoid detection begins with purchase – billing shows up from Click Bank, a common processor for thousands of online shops. When it is installed, it deletes all web browsing history related to PCPandora.com as well. It offers all the typical keylogging functions including web history tracking, silent monitoring, keystroke recording, conversation logs, remote viewing and control, and the ability to block specified websites or individuals online. Costs $69.95 for one year of customer support and access to one computer.

66)   WebWatcher 8 – PCMag.com gave WebWatcher a top rating in 2013, and it has gotten great reviews from a number of other sources for good reason. Web Watcher protects PCs, laptops, and mobile devices. You don’t need to have physical access to monitor any device after installation. You can set up your own custom triggers for instant alerts and get near real-time access to everything occurring on your device from any remote location with internet access. It records activities and allows you to review or search through them at your leisure from anywhere. It allows you to view search terms, web history, online conversations, program activity, and record passwords. You can also set up triggered screenshots based on your customized trigger words. Costs $97.00 for Windows or Mac.

67)   Spy Agent – A slightly less expensive but very robust keylogger that offers some powerful parental control features, Spy Agent is a good choice for parents or partners wanting to track online activity. Along with monitoring web history, application use, file access and downloads, and online communication, along with triggered screenshot captures and alerts it offers content filtering. This can be used to filter online chats, websites, or applications based on criteria you establish, and notify you and begin automatically logging based on specific keywords, applications, windows, or screenshots. Plus it offers excellent tools for managing the data gathered, including automatically generated reports, top 10 feeds, cross-referencing, filtering, and searching capabilities. It costs $79.95. Not available for the most recent iterations of Windows or Macs.

Just Plain Cool

68)   Eviltron – This nifty little device is just a tad bit larger than a US quarter, and includes an embedded rare-earth magnet to make it a snap to hide. The included battery lasts 1 month or more with continuous use. It comes with five scary sounds, and a ‘random’ feature to cycle through them. Use it to draw a person away from a place you need to gain access to. Offered from ThinkGeek Labs via Amazon.com for just $12.95.

69)   CheckMate, 5 Minute Infidelity Test Kit – This simple kit makes it easy to collect samples from clothing and linen to locate traces of semen stains. The testing can be done from home and takes minutes to get results. Simply wet the stain, blot the area with a test pad, allow to try, then mix the provided bottle with provided reagents and drop mixture onto the test pad. A positive result turns the sample purple. Costs just $39.99 from Spy Emporium.

Defense Tools

70)   Data Encryption Key – To secure sensitive information, use this USB 2.0 device to encrypt and decrypt any file or files you please. It has 128 bit AES hardware protection, and attaches to your keychain so you can always keep it with you. Costs $18.50 from DX.

71)   Anti-Spy Bug Detector Pen – This pen flashes an LED light whenever it encounters wireless frequencies common to spy cameras and audio recorders. It is not as sensitive as professional level scanners, but is considerably more subtle. It is a functional ball pen and comes with dozens of spare batteries in its included case. The UV LED also works to track blood stains and validate watermarks on documents, bank notes, and money. Costs $13.95 from DX.

72)   Anti-Spy Laser Wireless Signal Detector – A professional version of the bug detector pen, this device is capable of pecking up a wide variety of espionage equipment, sometimes as far away as 10 meters. It prevents users from unknowingly being observed or recorded by listening devices, eavesdroppers, or hidden cameras. DX offers it for $44.70.

Photo by: Stefan

Required Reading

73)   Cyber Spying: Tracking Your Family’s (sometimes) Secret Online Lives – This book is designed to instruct readers in exactly how to spy on someone online. It helpfully covers motivations and the ethics involved, as well as the psychology involved in spying. It gives an introduction to computers and networking basics, teaches readers about online activities and how they can be compromised, and how to prevent being spied on as well. It is designed to help concerned parents and partners check up on online activities. Costs $39.85 for the Amazon paperback edition and $33.56 for the Kindle edition.

74)   The Spy’s Guide: Office Espionage – This book is written to help modern day business professional gain the most valuable tools in today’s fast paced world – information. With step-by-step instructions on everything from phone tapping to social engineering strategies, this book helps professionals get ahead. It includes real life stories demonstrating how these techniques have been used successfully by spies in Fortune 500 companies, the CIA, the KGB, and more. Costs $3.38 from Amazon.

75)   The Official CIA Manual of Trickery and Deception – Written as a training manual for CIA operatives during the Cold War Era, this manual describes step-by-step instructions on how to gather covert intelligence with sleight of hand and other tricks. Offered for $11.56 from Amazon in paperback.

76)   Top Secret: A Handbook of Codes, Ciphers, and Secret Writing – All you need to know on how to create, break, and utilize secret codes and complicated ciphers. Lots of hands on practice, tips for creating your own code-making kit, and tidbits discussing the use of ciphers throughout history. Offered for $6.91 in paperback from Amazon.

77)   101 Spy Gadgets for the Evil Genius – As the title suggests, this is a book with over a hundred projects that you can construct using inexpensive and easy to obtain parts that will allow you to gather intel and conduct surveillance. Projects range from easy to challenging and include a complete list of tools and parts with illustrated guides and step by step instructions. Costs $39.70 in paperback from Amazon, or $14.72 on Kindle.

78)   Covert Persuasion: Psychological Tactics and Tricks to Win the Game – Using skills developed with a firm understanding of psychology, linguistics, sales tactics, and human communication strategies, this book teaches you how to become a master of persuasion. Designed especially for sales professionals, but useful for anyone who can make use of a silver-tongue. Offered in paperback for $24.99 from Amazon, and $13.72 from Kindle.

Photo by: katiek2

Kid-Friendly Spy Gear

79)   Bionic Ear – This simple listening device allows kids to listen through walls, windows and doors. The device works well through glass, sheetrock, and wood. It includes a simple audio earphone. Designed for children aged 8 and up. Priced at $9.39 from Amazon.

80)   Amateur Spy Micro Listener Toy – Used to eavesdrop on conversations on the other side of a thin wall or barrier or held at a distance across open space. Includes its necessary LR44 (AG13) battery. Designed for children. Just $2.95 from DX.

81)   Spy Net Recording Pen – This recording pen features a secret audio recorder. Stored audio can be accessed via the concealed USB connection. It utilizes 3 ‘button cell’ batteries and unlocks access to the Lie Detector on SpyNetHQ.com. Designed for children 8 and up and offered from Amazon for $17.95.

82)   Master Spy Kit – This top secret spy kit comes with an RC car capable of picking up audio and visual signals, a spy pen, two walkie talkies, perimeter motion alarms, and a portable scope. It requires 3 ‘AAA’ batteries that are not included. All of this comes in a hard black case. Toys suitable for ages 6 and up. Offered for $49.99 from Meijer.

83)   Top Secret Spy Kit – This professional looking case includes fingerprinting tools, spy glasses, a code book and kit, and more. Meant for ages 8 and up and offered for $39.00 from Land of Nod.

84)   RC Spy Tank – This iOS operated RC car features a camera capable of streaming live video of taking photographs. It can travel up to 20 meters without obstacle and up to 10 meters around walls and other obstacles. The car generates is own wireless connection and runs on 6 ‘AA’ batteries which are not included. The controlling app is available free from the iTunes app store. Costs $79.95 from NitroRCX.

85)   Long Range Walkie Talkie – Designed for children, these long-range walkie talkies can work up to 2 miles apart. They have a special code button meant to send and receive coded messages, and can also transmit spoken messages. They require 6 ‘AAA’ batteries that are not included. Offered from Amazon for $26.99.

86)   Spy Gear Lie Detector Kit – This kit uses a simple finger sensor to pick up the subject’s truthfulness. Indicator lights make note of when the subject is lying. Includes a Lie Detector Handbook. Offered for $12.66 from Amazon.

87)   Spy Gear Night Scope – This hi-tech looking night scope allows vision up to 25’ in the dark, includes a spring-activated mechanism to activate a spotlight. It offers a ‘stealth mode’ beam. Offered for $23.99 from Amazon.

88)   Multi Voice Changer – A voice changer which offers 8 different voice modifiers and adjustable levers to create a hundreds of modulation options. It requires a 9 volt battery which is not included. Offered for $10.03 from Amazon.

89)   Video Recording Watch with Night Vision – This spy watch features a 1.4” full color screen to watch recorded videos and get live playback from the included camera. It includes a rechargeable battery and USB connection and is compatible with both Mac and PCs. It comes preloaded with apps and games, including ‘Spy Detector’ and ‘Lie Detector’ apps from SpyNetHQ. More can be downloaded from SpyNetHQ. Offered from Amazon for $37.69.

90)   Stealth Video Recording Glasses – These sleek black-framed spy glasses conceal a camera behind the lenses capable of recording up to 20 minutes of video or capturing over 2,000 pictures. Evidence gathered can be uploaded to PC or Mac with the included USB connection and uploaded to SpyNetHQ.com. Offered from Amazon for $34.34.

91)   Color Code Message Kit – This nifty kit includes a decoder filter, message code pad, 4 colored pencils and an instruction manual teaching users how to create and decode color-hidden secret messages. Offered for $5.98 from Amazon.

92)   Copper Decoder Ring – This small copper ring contains a basic decoder. The top dial rotates 360 degrees to make it easy to encode or decode a message. Weighs just over an ounch and is only 1-1/2” in diameter. Features geocaching clues. Offered for $14.99 from Amazon.

93)   Jefferson Style Cylinder Decoder Wheel – This solid wood decoder wheel allows users to create a message and select their array of encoded letters. High quality and attractive method of sending and receiving secret ciphers. Offered for $23.99 from Amazon.

94)   Spy Science Intruder Alarm – This simple device allows kids to create an intruder alert by connecting simple electrical circuits to a door buzzer. Requires two “AA” batteries that are not included. Only $10.49 from Nature Pavilion.

95)   EIN-O’s Burglar Alarm Kit – This electronic kit allows children to build their own burglar alarm. Designed for children 7 and up and includes all the parts necessary to make a functional device. Only $7.83 from Newegg.

96)   Vanishing Ink Pen – Sometimes you want to leave a message with a built-in self-destruct feature. Exploding messages are hazardous, so the next best thing is vanishing ink. This pen, which appears to be completely normal, features ink that fades after 12 hours. It writes normally on any paper and the ink appears to be typical. Just $4.00 from CrimeScene.

97)   Invisible Ink (Homemade) – A good spy knows how to make use of the tools at hand. Invisible ink is a good way to share intel with your fellow spies. Most of us have chemicals at home that we can use to create heat, black light, or chemical reaction based invisible inks. This includes milk, tonic water, laundry detergent diluted, table sugar solution, vinegar, and acidic fruit juices. About.com has a great article on homemade invisible ink that can get you started.

98)   Permanent Invisible Ink Marking System – Of course, if you want to ensure the longevity of your invisible message and be sure you have a way to review it later, you may want to purchase this pen. The invisible ink is permanent and waterproof, ensuring its longevity on non-porous surfaces. It includes a UV light so you can check the message after it has been written. Costs $11.99 from Whatever Works.

99)   Invisible Ink Pen & UV Light – This less expensive pen allows users to write secret messages that can be revealed with the included UV light. It’s only 5 inches long, so easy to conceal, and priced at just $1.49 from Lazerpoint it is inexpensive enough to stock up on them.

100) CSI: Fingerprinting Analysis Kit – This kit, available from Toys-R-Us for just $17.99, contains everything a budding investigator needs to examine evidence. It includes tools to gather and analyze fingerprints and other data. It is targeted towards forensic analysis but could be adapted for the budding spy.

101) Spy Gear Evidence Kit – Made specifically for young spies, this kit comes in a professional-looking black hardcase and contains a UV blacklight, a functional 30x microscope, a 10-piece fingerprint kid, and an LED flashlight. Priced at $20.38 from Amazon.

 

 

The Concerned Parent’s Toolbox – 120 Tools and Tricks to Protect Your Kids

Protecting your children online can seem like a daunting task. There always seem to be threats from new angles cropping up on the 5 o’clock news. Children these days are more attached to the internet than ever from an earlier age. There are a number of useful tools that can help you protect your child on your home computers and devices, but you should also teach your child internet safety to protect them when they are away from home. The following list provides a bit of both, useful educational tools that can teach your kids, programs that can monitor their activity, restrict dangerous websites, and even block them from engaging in risky behavior. It also offers a number of helpful tips to pass on to your children or make use of existing tools you may not realize you already have access to.

Tips and Tricks

General Tips

  1. Keep it Open – Keep the computer in a family room or other high traffic area. Kids are a lot more likely to keep up safe habits when there is a sense of accountability. It also allows parents a chance to notice harassment or other negative experiences a child encounters online.
  2. Use Parental Controls – Your operating system has built-in parental controls. Windows 7 has a number of useful and easy to use controls that can help you control which programs your children can run, restrict what rating of games they can play (or restrict certain games all together), filter web content, and even control the days and times your kids can access their account.
  3. Set Limits – Kids are web-savvy these days, and if you listen to them tell it, a connection to the internet is vital to their continued well-being. Set clearly defined limitations on web-enabled devices, including cellphones, game systems, and computers. Limiting the time they spend attached to a mobile-enhanced device can help kids distance themselves from what occurs online. Your child may not need their own web-enhanced cell-phones as children.

Resources for Parents about Internet Safety

  1. Internet Safety – A simple resource guide to instruct parent’s on creating a “cybersafe” home.
  2. Parent’s Guide to Internet Safety – A quick and dirty guide written by the FBI to instruct parents on what risky behavior looks like for kids online and how to prevent it. Slightly out of date, but still full of good advice.
  3. National Crime Prevention Council: Internet Safety – This contains a list of resource material for parents who want to educate themselves about internet safety.
  4. The National Criminal Justice Reference System: Internet Safety – A collection of reports compiled by various government offices examining risks to children on the internet as well as reviewing prevention and response tactics.
  5. Age-based guidelines for kids’ Internet use – A handy guideline for safe internet usage organized by age groupings provided by Microsoft. It includes tips on how built-in Windows tools can assist parents.
  6. The Institute for Responsible Online and Cellphone Communication – A nonprofit organization dedicated to teaching digital safety while promoting responsible use of technology. Their multi-award winning “Live Event” program provides solutions to many cyber issues and ways to reduce the risk of cyber crime.

Educational Sites for Net Smart Kids

  1. Web Wise Kids – This site is a decade-old non-profit sponsored site covering the range of online dangers for kids. Information for parents, educational tools including games for kids, even classroom resources for educators.
  2. NetSmartzKids – Videos, games, e-books, and more geared to elementary school kids designed to teach them all about internet safety.
  3. Privacy Playground: The First Adventure of the Three Cyber Pigs – An online game designed for children aged 8-10 that teaches children about spam, internet safety, and marketing scams.
  4. Safety Land – An online game sponsored by AT&T designed to teach children about internet safety, including protecting private information and avoiding online predators.
  5. Welcome to the Web – A series of challenges and activities to introduce kids to using the internet safely, with a parent and teacher resource guide.
  6. The Carnegie Cyber Academy – “The world’s most prestigious cyber defense training facility in the world.” Kids learn through a series of training missions how to stay safe and have fun online.
  7. Get Cybersmart with Phineas and Ferb – Phineas and Ferb (the cartoon brothers from Disney) film a public service announcement to teach kids all about internet safety.
  8. Think U Know Cyber Café – Very well organized and targeted towards teenagers, this site gives them everything they need to know to stay safe while using social media, chat rooms, playing games, and more.
  9. NS Teens – This site uses animation, comics, and games to educate teenagers about online dangers, cyber bullying, web etiquette, and more.

Cyber Bullying Resources

Things to Know:

Cyber bullying is becoming a huge problem. As schools and other institutions become more aware and proactive in preventing and addressing bullying among students, children have found other avenues to act out. Cyberspace can often seem like a consequences-free field for kids to taunt one another. Almost half of today’s kids report having been bullied online. More disturbing still is the link between bullying and suicide risk for youth. Here are some tools to help you deal with and prevent cyber bullying.

  1. Keep a record– There are a number of free programs that allow you to capture an image of whatever appears on your screen, often with a time-stamp. This allows you to track and document incidences of cyber bullying so it can be reported and addressed. One good free program is Jing, which allows you to take screenshots easily and even allows you to selectively choose the portion of your screen you wish to snapshot, or record video of what is occurring on your screen. Save harassing emails, pictures, or videos that are sent or posted in an attempt to harass your child.
  2. An email contains the sender’s IP address – If someone is harassing your child through email in an attempt to remain anonymous, learn to find the IP embedded in each email. It is often easily located in the header, which can create accountability for the harasser.
  3. Report harassment – Most of the cyber bullying that occurs online happens through social networking platforms. Many of the providers of these services have methods of reporting harassment. Make use of it, and learn how to report on Facebook, Twitter, and YouTube.
  4. Talk to your kids – Most kids never report the harassment they receive online. They are very unlikely to volunteer the information to their parents. Make a point to discuss online bullying with your children, and ask them about what they experience while online. There are lots of good resources to educate yourself and your kids about cyber bullying (listed below).
  5. Foster Awareness – Your child may not fully understand what cyber bullying looks like. It is possible they could be participating in, encouraging, or overlooking bullying with their peers. Make sure they know what it looks like and don’t become a part of the problem.
  6. Learn to Recognize – Since your child is less likely to tell you outright, learn to recognize the common signs that your child is dealing with online harassment. These include sudden drastic changes in time spent online, seeming withdrawn or upset after time texting or being online, sudden social withdrawal, and lots of new contacts appearing on your child’s texts, inbox, or phone.

(Photo by Kid-Josh @ http://www.flickr.com/photos/48112820@N05/)

Anti-Bullying Awareness Sites and Tools

  1. Kid’s Against Bullying – Designed especially for kids, this site is full of tailored information to help kids learn to spot, prevent, avoid, and get help with cyber bullying.
  2. Stop Bullying – A government funded website full of information about cyber bullying, including tips on preventing it for both parents and children and steps on how to address bullying once it is happening.
  3. BrainPOP: Cyber bullying – A clever online video about what cyber bullying is and how it affects people brought to you by BrainPop, who also offer information on digital etiquette and online safety.
  4. STOP Cyber bullying – The first cyber bullying prevention program, this site empowers teens and tweens to fight back against bullying and teaches them to be leaders and how to provide effective peer support.
  5. Cyberbullying.org – This site provides information about what cyber bullying is and how to address it.
  6. Common Sense: Cyber bullying – A really well-designed resource for parents to learn about cyber bullying. Includes a well-made video, information about what it looks like at all age groups, and helpful conversation starters.
  7. The Bully Roundup – The CDC provides this bully-awareness site tailored to 4th-7th graders. It includes eight excellent tips on dealing with bullies and offers an anti-bullying game. It also has resources for parents.
  8. NCJRS: Cyber bullying and cyber stalking – A collection of studies done by various government departments examining the causes and effects of cyber bullying as well as prevention and response tactics and their effectiveness.

Ad Awareness

Ad bombardment has always been a part of a child’s interaction with technology. However, advertisement firms get astounding access to children and teens with the internet. While television restricts ad-bombing to commercial breaks, ads appear literally everywhere for the web-browsing child. Ads appear on nearly every page and they are more targeted than ever. Teaching kids to be media literate can greatly improve their internet experience and give them a powerful tool for the future.

  1. Admongo – Admongo is a game developed by the Federal Trade Commission that helps kids learn to interpret, understand, and usefully navigate the bombardment of advertisement they face in the world.
  2. Ad Decoder – A simple activity and learning guide to help kids learn about ad manipulation sponsored by the CDC.
  3. Media Smarts – A resource from the Canadian government for helping kids become media literate. Lots of information here, including activities, teacher resources, guides, and more.

(Photo by Danny Oosterveer)

Monitoring & Filtering

The first step for many people in protecting their kids online is researching and installing programs that monitor, filter, and restrict access to dangerous content. Each of these programs has different features and offer different levels of oversight. Some will give you simple controls to block inappropriate content, others will monitor every action your child takes and send you a detailed report, and some will even block inappropriate outgoing content. Some of these programs are free and others require a subscription or purchase.

  1. CyberPatrol – CyberPatrol is a software solution for parents that grants them the ability to block inappropriate content, set time limits on computer access or access to specific programs like games, and restricts access to specific programs like games or instant messaging programs. It also tracks the child’s computer usage and creates reports detailing what they did while online and how long they spent at each activity. Cost is $39.95 for three computers.
  2. K9 Web Protection – K9 blocks web content with customizable lists that allow parents to determine what is appropriate for their children. It also forces children to utilize Safe Search on major search engines, allows parents to establish time restrictions on web access, offers anti-tampering security, and creates simple reports to keep parents informed about what their kids are up to. Useable on Windows, MacOS, iPhone and related devices, and Android.  Completely free.
  3. AVG Family Safety – AVG Family Safety offers a unique solution to guard against cyber bullying. By tracking keystrokes, the program analyses chat room and social networking activity and looks out for terms attributed to bullying. If it picks any up, it alerts parents via SMS or email right away. Other features include mobile protections, time and application management, content restriction, activity reports accessible remotely, and more. Annual subscriptions cost $49.99 a year to cover three licenses.
  4. CYBERsitter – CYBERsitter is a 5-time winner of PC Magazine’s Editor’s Choice award. It works on Windows from XP to 8 and allows parents to proactively block a range of content including web, games, social networking, and malicious sites. It also monitors emails incoming and outgoing. It can restrict access to leisure sites (games, social networks, and the like) during times when children are expected to be studying. Completely customizable. One year of service for up to three home computers costs $39.95.
  5. Norton Online Family – A free service from Norton that allows parents to monitor and control web access, keep an eye on social networking activities, search habits, and android smart phone usage. It keeps parents alerted through email updates and also allows them to check in remotely to view reports. Premium service provides greater reporting, more access to android monitoring, and video monitoring as well. Family Premier’s additional services run $49.99 a year.
  6. McAfee Family Protection – Family Protection software allows parents to block over thirty categories of inappropriate or objectionable web content, restrict access to inappropriate YouTube videos through keyword filtering, manage time and application usage, establish age-range guides to content, records instant message and social networking communications and provides instant feedback when topics range into risky territory, filters music with explicit language, and provides simple feedback via email or text to parents. Annual service costs $49.99.
  7. McAfee Safe Eyes – Safe Eyes has won an award from Good Housekeeping, PC Magazine, and Laptop Editor’s Choice for its easy to use and powerful features. It filters music, videos, and web content and grants parents control over what their kids have access to and for how long. It reports back conversations from social networking sites, instant messaging programs, and web search content, and works on Mac, Windows 7, and iOS. For a one year subscription, it costs $49.95. If you want to bundle Safe Eyes with McAfee anti-virus software it will cost $69.95.
  8. Pure Sight PC – Pure Sight is a respected European based software that monitors social networking, including features that track for cyber bullying, protects against explicit material, violence, and hateful content, establishes internet curfews, restricts file sharing, and provides detailed reports to parents at home or remotely. If it does detect cyber bullying in action, it will automatically cease the conversation, block the bully, and send a message to parents notifying them of the incidence. It costs $5.99 a month for a single computer or $59.90 annually.
  9. Net Nanny – Net Nanny is very well-respected parental control software that has been recognized by major media outlets and has won an assortment of software awards around the web. It offers features like profanity masking, which filters and conceals profanity on websites as well as the standard collection of social media and IM monitoring, with cyber bully protection, web content filtering, video game controls, time scheduling, and more. Net Nanny will cost you $39.99 annually.
  10. Avira Social Shield – Unlike many of the programs listed, this Social Shield specializes. It zeros in specifically on their online social networking, protecting them against risky behavior and interactions with strangers, including predators and identity thieves, and alerts you to cyber bullying instances. If any risky or inappropriate behavior is flagged, parents are immediately notified. Best of all, Avira Social Shield is free.
  11. Sentry PC – Sentry PC is parental control software that offers the host of typical features like web content management and filtering, usage controls, gaming filters, and parental reports. It also includes chat filtering, keystroke phrase filtering, and logs and records screenshots of a child’s online activity. It allows parents to remotely log and view activity. It works for Windows 2000-8. Basic software will cost $49.95 annually for up to three computers, additional features and add-ons can also be purchased.
  12. SafetyWeb – SafetyWeb allows parents to monitor online activity on social networks, chat programs and also keeps track of calls and texting on their mobile phones. It has smart analytical tools that search for risky interactions, including predatory and bullying behavior, and alerts parents. It actively searches for your child’s presence in a wide range of social networking sites and alerts parents to their child’s online presence. It also tracks topics like eating disorders, drug and alcohol addiction, depression, and hate speech. Accessing SafetyWeb will cost $100 for one year, or as little as $9 monthly when billed to your phone.
  13. Screen Retriever – This monitoring software tracks all of a child’s activities both online and offline and allows parents to remotely glimpse at what is happening on their child’s screen. It captures all chats, including on social media and instant messaging programs like Skype and AIM, and allows parents to review them at their leisure. Access will cost $49.99 for an annual license.
  14. uKnowKids – uKnowKids offers the complete technological protection package, including social and web monitoring, mobile monitoring, and location monitoring. The location monitoring sets it apart from its competitors. This service allows you to track your child’s exact location using GPS, WiFi, and social media data. Not only can it pinpoint their last location, it tracks their movement every thirty minutes and can provide a worried parent a detailed report of their child’s activities throughout the day. This is alongside equally powerful web and mobile monitoring that offers the industry standard features and then some. Works with iPhone and related devices, Blackberry devices, and Android devices. Plans range from a basic limited free version to a monthly $9.95 fee. Additional features can be added.

File Sharing or P2P

A sometimes overlooked risk on the internet for kids is file sharing. Not only do kids frequently get caught up with illegal downloads of music, videos, and games, files are often mislabeled and can harbor all sorts of nasty things. These files can conceal viruses and spyware and even illicit material. You can protect your children against this with a few simple steps.

  1. Block your P2P software – As previously discussed, you can limit access to specific programs. Lock your children out of any P2P software you have on your computer already. If you want to eliminate the problem wholly, blocking the software can keep them from engaging in this risky behavior.
  2. Legal Download Sites – There are a number of legal download sites available on the internet. Find a few of these and offer them to your child as an alternative to other notorious pirate-friendly sites. To get you started, there is a list of free and legal music download sites listed below.
  3. Lay down ground rules – Kids are more likely to follow safe P2P guidelines if they understand the very real consequences risky behavior can have. Make sure they understand why you limit or restrict their file sharing habits.

Information on P2P/File Sharing

  1. P2P File-Sharing Risks – A well-organized guide to online scams, file-sharing risks, and more.
  2. A Parent’s P2P Guide – A straightforward PDF guide on all the potential issues in P2P downloads including how to recognize signs of risky behavior and how to prevent it.
  3. Kid Smart File Sharing – This fantastic teen-focused site is designed to introduce kids to the risks of file sharing services and teach them how to use them safely and for the right reasons. It covers copyright material, legal issues, viruses and spyware, concealed files, and how to find legal download sources.

Legal Music Download Sites

  1. Last.fm – Social networking for music nerds with free or inexpensive downloads for acts ranging from indie to mainstream. Share playlists, find other fans, introduce your friends to great music, and more.
  2. Jamendo – This service offers lots and lots of free and legal music and music videos from independent acts. Free streaming, downloading, and sharing with friends.
  3. Free Music Archive – Tons and tons of completely free to download music, with curated lists to help you find good music that suits your tastes.
  4. Sound Cloud –  Sound Cloud helps you explore music, share it through social media, and upload your own music.
  5. MP3.com – Get free MP3 downloads from indie acts and major acts alike. They offer free daily downloads and are a great way to get introduced to new music.
  6. Noise Trade – A link between music fans and indie bands, offering tons of free downloads and a straightforward way to explore new and excellent music.

Identity Protection & Privacy

Identity theft is a rising threat to children. Most adults are now aware that they must protect their personal information from would-be identity thieves, but few of us think to concern ourselves about the identity protection of our Kindergartener. Unfortunately, it is one of the fastest growing areas of ID theft.

Other threats to identity online include one we are more familiar with – predators. Make sure your children know what sort of information to keep to themselves to stay safe.

  1. Protect Your Child’s Identity from Experian – A simple guide explaining how identity theft occurs with children, how to prevent it, and what to do if your child’s identity is stolen.
  2. Your Online Identity – An article written targeting children about safe online behavior regarding identity and personal information. It covers cyber bullying, net etiquette, and privacy.
  3. Teen Space @ Identity Theft Resource Center – A resource guide geared towards teenagers to teach them about protecting their personal information from thieves online. It includes games, peer-made videos, information, and much more.

(Photo by Don Hankins)

Online Predators

Online predators are probably one of the most well-known risks associated with children on the web. Most parents are aware that predators sometimes stalk chat rooms that children frequent. This problem has gotten a lot of attention and thus has a lot of resources available to prevent it and still allow kids to get a chance to explore new social connections.

Tips for safe chatting

  1. Talk to your kids about safe chatting – Let your kids know what sort of information predators are looking for. Arming kids with awareness can prevent them inadvertently slipping an online predator information which can lead them to your child.
  2. Limit direct access – It is best if your child never gives out direct-access information to strangers online, like e-mail addresses and even instant messenger account names. E-mail addresses are particularly worrisome since a lot of information can be obtained from embedded IP addresses. Let your kids know to never share that information with people they don’t know in person.

Information on Sexual Predators Online

  1. Online predators: Help minimize the risk – A great guide written by Microsoft to help parents fight back against online predators. It includes lots of actionable tips to protect your kids.
  2. Family Safe Computers: Online Predators – A simple article about how to recognize predatory behavior and prevent kids from being targeted by it.
  3. Sexual Predators Online – A resource guide that covers the range of risks online predators present, how to recognize the predatory behavior, how to prevent kids from accessing dangerous sites or social interactions, and more. Tools and reporting information.
  4. Online Predator Statistics – An eye-opening collection of facts and statistics relating to online predators.

Chat Room Safety

  1. Chat Room Safety – Simple advice to teach your kids about chat-room safety.

Child-Safe Social Networking & Chat Programs

  1. Mulch Den – Mulch Den is a program designed mostly for younger children who are interested in chatting online. It utilizes an artificial intelligence program to help your child participate in curiosity sparking conversations with a character named Yuk Yuk and his friends who reside in a world deep inside the Earth’s core. This is completely free.
  2. Kid Chat – This chat service is specifically designed to provide a safe place for kids to meet and talk online. It features security filters that block kids from sharing private information, blocks and restricts any form of cursing including self-filtered variants, and requires good net etiquette from its users. There is also staff present to actively monitor the chat rooms and keep out predators and inappropriate behavior.
  3. Kids Social Network – This social network has been developed for kids, allowing them to connect with each other in a safe and secure environment. It offers a lockdown browser that filters inappropriate content, kid-safe chat programs, and even games. Law enforcement is granted a direct-access portal to help keep the kids using the network safe. Accounts are free.
  4. Kidz World – Another social network made specifically for kids, it features advice columns, school help, chat and forums, games, and more. Unfortunately, this site has lots of advertisements and less filtering than other options listed here. It does offer protection against predators and some filtering. This site is geared more towards tweens and teens than younger children.
  5. Grom Social – Grom Social was created by a kid, for kids to provide them with a fun place to socialize online. Meant to be a replacement for Facebook just for kids that is safe, monitored, and lets them do everything from chat and game with friends to get help for school. Free to join and features a mobile app. Grom Social takes an active stance against bullying, drug use, and smoking and encourages kids to make healthy choices.
  6. Giant Hello – Giant Hello is primarily a social gaming site made specifically for kids under the age of 13, to provide them with a safe and secure place to play social games. It is primarily focused on the tween set (7 to 13). It also offers friending, profiles, instant messaging with other users, photo uploading, and fan pages.
  7. Club Penguin – This Disney hosted kids social site features lots of fun activities and games, avatars, and kid-safe networking and chatting. Free accounts can explore the virtual world and play games in this moderated environment, and members can get access to everything to their heart’s content. Membership costs anywhere from $5.00-$7.95 per month depending on how long the subscription lasts.

Internet Addiction

Addiction to the wonders of the web is a growing problem for today’s youth. In some countries, like Korea, internet addiction in children as young as six is a growing epidemic. Learning to spot the signs of addiction and understanding how to manage it in children who often require some level of access is an important tool to add to the modern parenting kit.

Warning Signs and Prevention Tips

  1. Favoring online social interactions – If your child starts eliminating in-person social events in favor of online activities, they may be developing an internet addiction. Encourage them to prioritize time spent with local friends over time spent with online ones.
  2. Overemotional responses to removal of web-enhanced devices – If setting the smart phone down for dinner or restrictions to online time trigger emotional outbursts, your child may be developing an addiction. Establish limited time frames for internet access and encourage other offline interests.
  3. Restrict access time – Do not allow unfettered access to the internet. Establishing a limited timeline for internet access can help kids prioritize their use of it. Whether it’s during specific hours or days of the week or for limited times after tasks are completed, the restriction can help your child develop a healthy relationship with the internet.

Guides for Parents on Internet Addiction

  1. Internet Addiction: What Can Parents Do? – A well-written article outlining the signs of internet addiction and how to help kids get through it. Very good advice.
  2. Parent-Child Internet Addiction Test – A quick test to help parents determine if your child’s relationship to the internet constitutes addiction. Includes lots of resources for dealing with and understanding internet addiction.
  3. Internet Addiction in Kids – A quick article on internet addiction in children, including some tips on reducing internet reliance in kids.

Hidden Web Access

Do not forget that kids these days are connected to the internet from more than just their home PC. Cell phones, both their own and those of their friends, are linked in as well as a number of other mobile devices including handheld and console game systems, and obviously tablets. This fact makes it considerably more challenging to monitor and protect your kids, though there are still tools to be examined. The other side of mobile web access is an increased array of tools to help keep kids safe outside of the home.

  1. Infographic on Teen Web-Access via Smartphone – This infographic is a really eye-opening indicator of how traditional internet safety tactics, like making sure the computer is in a common room in your home, are bypassed by modern teen internet usage.

Basic Tactics

  1. Shop around – For many families a cell phone is an incredibly vital tool to stay in touch, keep track of teen whereabouts, and organize complicated family schedules. If not allowing your child a web-enhanced phone is an option, shop for a phone and provider that gives you accessible parental controls. Many cell phones offer tracking features, web and text filters, time restrictions, contact restrictions, and more. Find a level of protection that works for your family.
  2. Talk, talk, talk – This is perhaps the most important tool around for protecting your kids. All the fancy programs and monitoring devices and webcasts in the world are no substitute for conversations with your child about the risks that exist, their seriousness, and the ways your child can mitigate them. Your child’s own wise choices are the best defense against risk.

Child Safety Apps

  1. Mobicip – This cloud-based web filter makes it easy to set up personalized web filters across every web-enhanced device in your household, including Windows 7, Ubuntu, Android, iPhone and iPad devices, and even Kindle Fires. Basic accounts are free and come with real-time content filtering, data encryption, and standard filtering levels. A premium account costs $9.99 annually per device and offers more control, category blocking, time limits, activity reports, and more.
  2. North Star Child Safety Monitor – This handy app tracks the progress of a child and the school transportation they utilize. This helps parents look for poor driving, track arrival times at pick up and drop off sites, and verify attendance. Parents receive an instant SMS alert when the bus is within 10 minutes of a pickup or drop off site, when a child boards the vehicle,  and in cases of accident.
  3. Children TV – This application helps create a child-friendly video listing utilizing YouTube content. Designed for mobile devices, it creates an easy to use menu of videos sorted by language, fun, and age range. Totally free.
  4. Kids Place – This app offers parental controls to Android devices that allow parents to block outgoing calls and text, the android marketplace, app downloads, and prevent curious kids from using the phone. It can also establish a timer lock, so children can use accessible apps only for a certain length of time. Best of all, it’s free.
  5. FBI Child ID – This free app provided by the FBI is designed to help you electronically store vital information and photos about your children so in the case of an emergency you can instantly provide important identifiers to police and security personnel. It also offers handy tips on keeping children safe and a guide on what to do in the vital first hours after a child goes missing.
  6. Family GPS Tracker: Life 360 – This application provides you with a personalized family map that shows you the location of all of your family members at a glance. You can personalize messages and check in to let your family know you have safely arrived at an intended destination, and even pull up a built in chat feature that lets you update everyone all at once without sending out half a dozen individual messages. It also includes emergency roadside assistance for all connected family members. They offer a basic free plan, but to get the best offering the premium plan costs $5 a month or $50 for a year for your whole family
  7. Sprint Family Locator – This service allows you to locate your child in real-time with interactive satellite maps from your computer or any web-enhanced mobile device. You can even set up arrival times for your children and your phone will update you when they get home and send you an alert if they fail to arrive on time. You can even lock your child’s phone remotely.
  8. Famingo Sandbox Kid – The #2 family app as rated by Time Magazine, this app helps parents provide the best mobile applications to their kids and gives them control over ones they find objectionable. A+ apps are suggested in an easy to navigate interface while ones to avoid are restricted from kids. It creates a virtual sandbox safe for kids to explore so parents don’t have to worry.
  9. Kids Mode – Designed for kids aged 8 and below, this fun application features a number of educational and fun games organized in an easy to navigate menu. It includes a child lock feature to keep kids away from other parts of the phone, video mail so kids can chat with family members, an art studio, and a weekly report for parents to track what their kids have learned. Free to use.
  10. Safe Browser – This Android and iOS application is a cloud-based web filter that blocks inappropriate content from user’s mobile devices. In addition to adult content, it also blocks spamming sites, bandwidth consuming sites, and malware sites. Users have the option of blocking or allowing specific websites. Free to use.
  11. McGruff Safe Guard Mobile Browser – This iOS application functions like a Safari-style browser with highly customizable filtered content to protect children of all ages. Parents can filter based on age range or select specific categories (from a list of over sixty) to block. They can also cherry pick specific sites to allow or disallow. Further, parents receive a daily email notifying them of their children’s browsing habits. The browser itself has features like multi-tab, bookmarks, history viewing, reading lists, and more. Depending on what features users choose to unlock, the price of this application can change, but full family control will cost $9.99 via the Apple App Store.
  12. Ranger Pro Safe Browser – This Android application offers a secure mobile browser environment that users can customize to suit the needs of their family. It offers a range of blockable categories and methods to whitelist or blacklist specific sites. They also continuously (once an hour) update their lists and categories so users can be sure the environment remains safe. The browser itself features copy & paste, pinch & zoom, landscape mode, multi-tabs, browsing history, URL suggestion, cookies, and more. Free to use.
  13. Find My Kids: Footprints – This iOS application allows users to track in real-time the location of loved ones. Parents can establish virtual fences, like a child’s school or a friend’s house, and get notifications when those digital boundaries are crossed. Parents can also view a map of where their children have been throughout the day. Further, it does so automatically, not requiring any sort of manual check-in. The application itself is lightweight to preserve battery life. Available in the Apple App Store for $3.99 for a one-year subscription.
  14. Near Parent – Near Parent uses mobile technology and social networking to help parents help their kids faster.  GPS tracking monitors a child’s location and lets them update their parents about their situation. Three levels of alert let parents know if their child is fine, needs help but is ok, or needs urgent help. If a child needs help, the application alerts the child’s network of trusted adults. Helpers will get an alert on their phone via the app, and can respond, updating parents about the situation with a quick message and letting them know precisely what is being done. Available for both iPhones and Androids.
  15. Hero – The Hero Network uses crowdsourcing and mobile technology to send out instant alerts when a child goes missing. The information includes messages and photos to Guardians in the vicinity of where the child went missing. Parents can also upload information and pictures about their own child for a one-time fee of $3.99. The application to join the network is free and available to Apple and Android smart phone users.