Small Business Owner’s Guide to PCI Compliance

Information theft and the damage it can cause to consumers and businesses have been featured extensively in the news for most of the past decade as we move to an almost entirely online way of doing business. The usage of the Internet for business has changed the landscape of the commercial world for the better, but it does provide an avenue of attack that allows malicious entities to acquire sensitive data without ever stepping foot inside an office. For this reason, the PCI DSS was created.

Chances are high that, as a modern business owner, you at least have a passing knowledge of the need for PCI compliance. For those less technologically savvy or who do not have the time to read through extensive regulations, this need can seem like an unnecessary burden, both to your budget and your time. To help you at least become more familiar with the PCI DSS, this guide will give a high level overview of the purpose and requirements of the regulations and provide advice and resources for becoming PCI compliant.

Photo by eliazar

What Is the PCI DSS?

PCI stands for “Payment Card Information,” and the appended DSS often seen accompanying it stands for “Data Security Standards.” The PCI DSS was created by the PCI Security Standards Council, which consists of the five largest credit card companies: MasterCard, Visa, JCB, American Express, and Discover. Its intent was to establish a system for protecting payment card data which can be used for malicious purposes easily once it is in the hands of unauthorized persons. It details the baseline security procedures that companies who interact with payment card information should follow, assists in providing information so the companies can do so, and establishes penalties for noncompliance.

To Whom Do PCI Regulations Apply?

The PCI security guidelines apply to anyone who stores, processes, or transmits consumer payment card data. It does not matter if you run a restaurant, work from home, or have a small chain of stores. If you directly interact with payment card data in any fashion, even by just processing one payment, you are almost assuredly under the purview of PCI DSS. Even if you utilize a payment gateway or merchant account service, your business is responsible for adhering to the regulations as long as it interacts with the payment data in any fashion.

Steps to Adhering to PCI Guidelines

This is a general, step-by-step guide to becoming compliant with the PCI DSS. The PCI regulations themselves outline this process, though the sections are broken down a bit further. These steps do not address every action you need to take through the process. For the exact details on how to follow these steps, consult the PCI DSS version 2.0, available on the PCI security standards site. This especially applies to the more technical sections of firewall and encryption usage.

Photo by: Aman Deshmukh

Step 1: Install a secure firewall and establish good system passwords.

Firewalls are used to monitor and manage the network traffic running through a system. There are a number of free software firewalls available online, but a high quality, commercial firewall is typically going to be more secure. You can also opt for a hardware firewall for increased security.

Password policy is a simple security procedure that many people fail on regularly. A complex password system may be inconvenient, but when people use generic passwords such as “firstnamelastnamenumber,” “password1,” “qwerty,” or “abc123,” it becomes easier for rudimentary cracking programs to bypass this first level of defense and even makes it so an account could be accessed by an unauthorized user without the use of such a program. Passwords should be case sensitive and use a mixture of upper case letters, lower case letters, and numbers. They should also avoid common dictionary words and should not be recycled.

Step 2: Protect consumer data with encryption.

Data encryption renders a file virtually unreadable without a proper decryption key. Encryption technology has evolved to the point where, even if a hacker somehow accesses the encrypted data, decrypting the data is still a difficult task. The method is not foolproof, and you cannot store certain pieces of information even if you encrypt it.

Step 3: Consistently run and update anti-virus and anti-malware software.

Viruses and malware can find their way onto a computer through a number of seemingly harmless methods, such as installing a new program or browsing a website. Once compromised, an infected system may be more easily subjected to hacker attacks or the activity on that system, including network traffic that contains payment data, can be monitored remotely. The capabilities of these malicious programs are extensive, making the use of software to detect and remove them essential for information security.

Step 4: Maintain proper access control over sensitive systems.

Limiting the ability of unauthorized personnel to gain access to sensitive information is aided intuitively by limiting who can access it, both electronically and physically. With more people who can access the data through normal operations, the risk of a security breach increases. Payment data access should be restricted to specific user accounts based on need, and you should not utilize any group or public access accounts on sensitive systems. The physical access to the data should be limited as well and be situated in a secure and monitored area. Additional levels of access control such as managing user accounts, password cycling, secondary login verification methods like biometric data or access cards, and lockouts on repeated login attempts are also required.

Photo by: JermJus

Step 5: Monitor and test network security regularly

Keeping track of the systems which interact with sensitive data can be useful in determining intrusion attempts or discovering the source of a data breach. All activities should ideally be monitored, but the PCI DSS specifically calls for keeping logs of access attempts, creation of system-level objects, the activities of root and administrator accounts, any accessing of payment card data, and audit trails with specific attention paid to recording the time, outcome, origin, type, and effected components of the event.

Once all the security measures are in place, the PCI DSS necessitates a variety of regular testing procedures. Quarterly procedures include penetration testing performed by an Approved Scanning Vendor (ASV), scanning for unauthorized access points, and vulnerability scans. Extensive penetration testing is required at least once per year, and additional testing should be performed after any significant changes to your systems.

Step 6: Establish an information security policy

This is one of the more detailed and overarching requirements of the DSS. Put simply, it requires that your business has established operating procedures relating to information security. Obviously, part one of this policy is to ensure that your systems remain PCI DSS compliant. Other considerations include maintaining a list of approved electronic devices for your systems and clear information as to who and what the devices are intended. The responsibilities of “information security manager” should be assigned to an individual or group, which can be an outside security provider. These responsibilities include account management, educating personnel on information security procedures, and monitoring the company’s networks. Security procedures should be discussed with any third-party vendors the company uses, and a formal, written agreement should be composed. The plan should also specify when testing procedures should take place, and the plan itself should be subject to testing and scrutiny.

Also, bear in mind that the individual payment card companies may place extra requirements onto merchants. For example, this is a list of Visa’s requirements. While not too far off from the main PCI DSS, it is important to be aware of these requirements to avoid issues.

Penalties for Failure to Comply

While the PCI regulations are not enforced by law, the major credit card companies and banks level fines that are tiered to the volume of transactions a company processes. The exact amount of the penalty also varies based on a case by case basis, but they can range from $5,000 to $500,000. They may also continue fines on a monthly basis if non-compliance is not rectified.

Help for Becoming PCI Compliant

While the overall concept of becoming PCI compliant is fairly straightforward, the intricacies of actually adhering to all the various guidelines and regulations can be difficult for small business owners to handle, and it can often eat up the limited time of the fewer employees that the smaller companies possess. Enlisting the help of companies certified to validate and assist with PCI compliance is recommended by the PCI regulatory body and is required in some cases, such as the regular testing by an ASV made necessary in the regulations. QSAs (Qualified Security Assessors) can be used to verify that you are adhering to the PCI DSS.

Aside from the companies directly related to PCI compliance, the help of a Managed Security Service Provider (MSSP) is good practice for enhancing your general security and thus helping your systems to comply with PCI guidelines. These organizations are experienced in setting up information security functions for businesses and individuals, and utilizing them is often more inexpensive for small businesses who cannot afford to bring on several IT staff members just to handle information security. Many MSSPs can also function as QSAs, but it is better practice to use different companies for these services, even if it is not required to do so.

A report detailing some of the best MSSPs based on various criteria can be found here and the lists of PCI Security Standards Council approved QSAs and ASFs are located in the resource section at the bottom of this guide.

You can also engage in further reading with tools like the free PCI for Dummies ebook, courtesy of Qualys. This can be found on the web through various search engines.

Photo by: kchbrown

Is PCI Compliance Enough?

PCI represents a baseline level of security that should be adhered to by companies that handle sensitive data. While it may seem to be an unnecessary burden, information security breaches have been responsible for trillions of dollars lost through fraud and secondary expenses. Even if your business does not handle high volumes of transactions from a number of different customers, neglecting to properly secure your information systems can result in data breaches that put you and your customers at risk and do extensive monetary damage. It is in your best interest to take information security extremely serious and even go beyond the security standards set by the PCI DSS.

Helpful Resources

PCI Security Standards – The main PCI DSS site. It contains the regulations, supplemental information, links to certified assistant companies, and more.

Approved Scanning Vendors –  The official list of ASVs certified by the PCI regulatory body.

QSA List – A searchable database of QSAs certified by the PCI regulatory body.

PCI Compliance Guide –  A helpful reference for PCI compliance questions and information.

Emerging Managed Security Service Providers, Q1 2013 – A detailed analsys provided by Forrester of the most promising MSSPs.

Becoming ‘PCI Compliant’ If You Accept Credit Cards – A checklist of tasks for becoming PCI compliant from the BBB.

The 20 Worst Data Breaches

The information technology age has brought with it a new opportunity for the criminally minded. Unfortunately, our government agencies and corporations have not always been as guarded as they could be against those determined to gain access to the vital data they store. Through a combination of hacking and social engineering techniques, digital thieves have made off with identity information, hampered affairs of state, and even stolen millions of dollars. Here are 20 of some of the most damaging, notorious, or notable data breaches presented in chronological order.

  1. Card Systems – 2005

Card Systems is a third-party processor of credit card information based in Tuscon, AZ. In June of 2010, a hacker slipped a data-mining bug into their system through security holes and stole data over time from roughly 40 million cards. This data breach happened in large part because the company was storing cardholder’s account numbers and their security codes, in direct violation of MasterCard rules, which allowed the hacker to collect it.  The information gathered was suitable only to steal money from the credit holder’s accounts, not to steal identities. At the time, it was the largest data breach to date.

Photo by molotalk (http://www.flickr.com/photos/molotalk/)

  1. US Veteran’s Affairs Laptop Heist – 2006

In 2006, burglars broke into the home of a VA employee who had taken his company laptop home, in violation of that agency’s regulations. Fortunately, the thieves responsible for stealing the laptop in question had no idea what they had gotten their hands on and deleted all the relevant information. When FBI agents recovered the laptop, they found it had been cleared and reformatted for quick resale, thus protecting the millions of veterans whose information had been stored. The data in question included Social Security numbers, names, addresses, and birthdays for millions of veterans, current service members, reservists, and their spouses. It did represent the largest data breach from a government agency in US history, and raised a lot of questions about how we enforce and protect the highly sensitive data government employees have access to.

Photo by nist6ss'
<

  1. TJX Companies Inc – 2007

TJX Companies is a large retailer that includes a number of retail chains like HomeGoods, Marshalls, T.J. Max, and others. Over the course of several years, predominantly in 2003 and 2006, an unknown number of hackers made stole millions of transaction data. Of note, it took TJX over two months after the data breach was discovered to talk about the true size and scope of what occurred with the media, and even delayed discussing their awareness of it with affected banks and customers. In the end, 45.6 million card numbers were stolen and data from over 450,000 merchandise return receipts were also taken. This represented another major wake-up call for the industry. It took TJX seven months after the theft to recognize it, and retracing the hacker’s steps proved challenging since they lost much of the trail in normal data purges.

Photo by Infusionsoft

  1. TD AmeriTrade – 2007

Once again, a company with a major data leak chooses to withhold this information to its customers for half a year before disclosing it. In this case, AmeriTrade was made aware at least as early as October of 2006 when customers began to complain of stock-related spam emails. That led to a lawsuit in May of 2007 when two of its customers actually sued the company for the breach. Each client had an email addressed used exclusively with TD AmeriTrade and when those inboxes began to fill up with unwanted ads, they immediately knew where the leak had come. The problem was even noted on BoingBoing in June of that same year, when they featured a review of AmeriTrade which noted similar email spam to their dedicated address. Despite this, the company kept the information close to the chest until September when a court order would have forced them to step forward anyway. The lawsuit suggested that the data breach could have potentially leaked sensitive customer data like Social Security numbers and other information that could be used in identity theft. There was also a concern that the company might attempt to destroy information that would display their negligence. The company then requested a two week break from court proceedings, was granted it, and used that time frame to ‘discover’ the breach and notify the press and their clients. It became very clear that they choose to respond not out of a sense of responsibility to their clientele, but purely because they’d been caught and could no longer contain the story.

Photo by Pat Hawks

  1. Certegy – 2007

This case was pretty much a cut-and-dry case of more traditional data theft – a disgruntled employee sold information to a data broker. The details that make this case worth examining is how the company presented the scope of the problem initially and how they recovered. They claimed after it happened that only 2.3 million records were stolen and that the public should not be concerned, because these records were all going to ‘legitimate marketing firms.’ A few months later it was revealed through a filing with the Securities and Exchange Commission that the true number of stolen records was in the range of 8.5 million. Of those records, roughly 5.7 million included checking account records, and 1.5 million included credit card records that could be used for identity theft and fraud. In the end through a settlement with the Florida Attorney General, consumers were granted a two year period to report and receive reimbursement for expenses related to theft from the incident, and they were given credit monitoring at the company’s expense. Further, the company restructured how it handled information security, doing a comprehensive review of internal and external risk, implementing a range of safeguards, and scheduling regular tests and monitoring programs to detect weaknesses and catch issues before they became problems.

Photo by MedillNSZ

  1. Monster – 2007

Monster actually had a recurring problem with data breaches between 2007 and 2009. Three separate times they suffered data breaches in which millions of customer’s personal data was stolen or had their job listings infected with malware. Users affected also saw targeted phishing emails encouraging them to download malicious software or tempting them to accept jobs working as mules for online criminal organizations. One of the malicious Trojans left behind by the attacker’s encrypted files on the affected user’s computer and left a text file demanding payment to the attackers to recover the data. Each attack was perpetrated by hackers abusing security weaknesses in their information security structure. Each time, Monster delayed informing its users that there was a breach after becoming aware of it. Each time, Monster swore to do better. Unfortunately, as Monster learned, big talk is not enough to deter hackers. Actual improvements in infrastructure actually have to be accomplished, not just discussed.

Photo by ppmotskula

  1. Bank of New York Mellow – 2008

Another case of traditional theft leading to a massive data leak, Bank of New York Mellon discovered a missing box of data storage tapes in February and again in April of 2008. Each time, these tapes were being transported by third party vendors from one location to another when they went missing. Surprisingly, these tapes containing vital customer information were not at all encrypted. In addition, the bank did not inform potentially affected customers for three months. Initially, the breach was believed to have affected over 4 million individuals and included names, addresses, and Social Security numbers. Later that year, the bank notified 12 and a half million customers that their data had been stolen. All affected customers were offered two years of free credit monitoring and identity theft insurance worth up to $25,000.

Photo by brewbooks

  1. CheckFree – 2008

At the time of the attack, CheckFree was the largest e-bill payment system on the internet, controlling between 70-80% of the US online bill pay market. This made it a prime target for smart hackers. For several hours, hackers managed to redirect visitors from the legitimate site login page to a site based in Ukraine that attempted to install software designed to steal customer’s passwords. CheckFree at the time had more than 24 million users, so the attack had the potential to be devastatingly effective. This attack was not due to a problematic infrastructure on CheckFree’s part. The hackers had legitimate codes to access CheckFree’s website, suggesting they either successfully phished that information from a CheckFree employee or utilized password-stealing malware. This same website in Ukraine attacked at least 71 other domains at the same time. The attack was noticed and responded to promptly by CheckFree, who had plugged the leak the same day. They promptly informed their customer base, instructed them how to detect malware infection, and arranged for every affected customer to receive a free copy of VirusScan Plus from McAfee.

Photo by IntelFreePress

  1. Hotmail – 2009

In another phishing scam, about 10,000 Hotmail users had their passwords stolen. Much like the CheckFree incident, users were redirected to a site resembling the Windows Live Hotmail login screen. Users who were fooled into entering in their password and user account found their information later posted on Pastebin.com, a site originally designed to allow web developers to easily share tidbits of code. This same site had a list of over 30,000 Gmail, Yahoo! Mail, AOL, Comcast, and Earthlink email accounts and passwords. Microsoft responded quickly upon learning of the breach, sending out emails to warn affected customers of the potential problem and forcing password resets on all affected accounts. As with CheckFree, this was not a failure of Hotmail’s own data security, but a successful phishing venture.

Photo by soupstance

  1. Heartland Payment Systems – 2009

Thought to be the largest data breach of a payment processor, the 2008 attack of Heartland Payment Systems affected roughly 130 million customers and raised a few questions about the effectiveness of PCI standards of the time. The CEO Robert Carr adamantly reported that Heartland was in full compliance with PCI standards and was certified as such. The PCI Security Council contested his claims, suggesting that the breach was a result of an SQL injection error. Even still, the company was certified as fully compliant, leading many to conclude that companies should go beyond the basic requirements of PCI to protect customer data. Particularly with regards to tracking security standards over time, as errors creep into systems and hackers gain more sophisticated tools. Heartland developed an E3 end-to-end encryption service to monitor and secure the whole payment process from point-of-sale all the way through authorization and approval. The PCI Security council also began looking into technologies like card tokenization to improve their own standards. The end result was more focus on a layered approach to information security. In the end, Heartland paid more than $110 million to Visa, MasterCard, American Express, and other card companies to settle claims related to the breach, customers were notified and offered credit monitoring, and companies gained a sobering check about the state of their data security.

Photo by NickGreywfu

  1. US Department of Veteran’s Affairs – 2009

Once again, the VA put data from roughly 76 million veterans at risk through employee negligence. In this case, the breach started with a faulty hard drive in a database RAID array. Employees arranged for a contractor to repair the disc and neglected to erase the encrypted data stored on the disc. When the contractor failed to repair it, the disc was recycled, leaving the data accessible to whoever next claimed the disc.

Photo by Jemimus

  1. Hannaford Bros. Chain – 2009

Much like Heartland, Hannaford Bros. supermarket chain appeared to be following PCI compliance standards when they were hit with a massive data breach. Despite their compliance, a sophisticated hacking attack exposed over 4 million credit and debit card numbers to potential identity theft risk, and resulted in almost two thousand cases of fraud. Later that year, Albert “Segvec” Gonzalez was indicted by a federal grand jury in New Jersey, along with two co-conspirators, on charges of hacking into Hannaford Brothers, Heartland Payment Systems, 7-Eleven, T.J. Maxx, and other unnamed national retailers. This individual and his small team were accused of stealing over 130 million credit and debit card numbers, the biggest fraud case of its kind in history. He was eventually sentenced to 20 years in federal prison for his crimes.

Photo by Andres Rueda

  1. VeriSign – 2010

The VeriSign attack was notable both for the severity of potential complications such a breach could have caused, and for the astounding lack of communication happening within the company. The data breach was first discovered by their security team in 2010, but this was not reported at all to management until September of 2011. An SEC filing made public the data breach, forcing the company to acknowledge the situation, though initially the upper level management seemed to have little knowledge of the incident beyond what was included in the filing. At the time of the attack, VeriSign was one of the largest providers of SSL certificates, which browsers use to identify secure sites like financial sites and communication portals. VeriSign also housed sensitive information on customers and the registry service used to create website addresses also a potential target. The big fear was that the certificate system was compromised; this would have allowed hackers to forge certificates (an event that had already occurred) and thus trick users into believing a phishing site was completely legitimate. Stewart Baker, former assistant secretary of the Department of Homeland Security responded to the event by saying, “Oh my God. That could allow people to imitate almost any company on the Net.”
Photo by Travis Goodspeed

  1. Gawker Media – 2010

Gawker Media’s security breach was a lesson in humility, the internet’s version of being publicly tarred and feathered. A feud between online message board 4Chan and Gawker (who is responsible for Kotaku, Gizmodo, Jezebel, Jalopnik, Lifehacker, Deadspin, Fleshbot, and io9) developed as the web publisher trashed 4chan’s antics. This was swiftly followed by denial-of-service attacks perpetrated by 4chan members. Shortly thereafter, a group with loose affiliation to 4chan who called themselves Gnosis began to infiltrate the Gawker’s content management system, internal communications systems, and user databases. There they sat for a period of time, during which Gawker’s founder was notified that his account was logged into their internal system when he was not. He ordered the account shut off, but did not bother to change his password. In a stunning display of stupidity, it turned out that he used the same password for everything. After playing around internally for a bit, Gnosis began to get public. They posted a snarky message via Gawker’s Twitter account suggesting that user accounts might be compromised. When a Gawker employee assured people that their information was safe, Gnosis responded by posting a meme and a message on Gawker’s site directing people to a Pirate Bay torrent containing a massive data dump that included internal conversations, user names and passwords for a number of employees and many site commenters, FTB account access, and the source code for their content management system (allowing hackers to dig through for weakness). It also revealed that they were three years out of date on their server’s security patches, were using horrendously out of date encryption on user passwords, and had zero protocol established for password creation; nearly 2,000 Gawker users has ‘password’ as their password. Gawker’s response was incredibly poor. Not only did Neck Denton, the founder, fail to respond in a sensible manner after being originally made aware of the problem, they then refused to admit that there was a problem because their passwords were ‘encrypted’ and then waited over a day before notifying users there was a breach. When they did notify customers, it was done with a message on their site, not via email, ensuring many users would never know there was an issue.

Image by iPott

  1. ESTsoft – 2011

ESTsoft is a general purpose software company operating in South Korea. In 2011, they were the target of a devastating attack that impacted nearly the entirety of South Korea’s population. Hackers gained access to one of ESTsoft’s update servers and loaded malware that attached itself to their ALZip compression application, which subsequently infected 62 computers at SK Communications that made use of the ESTsoft program. The infected computers were then able to steal complete customer databases including addresses, contact information, passwords, and gender of roughly 35 million individuals in a nation with a total population of 49 million. The company apologized, the primary web portal for Korea, NHN, ordered employees to delete ESTsoft programs, and lawsuits were filed. The company never disclosed the financial cost of the breach.

Image by Free Grunge Textures

  1. Epsilon – 2011

In one of the largest data breaches of its kind, Epsilon was hacked in March of 2011. Epsilon handles over 40 billion emails annually and services more than 2,200 clients around the world. The information stored was primarily email addresses and names, including those of customers who had opted-out of marketing mailers, opening up all of those customers to phishing attempts. In addition, some users member points were accessed, giving thieves an upper hand when creating believable scam emails. Included in the many companies that sent out warnings to their clientele were major retailers, financial companies, cellular phone companies, banking institutions, and more. Roughly 3% of Epsilon’s clientele was effected. The Secret Service investigated the breach which is estimated to potentially cost Epsilon up to $225 million in damages.

Photo by Aaron Anderer

  1. RSA Security – 2011

SecurID tokens, used in a two-factor authentication system which is designed to create a layered and stronger security system, were compromised in March of 2011 when RSA Security was hacked. Initially, RSA claimed that the hack would in no way allow any “direct attack” on the tokens. Then a few months later, the defense contractor Lockheed Martin fended off a hacking attempt in which the tokens failed to offer any layer of protection. In June RSA released a statement acknowledging the failure. Their Chairman, Art Coviello, claimed that the reason it took them 3 months to disclose the full scope of the breach was to protect other customers from attacks similar to what Lockheed Martin experienced. There were claims that Northrop Grumman and L-3 Communications faced similar attacks. The delay caused many to question the reliability of RSA’s system and certainly to worry that withholding that information put their customers at risk. Some choose to switch to a new token provider, but many remained with RSA because the cost of switching was much more expensive and time intensive than simply gaining new tokens (which RSA provided). In a rather ballsy gesture, RSA encouraged its customer base to increase the layers of RSA security to create redundancy layers. One product fails, so we’ll switch that one out and sell you two more.

 

Photo by purpleslog

  1. PlayStation Network – 2011

Some 77 million user accounts on Sony’s PlayStation Network were compromised after a large scale hack accessed the Sony database. It took the company seven days to notify their customers that data was stolen during the breach that caused their massive shutdown. Names, email addresses, passwords, security questions, birth dates, and addresses were accessed, and Sony warned customers that credit and debit card information may also have been stolen, though no cases of identity theft or fraud were reported as a result. The company was fined £250,000 (approximately $400,000 USD) by Information Commissioner’s Office, a UK based watchdog group, naming the clear negligence on Sony’s part as the reason for the fine.

Photo by cjschris

  1. Bitcoinica – 2012

Bitcoin offered the internet world a unique form of new currency. The nature of Bitcoins makes it an irresistible target for hackers, as a key feature is the permanency of the peer-to-peer transaction style. While it protects merchants from chargebacks, it also means that a successful theft of the currency is one that cannot be reversed. Once a hacker gains access to the private keys, what they steal is theirs to keep. Bitcoin has see a lot of growth in recent years as it has become a haven for both criminal activity and as a sort of virtual stock market. It has also seen a rash of hacking attacks targeting trading platforms like Bitcoinia, who lost $87,000 worth of currency in an attack against their production servers and BitFloor, the largest Bitcoin exchange in the US, who lost $250,000 in a successful hack against an unencrypted storage server. Bt Gox, Instawallet, and other Bitcoin-supporting companies have also seen successful thefts. These thefts have considerably increased the risk of investment in Bitcoins, stalling what had been a dramatic growth in value in 2012.

Photo by zcopley

  1. Global Payments – 2012

With a pricetag of $92.7 million in damages, investigation costs, lost business, and remediation expenses, the Global Payments data breach put at risk more than 7 million card numbers. The data that was stolen in the breach included full Track 1 and Track 2 data, usable by thieves to counterfeit new cards.  Union Savings Bank was just one among a number of financial institutions affected by exactly that tactic. In March of 2012, thieves began purchasing small denomination Safeway-branded prepaid debit cards. They would then encode Union Savings Bank issued debit card accounts to the magnetic strip on these cards, use them to purchase high value prepaid cards, and spend the money buying high ticket electronics and other items from other retailers. USB alone suffered roughly $85,000 in expenses related to the theft. Some, like Fulton Bank of New Jersey were harder hit, seeing roughly one thousand stolen accounts every week. Visa and MasterCard promptly revoked their certification of Global Payments.  Javelin estimated that $707 million in fraudulent charges will occur to the 1.5 million cards that were known to be compromised, with an end cost to consumers of roughly $152 million.

32

How to be a secret Agent: 101 Tools and Tricks to spy on your friends and family for under $100

Photo by: .:Mat:.

 

Rules of Engagement

On Laws and Home-Brewed Espionage

The laws regarding eavesdropping and spying on family vary on a state-by-state basis and in many cases the legality is not extremely clear. There are cases to support, for example, a husband using GPS  software to track his wife’s car without her knowledge or keylogging his home computer to spy on his wife without legal repercussion. Conversely, some have been convicted and jailed for keylogging family computers. Particularly with regard to information gathered with the intent to go to court, it is wise to seek legal counsel before beginning. Be aware that encouraging others to spy on your behalf using illegal methods, whether they are friends or professional investigators, may still leave you legally culpable. Play it safe and educate yourself.

On the subject of digital spying:

Keylogging has become a very popular activity for keeping track of your loved ones and colleagues. Be aware that it is a felony offense to be caught keylogging in the US. It is legal only if an employer has reason to believe an employee may be divulging trade secrets, when a company policy allows for workplace surveillance, if a computer user is clearly notified that their online activities may be monitored, or to track children’s activities online and protect them from predators and other risks. Use against a spouse is legally murky, as seen in the previous examples, and has the potential to land the spy in legal hot water.

Legitimate Cases for Becoming a Spy

There are a multitude of reasons people choose to spy on one another: parents keeping track of suddenly independent teenage children, spouses concerned with infidelity, or perhaps someone requires evidence that a friend has sticky fingers. Perhaps it is simply fun and games – a child play-acting as Bond, James Bond. Whatever the reason, it is important to examine motivations before engaging in spying. In many cases it constitutes a major invasion of privacy as well as being potentially illegal depending on the tools and strategies used, and many would view it as highly unethical. Be sure of what you are doing before you begin. For spouses who may be dealing with infidelity, particularly those with a lot of assets or prenuptial agreements on the line, espionage can be a highly effective means of ensuring smooth divorce proceedings should it become necessary. For parents, it is a surefire way to ensure a child’s online safety. In these cases in particular, the sense of security born from an unalterable truth may outweigh the ethical and moral concerns.

The Value of Social Engineering

Fortunately, there is a tried and true method of gathering information that is wholly legal and requires only a bit of charm and planning. Social engineering has gotten a lot of attention recently for its role in major hacking attempts, but it is equally useful to those seeking information. People are, by and large, inclined to be helpful to someone that does not appear alarming. Take some time to read up on social engineering in depth to make the most of it, here are a few books worth acquiring on the subject.

1)      Influence: Science and Practice by Robert B. Cialdini – This book is written in an approachable tone and combines research with experience as a salesperson to instruct its readers in the art of getting a ‘yes’. All about the power of persuasion. Offered on Amazon in paperback for $19.20 or on Kindle for $6.99.

2)      Social Engineering: The Art of Human Hacking by Christopher Hadnagy – This book, written by the man who coined the phrase ‘social engineering’, explains through personal experience, real-world examples, and the science that drives it, how social engineering works. It explains how to utilize social engineering and how to minimize risks associated with it. Amazon offers it for $19.12 in paperback or $18.16 on Kindle.

3)      What Every BODY is Saying: An Ex-FBI Agent’s Guide to Speed-Reading People by Joe Navarro – Written by a former FBI counterintelligence officer, this book instructs its readers on how to pick up on and translate non-verbal cues as well as how to maximize your own non-verbal cues to subtly influence people. Offered for $13.98 in paperback form on Amazon or $9.99 on Kindle.

4)      Introducing NLP: Psychological Skills for Understanding and Influencing People by Joseph O’Conner – This book is well known for its ability to effectively teach the subtle ways in which people can be influenced in the reader’s favor. Written in an accessible style with a clear progression from basics to more challenging concepts, it is considered one of the most definitive NLP texts available.  Offered for $10.28 on Amazon.com

Photo by: AJC1

On Tactics

Planting Devices

Private Space

–          Private places are the most likely to get you into legal trouble, so be aware before you start spying within businesses or private homes. You will need to pick a location that is extremely unlikely to be examined or disturbed by others but that is close enough to main activity centers to pick up useful sound. High shelves, beneath coffee and end tables, behind sofas and chairs pressed against walls.

Public Space

–          Placing a listening device in a public location is primarily about determining a place that will usefully return you interesting tidbits of conversation without being drowned out by ambient noise like the sound of traffic, the movement of people, and group conversation. Place microphones, if possible, as far from ambient noise sources as you can be and preferably in enclosed spaces.

On Your Person

–          Clothing often muffles the sound incoming, so hiding listening devices on the body can be tricky. You must balance sound quality with visibility. There are listening devices meant to be worn visibly and go unnoticed, meant to resemble buttons or Bluetooth devices. You can also transform your cellphone or similar electronic devices into spy gear and most people will never question it, given the commonality of having such a device at the ready these days.

Inside Things

–           Many listening devices are designed to pick up sound through vibrations, so can be safely tucked away within items that have a solid exterior. So long as the device is secured against the internal wall, it can detect and record sound from without. If the device in question can play sound, it will mask any other noise, so items like computers, stereos, cell phones, and TVs are useful to hide devices in but may occasionally interfere as well.

Social Engineering Strategies

5)      Dress well – People are much more inclined to be friendly towards someone who looks like they might be important or well connected. Dress the part.

6)      Be pleasant – Charm is disarming. Playful flattery of a casual nature, genuine attention, and a warm smile can go a long way towards making another comfortable enough to share information with you.

7)      Ask appropriate questions – If you are trying to find out, for example, if your wife is leaving work early it would make sense to ask a company receptionist about her hours so you could schedule a meeting with her. Have a suitable reason for wanting the meeting. Tailor your questions and background to the environment and your needs.

8)      Have a reason! – This follows up on the previous idea, but expands it to include accessing private journals or other personal items. If you wish to acquire something in a space you do not belong in, find a good, justifiable reason for you to be rooting around in there. If it is a child, bring them folded clothes to put away. A husband? Dust the shelves in his office. Make it an action that would not be out of place for your behavior. If you never clean, a sudden interest in dusting his things is going to create red flags.

Photo by: *Kicki*

Effective Camouflage

Personal Surveillance

9)      If you are intending to actively listen in, there is the chance that someone may encounter you. Dress appropriate to the environment you are in, and be prepared with a good excuse. Despite the title of this section, wearing –actual- camouflage is almost never a good idea.

Remote Surveillance

10)   Some of this has already been addressed in ‘Planting Devices’ but be aware that eyes may settle on your device. To increase effectiveness, it is best to conceal the device is possible. Some devices are already meant to appear to be something other than they are – a pen, an innocuous electronic device, a button, or similar. If you are hiding a listening device on a high shelf, consider hiding it within a junk book hollowed out.

Intelligent Preparation

11)   Target – Have a clear idea of who you need to speak to, or where you need to be, to obtain the information or items you are after.

12)   Goal – Know precisely what you are interested in obtaining. Fishing aimlessly is a sure way to stumble and raise triggers in other people. If you know what you need, you can determine the most likely avenue to acquire that information before you begin speaking. You gain control of the conversation before it begins.

Nifty Gadgetry

Audio & Video Surveillance

13)   USB Drive Voice Recorder – This useful little devices looks like a sleek USB stick, but has the added capacity to record up to 45 or 90 minutes of audio with a 15 hours of battery life. It recharges as soon as its insert into a USB port. It does not flash or have any visible notification when it is actively recording and it features incredibly simple operation. $$44.95 for the 4GB (45 minute) option from Pen Recorder Pro.

14)   2.5” HD Dashcam – Designed to affix to your windshield via suction, this camera records clear, quality images even at night. It supports Micro SD cards from 1-32 GB and charges while you are driving with an included cord for your cigarette lighter. It automatically begins recording when you turn it on and includes a date and time stamp (handy if the footage ends up in court proceedings). Just $99.00 from Proof Pronto.

15)   Wall Listening Ninja Spy Device – This small tool is designed to be pressed against a solid surface with the intent of picking up sound from the other side. It can ‘hear’ through up to 20cm of thickness and includes a built-in rechargeable battery and an audio jack. It comes with a headset, but you could also conceal the device within an object and connect it to an audio recorder with the right cabling. It costs $49.50 from DX.

16)   500 Meter Spying Transmitter and Receiver Set – This set includes a micro audio spying bug that can be concealed easily and transmits up to 500 meters away. It has adjustable volume and allows for active remote listening with the included receiver or recording on micro SD cards up to 8 GB. It uses a built-in rechargeable battery. Just $90.30 from DX.

17)   Cigarette Lighter Hidden Camera Recorder – This faux lighter includes a rechargeable li-ion battery and has the capacity to capture video and picture. It features sound-triggered recording and offers a simple and subtle manual recording mode. It can support MicroSD cards up to 16GB, though they do not include one with the device. The lens is located on the bottom of the lighter. The button that you would normally use to strike the lighter turns it on, and the top removes to access the USB port to upload images to a PC or Mac. Amazon offers it for $99.99, and it is currently on sale for $20.99.

18)   Orbiter Electronic Listening Device – This thing isn’t going to win points for stealth, but it is highly effective at detecting audio from up to 300 feet away. It comes with quality headphones and allows for digital recording with a 120 second playback features. It also includes a view finder that can magnify up to 10x.

19)   Mini Spy Cam Pen – This executive-style pen in black and gold conceals a HD 3 megapixel camera capable of producing high res color photographs in JPG format or recording video at 1280×960 resolution at 30 FPS. It has a concealed USB 2.0 interface at its end and has driver support for Windows, Linux, and Mac computers. It comes standard with 2 GB of memory and can be upgraded up to 8 GB with a microSD chip. It has a built-in rechargeable lithium ion battery capable of recording up to 100 minutes of video or 6+ hours of photography. Offered for $23.90.

20)   Avangard Optics Waterproof Spy Watch – This clever watch features a built-in HD camera recorder, capable of capturing video or stills with 640×480 resolution at 30 FPS. It includes an onboard mic, date and time stamp, with 4GB of built-in NAND flash memory, and connects via USB to a PC to capture gathered data. The watch itself is dust and water resistant and uses a rechargeable lithium battery which lasts for about an hour with a full charge. Priced at $35.00 from B&H.

21)   Concealed Camera within a Toyota Car Key – This key records video at 640×480 resolution with 30 FPS and allows storage up to 16GB via MicroSD. It uses a high capacity lithium polymer battery to support roughly one hour of life from a full charge. It connects to a PC with a USB cable for data extraction. Priced at $65.95 from Sears.

22)   Spy Clock Camera with Motion Detection – This innocuous camera comes in the form of a sleek and fashionable bedside alarm clock. The concealed HD 2.0 megapixel camera is capable of recording at 1280×960 resolution up to 30FPS. It begins recording when activated via motion detection and can record continuously for up to 2 hours. The AVI files can be transferred directly to a microSD (it comes with a 4GB SD card that can be upgraded for more storage). Costs $48.95 from Newegg.

Photo by: nikos providakis

23)   Super High Gain Microphone – This microphone is incredibly lightweight and minuscule, making it easy to conceal nearly anywhere. It weighs less than half an ounce, and the preamp features low noise, powerful high gain and automatic level adjustment with its onboard IC. The output is line level and the device comes with 6 feet of power/audio cables so you can connect it anywhere you need. It needs a 6-15 volts DC battery.  Offered for $37.50 from Spy Associates.

24)   Coat Hook Hidden Camera – Cleverly hidden, this camera is situated at the top of this hook, ensuring that it will function even while in use. The camera can be activated manually or automatically start when it senses motion. Video is recorded in 1280 x 960 resolution. Available in white or black for $49.95 from Brickhouse Security.

25)   Sonic Sleuth Parabolic Microphone – Parabolic microphones help you pick up and isolate sounds at a distance. This particular one is designed for children so the cost is not prohibitive. It can pick up sounds up to 300 feet away and offers a frequency controller to remove unnecessary background noise. It comes with a set of headphones but not the necessary 9-volt battery. Offered by Amazon for $23.21.

26)   Uzi Parabolic Microphone – This parabolic microphone also features a monocular capable of viewing up to 8x. The microphone can pick up sounds up to 100 meters (roughly 328 feet) away. It features an integrated chip to record sounds. It includes high quality headphones, but not the necessary 9-volt battery. Offered for $42.95 from Amazon.

27)   Sonic Sound Amplifier – While still not necessarily subtle, this sound amplifier is much less obvious to the casual observer than a parabolic microphone. The handheld device can detect sounds up to 300 feet away and can attach via clip to a pocket, belt, and many binoculars. It includes the necessary ‘AAA’ battery and stereo headphones. Offered for $22.95 from Amazon.

28)   Smoke Detector Hidden Camera – This pinhole camera is tucked within a nonfunctional smoke detector casing. The camera itself utilizes a CCD (charged coupled device) solid-state imaging device, ensuring top quality image capturing and exceptional reliability. It features auto-white balancing and automatic gain control to provide clear images under normal lighting conditions. It adjusts automatically based on light levels, but will not function well in a dark room. Users will need to acquire power supply and cable separately. Currently on sale at Amazon.com for $34.99.

29)   Miniature Wireless Color Camera Set – This set includes a miniature wireless camera with microphone pickup that allows for quality color imaging at a range of 150’ with no obstacles. The camera runs on a 9-volt battery or an AC adapter. The receiving tuner can be fine-tuned to acquire a better picture. The receiver can be set up to record, and can mount on a wall or lay flat for a more permanent set up. Price is just $22.64 via Amazon.

30)   Wireless Pan/Tilt/Nightvision Camera with Remote Monitoring – This remote camera can pickup quality images even at night and allows remote access to its pan and tilt functions. It requires a power connection and access to a network and it comes with a power adapter and network cable. Offered for $59.99 from Amazon.

31)   Mirror Spy – This security mirror holds a powerful secret camera capable of recording color footage at a 420 TVL resolution. It has a wide angle lens and a coverage range of 82 degrees, ensuring that it can cover an average sized room or hallway. It requires access to a power plug, but does not rely on batteries so once it is installed you can let it run without fear that it will die at a critical moment.

 

Simple Devices

32)   Right Angle Mirrored Lens – This nifty lens attachment will fit any lens with a 58 mm filter thread. It’s simple to install – just screw on and you are ready to use it. It allows you to snap pictures around corners easily without raising attention to yourself. $28.99 from Amazon.com.

33)   Telescoping Mirror – These delightful tools generally feature a telescoping handle and flexible neck, allowing you to peak into hard to access places or around the corner without being obtrusive. Generally, they cost a little less than $10. This model from Amazon sells for just $7.29

34)   Spy Periscope – While you can make your own simple periscope with a cardboard tube, small inexpensive mirrors, and a hot glue gun, the more dedicated might want to put up the cash for this professional-grade periscope. It makes it easy to see around corners, over, and under all kinds of obstacles and allows magnification up to 5x. Its design ensures that the picture is always displayed right side up regardless of how the periscope itself is set up. SpyVille offers it for $119.99 (on sale for $79.99 at the time of this article).

35)   ViewPoint Mirror – Now you too can have eyes in the back of your head, motherhood not required! This handy little mirror is meant to adhere to the inside of your sunglasses and grants users a clear view of what is behind them. Discrete and inexpensive, at just $15.00 from CycleAware.

36)   “Safe” Books – A two-piece false book set to conceal your valuables, or a hidden observation device, within. Each book features faux-leather spine and felt lining within the concealed compartments. They are large enough to easily conceal pinhole miniature cameras or listening devices as well as extended media storage or other accessories. The set is currently on sale on Amazon for $29.98.

37)   Hide-A-Mic Rocks – Fashioned to resemble a rock, this concealed compartment is designed to secure an extra key, but it can easily be used to conceal a hidden audio recording device designed to pick up sound via vibration through a solid surface. It would not be a challenge to conceal cabling leading to the false rock beneath the ground surface. Currently on sale for $6.02 from Amazon.

38)   Make your own false compartment – Any container can easily be provided with a false bottom. There are a number of quick how-to guides online that can walk you through the process. Pick a new item or one that does not get used much. A bedside drawer that is rarely opened or an inexpensive jewelry box. Match the interior when you prepare the false addition. Make sure your measurements are absolutely correct. Create just enough hidden space to conceal your device; the larger the compartment, the more likely it is to be noticed.

39)   Concealed pocket clothing – When you are attempting to walk out with potentially incriminating items, or walk in with bugging devices, having concealed pockets can come in handy. Even those with minimal sewing skill can create simple pockets tucked away inside waistbands or jeans. There are also many styles of clothing that come with an abundance of pockets that are easily accessible. Take advantage of functional fashion.

40)   Spy Coin (MicroSD concealment) – This realistic looking coin comes in a variety of denominations – A U.S. Nickel, Half Dollar, or Dollar, a British Pound, a 50 cent Euro piece, or an Aussie 20 cent piece. They seal tightly and are completely undetectable from a typical coin and require a special device (included with purchase) to open them once more. Each will fit a microSD card (the U.S. quarter will not, which they also offer). Available for just $18.49 from Amazon.

41)   BIC Lighter Secret Stash – This non-functional lighter offers subtle concealment for small items. The size makes it perfect for a microSD card, which is what many spy devices utilize. It looks identical to a typical lighter. Offered for $9.95 via Amazon.

42)   Wireless Network Detector Keychain – This simple keychain device detects and displays wireless networks and displays their signal strength via visible LED lights. It comes with batteries. Costs just $5.55 from DX.

Intel Acquisition

43)   Wireless Scanning Pen – This silver and purple pen allows users to scan up to 1000 pictures or voice memos up to 1 minute long. It syncs with Evernote and features a storage capacity of 1GB. Offered for $87.73 from DX.

44)   Mini Portable Document Scanner – When a pen-sized scanner won’t cut it, this portable scanner can step in. It allows fast scanning of standard sized documents, up to 2 seconds per page with lower resolution. It can scan high resolution images at a slower rate. It stores data on a Micro SD slot and is powered by 2 AA batteries. Costs $54.50 from DX.

45)   Spy Remote Control Helicopter – This helicopter can serve as your own personal flying spy. It obviously requires that your target be viewable from an outdoors location. The RC ‘copter can fly for roughly 10 minutes full charged and features a 1G Micro SD card, which can be upgraded. It has a hi-res built-in camera and has a solid state gyroscope for stable control when in use. Users can take snapshots or record video in flight. The RC has an integrated rechargeable LiPo battery that comes included, and the transmitter requires 6 ‘AA’ batteries that are not. It costs $59.95 from Hobby Tron.

46)   Spy Mini RC Drone Helicopter – This miniature RC helicopter can fly for 20-30 minutes with a full charge and has a range of 100’ from the transmitter. Multiple bands allow up to 3 RC helicopters to be flown at once. It includes 2 LED search lights, built in gyro for stability, and a mini HD camera to capture and record visual information. The receiver requires ‘AA’ batteries, not included. It costs just $59.98 from Trend Times.

47)   Make Your Own Drone – DIY Drones has a ton of information for those interested in crafting their own miniature drones. With the assortment of minuscule audio and visual recording devices on the market and accessible miniaturized RC components, a little technical knowledge and a penchant for DIY is all one needs to create their own spy drone at home. Check out this site for inspiration.

B&E Tools

48)   8 Piece Spring Steel Lock Pick Set – This is a good starter set of quality lockpicking tools. It comes with a double ball lock pick, two different hook lock picks, a snake rake lock pick, a jagged rake lock pick, two different single sided lock picks, and a double ended tension wrench. Each piece is made with black diamond spring steel and have re-enforced handles. Costs $24.95 from Newegg.

49)   Super Lock Pick Set – For the more demanding lock-picker, this set includes any style pick you might need, all wrapped up in a faux-leather case. It includes a guide-book to walk you through most lock styles. Costs $96.59 from WayFair Supply.

50)   Practical Lock Picking – This guide walks even newbie lock picks through the process of breaking through most lock styles. It includes detailed, full-color diagrams and step by step instructions using a multitude of the most common techniques and tools. Amazon offers this book for $32.72 in paperback and $31.08 on Kindle.

Surveillance Software

51)   ISpy Connect – iSpy connects your existing cameras, webcams, microphones and other related equipment into a dynamic surveillance system. Users can set up three types of motion detection and four types of motion processing, with record automated upon detection, or scheduled recording with audio and remote access. It also offers desktop recording and SMS/MMS/emailed alerts.  It can be run across multiple computers simultaneously and can even be integrated into iOS devices.

52)   I-Can-See-You WebCam Spy Software – This sneaky software runs silently on your PC and allows you to remotely watch it. Whenever your computer goes online, the program sends you an email with an address to connect and watch live. Offered for $29.99.

53)   Real Time GPS Tracker App – This application sends an exact location of the mobile device to Google Maps, but only works if the user keeps the program running. Good for tracking children, not good for tracking stealthily. Offered for free for Android devices.

54)   GPS Tracking Pro – Another GPS-enabled mobile tracking app, it works best for children as it requires the user to keep the application running on their device. It uses proprietary maps that display local safety points like hospitals and police stations. For any of the GPS phone trackers, you can conceal a locked phone in a vehicle to track its movements more stealthily. This application is free and available for Android devices.

55)   Follow Mee – This application turns a smartphone or tablet into a GPS tracker. The app records whatever location the device goes to periodically and sends that data to a secured server. Users can track location data from any browser. It can track multiple devices, establish geo-fences for children, and it runs silently and starts up automatically when the device is turned on. It is designed to stealthily monitor the whereabouts of children, spouses, employees, or stolen devices.

Photo by: z_fishies

56)   Mobistealth – This service offers stealth applications for your computer and mobile device designed to monitor all activities and provide you with a comprehensive report. Cell phone monitoring can allow you to listen in on calls, read text messages, and view videos and pictures sent to and from the phone being monitored. Similarly, the computer program allows you to read emails sent and received, as well as record and listen in on Skype calls, and monitor online chatting. Both can be set up to track GPS coordinates in the case of laptops and mobile phones. Available for Android, iOS, BlackBerry, and Nokia/Symbian phones and Windows and Mac computers.

57)   Stealth Genie – This application lets you record and intercept live calls, review call history, redirect or view sent and received SMS messages, view incoming and outgoing emails, and track GPS coordinates. The GPS tracking allows you get updates if it enters ‘restricted areas’ or ‘safe areas’.  You are also able to view an assortment of instant message chats, photos, music, videos, and voice recordings as well as view their phone’s calendar and internet activities. Phones can even be bugged to pick up the surroundings and record them or allow you to listen live. Available for nearly any mobile phone and network.

58)   XPCspy – A simple to use PC surveillance software. It monitors and reports on all activities on the target computer while running unobtrusively. It allows you to review the log at any time, from any location. Recorded activities including keystrokes, web browsing history, application usage, clipboard history, system activities, emails, and chat conversations. Free trial, $59.95 to purchase after that.

59)   IamBigBrother – This keylogging software is designed to run quietly without alerting users and protect against attempts to disable it. It does not show up in the start menu, nor will it be visible in the Task Manager. It can be set up to capture screen shots when certain keywords are typed, it creates a list of all web sites visited, with a title, and the length of the visit. It records everything typed, including incoming and outgoing emails and web chats, and records passwords.

60)   SniperSpy7 – This remote computer surveillance software allows users to watch live what is happening on the computer it is installed to. It allows you to browse file systems remotely, view chats, visited websites, keystrokes (in any language), and capture screen shots. You can install it to your computer via email and it is compatible with any firewall. It allows you to remotely download files from the computer, to view and kill active processes, control the mouse, restart or shutdown the computer, and much more. A single 3 month user license costs $39.97.

61)   eBlaster7 – Designed to monitor the activities of children and employees, this program is designed to record everything being done on the computer it is installed into, report the activities in an organized fashion to your email as often as you wish, forward to you every email and online conversation, and alert you when certain keywords (pulled from a list you create) are detected, and block web sites or individuals. Costs $99.95.

Photo by: Aaron Landry

62)   Refog Personal Monitor 7 – Another stealthy program designed to run in the background and monitor the activities of your children. It captures both sides of chats from IM programs, blogs, forums, chatrooms, and more. It can automatically capture screen shots, send alerts when configurable keywords are triggered, and update you via email so you can remotely monitor activities. They offer a free trial version and the cost is $69.95 for the full-featured version.

63)   Elite Keylogger Pro – This program claims to be completely invisible when running, able to avoid detection from anti-virus and anti-keylogging software and not show up through any method to computer users. It records keystrokes, including passwords, monitors emails and online chats and allows you to search and analyze online communication, and allows you to capture automatic screen shots. It also offers a deployment installation method, granting you the right to remotely install the software. Monitoring one PC costs $79.

64)   Spector Pro – One of the better-known computer surveillance programs, Spector Pro offers a completely undetectable software package capable of recording and analyzing everything any user on a monitored computer does in a format that is easy to review, search, and analyze. You can receive remote access, similar to a remote desktop, and get alerted when certain keywords or sites are accessed. It grants you the control to block websites or access to individuals on the web. You can watch live or use the video-style playback of what they are doing online. Offered for $99.95.

65)   PC Pandora 7 – Another stealthy keylogger, PC Pandora’s ability to avoid detection begins with purchase – billing shows up from Click Bank, a common processor for thousands of online shops. When it is installed, it deletes all web browsing history related to PCPandora.com as well. It offers all the typical keylogging functions including web history tracking, silent monitoring, keystroke recording, conversation logs, remote viewing and control, and the ability to block specified websites or individuals online. Costs $69.95 for one year of customer support and access to one computer.

66)   WebWatcher 8 – PCMag.com gave WebWatcher a top rating in 2013, and it has gotten great reviews from a number of other sources for good reason. Web Watcher protects PCs, laptops, and mobile devices. You don’t need to have physical access to monitor any device after installation. You can set up your own custom triggers for instant alerts and get near real-time access to everything occurring on your device from any remote location with internet access. It records activities and allows you to review or search through them at your leisure from anywhere. It allows you to view search terms, web history, online conversations, program activity, and record passwords. You can also set up triggered screenshots based on your customized trigger words. Costs $97.00 for Windows or Mac.

67)   Spy Agent – A slightly less expensive but very robust keylogger that offers some powerful parental control features, Spy Agent is a good choice for parents or partners wanting to track online activity. Along with monitoring web history, application use, file access and downloads, and online communication, along with triggered screenshot captures and alerts it offers content filtering. This can be used to filter online chats, websites, or applications based on criteria you establish, and notify you and begin automatically logging based on specific keywords, applications, windows, or screenshots. Plus it offers excellent tools for managing the data gathered, including automatically generated reports, top 10 feeds, cross-referencing, filtering, and searching capabilities. It costs $79.95. Not available for the most recent iterations of Windows or Macs.

Just Plain Cool

68)   Eviltron – This nifty little device is just a tad bit larger than a US quarter, and includes an embedded rare-earth magnet to make it a snap to hide. The included battery lasts 1 month or more with continuous use. It comes with five scary sounds, and a ‘random’ feature to cycle through them. Use it to draw a person away from a place you need to gain access to. Offered from ThinkGeek Labs via Amazon.com for just $12.95.

69)   CheckMate, 5 Minute Infidelity Test Kit – This simple kit makes it easy to collect samples from clothing and linen to locate traces of semen stains. The testing can be done from home and takes minutes to get results. Simply wet the stain, blot the area with a test pad, allow to try, then mix the provided bottle with provided reagents and drop mixture onto the test pad. A positive result turns the sample purple. Costs just $39.99 from Spy Emporium.

Defense Tools

70)   Data Encryption Key – To secure sensitive information, use this USB 2.0 device to encrypt and decrypt any file or files you please. It has 128 bit AES hardware protection, and attaches to your keychain so you can always keep it with you. Costs $18.50 from DX.

71)   Anti-Spy Bug Detector Pen – This pen flashes an LED light whenever it encounters wireless frequencies common to spy cameras and audio recorders. It is not as sensitive as professional level scanners, but is considerably more subtle. It is a functional ball pen and comes with dozens of spare batteries in its included case. The UV LED also works to track blood stains and validate watermarks on documents, bank notes, and money. Costs $13.95 from DX.

72)   Anti-Spy Laser Wireless Signal Detector – A professional version of the bug detector pen, this device is capable of pecking up a wide variety of espionage equipment, sometimes as far away as 10 meters. It prevents users from unknowingly being observed or recorded by listening devices, eavesdroppers, or hidden cameras. DX offers it for $44.70.

Photo by: Stefan

Required Reading

73)   Cyber Spying: Tracking Your Family’s (sometimes) Secret Online Lives – This book is designed to instruct readers in exactly how to spy on someone online. It helpfully covers motivations and the ethics involved, as well as the psychology involved in spying. It gives an introduction to computers and networking basics, teaches readers about online activities and how they can be compromised, and how to prevent being spied on as well. It is designed to help concerned parents and partners check up on online activities. Costs $39.85 for the Amazon paperback edition and $33.56 for the Kindle edition.

74)   The Spy’s Guide: Office Espionage – This book is written to help modern day business professional gain the most valuable tools in today’s fast paced world – information. With step-by-step instructions on everything from phone tapping to social engineering strategies, this book helps professionals get ahead. It includes real life stories demonstrating how these techniques have been used successfully by spies in Fortune 500 companies, the CIA, the KGB, and more. Costs $3.38 from Amazon.

75)   The Official CIA Manual of Trickery and Deception – Written as a training manual for CIA operatives during the Cold War Era, this manual describes step-by-step instructions on how to gather covert intelligence with sleight of hand and other tricks. Offered for $11.56 from Amazon in paperback.

76)   Top Secret: A Handbook of Codes, Ciphers, and Secret Writing – All you need to know on how to create, break, and utilize secret codes and complicated ciphers. Lots of hands on practice, tips for creating your own code-making kit, and tidbits discussing the use of ciphers throughout history. Offered for $6.91 in paperback from Amazon.

77)   101 Spy Gadgets for the Evil Genius – As the title suggests, this is a book with over a hundred projects that you can construct using inexpensive and easy to obtain parts that will allow you to gather intel and conduct surveillance. Projects range from easy to challenging and include a complete list of tools and parts with illustrated guides and step by step instructions. Costs $39.70 in paperback from Amazon, or $14.72 on Kindle.

78)   Covert Persuasion: Psychological Tactics and Tricks to Win the Game – Using skills developed with a firm understanding of psychology, linguistics, sales tactics, and human communication strategies, this book teaches you how to become a master of persuasion. Designed especially for sales professionals, but useful for anyone who can make use of a silver-tongue. Offered in paperback for $24.99 from Amazon, and $13.72 from Kindle.

Photo by: katiek2

Kid-Friendly Spy Gear

79)   Bionic Ear – This simple listening device allows kids to listen through walls, windows and doors. The device works well through glass, sheetrock, and wood. It includes a simple audio earphone. Designed for children aged 8 and up. Priced at $9.39 from Amazon.

80)   Amateur Spy Micro Listener Toy – Used to eavesdrop on conversations on the other side of a thin wall or barrier or held at a distance across open space. Includes its necessary LR44 (AG13) battery. Designed for children. Just $2.95 from DX.

81)   Spy Net Recording Pen – This recording pen features a secret audio recorder. Stored audio can be accessed via the concealed USB connection. It utilizes 3 ‘button cell’ batteries and unlocks access to the Lie Detector on SpyNetHQ.com. Designed for children 8 and up and offered from Amazon for $17.95.

82)   Master Spy Kit – This top secret spy kit comes with an RC car capable of picking up audio and visual signals, a spy pen, two walkie talkies, perimeter motion alarms, and a portable scope. It requires 3 ‘AAA’ batteries that are not included. All of this comes in a hard black case. Toys suitable for ages 6 and up. Offered for $49.99 from Meijer.

83)   Top Secret Spy Kit – This professional looking case includes fingerprinting tools, spy glasses, a code book and kit, and more. Meant for ages 8 and up and offered for $39.00 from Land of Nod.

84)   RC Spy Tank – This iOS operated RC car features a camera capable of streaming live video of taking photographs. It can travel up to 20 meters without obstacle and up to 10 meters around walls and other obstacles. The car generates is own wireless connection and runs on 6 ‘AA’ batteries which are not included. The controlling app is available free from the iTunes app store. Costs $79.95 from NitroRCX.

85)   Long Range Walkie Talkie – Designed for children, these long-range walkie talkies can work up to 2 miles apart. They have a special code button meant to send and receive coded messages, and can also transmit spoken messages. They require 6 ‘AAA’ batteries that are not included. Offered from Amazon for $26.99.

86)   Spy Gear Lie Detector Kit – This kit uses a simple finger sensor to pick up the subject’s truthfulness. Indicator lights make note of when the subject is lying. Includes a Lie Detector Handbook. Offered for $12.66 from Amazon.

87)   Spy Gear Night Scope – This hi-tech looking night scope allows vision up to 25’ in the dark, includes a spring-activated mechanism to activate a spotlight. It offers a ‘stealth mode’ beam. Offered for $23.99 from Amazon.

88)   Multi Voice Changer – A voice changer which offers 8 different voice modifiers and adjustable levers to create a hundreds of modulation options. It requires a 9 volt battery which is not included. Offered for $10.03 from Amazon.

89)   Video Recording Watch with Night Vision – This spy watch features a 1.4” full color screen to watch recorded videos and get live playback from the included camera. It includes a rechargeable battery and USB connection and is compatible with both Mac and PCs. It comes preloaded with apps and games, including ‘Spy Detector’ and ‘Lie Detector’ apps from SpyNetHQ. More can be downloaded from SpyNetHQ. Offered from Amazon for $37.69.

90)   Stealth Video Recording Glasses – These sleek black-framed spy glasses conceal a camera behind the lenses capable of recording up to 20 minutes of video or capturing over 2,000 pictures. Evidence gathered can be uploaded to PC or Mac with the included USB connection and uploaded to SpyNetHQ.com. Offered from Amazon for $34.34.

91)   Color Code Message Kit – This nifty kit includes a decoder filter, message code pad, 4 colored pencils and an instruction manual teaching users how to create and decode color-hidden secret messages. Offered for $5.98 from Amazon.

92)   Copper Decoder Ring – This small copper ring contains a basic decoder. The top dial rotates 360 degrees to make it easy to encode or decode a message. Weighs just over an ounch and is only 1-1/2” in diameter. Features geocaching clues. Offered for $14.99 from Amazon.

93)   Jefferson Style Cylinder Decoder Wheel – This solid wood decoder wheel allows users to create a message and select their array of encoded letters. High quality and attractive method of sending and receiving secret ciphers. Offered for $23.99 from Amazon.

94)   Spy Science Intruder Alarm – This simple device allows kids to create an intruder alert by connecting simple electrical circuits to a door buzzer. Requires two “AA” batteries that are not included. Only $10.49 from Nature Pavilion.

95)   EIN-O’s Burglar Alarm Kit – This electronic kit allows children to build their own burglar alarm. Designed for children 7 and up and includes all the parts necessary to make a functional device. Only $7.83 from Newegg.

96)   Vanishing Ink Pen – Sometimes you want to leave a message with a built-in self-destruct feature. Exploding messages are hazardous, so the next best thing is vanishing ink. This pen, which appears to be completely normal, features ink that fades after 12 hours. It writes normally on any paper and the ink appears to be typical. Just $4.00 from CrimeScene.

97)   Invisible Ink (Homemade) – A good spy knows how to make use of the tools at hand. Invisible ink is a good way to share intel with your fellow spies. Most of us have chemicals at home that we can use to create heat, black light, or chemical reaction based invisible inks. This includes milk, tonic water, laundry detergent diluted, table sugar solution, vinegar, and acidic fruit juices. About.com has a great article on homemade invisible ink that can get you started.

98)   Permanent Invisible Ink Marking System – Of course, if you want to ensure the longevity of your invisible message and be sure you have a way to review it later, you may want to purchase this pen. The invisible ink is permanent and waterproof, ensuring its longevity on non-porous surfaces. It includes a UV light so you can check the message after it has been written. Costs $11.99 from Whatever Works.

99)   Invisible Ink Pen & UV Light – This less expensive pen allows users to write secret messages that can be revealed with the included UV light. It’s only 5 inches long, so easy to conceal, and priced at just $1.49 from Lazerpoint it is inexpensive enough to stock up on them.

100) CSI: Fingerprinting Analysis Kit – This kit, available from Toys-R-Us for just $17.99, contains everything a budding investigator needs to examine evidence. It includes tools to gather and analyze fingerprints and other data. It is targeted towards forensic analysis but could be adapted for the budding spy.

101) Spy Gear Evidence Kit – Made specifically for young spies, this kit comes in a professional-looking black hardcase and contains a UV blacklight, a functional 30x microscope, a 10-piece fingerprint kid, and an LED flashlight. Priced at $20.38 from Amazon.

 

 

The Concerned Parent’s Toolbox – Tools and Tricks to Protect Your Kids

Protecting your children online can seem like a daunting task. There always seem to be threats from new angles cropping up on the 5 o’clock news. Children these days are more attached to the internet than ever from an earlier age. There are a number of useful tools that can help you protect your child on your home computers and devices, but you should also teach your child internet safety to protect them when they are away from home. The following list provides a bit of both, useful educational tools that can teach your kids, programs that can monitor their activity, restrict dangerous websites, and even block them from engaging in risky behavior. It also offers a number of helpful tips to pass on to your children or make use of existing tools you may not realize you already have access to.

Tips and Tricks

General Tips

  1. Keep it Open – Keep the computer in a family room or other high traffic area. Kids are a lot more likely to keep up safe habits when there is a sense of accountability. It also allows parents a chance to notice harassment or other negative experiences a child encounters online.
  2. Use Parental Controls – Your operating system has built-in parental controls. Windows 7 has a number of useful and easy to use controls that can help you control which programs your children can run, restrict what rating of games they can play (or restrict certain games all together), filter web content, and even control the days and times your kids can access their account.
  3. Set Limits – Kids are web-savvy these days, and if you listen to them tell it, a connection to the internet is vital to their continued well-being. Set clearly defined limitations on web-enabled devices, including cellphones, game systems, and computers. Limiting the time they spend attached to a mobile-enhanced device can help kids distance themselves from what occurs online. Your child may not need their own web-enhanced cell-phones as children.

Resources for Parents about Internet Safety

  1. Parent’s Guide to Internet Safety – A quick and dirty guide written by the FBI to instruct parents on what risky behavior looks like for kids online and how to prevent it. Slightly out of date, but still full of good advice.
  2. The National Criminal Justice Reference System: Internet Safety – A collection of reports compiled by various government offices examining risks to children on the internet as well as reviewing prevention and response tactics.
  3. The Institute for Responsible Online and Cellphone Communication – A nonprofit organization dedicated to teaching digital safety while promoting responsible use of technology. Their multi-award winning “Live Event” program provides solutions to many cyber issues and ways to reduce the risk of cyber crime.

Educational Sites for Net Smart Kids

  1. Web Wise Kids – This site is a decade-old non-profit sponsored site covering the range of online dangers for kids. Information for parents, educational tools including games for kids, even classroom resources for educators.
  2. NetSmartzKids – Videos, games, e-books, and more geared to elementary school kids designed to teach them all about internet safety.
  3. Privacy Playground: The First Adventure of the Three Cyber Pigs – An online game designed for children aged 8-10 that teaches children about spam, internet safety, and marketing scams.
  4. Safety Land – An online game sponsored by AT&T designed to teach children about internet safety, including protecting private information and avoiding online predators.
  5. Welcome to the Web – A series of challenges and activities to introduce kids to using the internet safely, with a parent and teacher resource guide.
  6. The Carnegie Cyber Academy – “The world’s most prestigious cyber defense training facility in the world.” Kids learn through a series of training missions how to stay safe and have fun online.
  7. Get Cybersmart with Phineas and Ferb – Phineas and Ferb (the cartoon brothers from Disney) film a public service announcement to teach kids all about internet safety.
  8. Think U Know Cyber Café – Very well organized and targeted towards teenagers, this site gives them everything they need to know to stay safe while using social media, chat rooms, playing games, and more.
  9. NS Teens – This site uses animation, comics, and games to educate teenagers about online dangers, cyber bullying, web etiquette, and more.

Cyber Bullying Resources

Things to Know:

Cyber bullying is becoming a huge problem. As schools and other institutions become more aware and proactive in preventing and addressing bullying among students, children have found other avenues to act out. Cyberspace can often seem like a consequences-free field for kids to taunt one another. Almost half of today’s kids report having been bullied online. More disturbing still is the link between bullying and suicide risk for youth. Here are some tools to help you deal with and prevent cyber bullying.

  1. Keep a record– There are a number of free programs that allow you to capture an image of whatever appears on your screen, often with a time-stamp. This allows you to track and document incidences of cyber bullying so it can be reported and addressed. One good free program is Jing, which allows you to take screenshots easily and even allows you to selectively choose the portion of your screen you wish to snapshot, or record video of what is occurring on your screen. Save harassing emails, pictures, or videos that are sent or posted in an attempt to harass your child.
  2. An email contains the sender’s IP address – If someone is harassing your child through email in an attempt to remain anonymous, learn to find the IP embedded in each email. It is often easily located in the header, which can create accountability for the harasser.
  3. Report harassment – Most of the cyber bullying that occurs online happens through social networking platforms. Many of the providers of these services have methods of reporting harassment. Make use of it, and learn how to report on Facebook, Twitter, and YouTube.
  4. Talk to your kids – Most kids never report the harassment they receive online. They are very unlikely to volunteer the information to their parents. Make a point to discuss online bullying with your children, and ask them about what they experience while online. There are lots of good resources to educate yourself and your kids about cyber bullying (listed below).
  5. Foster Awareness – Your child may not fully understand what cyber bullying looks like. It is possible they could be participating in, encouraging, or overlooking bullying with their peers. Make sure they know what it looks like and don’t become a part of the problem.
  6. Learn to Recognize – Since your child is less likely to tell you outright, learn to recognize the common signs that your child is dealing with online harassment. These include sudden drastic changes in time spent online, seeming withdrawn or upset after time texting or being online, sudden social withdrawal, and lots of new contacts appearing on your child’s texts, inbox, or phone.

(Photo by Kid-Josh @ http://www.flickr.com/photos/48112820@N05/)

Anti-Bullying Awareness Sites and Tools

  1. Kid’s Against Bullying – Designed especially for kids, this site is full of tailored information to help kids learn to spot, prevent, avoid, and get help with cyber bullying.
  2. Stop Bullying – A government funded website full of information about cyber bullying, including tips on preventing it for both parents and children and steps on how to address bullying once it is happening.
  3. BrainPOP: Cyber bullying – A clever online video about what cyber bullying is and how it affects people brought to you by BrainPop, who also offer information on digital etiquette and online safety.
  4. STOP Cyber bullying – The first cyber bullying prevention program, this site empowers teens and tweens to fight back against bullying and teaches them to be leaders and how to provide effective peer support.
  5. Cyberbullying.org – This site provides information about what cyber bullying is and how to address it.
  6. Common Sense: Cyber bullying – A really well-designed resource for parents to learn about cyber bullying. Includes a well-made video, information about what it looks like at all age groups, and helpful conversation starters.
  7. The Bully Roundup – The CDC provides this bully-awareness site tailored to 4th-7th graders. It includes eight excellent tips on dealing with bullies and offers an anti-bullying game. It also has resources for parents.
  8. NCJRS: Cyber bullying and cyber stalking – A collection of studies done by various government departments examining the causes and effects of cyber bullying as well as prevention and response tactics and their effectiveness.

Ad Awareness

Ad bombardment has always been a part of a child’s interaction with technology. However, advertisement firms get astounding access to children and teens with the internet. While television restricts ad-bombing to commercial breaks, ads appear literally everywhere for the web-browsing child. Ads appear on nearly every page and they are more targeted than ever. Teaching kids to be media literate can greatly improve their internet experience and give them a powerful tool for the future.

  1. Admongo – Admongo is a game developed by the Federal Trade Commission that helps kids learn to interpret, understand, and usefully navigate the bombardment of advertisement they face in the world.
  2. Ad Decoder – A simple activity and learning guide to help kids learn about ad manipulation sponsored by the CDC.
  3. Media Smarts – A resource from the Canadian government for helping kids become media literate. Lots of information here, including activities, teacher resources, guides, and more.

(Photo by Danny Oosterveer)

Monitoring & Filtering

The first step for many people in protecting their kids online is researching and installing programs that monitor, filter, and restrict access to dangerous content. Each of these programs has different features and offer different levels of oversight. Some will give you simple controls to block inappropriate content, others will monitor every action your child takes and send you a detailed report, and some will even block inappropriate outgoing content. Some of these programs are free and others require a subscription or purchase.

  1. CyberPatrol – CyberPatrol is a software solution for parents that grants them the ability to block inappropriate content, set time limits on computer access or access to specific programs like games, and restricts access to specific programs like games or instant messaging programs. It also tracks the child’s computer usage and creates reports detailing what they did while online and how long they spent at each activity. Cost is $39.95 for three computers.
  2. K9 Web Protection – K9 blocks web content with customizable lists that allow parents to determine what is appropriate for their children. It also forces children to utilize Safe Search on major search engines, allows parents to establish time restrictions on web access, offers anti-tampering security, and creates simple reports to keep parents informed about what their kids are up to. Useable on Windows, MacOS, iPhone and related devices, and Android.  Completely free.
  3. AVG Family Safety – AVG Family Safety offers a unique solution to guard against cyber bullying. By tracking keystrokes, the program analyses chat room and social networking activity and looks out for terms attributed to bullying. If it picks any up, it alerts parents via SMS or email right away. Other features include mobile protections, time and application management, content restriction, activity reports accessible remotely, and more. Annual subscriptions cost $49.99 a year to cover three licenses.
  4. CYBERsitter – CYBERsitter is a 5-time winner of PC Magazine’s Editor’s Choice award. It works on Windows from XP to 8 and allows parents to proactively block a range of content including web, games, social networking, and malicious sites. It also monitors emails incoming and outgoing. It can restrict access to leisure sites (games, social networks, and the like) during times when children are expected to be studying. Completely customizable. One year of service for up to three home computers costs $39.95.
  5. Norton Online Family – A free service from Norton that allows parents to monitor and control web access, keep an eye on social networking activities, search habits, and android smart phone usage. It keeps parents alerted through email updates and also allows them to check in remotely to view reports. Premium service provides greater reporting, more access to android monitoring, and video monitoring as well. Family Premier’s additional services run $49.99 a year.
  6. McAfee Family Protection – Family Protection software allows parents to block over thirty categories of inappropriate or objectionable web content, restrict access to inappropriate YouTube videos through keyword filtering, manage time and application usage, establish age-range guides to content, records instant message and social networking communications and provides instant feedback when topics range into risky territory, filters music with explicit language, and provides simple feedback via email or text to parents. Annual service costs $49.99.
  7. Pure Sight PC – Pure Sight is a respected European based software that monitors social networking, including features that track for cyber bullying, protects against explicit material, violence, and hateful content, establishes internet curfews, restricts file sharing, and provides detailed reports to parents at home or remotely. If it does detect cyber bullying in action, it will automatically cease the conversation, block the bully, and send a message to parents notifying them of the incidence. It costs $5.99 a month for a single computer or $59.90 annually.
  8. Net Nanny – Net Nanny is very well-respected parental control software that has been recognized by major media outlets and has won an assortment of software awards around the web. It offers features like profanity masking, which filters and conceals profanity on websites as well as the standard collection of social media and IM monitoring, with cyber bully protection, web content filtering, video game controls, time scheduling, and more. Net Nanny will cost you $39.99 annually.
  9. Sentry PC – Sentry PC is parental control software that offers the host of typical features like web content management and filtering, usage controls, gaming filters, and parental reports. It also includes chat filtering, keystroke phrase filtering, and logs and records screenshots of a child’s online activity. It allows parents to remotely log and view activity. It works for Windows 2000-8. Basic software will cost $49.95 annually for up to three computers, additional features and add-ons can also be purchased.
  10. SafetyWeb – SafetyWeb allows parents to monitor online activity on social networks, chat programs and also keeps track of calls and texting on their mobile phones. It has smart analytical tools that search for risky interactions, including predatory and bullying behavior, and alerts parents. It actively searches for your child’s presence in a wide range of social networking sites and alerts parents to their child’s online presence. It also tracks topics like eating disorders, drug and alcohol addiction, depression, and hate speech. Accessing SafetyWeb will cost $100 for one year, or as little as $9 monthly when billed to your phone.
  11. Screen Retriever – This monitoring software tracks all of a child’s activities both online and offline and allows parents to remotely glimpse at what is happening on their child’s screen. It captures all chats, including on social media and instant messaging programs like Skype and AIM, and allows parents to review them at their leisure. Access will cost $49.99 for an annual license.
  12. uKnowKids – uKnowKids offers the complete technological protection package, including social and web monitoring, mobile monitoring, and location monitoring. The location monitoring sets it apart from its competitors. This service allows you to track your child’s exact location using GPS, WiFi, and social media data. Not only can it pinpoint their last location, it tracks their movement every thirty minutes and can provide a worried parent a detailed report of their child’s activities throughout the day. This is alongside equally powerful web and mobile monitoring that offers the industry standard features and then some. Works with iPhone and related devices, Blackberry devices, and Android devices. Plans range from a basic limited free version to a monthly $9.95 fee. Additional features can be added.

File Sharing or P2P

A sometimes overlooked risk on the internet for kids is file sharing. Not only do kids frequently get caught up with illegal downloads of music, videos, and games, files are often mislabeled and can harbor all sorts of nasty things. These files can conceal viruses and spyware and even illicit material. You can protect your children against this with a few simple steps.

  1. Block your P2P software – As previously discussed, you can limit access to specific programs. Lock your children out of any P2P software you have on your computer already. If you want to eliminate the problem wholly, blocking the software can keep them from engaging in this risky behavior.
  2. Legal Download Sites – There are a number of legal download sites available on the internet. Find a few of these and offer them to your child as an alternative to other notorious pirate-friendly sites. To get you started, there is a list of free and legal music download sites listed below.
  3. Lay down ground rules – Kids are more likely to follow safe P2P guidelines if they understand the very real consequences risky behavior can have. Make sure they understand why you limit or restrict their file sharing habits.

Information on P2P/File Sharing

  1. P2P File-Sharing Risks – A well-organized guide to online scams, file-sharing risks, and more.
  2. A Parent’s P2P Guide – A straightforward PDF guide on all the potential issues in P2P downloads including how to recognize signs of risky behavior and how to prevent it.
  3. Kid Smart File Sharing – This fantastic teen-focused site is designed to introduce kids to the risks of file sharing services and teach them how to use them safely and for the right reasons. It covers copyright material, legal issues, viruses and spyware, concealed files, and how to find legal download sources.

Legal Music Download Sites

  1. Last.fm – Social networking for music nerds with free or inexpensive downloads for acts ranging from indie to mainstream. Share playlists, find other fans, introduce your friends to great music, and more.
  2. Jamendo – This service offers lots and lots of free and legal music and music videos from independent acts. Free streaming, downloading, and sharing with friends.
  3. Free Music Archive – Tons and tons of completely free to download music, with curated lists to help you find good music that suits your tastes.
  4. SoundCloud –  SoundCloud helps you explore music, share it through social media, and upload your own music.
  5. MP3.com – Get free MP3 downloads from indie acts and major acts alike. They offer free daily downloads and are a great way to get introduced to new music.
  6. Noise Trade – A link between music fans and indie bands, offering tons of free downloads and a straightforward way to explore new and excellent music.

Identity Protection & Privacy

Identity theft is a rising threat to children. Most adults are now aware that they must protect their personal information from would-be identity thieves, but few of us think to concern ourselves about the identity protection of our Kindergartener. Unfortunately, it is one of the fastest growing areas of ID theft.

Other threats to identity online include one we are more familiar with – predators. Make sure your children know what sort of information to keep to themselves to stay safe.

  1. Protect Your Child’s Identity from Experian – A simple guide explaining how identity theft occurs with children, how to prevent it, and what to do if your child’s identity is stolen.
  2. Your Online Identity – An article written targeting children about safe online behavior regarding identity and personal information. It covers cyber bullying, net etiquette, and privacy.
  3. Teen Space @ Identity Theft Resource Center – A resource guide geared towards teenagers to teach them about protecting their personal information from thieves online. It includes games, peer-made videos, information, and much more.

(Photo by Don Hankins)

Online Predators

Online predators are probably one of the most well-known risks associated with children on the web. Most parents are aware that predators sometimes stalk chat rooms that children frequent. This problem has gotten a lot of attention and thus has a lot of resources available to prevent it and still allow kids to get a chance to explore new social connections.

Tips for safe chatting

  1. Talk to your kids about safe chatting – Let your kids know what sort of information predators are looking for. Arming kids with awareness can prevent them inadvertently slipping an online predator information which can lead them to your child.
  2. Limit direct access – It is best if your child never gives out direct-access information to strangers online, like e-mail addresses and even instant messenger account names. E-mail addresses are particularly worrisome since a lot of information can be obtained from embedded IP addresses. Let your kids know to never share that information with people they don’t know in person.

Information on Sexual Predators Online

  1. Family Safe Computers: Online Predators – A simple article about how to recognize predatory behavior and prevent kids from being targeted by it.
  2. Sexual Predators Online – A resource guide that covers the range of risks online predators present, how to recognize the predatory behavior, how to prevent kids from accessing dangerous sites or social interactions, and more. Tools and reporting information.
  3. Online Predator Statistics – An eye-opening collection of facts and statistics relating to online predators.

Chat Room Safety

  1. Chat Room Safety – Simple advice to teach your kids about chat-room safety.

Child-Safe Social Networking & Chat Programs

  1. Mulch Den – Mulch Den is a program designed mostly for younger children who are interested in chatting online. It utilizes an artificial intelligence program to help your child participate in curiosity sparking conversations with a character named Yuk Yuk and his friends who reside in a world deep inside the Earth’s core. This is completely free.
  2. Kid Chat – This chat service is specifically designed to provide a safe place for kids to meet and talk online. It features security filters that block kids from sharing private information, blocks and restricts any form of cursing including self-filtered variants, and requires good net etiquette from its users. There is also staff present to actively monitor the chat rooms and keep out predators and inappropriate behavior.
  3. Kids Social Network – This social network has been developed for kids, allowing them to connect with each other in a safe and secure environment. It offers a lockdown browser that filters inappropriate content, kid-safe chat programs, and even games. Law enforcement is granted a direct-access portal to help keep the kids using the network safe. Accounts are free.
  4. Kidz World – Another social network made specifically for kids, it features advice columns, school help, chat and forums, games, and more. Unfortunately, this site has lots of advertisements and less filtering than other options listed here. It does offer protection against predators and some filtering. This site is geared more towards tweens and teens than younger children.
  5. Grom Social – Grom Social was created by a kid, for kids to provide them with a fun place to socialize online. Meant to be a replacement for Facebook just for kids that is safe, monitored, and lets them do everything from chat and game with friends to get help for school. Free to join and features a mobile app. Grom Social takes an active stance against bullying, drug use, and smoking and encourages kids to make healthy choices.
  6. Club Penguin – This Disney hosted kids social site features lots of fun activities and games, avatars, and kid-safe networking and chatting. Free accounts can explore the virtual world and play games in this moderated environment, and members can get access to everything to their heart’s content. Membership costs anywhere from $5.00-$7.95 per month depending on how long the subscription lasts.

Internet Addiction

Addiction to the wonders of the web is a growing problem for today’s youth. In some countries, like Korea, internet addiction in children as young as six is a growing epidemic. Learning to spot the signs of addiction and understanding how to manage it in children who often require some level of access is an important tool to add to the modern parenting kit.

Warning Signs and Prevention Tips

  1. Favoring online social interactions – If your child starts eliminating in-person social events in favor of online activities, they may be developing an internet addiction. Encourage them to prioritize time spent with local friends over time spent with online ones.
  2. Overemotional responses to removal of web-enhanced devices – If setting the smart phone down for dinner or restrictions to online time trigger emotional outbursts, your child may be developing an addiction. Establish limited time frames for internet access and encourage other offline interests.
  3. Restrict access time – Do not allow unfettered access to the internet. Establishing a limited timeline for internet access can help kids prioritize their use of it. Whether it’s during specific hours or days of the week or for limited times after tasks are completed, the restriction can help your child develop a healthy relationship with the internet.

Guides for Parents on Internet Addiction

  1. Internet Addiction: What Can Parents Do? – A well-written article outlining the signs of internet addiction and how to help kids get through it. Very good advice.
  2. Parent-Child Internet Addiction Test – A quick test to help parents determine if your child’s relationship to the internet constitutes addiction. Includes lots of resources for dealing with and understanding internet addiction.
  3. Internet Addiction in Kids – A quick article on internet addiction in children, including some tips on reducing internet reliance in kids.

Hidden Web Access

Do not forget that kids these days are connected to the internet from more than just their home PC. Cell phones, both their own and those of their friends, are linked in as well as a number of other mobile devices including handheld and console game systems, and obviously tablets. This fact makes it considerably more challenging to monitor and protect your kids, though there are still tools to be examined. The other side of mobile web access is an increased array of tools to help keep kids safe outside of the home.

  1. Infographic on Teen Web-Access via Smartphone – This infographic is a really eye-opening indicator of how traditional internet safety tactics, like making sure the computer is in a common room in your home, are bypassed by modern teen internet usage.

Basic Tactics

  1. Shop around – For many families a cell phone is an incredibly vital tool to stay in touch, keep track of teen whereabouts, and organize complicated family schedules. If not allowing your child a web-enhanced phone is an option, shop for a phone and provider that gives you accessible parental controls. Many cell phones offer tracking features, web and text filters, time restrictions, contact restrictions, and more. Find a level of protection that works for your family.
  2. Talk, talk, talk – This is perhaps the most important tool around for protecting your kids. All the fancy programs and monitoring devices and webcasts in the world are no substitute for conversations with your child about the risks that exist, their seriousness, and the ways your child can mitigate them. Your child’s own wise choices are the best defense against risk.

Child Safety Apps

  1. Mobicip – This cloud-based web filter makes it easy to set up personalized web filters across every web-enhanced device in your household, including Windows 7, Ubuntu, Android, iPhone and iPad devices, and even Kindle Fires. Basic accounts are free and come with real-time content filtering, data encryption, and standard filtering levels. A premium account costs $9.99 annually per device and offers more control, category blocking, time limits, activity reports, and more.
  2. North Star Child Safety Monitor – This handy app tracks the progress of a child and the school transportation they utilize. This helps parents look for poor driving, track arrival times at pick up and drop off sites, and verify attendance. Parents receive an instant SMS alert when the bus is within 10 minutes of a pickup or drop off site, when a child boards the vehicle,  and in cases of accident.
  3. Children TV – This application helps create a child-friendly video listing utilizing YouTube content. Designed for mobile devices, it creates an easy to use menu of videos sorted by language, fun, and age range. Totally free.
  4. Kids Place – This app offers parental controls to Android devices that allow parents to block outgoing calls and text, the android marketplace, app downloads, and prevent curious kids from using the phone. It can also establish a timer lock, so children can use accessible apps only for a certain length of time. Best of all, it’s free.
  5. FBI Child ID – This free app provided by the FBI is designed to help you electronically store vital information and photos about your children so in the case of an emergency you can instantly provide important identifiers to police and security personnel. It also offers handy tips on keeping children safe and a guide on what to do in the vital first hours after a child goes missing.
  6. Family GPS Tracker: Life 360 – This application provides you with a personalized family map that shows you the location of all of your family members at a glance. You can personalize messages and check in to let your family know you have safely arrived at an intended destination, and even pull up a built in chat feature that lets you update everyone all at once without sending out half a dozen individual messages. It also includes emergency roadside assistance for all connected family members. They offer a basic free plan, but to get the best offering the premium plan costs $5 a month or $50 for a year for your whole family
  7. Sprint Family Locator – This service allows you to locate your child in real-time with interactive satellite maps from your computer or any web-enhanced mobile device. You can even set up arrival times for your children and your phone will update you when they get home and send you an alert if they fail to arrive on time. You can even lock your child’s phone remotely.
  8. Famingo Sandbox – This app helps parents provide the best mobile applications to their kids and gives them control over ones they find objectionable. A+ apps are suggested in an easy to navigate interface while ones to avoid are restricted from kids. It creates a virtual sandbox safe for kids to explore so parents don’t have to worry.
  9. Kids Mode – Designed for kids aged 8 and below, this fun application features a number of educational and fun games organized in an easy to navigate menu. It includes a child lock feature to keep kids away from other parts of the phone, video mail so kids can chat with family members, an art studio, and a weekly report for parents to track what their kids have learned. Free to use.
  10. Ranger Pro Safe Browser – This Android application offers a secure mobile browser environment that users can customize to suit the needs of their family. It offers a range of blockable categories and methods to whitelist or blacklist specific sites. They also continuously (once an hour) update their lists and categories so users can be sure the environment remains safe. The browser itself features copy & paste, pinch & zoom, landscape mode, multi-tabs, browsing history, URL suggestion, cookies, and more. Free to use.
  11. Find My Kids: Footprints – This iOS application allows users to track in real-time the location of loved ones. Parents can establish virtual fences, like a child’s school or a friend’s house, and get notifications when those digital boundaries are crossed. Parents can also view a map of where their children have been throughout the day. Further, it does so automatically, not requiring any sort of manual check-in. The application itself is lightweight to preserve battery life. Available in the Apple App Store for $3.99 for a one-year subscription.

Background Check

The Benefits of Background Checks for Individuals and Businesses

As more people compete for jobs and contracts in an ever increasingly tight market, there is a temptation to embellish credentials or even make false statements on resumes. Surveys conducted by Accu-Screen, Inc., ADP, and The Society of Human Resource Managers in 2012 found the 53 percent of people lied on job applications or on job applications. Even more worrisome is that the same survey found that 70 percent of recent college graduates admitted that they would lie on their resume if it meant that they would get a job [http://www.statisticbrain.com/resume-falsification-statistics/]. While it is short-sighted for the person to lie on their resume because in most cases the falsehood is discovered and they will be fired, this deception can also be costly for a business.

 

A Falsehood on a Resume Costly for Both an Executive and a Company

In 2002, it was discovered that a CFO of a major software firm had lied about his academic credentials. He claimed that he received his MBA from Stanford and that he received his undergraduate accounting from Arizona State University. As a result, he was forced to resign from the company. Despite his resignation, the credit rating of the company was dropped and the stock of the company dropped by 20 percent. If the company had completed a thorough background check prior to employing this executive, the business and the stockholders would not have incurred this loss [http://www.businessinsider.com/9-people-who-were-publicly-shamed-for-lying-on-their-resumes-2012-5?op=1].

 

Businesses and Background Checks

Businesses who conduct background checks find that this due diligence provides a significant return on their investment. As in the example, a company can lose a significant amount of good will and consumer trust, which will affect their bottom line. Another example of a company that took a hit to their reputation was Yahoo! when it was discovered that Scott Thompson, their CEO, had lied on his resume about his educational background. Both of these situations could have been avoided if the companies had performed background checks to verify the academic credentials before hiring them.

In addition to verifying information that a job applicant had documented on his or her resume, background checks can also provide an employer with a criminal background check. A recent 2012 industry survey found that businesses in the United States lost $50 billion due to employee theft [.http://www.statisticbrain.com/employee-theft-statistics/]. Moreover, with the growing popularity of online retailing, more companies keep sensitive customer information, such as credit card information, in company databases. If an employee compromises these databases and steals this information, companies not only incur the ire of their existing customers, but also lose potential sales from new customers who do not want to trust the company. Moreover, the company is likely to have to pay for identity theft prevention services and credit monitoring for their customers. The risk of employee theft and security breaches can be significantly decreased by performing a criminal background check.

Businesses can use backgrounds checks to find information about other companies. For example, if they are considering forming a partnership or buying another company, a background check can determine if the company has a history of code infractions, lawsuits, or regulatory violations. Additionally, background checks are useful when performing assets discovery and verifying property values. The results of background checks provide the foundation for making sound and informed business decisions.

 

Background Checks for Consumers

Individuals are also discovering the benefits of background checks. As more employers start performing background checks for potential hires, it is essential to verify that the information in your background check is correct. Just as consumers sometimes have errors in their credit reports, there can be misinformation in public records. Often these errors occur because of similarities in names, data entry mistakes, or Social Security numbers that are close in sequence. It is much easier to correct these errors before beginning a job search than trying to explain mistaken information to a Human Resource representative, given that the opportunity is even offered.

As more and more families have both parents working, it is common that people hire childcare help or sitters for elderly parents. The media is full of stories of nannies and eldercare workers who have abused or neglected their charges. People can protect their loved ones by performing a background check on potential caretakers. These checks will help determine if the person has had any complaints or criminal charges brought against them. Additionally, a comprehensive check of sex offender registries can be requested as part of the background check.

Consumers can also check the credentials and licensing status of physicians, attorneys, and other professionals. These background checks allow people to verify that a professional has standing to practice in their state as well as any history of sanctions levied by professional boards. This ensures that individuals are receiving competent care and services.

 

Background Checks for Non-Profits

Many non-profit organizations provide services to the most vulnerable members of society. Children, the elderly, and the disabled are easily exploited by unscrupulous individuals. Additionally, non-profits also have extremely limited funds and have a great deal of difficulty trying to recover from theft. Moreover, donors often look to other organizations to support when a non-profit has problems with abuse, neglect, or exploitation of clients by volunteers, or a history of theft.

A non-profit organization can protect their clients and organization by contracting to have background checks of their volunteers. This will provide them with information about any criminal history, domestic violence or child/elder abuse history, as well as a check of sex offender registry information.

 

Privacy Concerns and Background Checks

While the majority of information contained in background checks is derived from searches of public records, it is considered best practice to inform the person that their background is going to be checked. The notification should be provided in writing and the individual should sign a document giving permission and waiver of liability in the event unfavorable information is discovered. Often when unscrupulous people find out that they are subject to a background check, they will withdraw their application. Just informing a person that they are undergoing a background check can deter dishonest or unethical people from trying to join your organization or providing services to your family.

1 44 45 46