Compact Guide To Child Protection Online

Compact Guide to Child Protection Online – The Essential Strategies

Compact Guide to Child Protection Online The Essential Strategies

David Teisseire, CISSP Second Edition Revision 2.2

Page 1 of 71

 Copyright David Teisseire, CISSP 2002 - 2003

Edition 2 Rev 2.2

Compact Guide to Child Protection Online – The Essential Strategies

The right of David Teisseire, CISSP to be identified as the Author of the Work has been asserted by him in accordance with the Copyright, Designs and Patents Act 1988.

Page 2 of 71

 Copyright David Teisseire, CISSP 2002 - 2003

Edition 2 Rev 2.2

Compact Guide to Child Protection Online – The Essential Strategies Table of Contents PREFACE – A PERSONAL NOTE TO THE READER...........................................................................7 INTRODUCTION..........................................................................................................................................9 HOW THIS BOOK CAME INTO BEING......................................................................................................................9 WHO SHOULD READ THIS BOOK?.........................................................................................................................9 HOW THIS BOOK IS STRUCTURED.......................................................................................................................10 PART 1 – THE HUMAN FACTORS.........................................................................................................11 TOPIC 1 – RELATIONSHIPS...............................................................................................................................11 Threat....................................................................................................................................................11 Mitigation.............................................................................................................................................11 TOPIC 2 – LOCATION OF INTERNET ACCESS.......................................................................................................12 Threat....................................................................................................................................................12 Mitigation 1..........................................................................................................................................12 Mitigation 2..........................................................................................................................................13 TOPIC 3 - PARENT AND CHILD CONTRACTS.......................................................................................................13 Threat....................................................................................................................................................13 Mitigation 1..........................................................................................................................................14 Mitigation 2..........................................................................................................................................14 PART 2 – INTERACTIVE SERVICES.....................................................................................................16 TOPIC 4 - CHAT ROOMS..................................................................................................................................16 What are they........................................................................................................................................16 Threat....................................................................................................................................................17 Mitigation 1..........................................................................................................................................17 Mitigation 2..........................................................................................................................................18 Mitigation 3..........................................................................................................................................18 Mitigation 4..........................................................................................................................................19 Mitigation 5..........................................................................................................................................20 TOPIC 5 - VOICE CHAT...................................................................................................................................20 What is it...............................................................................................................................................20 Threat....................................................................................................................................................21 Mitigation 1..........................................................................................................................................21 TOPIC 6 - WEBCAMS......................................................................................................................................21 What are they........................................................................................................................................21 Threats..................................................................................................................................................22 Mitigation 1..........................................................................................................................................22 Mitigation 2..........................................................................................................................................22 TOPIC 7 - INSTANT MESSAGING.......................................................................................................................23 What is it...............................................................................................................................................23 Threat....................................................................................................................................................23 Mitigation 1..........................................................................................................................................23 Mitigation 2..........................................................................................................................................24 PART 3 – DELIVERED SERVICES..........................................................................................................25 TOPIC 8 - WORLD WIDE WEB........................................................................................................................25 What is it...............................................................................................................................................25 Threat....................................................................................................................................................25 Mitigation 1..........................................................................................................................................25 Mitigation 2..........................................................................................................................................25 Mitigation 3.........................................................................................................................................26 TOPIC 9 - SEARCH ENGINES............................................................................................................................27 What are they........................................................................................................................................27

Page 3 of 71

 Copyright David Teisseire, CISSP 2002 - 2003

Edition 2 Rev 2.2

Compact Guide to Child Protection Online – The Essential Strategies Threat....................................................................................................................................................28 Mitigation 1 .........................................................................................................................................28 Mitigation 2..........................................................................................................................................28 TOPIC 10 - USER PROFILES..............................................................................................................................31 What they are........................................................................................................................................31 Threat....................................................................................................................................................31 Mitigation 1..........................................................................................................................................31 TOPIC 11 - EMAIL..........................................................................................................................................32 What is it...............................................................................................................................................32 Threats..................................................................................................................................................32 Threat 1.................................................................................................................................................33 Threat 2.................................................................................................................................................33 Threat 3.................................................................................................................................................34 Mitigation1...........................................................................................................................................35 Mitigation 2..........................................................................................................................................36 Mitigation 3..........................................................................................................................................36 TOPIC 12 - CLUBS AND GROUPS.......................................................................................................................37 What are they........................................................................................................................................37 Threats..................................................................................................................................................37 Mitigation 1..........................................................................................................................................38 TOPIC 13 - IMAGES........................................................................................................................................38 What are they........................................................................................................................................38 Threat....................................................................................................................................................39 Mitigation.............................................................................................................................................39 TOPIC 14 - LITERATURE..................................................................................................................................40 What is it...............................................................................................................................................40 Threat....................................................................................................................................................40 Mitigation.............................................................................................................................................40 TOPIC 15 - PEER TO PEER SERVICES.................................................................................................................41 What are they........................................................................................................................................41 Threats..................................................................................................................................................41 Mitigation ...........................................................................................................................................41 TOPIC 16 - MP3 MUSIC................................................................................................................................42 What is it...............................................................................................................................................42 Threat....................................................................................................................................................42 Mitigation.............................................................................................................................................42 TOPIC 17 - VIDEO..........................................................................................................................................42 What is it...............................................................................................................................................42 Threat....................................................................................................................................................43 Mitigation.............................................................................................................................................43 TOPIC 18 - EZINES.........................................................................................................................................43 What are they........................................................................................................................................43 Threat 1.................................................................................................................................................44 Threat 2.................................................................................................................................................44 TOPIC 19 - USENET........................................................................................................................................45 What is it...............................................................................................................................................45 Threat....................................................................................................................................................46 Mitigation.............................................................................................................................................47 PART 4 – SAFE ALTERNATIVES............................................................................................................48 TOPIC 20 - SAFE WEB BROWSERS...................................................................................................................48 What are they........................................................................................................................................48 The Family Browser.............................................................................................................................48 TOPIC 21 - FIREWALLS AND FILTERING.............................................................................................................48 What are they........................................................................................................................................48 We-blocker ...........................................................................................................................................49

Page 4 of 71

 Copyright David Teisseire, CISSP 2002 - 2003

Edition 2 Rev 2.2

Compact Guide to Child Protection Online – The Essential Strategies Zone Alarm...........................................................................................................................................49 TOPIC 22 - SAFE CHAT ROOMS.......................................................................................................................49 What are they........................................................................................................................................49 TOPIC 23 - SAFE SITES...................................................................................................................................49 What they are........................................................................................................................................49 TOPIC 24 - SAFE SEARCH ENGINES..................................................................................................................50 What they are........................................................................................................................................50 Yahooligans..........................................................................................................................................50 AskJeeves for Kids................................................................................................................................51 Family Friendly Search........................................................................................................................52 SurfSafely..............................................................................................................................................53 TOPIC 25 - SAFE PORTALS..............................................................................................................................54 What are they........................................................................................................................................54 Kids.Net.Au ..........................................................................................................................................54 Blackstump............................................................................................................................................54 Beritsbest..............................................................................................................................................56 SurfSafely..............................................................................................................................................56 CyberGuide...........................................................................................................................................57 PART 5 - SPECIFIC THREATS................................................................................................................58 TOPIC 26 - SCHOOL WEB SITES......................................................................................................................58 What it is...............................................................................................................................................58 Threat....................................................................................................................................................58 Mitigation 1..........................................................................................................................................58 Mitigation 2..........................................................................................................................................59 Mitigation 3..........................................................................................................................................59 TOPIC 27 - PERSONAL WEB PAGES..................................................................................................................59 What are they........................................................................................................................................59 Threat....................................................................................................................................................59 Mitigation 1..........................................................................................................................................60 Mitigation 2..........................................................................................................................................60 Mitigation 3..........................................................................................................................................61 TOPIC 28 - CYBERBULLIES..............................................................................................................................61 What are they........................................................................................................................................61 Threat....................................................................................................................................................61 Mitigation 1..........................................................................................................................................62 TOPIC 29 – CYBERSTALKING...........................................................................................................................63 What is it...............................................................................................................................................63 Threat....................................................................................................................................................63 Mitigation 1..........................................................................................................................................64 Mitigation 2..........................................................................................................................................64 TOPIC 30 - HACKERS AND CRACKERS................................................................................................................65 What are they........................................................................................................................................65 Threat....................................................................................................................................................65 Mitigation 1..........................................................................................................................................66 TOPIC 31 - PAEDOPHILES................................................................................................................................66 Who are they.........................................................................................................................................66 Threat....................................................................................................................................................67 Child profile..........................................................................................................................................67 Signs 1 – Home Attitudes......................................................................................................................68 Signs 2 – Lifestyle Changes..................................................................................................................68 Signs 3 – Accounting Signs...................................................................................................................68 Signs 4 – The Rest.................................................................................................................................69 Mitigation.............................................................................................................................................69 CLOSING THOUGHTS..............................................................................................................................70

Page 5 of 71

 Copyright David Teisseire, CISSP 2002 - 2003

Edition 2 Rev 2.2

Compact Guide to Child Protection Online – The Essential Strategies APPENDIX A – AUTHOR BIO..................................................................................................................71

Page 6 of 71

 Copyright David Teisseire, CISSP 2002 - 2003

Edition 2 Rev 2.2

Preface – A Personal Note to the Reader A significant portion of this version of this book was written while having coffee at the somewhat idyllic surroundings overlooking the hills from my local McDonalds, Golden Grove, South Australia. Apart from the relative peace during the week, (if a McDonalds can ever be truly peaceful), there was a certain family centric ambience It was this family atmosphere, I believed, that enabled me in part, to focus on the nature of what I was attempting to achieve both in this book and the other Internet security initiatives I am involved in. I considered that the familiness of McDonald’s was a good foil to the blackness of the Internet areas I was working in. Besides I enjoy drinking coffee there. It was a weekend morning about 10.30 am and I had taken the opportunity to do a little work on this book while my son enjoyed the chance to play at Macca’s. While wrestling with creating an effective mitigation for a particularly offensive threat, I looked out at the playground as I periodically do, to check on my son. This time however, I was struck by immense dis-proportionness of the whole matter. Little children against the might of adults, who, in concert, have conspired to corrupt, spoil and exploit the innocents. It was that 5-year-old boy climbing on the play equipment; it was that 8-year-old girl in the midst of her birthday party opening all her presents; it was that one-year-old struggling to walk in a straight line. It was a noisy, whirl of activity, the sliding down the slippery dip and the running around that caught my eye. I looked back at my laptop screen and re-read the threat that I was working on. I looked back at the children. It was these children; that girl, that boy, that baby that I was trying to protect. Up until that moment I had known what I was doing. As an Information and Internet Security Professional, I knew that I had both the opportunity and the obligation to protect children from those who would exploit them. But it had always been from the perspective of stopping or catching the bad guys. Taking this perspective enabled me to be professional, objective, without bias. Those are admirable qualities to strive for, but it does blind you to the human, the emotive, and the full impact of the tragedy. Right now I see it from the other side far more clearly than I had before. It’s not only about stopping the black hats, but just as much about protecting the pink dresses and the blue jeans and tee shirts. I know well the face of the enemy, that multi tentacle black monster that prowls the digital highways looking for victims that it may feed its perversions or drive its lust for money. Today I met the other side.

I had always know that what was being done to our children was wrong, immoral, unethical, unscrupulous and criminal. Today I discovered that what many parents are doing by lack of action is also wrong, immoral, unethical, unscrupulous and criminal. Harsh words to be sure, but I challenge every reader to go to their Macdonald’s, read the threats then look at the children playing and ask if we are doing enough to protect not only our children but all children.

David Teisseire, CISSP July 2003

Introduction Every author is acutely aware that the acceptance of his or her book is often determined by what is written in this, the introduction of the book. Accordingly, authors tend to ramp up their work, to promise all sorts of benefits and generally try to portray themselves as the world’s greatest expert in the subject. In a sense this is reasonable, as the author has to convince the prospective reader that their time and expense will be worth while. I believe that it is the content and the effects of that content that are paramount. It is the message and not the messenger that is important here. It is, however, reasonable that you the reader know what my qualifications to write on this subject are, to know by what authority I write, to be able to evaluate if I have both the knowledge and the experience to advise through this book. I have for this specific purpose included a brief biography of myself at the very end of this book. This is purely for those who want to know who the heck this guy is. How this book came into being This book started out as a course manual for attendees of the “Child Protection Online – The Essential Strategies” series of lectures for parents, teachers and caregivers. Many attendees expressed that they did not know how to specifically implement the strategies presented in the course. From those beginnings it became apparent that there was a need for an easy to understand, step by step solution manual for common child protection issues. By definition the book had to address specific issues and enable the reader to implement a specific mitigation within minutes. This then is my answer to those needs. Who should read this book? Within the computer security field there is a wealth of books and online material. The problem with almost all of it is, that it is targeted toward the security professional or at the very least the savvy computer and Internet user. This book is different in that it specifically addresses the problems and threats faced by parents, teachers and caregivers in the protection of children while using the Internet. This book assumes nothing other than that the reader is able to use a computer and to be able to log on and access the Internet. I have attempted to keep jargon to an absolute minimum. The mitigations are described in such a way as to enable a parent to implement the solution in a few minutes. Since fear is probably the biggest hindrance to timid users, this book is heavy on how to do it, rather than explaining the theory behind the action.

How this book is structured This book is divided into a number of parts. Each part deals with a specific area of child protection on the Internet. Within each part are a number of topics, each addressing a specific aspect of that part. Finally within each topic there are a number of sections. Each section addresses a specific issue, an answer to a problem. Each section begins with a brief statement of the threat and in some cases where it is not obvious, the reason that it poses a danger to children. Following the threat description is the mitigation strategy to protect the child from that threat. Each specific threat and mitigation can generally be read and acted on within 10 minutes. If you perceive a threat then you could turn to this book look it up and dispatch the matter in minutes. No studying, no theory and no need to wade through heavy specialist manuals.

Part 1 – The Human Factors This first part of the book concentrates on what is perhaps the most critical facet of the child protection strategy. It is that part that relates to things that we can do even before we turn on the computer. Because of this, it is also of value to those who are contemplating the purchase of an Internet able computer and sets out some basic guidelines for both parents and children. Topic 1 – Relationships Threat The Internet continues the general pattern that began to develop decades ago. That pattern is of course that our children are relating to inanimate objects more than they relate to other people and more specifically to us as their parents. It began with television, then video games and now it is in its most attractive form, the Internet. The problem is that our children are becoming disenfranchised from their families. They are becoming isolated from the family and insulated from the reality of life. This I consider to be the greatest danger of the Internet and the root cause of much of what happens to our children when they surf. This issue of the effects of disenfranchisement will rise up time and time again throughout this book, and for that I offer no apology. Mitigation In all most all my lectures and speeches, I stress that the single most effective strategy to protect children from those who would exploit, is for parents to have an open relationship with their children. Your children need to not only know that you care for them and their welfare but also that they can come to you and discuss any matter without you going ‘spare’ at them. Your children need to know that if they receive or view anything that causes them embarrassment, fear or confusion then they can freely show you what it was, without you asking them accusingly “what did you do?” Many parents have told me that they were not aware that a child could be exposed to say pornography without actively seeking it out. They thought that if it appeared on the screen then, it was because the child went to a porn site. Such is simply not the case. Children can be exposed to inappropriate content from a variety of means and only one of those means is the child seeking it out.

As a parent we have to adopt the position that any inappropriate content on the screen may well be the result of factors outside the child’s power to prevent. When your child presents you with something that is not suitable for them, concentrate on the child not the content. Explore how it makes them feel and make it very clear that you are not making a judgement about them nor your love or concern for them. If we ensure that they feel safe coming to us regardless of what the issue is, then they will be willing to come to us when it is no longer a matter of simple inappropriate content. Maybe then they will be willing to come to us when they are targets of the more serious issues of being stalked online or pursued by a paedophile. Topic 2 – Location of Internet Access Threat There is a considerable trend for parents to place the computer along with the Internet access within a child’s bedroom. The rationale is that since the child is using the Internet to study, it needs to be in a quiet place away from distractions. The problem with this is that while it is quiet and away from distractions, it is also away from other family members. As a result many children are lured into situations and Internet sites that they perhaps would be unlikely to find themselves if the Internet was not located in the privacy of their bedroom. Mitigation 1 This is once again a matter of disenfranchisement from the rest of the family. The only solution to this threat is to place the Internet access point in some common room of the house. The two most popular are the lounge room and the kitchen/dining areas. In considering this, you must look at the usage pattern of the child and your constraints on the times that the child has access to the Internet. Younger children tend to do homework and contact friends just after school and before tea. In this scenario, it is wisdom for the parent to locate the Internet access in the kitchen/dining area of the house. The parent is then able to loosely supervise the child while preparing the evening meal. I will come back to this concept of loose supervision a bit later. Where older children are concerned, they tend to access the Internet later in the evening after the meal. For these children, it is more beneficial for the access point to be located in the lounge or family room. This should be the room that the family congregates in during the evening.

I should warn readers that teenagers are going to try and convince you that they cannot study and do research with all the noise from the television and other family members. I would like to make two observations regarding this. Firstly, everyone in my family uses the Internet connection that is located in our family room and the noise of television and others rarely hinders their work. Secondly, we all know both from our own youth and observation of our children that they are able to study, read and now even surf the Internet with loud music and disjointed sounds. So which is better? It is primarily a function of where the parents can be close by for the greater portion of the time that the child is online. Mitigation 2 I really like this one. I call it the drive by. This mitigation is part of the loose supervision that I mentioned above. Even though your child may be in the same room as you while they are using the Internet, they are often looking at the back of your head as you watch television or whatever. Although this is a vast improvement on the situation where the child is closeted in a bedroom, it still has the potential to be improved. In this mitigation the parent occasionally and I stress the infrequency of this, gets out of their seat and wanders past the child while on line. As they pass, they stop and have a brief look at what the child is doing, maybe offering some encouragement or if you are computer literate enough offering to help them find something that may be eluding them. For those not so literate you could ask them how they managed to find that particular site or information. Show interest in what they are doing, what they are seeking to accomplish, even if it is only chatting to friends on ICQ (an Internet messaging service similar in some ways to mobile phone messaging). The object of this mitigation is to firstly give you a feel for what they are involved in and secondly to reaffirm that they are part of the family and not alone, even when online. This concept is so critical that I have coined the phrase “Never Lost On Line” in the child protection lectures. Now I may be deluded, but I am partly convinced that the reason that commercial television stations place so many adverts on is so that you, as a parent can get up and wander over to your children. This is a significant cultural change, we used to use the ads to make a coffee or get something to eat. Perhaps you could combine both activities, as you wander out to the kitchen, drop by your child and keep them part of the family. Topic 3 - Parent and Child Contracts Threat Unless we give our children guidelines then we cannot in all due conscience expect them to obey those guidelines. This is stating the obvious, I know, but often those guidelines are presented verbally and in many cases they are variable and dynamic. What do I mean

by this? Many parents will change the guidelines and the criteria from week to week or even day to day. In such a case, the child is not completely sure what is acceptable in this particular instance. Without clear direction, clear verifiable direction the child is expected to make decisions that may be well beyond their ability and maturity to do so. Mitigation 1 The first approach is to create and use a parent and child contract. This contract has two distinct parts. Firstly there is the child contract where the child agrees to undertake or refrain from certain acts and actions. The second is a similar contract that the parent agrees to, which specifies the parent’s rights and responsibilities to the child. Both the child and the parent sign both contacts. All parties then post these contracts near the computer and Internet access point for easy reference. In the past I have encouraged parents to create and use these contracts as a form of written guidance for children as to what is acceptable and unacceptable while using the Internet. Various child protection web sites have model parent and child contracts. Try entering ‘Child Internet Contract’ into a search engine and select one that meets your needs. Mitigation 2 Increasingly I am promoting this as a better alternative to Mitigation 1 above. This does not suggest that the first mitigation is without value, but rather that it may lack the personal, family centered feel of this mitigation. This mitigation can be performed at any time and may even require review from time to time. As a parent, call a family meeting. Now I know that not all families hold family meetings or even feel comfortable with the concept so lets just lower the formality a bit and get together with your children at some convenient time, maybe over the evening meal. If you are thinking that there is no time that the family gets together then I would seriously suggest that the disenfranchisement issue discussed above is critical in your home and you may need to look at significant lifestyle changes. When everyone is assembled and paying attention, begin by addressing the issue of Internet use. Explain that the Internet is a finite resource and you wish to maximise everyone’s enjoyment. Encourage your children to discuss when they want access. From this explore the issue of what is considered reasonable use and content. Once again get their input.

Because of the nature of this review, don’t expect to get it all down at one sitting. Work on it systematically. Over a period of time collect input that will ultimately become the family policy on Internet use. The issue of age appropriateness should be addressed at this point. Younger children will not be able to express themselves to the same extent as teenagers, but incorporate their input as well, even to the extend of including the odd silly suggestion. Will it really make all that much difference if the home page is www.disney.go and not www.ninemsn.com.au? Younger children will see such compromise as an indication that their input does matter. One final point, you may find value in allocating the final draft of the family policy to a teenage child. Such an action will give them a sense of belonging to the policy and in a very real way they will own it and its rights and constraints. The family policy when finalised should be explained to all parties and a copy posted near the Internet computer.

Part 2 – Interactive Services I my lectures, I have addressed the issues and threats presented by the delivered services of the Internet, then moved on to the Interactive service. In a lecture environment, this is a natural progression. In this book however I want to address these issues in reverse as I consider the Interactive threats to be of more significance than the delivered threats. Firstly what are interactive services? An Interactive service is any Internet facility that allows a user to communicate with another person or persons in real time. Consider the interactive service to be like the telephone where both parties can conduct a real time conversation. In contrast, delivered services are those that do not have a live person on the other end conducting a two-way conversation or interaction. Topic 4 - Chat rooms What are they Chat rooms are locations within the Internet that allow a number of individuals, usually up to 40 per room, to congregate and chat via their keyboard onto a common screen. Chat allows many people to conduct conversations within the room at the same time. Small groups will conduct their own thread, or conversation stream within the chat room. Chat rooms are often chaotic, confusing and ever changing. The people who use chat rooms are often opinionated, out spoken and sometimes rather territorial. But for all this chat rooms let people meet and talk about things of mutual interest. Below is a screen capture of a chat room for teenagers called ‘teentalk1’ hosted by ninemsn at www.ninemsn.com.au.

TIP:

IF YOU DECIDE TO LOG ONTO A CHILD OR UNDER AGE CHAT ROOM, CONTACT THE MODERATOR IF PRESENT AND ADVISE THEM THAT YOU ARE AN ADULT AND THE PURPOSE OF YOUR PRESENCE. IT MAY BE THAT YOU ARE SURVEYING A CHAT ROOM TO CHECK ITS SUITABILITY FOR YOUR CHILD.

Threat Chat rooms are great places for friends to meet and ‘chew the fat’, to hang out, or to keep up with the gos (gossip). It’s like a big room with everyone milling around and everyone talking at once. The only difference is that everyone can see everyone else’s conversation on the chat room screen. The problem with chat rooms is they are notorious hangouts for individuals that would impersonate, lie and exploit others. In this regard our children are particularly at risk. Paedophiles or ‘rock spiders’ hang around child chat rooms and attempt to make contact with and groom our children. They pretend to be children with similar likes and problems. They make contact then try to befriend them with the ultimate goal of arranging a real life meeting with the child. Often they will lurk in the chat room not participating but gathering information about various potential targets. Mitigation 1 Teach your children that unless they know the person in real life, that is, they have met them and know them, then they are a stranger. It is paradoxical that just about everyone on the Internet is a stranger and in many ways this is one of the lures, the ability to meet new people. For our children, we have to educate them that not everyone online is who

they say they are. A 13-year-old boy may in fact be a 40-year-old man. Just because they say they are someone or something it doesn’t make it necessarily true. Teach your children to take every thing with a grain of salt. Depending on their age, teach older children how to look for inconsistencies in what people say in a chat room. Do they claim to be one thing at the start of the chat, then as time goes on do they change it to something else? These changes in their details and interests are driven by the need to update their appeal based on information provided by the child. This is perhaps the biggest tell tale, the subtle and some times not so subtle changes in the other persons story. Mitigation 2 Teach your children that under no circumstances are they to meet someone they have chatted with in person without a parent being present. Explain that this is for their protection and not because you want to interfere in their friendships. Allied to this mitigation is that children should be taught to never give out any personal information that may allow a person online to accurately identify them, where they live or go to school. In the past there have been a number of instances where a child has made a seemingly harmless comment that has led an exploiter directly to them with unfortunate results. Mitigation 3 Always ensure that your child is chatting in a moderated room. There are three types of chat room. The first is totally un-moderated, the room exists and people can join and leave the chat as they desire. There is no facility to monitor what is said in the chat room nor who takes part in the chat session. The second form is where there is a software bot or robot. This software is configured to intercept banned words and actions and may take the action of logging an offender off of the chat room. One of the problems with bots is that they are easy to circumvent and a logged off user is able to log back on under a different name. EXAMPLE: IF YOU LOOK BACK AT THE SCREEN DUMP OF THE TEENTALK1 CHAT, YOU WILL SEE THAT THE MODERATOR HAS LOGGED OFF MORTALBIGBADBRAD FOR INAAPROPRIATE LANGUAGE . IN THIS CASE THE USE OF THE WORD ASS IN A G-RATED ROOM. IN THIS INSTANCE THE MODERATOR IS MOST PROBABLY SOFTWARE PROGAM OR A BOT. The third type is the moderated room and this is the type that you should try to ensure that your children use. Basically one or more real live people run the chat room and monitor the traffic. They look for not only inappropriate word and actions but also keep

an eye out for potential child exploiters. I realise that this is not always possible for all age groups, but always insist on a live moderator for younger children. Although not perfect, these rooms do provide a higher level of safety for your children. As a side issue, quite a number of child chat rooms in addition to having moderators and restricted opening times also prevent the use of private messaging between the chat members in the room. I will discuss the issue of private messages later in the book. Before your child becomes a regular user of a chat room, log on and look for, or ask in the chat for the moderator/s to identify themselves. You may request that they allow a private message with you. They may or may not allow this. If they do, identify yourself as an adult and a parent and state that you are surveying the room to determine its suitability for your child. Never pretend to be a child in one of these rooms as you may find yourself being treated as a potential child exploiter. An alternative is to allow the child to log on then identify yourself as their parent and follow the same procedure with the moderator/s. The disadvantage of this approach is that your child may be embarrassed within the room by having a parent come up in the chat. Be sensitive. Mitigation 4 All chat rooms require that any user have a unique screen name. This enables other users to identify who sent each message. Some chat rooms provide for ad hoc screen name generation, that is, the user either creates the name or the chat room creates it automatically. A name generated this way is only valid for that chat session. Other chat rooms, ninemsn (www.ninemsn.com.au)or yahoo (www.yahoo.com) for instance require that the user have a registered name and often a profile of themselves as well. Regardless of which method is used, you should encourage your child to use an obscure screen name. All too often I see screen names such as Melanie14Melbourne or Steve12. If you look back at the screen dump of the teentalk1 chat room, you will see the screen name Mellie_Mel17. Such a name is a give away of the sex and age of your child. Remember there may be individuals in the chat room posing as a child seeking a child of that sex and age. Why give them a starting advantage in profiling your child. Although the presence of your child in a teenage or junior primary chat room indicates that they are a child, an obscure name gives no additional information away. We would do well to mimic the practice of the computer hackers and crackers and encourage our children to use non-specific and often radical type screen names. Something like say Blade101 or zoot1a. Even better is a totally unassociated name such as e34f7. The problem of the child remembering or even accepting such an obscure name may have to be addressed. In the final analysis, ensure that any name chosen does not reveal any information that may aid a profiling effort.

Mitigation 5 This may or may not be possible, but is included here for completeness. If it is at all possible arrange for all chat sessions to have the transcript recorded to file. The reasoning behind this is that a transcript may be useful for law enforcement officers if an exploitation situation arises. Beyond this, a copy of the chat sessions may, provided you do not invade your child’s privacy, provide you with both a feel for who your child is chatting to and may alert your to inconsistencies by specific individuals. I am not suggesting here that you spy on your children. Teenagers are particularly sensitive to the issue of their privacy and what they say. It is paradoxical that they will chat in an open chat room where everyone can see what they type but parents are often considered invasive if the view the chat text. This is not so much an issue for younger children who on the whole expect their parents to read their mail and messages. My personal position on this is to tell your child, particularly a teenager, that the chat text is recorded and filed by the computer, but you will not read that text unless one of two circumstances evolve. Firstly is if they come to you and express concern as to the direction that a chat has taken and they ask for your opinion. The second circumstance is if they are placed in a position of danger or are missing. In such case advise them that the transcripts will be used to ensure their safety. Perhaps you could agree with them that the chat transcripts would be held in escrow for say 2 weeks after which they are deleted unless a need to review arises. As a side note, e-forensics experts will find it simpler and much faster to read back a transcript log rather than having to wade through the entire computer looking for fragments of the session that has been left behind. Help these people by filing the transcripts before the event. One final stance that you may be able to take with your child on this issue of saved texts is that really there is nothing they have to say to each other in a chat room that even remotely interests you. Really do our kids think our lives are so dull that we seek the thrill of reading about the “Atomic Kittens” or the latest “Charmed” episode. For those interested in exploring this there are a number of commercial software applications that can perform this task. Topic 5 - Voice Chat What is it Voice chat is an extension of the general chat facility offered by many chat servers on the Internet. Basically it allows one or more people to communicate via voice rather than having to use the keyboard. Not all the parties to a voice chat session need to be able to

use voice. Many times one will use voice and the other parties will respond through the keyboard. Threat The main threat with voice chat is that it is an extension of the threats posed by chat rooms. The only additional factor is that one or more of the parties are using their voice to communicate. Allied to this, it is considerably more difficult to monitor and save the contents of a voice chat session, so what ever is said is most often lost. Consider also that a voice chat is more open, more freewheeling. Statements are made without having to really think about them. Rashness may set in. Personal details are easier for a profiler to extract. Mitigation 1 There are very few things that you can do to mitigate against voice chat. Apart from banning its use, an act that will undermine the relationship factors above and have your child consider you unreasonable and draconian. One potential approach is to ensure that the child does not use a full head set. If they wish to use voice chat then the incoming voice should be received on a speaker and not a headset. The advantage of this is that if the content of the chat could be seen as inappropriate by you the parent, then they would be keen that it is not overheard. The child may claim that they cant hear the voice over the other activity noise of the family in the room and as such they should be allowed to use head phones. As hard as I look at this, it is a very valid argument with no real solution. In this case we must accept that we will not be able to hear what is being said to them, we will however be able to hear what they say back if they are using voice. We should be aware of what they are saying, not necessarily listening but being aware of a dramatically lowering of their voice or them giving out personal details. Every parent in the world is able to pick up the name of their child being said even in noisy circumstances. Topic 6 - Webcams What are they Webcams are camera devices that allow individuals to send pictures of them selves in real time or live if you prefer that term. Think on them as low-resolution video cameras that are able to transmit the images to other users on the Internet. Webcams are usually mounted on the computer screen and aimed at the face of the person using the computer. In this regard it is a type of videophone application.

I mentioned that they are generally mounted on the computer screen, but this is not always the case. I have seen images that have been transmitted from many and varied places including one mounted under the computer desk. I leave it to the reader to determine what was transmitted. Other locations are in corners of rooms and hidden webcams. Numerous sites transmit Webcam images to the Internet at large. These images can be received by anyone with suitable software. These later forms seem to cater for our current voyeuristic interest in reality television. Threats Webcams are often used in chat rooms as another form of chat facility. In this environment they are prone to the same threats that plague chat and voice chat services. Chat rooms are not however, the only place that your children may come in contact with Webcams. To put this is perspective, it is not the reception of images that is the threat but rather the potential content of those images. Because there is no way of filtering the content of images and the immediacy of those images. Your child could be looking at a harmless image at one moment and exposed to inappropriate and in some cases very inappropriate images the next. Within the context of the chat room, there seems to be a high incidence of chatters sexually exposing them self on Webcam. Fortunately this type of behaviour seems to be limited to the more open type of chat rooms and I have not personally seen any evidence of this in children’s chat rooms. Mitigation 1 The first level of mitigation is to not permit your children to use webcam. The easiest way of course is to not have one connected to the computer. In this regard we should consider the value and worth of this technology for our self and our families. I personally know quite a number of people that have webcam facilities and yet most do not use them to any great extent. I have a webcam for my laptop, but use it only in the context of lectures to demonstrate the technology. I really see very little constructive value in these items. I guess that a case could be put up for using it as a sort of video phone, but do we really want to broadcast our life and images throughout the Internet. What am I saying here? Basically unless you have a specific need for webcam technology, just don’t buy or install one. Mitigation 2

The first mitigation covers the transmitting of webcam images from your computer. This mitigation covers the receiving of those images from others. Firstly you should be aware that you do not need a webcam to receive webcam images from other sources. In this regard webcam images are just like any other Internet resource, that is: they can be broadcast. One positive aspect of this is that not all webcam broadcasts are able to be received by all Internet connected computers. Specifically some require additional software. Where specific software is required to receive Webcam images, the simple solution is not to install the viewer software. This will prevent sites that need this type of software from transmitting to your computer. Topic 7 - Instant Messaging What is it Instant messaging is a service that allows two individuals to type messages to each other in real time in an environment that is exclusively reserved for those two parties. Instant messaging is available in two forms. The first is the dedicated instant messaging service such as ICQ (often taken to mean I Seek You). The other form is available as an option on many chat rooms. The second form functions as an enhancement where two persons decide that they wish to carry on a private chat without the other people in the chat room being able to see their messages. Associated and closely integrated into the instant messaging services is the facility to allow people to see the online status of people on what is called a buddy list. A buddy list is a directory of individuals that a user creates to enable parties to chat. When someone on a buddy list comes online other parties with him or her on their list are able to see that they are available for chat. Threat One of the major issues for children in regard to Instant Messaging is that any communication between parties is private, in as much as the content is not broadcast into a common room as is the case of chat rooms. The other significant threat is that if someone has placed your child on a buddy list then that person is able to a certain degree, stalk the target individual. For a child there is a very real threat that a child exploiter will place a child on their buddy list and then be able to maintain contact with that child. Mitigation 1 Parents should ensure that their children do not allow anyone that they do not know personally to place them on their buddy list. Although many services require that the target for the buddy list approve them being placed on a list, this is not always the case.

The application CheetaChat will for instance, allow any person to add any valid user to their buddy list without requiring the target’s verification. What this means is that your child could be on someone’s buddy list and tracking their presence on the Internet and you may not even be aware of it. Regardless of this, never allow children to let unknown people place them on their buddy lists. In a similar vein, prohibit your children placing unknown parties on their buddy list, as this may encourage your child to strike up a chat when they come on line. Now we have to exhibit some discretion here. Children need to be able to find friends on the Internet and Instant Messaging and buddy lists facilitate and encourage that interaction. Mitigation 2 The default configuration of many instant messaging services is to broadcast a person’s availability when the user first goes online, regardless of whether they are using the Instant Messaging service or not. The theory here, of course, is that the instant message service believes that a person being online constitutes willingness to chat. This is clearly not always the case. Many Instant Messaging applications have an invisible mode where the presence of a person is hidden from the buddy lists. The application does not in this case broadcast the person’s presence online. Parents can stealth their children’s presence online by one of two means. Firstly they may disable the IM application from loading at system startup. Because of the number of Instant Messaging software applications, it is impossible to cover the various methods in this guide. The other option is to configure the application to place the child in invisible mode. Once again, differing applications handle this aspect differently. The best I can suggest here is to look around the application and see if you can find where to set it to invisible mode.

Part 3 – Delivered Services Delivered services are Internet resources that can be sent to your computer without direct human intervention or interaction at the server or other end. In this regard they are more like a letter rather than a phone call. Topic 8 - World Wide Web What is it The World Wide Web is often thought of as the Internet. It is the part of the Internet that you access when using a web browser such as Internet Explorer, Netscape or Opera to name a few. The development of the World Wide Web has arguably been the driving force behind the growth of the Internet. We should however be aware that the World Wide Web is only one face of the Internet. When we use the Internet we often type in a Web address that starts with www, this stands for World Wide Web. Threat The most obvious threat to children from the World Wide Web is the viewing of inappropriate content. This encompasses not only pornography, but also any matter that is likely to scare, offend or corrupt a child. This includes material such as hate sites, persecution sites – political and religious, etc and of course pornography. Mitigation 1 One of the best ways to protect your children from inappropriate content is to use a web browser specifically designed for children as discussed in Part 4 below. The use of one of these will significantly reduce the amount of offensive material arriving at your child’s screen. In regard to this, make sure that the default web browser such as Internet Explorer is either removed, hidden or disabled when the child is using the Internet. Failure to do this may find your child using that browser instead of the one you want them to. Mitigation 2 For people that wish to standardise on say Internet explorer for all the family, then there are configuration options to filter and block content in all the major packages. The specifics of this configuration is outside the scope of this book, but you may find help at the following sites Internet explorer – www.microsoft.com Netscape – www.netscape.com

Opera – www.opera.com Sites generally exist for other browsers, but since most people use the three above, I will leave it to the individual to find configuration info for their specific browser. You might like to try www.(name of software).com. Mitigation 3 Another effective strategy is to have a firewall placed between the Internet and your web browser. Firewall may be a hardware device that plugs into the phone line or software that runs on the computer connected to the Internet. In this book I will be talking about the software type. A firewall operates by comparing an incoming web page against a number of rules. These rules may be the Internet address such as www.playboy.com or against a set of banned words. If the web page has those banned words, then the page is blocked. Lets look at the Internet address function first. There are two ways of configuring a firewall. The first is to have a list of acceptable sites and block everything else not on that list. The other is to allow all sites except those on the list. The first form is a white list, the second a black list. A firewall may implement either or both types of list. Lets look briefly at the effects of each type of list. If everything is blocked except what is on the white list then your child may be missing access to valuable content and their Internet experience is significantly constrained. The allowing of everything except what is on the black list poses the problem of firstly updating the list regularly and secondly being aware of which sites you should block. Many commercial firewall packages have an update service that will add sites to a black list, but there may be issues with timing, ease of update and lastly but very significantly the criteria that a site is deemed black or white. Always remember that when you subscribe to a service like this you are tacitly agreeing to the site’s policy and philosophy on what is deemed acceptable or not. I only mention this to draw your attention to the issue that filtering software vendors sometimes have their own agendas. Looking at the black or blocked words list, this may seem an ideal solution. If an inappropriate word appears in the text portion of a web page then the software will block it. There are two issues to consider in this matter. Firstly certain words that may be used in a legitimate site may cause the firewall to block that site. Let me give you an example. A child is requested by their teacher to do a project on the cotton industry. Little Stevie is not really interested in cotton farming as such, but he is interested in big machinery, so he gets the idea of doing his project on the machines that harvest the cotton. When he attempts to view the International Harvester site that portrays the machinery used, the firewall blocks the site. In this instance (which occurred during trials of one package) the

site was blocked on the basis of the racist term “cotton picker”. A trivial example perhaps but you can see how innocent sites may be blocked by the black list. The second factor and I think more significant one, is that a black word list will only filter text on the site and not graphics. Many sites have graphics, which have text content, but this text is still a graphic image and will not be filtered by the firewall. This situation was dramatically shown in the case where a person accidentally typed in www.whitehouse.com when trying to reach the presidential Whitehouse in Washington, (they should have used www.whitehouse.gov ). The black word filter list allowed this site which is the home of Whitehouse, a soft pornography site to pass through because the entire home page was a graphic. Some firewalls do not perform this context or content function, but rather block external attacks on your computer system. Firewalls of this nature include ZoneAlarm. In circumstances such as these, you will have to install a secondary filtering package in addition to the firewall. Once such software program is we-blocker, which was recommended and included in the original lecture series as a particularly effective free solution. Topic 9 - Search Engines What are they Search engines are input screens located at various web addresses that allow a user to type in a word or group of words and have the engine search for web pages that contain information relating to those words. The best known search engine is at google – www.google.com. The opening screen of Google Australia is shown below. You are able to search for either all web sites or confine your search to just Australian sites.

Threat The main threat in regard to search engines is they in general do not have any conscience in regard to both the search criteria that is submitted to them or the results that they display. In saying this, a child who types in “sex” into a search engine, will have returned probably millions of site addresses that relate to sex and pornography. It really is that easy for your child to access porn. Add to this that some sites place keywords that do not directly relate to their site in an effort to fool search engines to list their site with other sites relating to the search. It is possible then for a child to enter a harmless criterion and still be presented with links to inappropriate content. The final threat factor is the fact that certain words and phrases that are seemingly harmless have alternative meanings and may generate inappropriate site listings. One example would be a child seeking information on water skiing and entering the search criteria of “water sports”. I almost guaranteed that the first page of links would include at least one site that deals with urinary fetish, not an appropriate site for a child to inadvertently link to. Another example that I use in the lectures is the case where a child is looking for information about the Walt Disney character Bambi. In quite a number of search engines a site for the “Bambi Killers” (a dear hunting related site) is listed before the Disney site. Mitigation 1 Firstly there are a number of search engines that cater solely for children. These engines filter those sites that they reference to ensure that no inappropriate content is allowed through. Parents should encourage children to use one of these child safe search engines instead of the better-known engines. The disadvantage is that the amount of content indexed by these kid’s engines is considerably less than the major engines, but that really should not be an issue. For a list of some of the better known kids engines see the sections on kid safe search engines and kid safe portals and directories in Part 4 below. Mitigation 2 Most of the major search engines allow you to set what is termed the family filter to block certain classes of content. Google for instance allows you to set the filtering options by selecting preferences from the opening screen. This will bring up the preferences screen. On this screen you are able to select the level of filtering as shown below.

Once you have selected the filtering level then you must save them, by selecting the save option at the base of the preference screen, as shown below.

The preferences are saved on your computer in what is termed a cookie. The significant thing to remember here is that if you delete your cookies or have software that regularly does that for you, then your preferences will be set back to the default next time you use Google. In this case it is moderate filtering as shown in the image above. Watch this one carefully as you may think you are protected when you are not. Many other search engines offer the same type of filtering options. Altavista at www.altavista.com for instance permits customisation via the settings option as shown below.

On the next screen select to change the family filter settings, as shown below.

Another screen will be displayed that allows you to set the options. This screen is shown below. Once again the settings are saved to a cookie on your computer when you select the save option.

As stated, not all search engines provide this filtering facility. One such engine is SearchBoss at www.searchboss.com as displayed below.

Topic 10 - User profiles What they are User profiles are records about you or your family members that are stored at some services. User profiles are created by the individual concerned and contain information that you expose in exchange for the right to use a specific Internet service or web site. The level of detail and the truthfulness of that information is significantly under your control. There are a number of mandatory information fields that you must fill in to be able to register the profile, all other fields are optional. Threat Quite simply the threat here is divulging far too much personal information about yourself and your family. There is a curious quirk in humans that makes us fill in all the fields and answer all the questions if we think that we will be granted or given something in return. It is in a way the price we think we have to pay for that service. The problem is that the deal is lopsided. Your personal details are worth far more than access to a web site or rights to view or use a service. On the Internet you are your personal details. Apart from the provision of those personal details there is the added threat of the publication of those details to the Internet at large. Taking Yahoo (www.yahoo.com) for instance, a person is able to call up the profile details that you have entered provided that they have access to your email account name, username or a combination of other details, such as name and partial address. The ease at which your email account name is discovered is discussed in the next section, but for now remember that anything you enter into your profile is available to others including any photo that you attach to your profile. The other side of this profile issue is that you may call up someone else’s profile, but there is no guarantee that the details contained there actually refer to the person who owns the profile. In a recent survey, it was discovered that over 40% of people falsify their identities on the Internet. I would also suspect that a large number of profiles on the Internet today relate to fictitious persons or composite persons in some regard. Mitigation 1 It is often required that you create a profile to access certain facilities such as those provided by ninemsn (www.ninemsn.com.au) or yahoo (www.yahoo.com). Before your child can access a ninemsn teenage chat room, they have create a profile or as they term it a “.net passport”. Given that there is no need to fill in anything other than the required fields, only the mandatory fields should be filled in. Mandatory fields almost always

consist of the following as a minimum; first name and family name, email account and maybe geographic location. One approach to this is to fill in you or your child’s first initial and the initial of your family name. This will not pose any problem, as it is the username that really identifies the person. In regard to an email account either create a free or web email account before or use the option of using the service providers email service. In regard to location information, do not place any specific address information, but you may fill in the country as many providers have a regional service tailored for each country. Finally, select a user account name that is neither age nor gender specific. Some providers will allow the system to select a number of available names for you to choose from. Such a minimilistic profile will conform to the requirements of the provider but at the same time reveal very little about you or your child. One final point on this matter. It is illegal to provide false information on a profile that is associated with any financial transaction or use of any credit card facility. This means that even if the site required a valid credit card number as some form of verification and they do not charge that card, it is still illegal to provide any false information either personal detail or credit card number. Watch out for this one. I would however, be questioning as to why an organisation that does not plan to bill me wants my card number, and I would act accordingly. Topic 11 - Email What is it Email is the sending and receiving of electronic mail from one computer to another computer via the Internet. It is also perhaps the most widely used Internet service. Just about everyone has his or her own personal email account or accounts. I confess that I have 3 email accounts excluding the administration email accounts for the www.wildrivers.org web site. I will discuss the reason for multiple email accounts a bit later. It is now common practice for your children to be issued email accounts at their school, so even if you have not allocated your child an account, it is almost certain that they have one at school Threats Email is a massive threat vector, so I’m going to have to split this one up a bit.

Threat 1 In a way your email account is a bit like a profile we discussed in the last section. In fact you cannot have a profile unless you have an email account somewhere that is linked to that profile. So let’s look at this from a couple of perspectives. If you are using the email account provided by your Internet service provider or in some cases a free email provider the email account name (in the form of [email protected]) may provide information about your physical location. This information may be restricted to your country as in [email protected] which advises people that you live in Australia by the .au at the end. Your provider may be a smaller regional service and as such the location of their point of presence would give a general geographical location of the email account holder. So that’s one level of information that you may be giving out, perhaps not all that significant. Moving on, the next level is that individuals are able to search on the email account name and discover snippets of information about you and may be able to assemble a profile about you. As examples consider the situation where you are applying for a job with a particular company and you provide your email account with the application. A number of companies search the Usenet postings for your email account and read everything that you have posted there. (I will discuss Usenet later but for now consider it a permanent message board). From those postings they are able to build up a partial picture of your interests, bias and passions. In fact anything that you tie your email account name to may under varying circumstances be searched through the Internet and thus a picture of you may be constructed. Threat 2 An email address seems to spread much the same way that a phone number does, it does not take long for a whole swag of people having your email account name. This opens up the problem of traffic and spam. Spam is the term used for unsolicited email often sent to thousands or millions of email accounts in an attempt to entice you to do something such as buy a product. Consider spam in much the same way as you consider junk mail in your letter box. Apart from the inconvenience of all this email and having to wade through it, it is just plain intrusive. For a child they may innocently open an email message and be confronted with material or graphic images that may be inappropriate. There is always the chance that they may open an email attachment and execute a virus on the computer system.

The major free email providers like hotmail (www.hotmail.com) and Yahoo (www.yahoo.com) attempt to filter the email accounts of children from inappropriate spam. In the case of hotmail, they will filter email sent to persons who identify themselves as under the age of 13 years. EXAMPLE: IN ONE INSTANCE, A HOTMAIL ACCOUNT BELONGING TO AN 11 YEAR-OLD GIRL WAS DISCOVERED TO CONTAIN SPAM ON TOPICS, WHICH INCLUDED PENIS AND BREAST ENLARGEMENT, PRESCRIPTION DRUG SUPPLY AND GAMBLING LINKS. ALTHOUGH THE PROVIDERS ATTEMPT TO KEEP THIS STUFF OUT OF CHILDREN’S EMAIL BOXES, THOSE WHO WOULD PERVERT OUR CHILDREN KEEP COMING UP WITH WAYS TO CIRCUMVENT THE FILTERS.

Regardless of these threats, email means that you are always contact-able, always findable. This is a privacy issue. You have the right to quiet possession of your email account inbox. Threat 3 I have made mention before that you screen name should not reveal any usable details. Likewise your child’s email account should not contain identifiable information about the child. Using your child’s name and age, or year of birth, which is very common, will probably attract he attention of a child exploiter as they troll through email account lists. Always remember that the Internet is built and uses rather sophisticated technologies and the ability to data mine (that is extract layers of information) is a reality. It often just needs a starting point. Consider this example of how someone may be able to mine email accounts from a service provider. Yahoo (www.yahoo.com) will suggest alternative screen and email account names if you select an account already in use. If an exploiter was to begin to create an profile and use the name of say timmy12 and was blocked because the name is in use, then they know there is a [email protected] email address. It would be a fair guess that the account relates to a child. But it has the potential to get worse. Yahoo will come back with a number of alternatives that are available and these alternatives are based on the original name of timmy12. It is possible that, say timmy122005 is suggested. The profiler knows that yahoo will attempt to append the year to the account name. If not available then the software will increment the number. In this case they will know that there are timmy122003 and timmy122004 accounts in existence. These accounts are not only in existence but they are most likely owned by a young boy.

Mitigation1 The first step is to look at creating at least two email accounts for your child. The first account is a private account at your Internet Service Provider, that is the people you pay for Internet access. This account has two discrete properties. Firstly the name is completely obscure and has no identifying aspects. Something like the child’s initials and your house number. The second aspect and this is the critical one, is that the email account information is only given to people who you want to have contact with your child. The group that has your child’s email account is by definition quite small and this is an added advantage if you change Internet providers. You will only have to tell a small list of people of the change. If you change ISP, you will loose you exiting email accounts with the old provider. Having created the private email account, you should then create a public one, using services such as yahoo or hotmail. The reasoning behind this is that if the account somehow becomes compromised, as they at times do, then you can just abandon the account and set up a new one. These really are disposable email accounts. Do not be too concerned about the waste, free email account providers will mothball any account that is not used for a period of time. Generally this period is between 30 to 90 days. Even though this is a disposable email account, still adopt the procedure of not revealing personal information when selecting the email account name. Ensure also that you don’t use the same email account name as you did for the private account with your ISP. If you are particularly cautious, you may want to set up a third email account with a free provider, once again yahoo, hotmail or one of the others. The same rules of account name selection apply. No identifiable information. You are possibly wondering what this account would be used for. I consider this third account as being ideal if your child has a large number of email friends at say school or socially. The effect of this separation is that, firstly if the main free email account is compromised then the effort to recover the friends portion of the account traffic is significantly reduced. One parent asked me why they should not use the Internet Service Provider account for friends as well as family. The answer is that you can, but as children grow up friends’ come and go. Often they part with ill will. Keeping friends separate, greatly reduces the chance of the email account being compromised if an old friend wants to get vindictive. Vindictive in this context covers the whole spectrum of harassment, including spreading the email account around chat rooms and encouraging inappropriate emails to be sent to your child.

Mitigation 2 Email accounts for children should regardless of whether free or ISP accounts, have email filtering turned on and configured. In the case of the Internet Service Provider account, the filtering should be set up so that only those people on the address book are able to have their email pass through the filter. You may be wondering why this is set up like this. Remember that this email account is only for a select group of contacts, perhaps direct family. Under these conditions there will be no one that should be contacting the child that you do not know. The elegance of this is that unless the sender spoofs (a term that means forges an email account or Internet address) an existing user on the address book, they have no way of getting through. No junk emails, no inappropriate offers, no problems. In regard to the free email accounts, they generally offer a basic form of content filtering. You should activate this level of protection. Although it will not filter out much, perhaps 20 percent of the emails, at least that is a start. One aspect of these email accounts is that if a particular person begins to send unwanted emails, either inappropriate offers or personally directed from say an old friend, you have the option of blocking that individual email source. As a strategy this is not overly effective. The blocked sender may just establish another email account and continue the flood of emails. This is precisely what email spammers do, they change email addresses constantly to get past the blocks that people place on their traffic. Mitigation 3 This one is simple but rather effective for the time and effort it requires. Often spammers will send bulk emails to thousands of email addresses based on the permutation of certain words. The idea is that even though there will be a significant number of unallocated email accounts, there will also be a portion of active ones. Consider what their objective is in this matter. Firstly, they may find someone who may be interested in their offer and so they have a hit. Secondly, and I consider this to be the real motivation for this form of mass send out, is that they will often be able to identify those accounts that are live. Le me explain how this works. The email that they have bulk sent has an unsubscribe or similar link. They write in the email that if you do not want to receive anymore emails from them then click the link and you will be removed from their list. What are most people going to do? They don’t want what the sender is offering and wish to be removed from the list. They click the link.

Once you click on the link the spammer now knows that the account is live since you responded to the email. Prior to that they had no idea. They then collect the list of live accounts and sell it to other spammers and you start getting even more junk emails. The solution, never unsubscribe to anything that you did not subscribe to in the first place. Topic 12 - Clubs and groups What are they Clubs and groups are collections of similar minded individuals that have set up or have joined an online community. These range from bird watching, sewing and cultural activities right up to extreme sexual practices. The bigger providers such as ninemsn and yahoo often host clubs and groups. Membership almost always entails the generation of a profile if one is not already existing. Services offered differ but generally they offer chat rooms, message boards, photos and files, calendars and member profiles. Threats There are two main threats that accrue from membership of a club or group. The first is that you are associated with that group. Mainstream groups that are large and broad in topic and content are safer than small specific groups. Being a member of say an Islamic hacking group may bring you more prominence and attention than you may want. The second is that profile issue again. Group membership tied to a profile and an email account begins to generate a significant profile footprint. That is, by the collection of this information, a clearer view of the individual is gained. In addition by cross-referencing you to other group members and their associations with other groups a network of association may be formed. Now I know that your association with a sewing group and the number of members of that group with links to a cross stitch group is not world news, but consider this scenario. Your child is associated with a kids group and thus must have a profile and an email account. That group has members who are associated with other kids groups. By referencing the common groups that your child and other children are members of an exploiter may be able to profile and in some instances pretend to be a member of those groups. They may send emails with another member’s name and email address on it and thus establish communication with your child. A far simpler method may be to establish a false child profile and actually join those groups. From this beginning they are able to both communicate and establish a common bond with your child.

Mitigation 1 Most clubs and groups will not allow you to view the content of their site until your become a member. One of the best ways to vet these types of sites is to join the group yourself using a disposable profile and email address. Disposable email addresses are those that are provided free by providers such as yahoo (www.yahoo.com ) or hotmail (www.hotmail.com ). The objective is to get into the site and look around before your child places any of their information on the site. This step is important because clubs and groups are notorious for publishing email and profile details to the membership at large. This means that even if your child resigns from the group, their information is still available as group public record. Once you have joined the group, then log in and have a look around. Look particularly at the postings by other members. Are they all on topic or do some of them address inappropriate matters. Have the group owners made a statement of how they will deal with inappropriate postings? Look in the photo albums and make sure the images are on topic and appropriate. Similarly with the file posting area. Is there a links page? Do all the links point to relevant and appropriate sites. If there is a chat room, join in the chat and watch the chat conversation for awhile. Are you happy for your child to be in this chat room? Once you have satisfied yourself that the club or group is what they say and has safeguards to protect your child from the threats above, then allow your child to join. Once again be careful of the amount of personal detail that your child exposes via profile. The last stage is the ongoing monitoring of the club or group. Probably more than any other Internet service, clubs and groups are open for abuse. A group owner may suddenly be unable to maintain the group and undesirable elements manage to join the group and evade detection. An even worse situation is where the owner hands over the group to another party, and that party perverts the aims and safeguards of the group. As a point of clarification the transfer of club or group ownership is a common event online. Many people start groups and just do not have the time to devote to them. Rather than shut the group down they ask for someone to take it over. For this reason alone periodically log in under your membership and conduct a review. Topic 13 - Images What are they Although every reader will know what an image is, it is wise to clarify the definition for the purposes of this book. From the perspective of the Internet, an image is a still or nonmoving picture. It encompasses not only photographs but also drawings, painting and computer generated art.

Threat Quite simply the threat from images primarily relates to the content of the image. Traditionally, parents have been concerned with the graphic portrayal of sexual subjects or if you prefer plain old porn. Although porn accounts for a considerable amount of the Internet traffic generated, I do not consider that it poses the most significant problem. A recent survey of minors showed conclusively that teenagers in particular quickly tire of pornography and seek out the high violence sites. This then is the main issue in my mind. Violence, hatred, bigotry and intolerance are the emerging problems associated with images. Simply stated, the threat comes about from children’s exposure to a wide variety of inappropriate images from a variety of sources not just the porn purveyors. Mitigation At present there are no generally accessible software applications that are able to filter images based on their content. Even within the e-forensic field there are only a couple of software packages that are able to do this type of analysis. Hopefully as this type of technology matures we will see image filtering come to the home computer and desktop. In the interim the mitigation relies on filtering the web page that the image resides on. The assumption (and not always a valid one), is that the image will be associated with some text that will be caught by the filtering software black word list. Where this is the case, then traditional filtering will prevent the display of the image along with the rest of the page. Where this approach fails is under a number of easily identifiable situations. Firstly where the entire web page is a graphic image. Since there is no text to compare with the black word list then there is no filtering. The second situation is where the image is located on a server but is directly available for download through what is called FTP (File Transfer Protocol). In this situation the user is presented with a list of available files with often obscure names and the file is selected and either downloaded or displayed directly. The last scenario and potentially the most dangerous is the direct uploading of an image to your child’s screen. This situation is most prevalent in the context of interactive services such as chat and Instant Messaging. Often someone in an interactive session will offer to send an image, maybe a picture of them self. If your child accepts the transfer, the image is sent to the computer. When the child receives the image it may not be what they were expecting.

EXAMPLE: IN ONE WELL-KNOWN CASE A TEENAGE GIRL WAS SENT AN IMAGE OF A PAEDOPHILE AND A VERY YOUNG CHILD. THE GIRL WAS UNDERSTANDABLY TRUMATISED BY THIS EVENT AND REQUIRED COUNCILING.

At this time the only mitigation I can suggest, particularly for the last situation is to never allow your children to accept an upload from someone you or they do not personally know and trust. This is one case where the technology lags far behind the needs. Topic 14 - Literature What is it Literature is of course the written word. On the Internet the methods of delivery of this written word are many and often varied. It ranges from simple text files that may be displayed or downloaded in your Web browser up to fully formatted books in PDF (Portable Document Format) or Microsoft Word documents. Threat Clearly the threat relates to the content of the written work. This threat includes not only erotic literature but also works such as political and social manifestos. Like so many of the areas discussed in this book there are overlaps. Literature in some cases also includes embedded images that form part of the work or are associated with the web page displaying the page. Mitigation Generally literature mitigation is perhaps the easiest to carry out, that is provided that the filtering software can read the text context. In the case of text files and web pages this is generally the case. The situation does become more difficult when the text has been converted to another form. Of all the forms available on the Internet, the following are the most popular, Microsoft Word, Adobe Acrobat (PDF), Postscript files and any document that has been compressed for transmission. The reason for this is that the filtering software is unable to interpret the formatted content for the rule set to apply.

Firstly let us look at the plain text and Web page content. Providing that you have a filtering application installed and a suitable rule set up, then the text will be compared with the rule set and black list words will cause the display to be aborted. So what can you do about all the other forms? Looking at it objectively, if inappropriate literature is downloaded to your computer, it will require the specific application to be able to display the text. What this means is if you do not have Adobe Acrobat installed, then a PDF file will not be able to be displayed and in that way it ceases to be a problem. Similarly with many of the other formats. This situation is not unfortunately the case with Microsoft Word files. These documents can be read back by the Wordpad application that is installed by default with the Windows operating system. The only way to prevent this is to delete the Wordpad application, not something most people want to do. At present I am not aware of any content filtering software that is able to block content that is on your local hard disk, but the search continues. Topic 15 - Peer to Peer services What are they Generally Peer to Peer or P2P services are offerings from other individual computer users of files located on their hard disks. These offerings often have pirated music, video, or illegal software or content. Since these files are located on individual computers and not a central file server there is a huge market for these services. In recent times a service called Napster provided music via a forerunner to the P2P service. The record industry pursued and succeeded in shutting down the service. Today alternative services such as Limewire, AG Satellite and others provide pure P2P facilities to their subscribers. Threats Threats from these services are of two specific types. Firstly, to partake in a P2P you must allow other users access to a section of your hard disk. This is to allow downloads and also to enable others to upload files from your computer. If this shared directory is not allocated or managed carefully, you may unintentionally expose sensitive or personal files. The other threat is that you may, by using these types of services, download content that is in contravention of copyright laws. We shall look at this latter threat in a bit more detail in the section on mp3 music in the next topic. Mitigation If you decide to partake in peer to peer sharing of files, you should pay particular attention when the setup software asks you to allocate a shared directory on your hard

disk. The first principal is to NOT allocate an entire drive such as the C: drive as this will expose all files on the system (assuming you have only one hard disk). Another location you should NOT allocate is the “My Documents” folder as this generally contains all of your documents. Perhaps the best option is to create a specific directory or folder such as C:/share. Once created only allow files that you are willing to have accessed by others located in this folder. Many of the P2P applications prompt for the creation of this type of folder, but be aware that you still have to ensure that private files are not exposed. Topic 16 - MP3 Music What is it MP3 music is a form of music recording that is particularly suitable for Internet distribution. The music quality is often approaching CD quality yet the file sizes are small enough to be able to be downloaded in a reasonably short time. Threat The primary threat that comes from MP3 music files is the threat of being in illegal possession of copyrighted materials. In this regard, your children are quite often keen to have copies of new music that is released and the temptation is to secure an illegal copy through one of the Peer to Peer sharing services as discussed above. Mitigation In the first instance, you have to make a policy stance on what material, if any, is allowed to be downloaded. This may not be as clean cut as you may at first think. Often new and aspiring groups will release their music to a mp3 service to gain public exposure. In situations like this they do not expect any payment but they still retain the copyright. For your child this is an opportunity to get what is truly free music. In such a situation I see no real issue in the child downloading the music provided that the content does not contravene any other standard that you have set up. Where the real issue resides is where the child is downloading illegal copies through a mp3 service. One thing about these services is that they always leave a clue as to their presence on a computer system. Topic 17 - Video What is it Video is the transmission and reception of moving picture images over the Internet. It takes two forms, firstly video that is displayed on the computer screen at the time of transmission and video that is stored in a file for later viewing.

The former tends to be what is termed low-resolution video because the quality of the picture is severely reduced by the amount of information that can be transmitted effectively through the Internet cabling. Examples of this first type are clips on web pages and small clips that play in only a small region of your computer screen. The second form is full-blown video, the quality rivaling the DVD standard. The video is saved to a hard disk like any file (however a very big file) and the file is played at a later time through either the computer system or after being burnt to CD or DVD. Threat This threat is essentially the same as that posed by mp3 music above. There have been a number of instances where a pirate version of a film has been released on the Internet before public release. Not surprisingly, there is a rising market for video pirating and sharing. The issues discussed in regard to mp3 music are also applicable here. Mitigation The mitigation for this threat is also much the same as the mitigation for mp3 music above and I draw the reader’s attention to that section rather than rehash the same points here. Topic 18 - Ezines What are they Ezine is a rather new term that relates to electronic magazines. The term covers a rather broad range of types and styles, ranging from the home grown newsletter of a small interest group up to the very flashy versions of print magazines. It also includes electronic versions of newspapers. Print media companies such as Dolly, for instance, produce very attractive and slick cut down versions of their monthly magazine and distribute it online. I suspect that the electronic version acts as a teaser for the printed copy and encourages people to go out and purchase the paper version. One distinction that should be made is between push and pull distribution methods. Push distribution is where the ezine is sent to your email inbox. Today, there is considerable pressure being applied to ezine publishers to not send unsolicited publications. Since these push ezines are delivered to an email account, any unsolicited delivery is considered to be spam (see discussion in the email topic). Accordingly ezine publishers rely on a process called ‘opt in’ where the receiver subscribes to the ezine. This subscription process is similar to any other request for an Internet service, that is, you have to provide a certain level of personal detail to be eligible for the service. This

level of personal exposure ranges from just a name and email account, right up to a full blown profiling effort. One final matter that you should be aware of is that ezines generally have a web link to unsubscribe from the service. The other form of ezine is the pull variety, where you visit a web site, generally the publisher of the ezine and request a copy or display the copy of the ezine on screen. Threat 1 The main treat posed by ezines to your child, is in regard to the content of the ezine. As stated above, ezines are created and distributed by all manner of organisations and in the name of a vast variety of causes, including commercial. This is really a matter of content being suitable for the age of the child. One matter that has been brought to my attention is the subscription availability of Dolly ezine to children from the age of 12-years-old. I would have thought that some of the content of the hard copy magazine was unsuitable for pre-teens and by implication it is indiscrete to offer the ezine to this age group. As a parent you may consider it appropriate, and that’s ok since my role is to point out the potential issues and give some options to handle them if you see fit. The significant issue here is that you should, depending on the age of the child, review the ezines that your child is receiving. By review, I mean that you should not only identify the publications but also have a bit of a look at the contents. This is not a once off exercise either, periodically ask to read a random ezine to ensure that the publication does not suffer from content shift. Threat 2 Apart from content issues, the potential volume of email that ezines may generate could be a problem. Although this may not be seen as a significant threat or even a threat at all. I consider that it warrants coverage in this book. When we consider the opportunities for subscription to ezines, it becomes very easy to over-subscribe. This means that every day volumes of information are sent to your child’s email account, or worse, your email account. It very quickly becomes apparent that no one could read all this material and so it either gets bulk deleted unread, stored offline for later reading or someone wades through it all. In every situation there is unnecessary Internet traffic and in some cases bandwidth charges for information that is not really needed by the recipient. I know this sounds like a moral stance on resource use and you know what, it is! Let’s put a bit of perspective on this. How many teen ezines does your 14-year-old daughter really need to read every week? The answer is of course variable, but that is the point. They should be allowed to subscribe only to as many as they are physically able to

use and read. What I am striving for is to make the contents of the email box relevant and meaningful for the recipient. What is better 2 ezines read or 20 bulk deleted? Topic 19 - Usenet What is it Usenet or Newsgroups as it is also known, is a global message board where anyone may post or read messages from others on the Internet. To create some semblance or order Usenet groups are divided into a number of topics and sub-topics. Today there are over 80,000 distinct Usenet groups covering just about any conceivable subject. Historically Usenet is one of the oldest Internet services and all Usenet postings have been archived and are available for anyone to read. If you look hard enough you will find postings from Bill Gates of Microsoft fame in his early days as a hacker. As you can see, what you say on Usenet is there forever. The structure of Usenet is basically as follows. There are a number of top level groups such as comp for computers, biz for business, rec for recreation, soc for social issues and alt for alternative lifestyle. This last one is without doubt the most dangerous as all forms of life reside there, or if I can paraphrase Scotty from StarTrek “there be paedophiles there”. Look at the highlighted Usenet group name in the screen dump below and also look at the title of the group located 9 groups above the highlighted item. These are not the only groups dedicated to the subject of paedophillia. I should also note that this selection of Usenet groups as discovered not on some obscure hidden site but was listed by one of the more prominent Internet Service Providers as their subset of the Usenet community. Beneath each major group is a hierarchical structure of sub groups and topics. As an example the alt group has a partial structure as shown in the screen dump below.

Threat Usenet poses such a huge threat to children that I was tempted to just put one line – don’t let them near it. So where do I start? Usenet is considered the Wild West of the Internet, where lawlessness and surprise are the rule of the day. It is the home of many paedophiles who communicate through Usenet groups such as alt.sex.pedo and alt.sex.teens. For this reason we should not let our children wander into those groups. I would go so far as to suggest that unless you have a specific need to be involved in a Usenet group then you would be wise to avoid it all together.

But let me be more specific about this. If you post anything to a Usenet group then your email address is attached to the posting. From a privacy point of view this is like advertising your home address to the world at large. From this email address anyone may trace you back to a specific location, perform a profiling exercise and launch a harassment or stalking attack on you. If that sounds somewhat dramatic, I want you to consider that those who frequent the Usenet groups are often highly Internet savvy and often intolerant to those they consider outsiders – read those not on the inside of that particular group. This is in a way a similar situation to those who consider that they own a particular chat room and will harass any new comer. Mitigation As I said before, unless you have specific need to go there then stay away, at least until you have had enough experience to be able to handle yourself against those you may find there. Ok, the above was pretty lame, so now for some specific mitigation strategies. The most dangerous group as I have said before is the alt group, so lets look at blocking that group first. Firstly since Usenet is a text-based service, that is, the messages are comprised of text. Now this is not strictly true, they may also contain graphic elements such as picture images and such, but for now consider them text based. We have seen before that anything that is text based may be filtered by a black list on your filtering software. We can now enter the black list word ‘alt.’, that is alt and a period character. This will block anything that has that specific content or header. The advantage of this is that not only will it block the Usenet group but also as a bonus two other sources of Usenet content. The first of these is the Google search engine Usenet archives and secondly any web site that is quoting in part or whole the alt. Usenet content.

Part 4 – Safe Alternatives Topic 20 - Safe Web Browsers What are they Safe web browsers are specific Internet browsers that are designed for children. They conform to two basic types. The first is a web browser that only allows the child to access one specific home page, generally a portal. From there they are able to explore but only to approved sites. The other form is a web browser that allows the child to move around the Internet freely, however the browser monitors the web addresses or content for inappropriate material. In such a case the browser will block the child’s access to that site. The Family Browser Available at www.thefamilybrowser.com This is a free Internet explorer replacement for use by children. Although generally a very good children’s browser, it is able to be circumvented and inappropriate content displayed to a child. On balance, however, considering that it is free and still being developed, you should perhaps consider it. Topic 21 - Firewalls and Filtering What are they Firewalls and Filtering applications are software applications that have the ability to block or filter content and web sites based on a rule set. The rule set may specify what is allowed and/or what is not allowed to pass through the application and be passed to the Web browser. Although there a number of commercial firewall and filtering software packages available from computer stores, I thought that I would concentrate on the free offerings that may be downloaded from the Internet. I have taken this approach for a couple of reasons. Firstly, I do not wish to be accused of some underhanded commerciality, where I might be perceived as promoting a commercial product or vendor. By presenting only free software I cannot be accused of receiving a monitory kickback. Secondly, I have noticed that many families just do not have the cash reserves to spend on commercial software to protect their children. In many cases, even though they realise the need, there are more pressing and immediate needs. In situations like this the

computer protection becomes a discretionary item. By pointing them to free software solutions, there is no financial justification phase and the computer protection is more likely to be implemented. We-blocker Available at www.we-blocker.com We-blocker is a free content filtering package that allows you to create both black and white lists of words and sites. When installed it contains a default list of words that it checks against the content of web sites. While not a perfect solution it will trap content that may other wise slip through. Configuration is a little more involved than some other packages but the results justify the time spent. Zone Alarm Available at www.zonelabs.com Zone Alarm is a free firewall product that once installed will block most attacks against your computer system. It will not however filter content as the previous product better handles this task. The beauty of Zone Alarm is that it is virtually configuration free and starts working straight after installation. Topic 22 - Safe Chat Rooms What are they Kid’s or child safe chat rooms are taken to be chat rooms that not only specifically cater for children but also have conduct and content standards which must be adhered to, to remain in the room. There is a good selection of chat rooms at www.kids.net.au A search on this site found 288 chat rooms classed as suitable for children. I found these by entering chat rooms in the search box. Not all of the chat rooms cater for all age groups so some experiment may be needed. All up it is a good place to start. Topic 23 - Safe sites What they are

A safe site is one which conforms to minimum standards in regard to content. That content is taken to be suitable for children to view and interact with. The best way to find safe sites for kids is to enter “kids safe sites” or something similar into a search engine. I entered that phrase into Google and received so many potential sites that it will be best to leave that part to you the reader. You might however try to narrow the search by stipulating an age in the search criteria. Topic 24 - Safe Search Engines What they are Safe search engines are search engines that are configured to filter inappropriate content from the result pages that they display in response to a search query. They are different from the main stream search engines in that they firstly do not have the same volume of addressable data to search on and secondly that they do not have to be configured to provide filtering. Yahooligans Yahooligans at www.yahooligans.com is a kid specific search engine that uses the yahoo search engine and database. The content is filtered to remove inappropriate content from the search results. Like many search engines, Yahooligans is also a directory which is covered a bit later. In tests the filtering was found to be quite effective on a number of potential inappropriate search criteria. The search engine returned a “Sorry no results were found matching: XXXX.” The search screen is shown below.

AskJeeves for Kids AskJeeves for Kids at www.ajkids.com is a similar facility to Yahooligans in that it is a subset of the search engine AskJeeves. What makes the AskJeeves and AskJeeves for Kids search sites different is that the search phrase is not a word list but the engine expects a question phrased something like “what is the internet” or “how does a guitar work”. For some children this may be a more natural way of using a search engine. Regardless the test results were quite good and inappropriate sites were filtered from the results.

Family Friendly Search This search engine is found at www.familyfriendlysearch.com and appears to be a meta search engine, which is one that searches through a number of other search engines and returns results from those other engines. From the screen dump below it appears that it searches Yahooligans, AOL Kids, Kids Click and Saluki Search, so the results should be comprehensive.

SurfSafely Located at www.surfsafely.com. Another that combines search engine and directory. Opening page is displayed below.

Topic 25 - Safe Portals What are they By definition portals are web sites that have links to other sites often they only cover a narrow range of topics, often related. Portals are constructed and maintained by hand and do not use automated methods to add new sites to the portal access list. Kids.Net.Au This is a very good Australian portal site which breaks up the material available into discrete topic headings. www.kids.net.au

Blackstump Although blackstump is a general portal to Australian sites the link below takes you to the children’s zone. As you can see from the screen dumps there is a vast array of content for children of all ages. The site is located at www.blackstump.com.au/kids.htm

Below is a screen dump from the main index page to give you an idea of what is available.

Some of the other categories include: Cartoons and TV Shows Coloring/Art Disney Encyclopedia/Homework/Reference Games/Game Sites Goosebumps Harry Potter Sites Lego Looney Toons Muppets Museum/Gallery Pokemon Search Engines (Dr) Seuss Tamagotchi/Virtual Pet

Toys Weather Yowie This is a very big selection and I’m sure that there is something for all ages. Beritsbest Located at www.beritsbest.com, this site seems targeted to younger children but comes highly recommended by overseas reviewers. Part of the opening screen can be seen below.

SurfSafely This site was mentioned above in the Kid’s search engine section, but is referenced here again. It is found at www.surfsafely.com

CyberGuide This is a filtered search engine found at www.route616.com . Although it appears to be a search engine it is in reality a filtered directory. It has only access to sites that have been entered under specific topics. These topics are entered as criteria in the blue search box. The site claims that its content is suitable for children aged between 6 and 16 years. My tests suggests that although a well filtered directory it may lack the depth for older children, but as all ways you are the best judge.

Part 5 - Specific Threats Topic 26 - School Web Sites What it is School web sites are sites on the Internet that are run and maintained by individual schools. The content on these web sites comprises information regarding courses offered, accreditation and matters generally relating to the running of the school and a public interface for the external world. In addition many schools post details and photos of student activities and upcoming events. Threat The primary threat to your child is the publication of your child’s photo along with identifying information. A child exploiter may browse a school web site looking for potential targets. As in all these matters, a person is able to begin to profile a child from the random information that they are able to secure from a number of sources. Schools are a bonus to the child exploiter. Mitigation 1 Insist that the school does not publish any specific information that may identify your child. This includes no individual pictures particularly with identification information such as “Jane Doe at the under 13 netball carnival”. A child exploiter has, when viewing this, a considerable amount of information about this child, such as their name, school, age, general geographic location of where they live and a very nice photo to work from. Parents should be aware that this is generally enough information for the exploiter to conduct a phone book search for your home phone number and address. From this it is a trivial exercise to use one of the online street directories to find your home, the school and a probable route home. One such service will plot the best path between school and home, and allow them to print it out. This is just too easy for the exploiter. Although it is flattering to have your child’s picture and accomplishments on the school web page - don't allow it! If the school wishes to publicise the under 13 netball team, then at the very maximum they should place a low-resolution picture of the whole team without names and other details.

Mitigation 2 The following mitigation relates to publicly accessible email accounts and not to internal email accounts used within the local school. Most children are now given an email account at the school. Although it is administratively expedient to allocate email account names on a formalised basis such as first name and family name, initial or initials and classroom or grade, these methods potentially expose your child to an exploiter. Schools should be encouraged to provide email account names that have no correlation to the child’s name, the class room number nor the grade level. Mitigation 3 Although it may be seen as excessive, parents should consider the effects of a school publishing the timetable and location of sporting and other events on an open web server. The location of the under 13 netball team game next Saturday may be the final piece of information that someone profiling your child may need to execute an attack I realise that many parents will consider this trivial, however for one child this information was the ultimate cause of their death at the hands of a pedophile. Topic 27 - Personal Web Pages What are they Most Internet Service Providers (ISP) allocate a number of email accounts and a small amount of space for a private or family web page. Generally this space is in the order of 5 to 10 megabytes of disk space. Having been given this space, many families see this as a good way for the rest of the family to be able to keep up with events and activities and to tell a bit about the Doe family history. Threat Similar to the situation above, a private web page may provide a profiler with a wealth of information that could be used against your child. Let me give an example. On one private web page there were photos of the owner’s daughter from birth up to her current age, which in this case was nine years. Some of these photos also included her with other family members, uncles and aunts etc. The child’s interests were mentioned as were a number of her achievements.

The inclusion of the hospital photo just after her birth with the caption “proud mum and dad Sue and Bob with little Jane 3 hours old”. This caption has identified the first names of the parents as well as the child. A search on the location of their Internet provider will give a general location of the family and so the profiling starts. The most dramatic factor in all this is that a profiler could contact the child and claim that they are friend of uncle George and aunt Ann, information gleaned from the web site. The child knows her aunt and uncle and assumes this person to be a family friend and thus not a stranger. From this contact is established. Mitigation 1 I know that it is virtually impossible to restrain people from bragging on their kids on the Internet, so even though the mitigations in regard to schools apply here, I consider that very few parents would apply them. A practical solution to this is to arrange for the private web page to have password protection on it. This means that anyone who does not have the password will not be able to access the content. Family and friends that you wish to see the pages could have the password emailed to them in the general course of events. Such a procedure, while not totally secure will stop the casual profiler, who will move on to easier pickings. One final point in regard to passwords is don’t make it so simple that a profiler could guess it in a few tries. Mitigation 2 Continuing on in the theme of reducing the chance of a profiler actually being able to locate the Web pages, there are two other strategies. Firstly for those who have smaller or regional Internet Service Provider, decline the offer to have your Web page listed with all the other private pages that they host. It is common for an ISP to have a link from their main page to a member page index. Allowing this is making it so much easier for a profiler, who can just troll through the index harvesting targets. Since the ISP will almost always provide information about what area they serve, the profiler can work a geographic location easily. The second method is a little more involved and may require the assistance of the ISP’s support desk to implement. Search engines index Web sites that they come across based on the contents of what is called the ‘robots.txt’. This file is generally located in the top level directory of the Web site and specifies amongst other things which pages the search engine may index. By organising the ‘robots.txt’ to specifically exclude your web pages, there is no chance of someone finding your Web site through a search engine. I should explain that not all search engines will obey the exclusions of the ‘robots.txt’ file but the major ones will and that’s a start.

Mitigation 3 Consider what you want to achieve with the home web page. If it is purely to store and display family photos then, there are other options that offer some enhanced flexibility. Services such as Yahoo (www.yahoo.com) will allow you to store up to 30 megabytes of photos in a photo album. In this option you can create and place photos in separate folders each with its own password. This way you may allow various people access to specific groups of pictures. The only drawbacks are firstly that you have to create a profile, which I have discussed elsewhere and the chance of loss through having the service either moved or cancelled. Other providers, such as ninemsn offer a similar free service. It may be expedient to take out more than one service and duplicate the images on both as a safeguard against loss. Topic 28 - Cyberbullies What are they Both the terms cyberbully and cyberstalker are relatively new terms that have come into being in the last decade or so. Both terms refer to attacks and crimes that are modifications of, or ancillary to, the acts of bullying and stalking in the real world. Cyberbullying is the use of Internet and other technologies to harass and bully an individual or small group. Threat In recent times we as a society, have become aware of the threat and dangers that accrue from the harassment and bullying of individuals. I consider it a privilege to sit on the subcommittee, which addresses bullying, and harassment at a large R-12 in my home city. This involvement has crystalised much of what I have suspected in regard to this matter, both on and off line. To my colleagues on the SD2 committee, I express my thanks for your input and views. The Internet is a massive tool for the harassment and bullying of children. The best way to express this is perhaps to look at a few potential scenarios. A child may be bullied and harassed within a chat room. From the simple child being ignored through various put downs to the ganging up of the majority of a room against a sole child. If we consider that these events are insignificant we fail to understand the needs of our children for peer acceptance. Having witnessed this in pre-teen and teenage chat rooms, it is heart rending to watch a child attempting to be recognised or defending their right to be there. Such a child feels lonely, unappreciated, even unloved. Now I want to make a bit of a transition here. A child who has been treated this way by their peers is actively looking for acceptance within the online community.

Let me pose this question, how exposed is that child to an adult child exploiter who pretends to be their friend? How easy is it for the exploiter to get the child on side, to get them to open up, discuss their feelings and hurts? How hard is it going to be for the exploiter to lure the child from the chat room into a private conversation? I have adopted this approach, because as parents we sometimes minimise the potential effect of being harassed and bullied. Some parents have adopted the stance that they had to go through it at school, so their child should just learn to live with it. We live in a different world today. Our children face far greater threats to their health and wellbeing than we ever did when we were growing up. One of those threats is that there is always someone lurking around to take advantage of our children. I have spent too much time on this, but I feel that we often do not appreciate the potential for harm. Another version of this bullying and harassment issue is the placing of personal details and/or pictures of the target on the Internet. There have instances where children have had their picture posted on a free Web site with harassing comments about the child. The location of the Web page is then publicised through out the school and the child is further humiliated. Mitigation 1 Looking firstly at the issue of harassment and bullying within a chat room, there are a number of concrete things that parents can do. A great deal of the approach you take in this matter is dependent on the level of need that your child has to be associated with that particular chat room. If your child is not committed to that room, and there may be a number of reasons why they are, then you could help them locate another chat room of a similar type. Earlier in the book I showed you the location of kid safe chat rooms. Kids safe in context means that they do not cover inappropriate topics, but you might be able to find one that suits your child’s needs. OK, that may take some time, but it is going to be simpler and quicker than the next scenario. Where the child is committed to the chat room, for whatever reason, then your strategy must be one of intervention as opposed to relocation. Your first move should be to sit with the child and observe what is happening in the chat room. Watch the chat and responses when your child attempts to join in. Are they ignored, or are unkind comments made toward them. Look at what your child is saying. It is sad, but sometimes, a child may be a poor fit for a specific chat room. Reasons for this often relate to a child’s inability to conduct a chat on the maturity level of the others in the chat room. In such an instance the child will be ignored or spoken down to. It is hard as parents to admit that perhaps our child is not as socially mature as their peers, but denial will not help the child, it will just appease our personal ego.

If this is the case, then you have a responsibility to help the child understand that they would enjoy themselves more in a chat room that talks about their interests at the same level. I know this is a tough one, but we are parents, we are strong – well at least some of the time. If the chat room consists of others that the child comes into contact with on a day to day basis, such as school, then the pressure to remain and gain acceptance is considerably higher. Stepping back a bit, it then becomes clear that the harassment and bullying may be an extension of the behaviors that the child is experiencing during the school day. In this situation a more unified approach is required. The online harassment and bullying is just a factor of a much larger pattern of abuse. We as parents are fortunate today, that our schools have active anti-harassment and antibullying programs in place. Most schools have councilors and a few have chaplains to assist the child. School policies and procedures for dealing with events are publicised and supported. School staff are available to assist both the child and the parent. Use these resources. Please don’t react against the school blaming them for allowing the situation to develop, rather work with them in seeking effective solutions. Topic 29 – Cyberstalking What is it Cyberstalking is the intentional following and drawing the target’s attention to the stalker’s presence. The objective is clearly to cause fear, to intimidate and to control. In many regards, cyberstalking is a much easier act to commit that traditional stalking. In addition it is a much harder crime to prove as the stalker may not even be in the same geographic area as the target. Regardless of this, it is a serious crime and should be viewed accordingly. Threat The threat to a child is they become aware that someone is watching them, their online moves. This person also knows a lot about them. For a child it would appear is if that person was able to see over their shoulder, see them as they move about in their daily life. In extreme cases this is what finally happens, the stalker is able to infiltrate the child’s life with the attendant consequences. Cyberstalking relies to a significant degree in the stalker being able to identify the child and construct a profile of that child. As I discussed at length above, the more information we allow to accumulate about our children on line the more profiling data a stalker or other exploiter has at their command.

From this profile data they can mount an effective campaign to cause the child fear. From statements like; ‘I know the way you walk home from school’ (from home and school address data), to extremely personal details like; ‘I really like your hair in pig tails like that’ (from a picture that they have located of the child on line), the stalker can ramp up the fear. Mitigation 1 The only certain mitigation against on line stalking of children is to ensure that they have a very small Internet footprint. The less identifiable information there is about them on line the less the chance that they will become the target for a random stalker. The other side of this is that if they somehow become the target of a real life stalker, then low Internet visibility will reduce the available channels that the stalker has to stalk the child. Mitigation 2 This mitigation is an after event solution. I admit that this is far from being totally effective and is often difficult to orchestrate. Consider the situation where your child’s identity has been compromised online and there is a concerted stalking activity against the child. In these cases the parent has only one recourse. The child must be moved to a new location online. Consider this to be like a virtual witness relocation program. Before pursuing this option, look at the possibility of the child going offline for a period of time. The theory behind this, is that if the stalking is part of a indiscriminate stalker, that is one who just seeks victims and not specific victims, then the stalker may move on to another target. Not a pleasant thought perhaps, but at least your child will be spared the unwanted attention. There may be a number of reasons that the child cannot remain offline for a period of time. Study needs for instance may require the child to log on regularly. In this circumstance the second option may be used. Set up a complete new identity for your child, with no links back to the existing email account or profiles. Ok how does this work. Create a new email account with a completely different provider, hotmail if they were with yahoo for instance. In any event use a completely new provider. Create a minimal profile for the child, being careful not to divulge any identifying personal information. Do not link the new email account and profile to the old email account and profile. The child may then begin to log on to the chat rooms and other areas that they have been using before. Unless the stalker is particularly adept, they will not link the new accounts

with your child’s previous identities. They will instead most probably think that your child has fled the Internet in fear, which may be one of the desired outcomes for them. A number of problems exist with this solution. You may for instance have your child’s email account with your Internet Service Provider. Creating another identity with the same provider may tip the stalker off, so in this situation you should delete the ISP email account and create a free one similar to hotmail or yahoo. The second problem with this is that your child will have to update their new email address with friends, and in some cases educational and other providers. The threat here of course is that the more people that know the new details the greater the chance that it will get out. Be wary who is told of the new details. One final point, once you abandon an email account of that has been profiled, don’t let the child go back to it. Just let that online identity dissolve. Topic 30 - Hackers and crackers What are they Hackers and crackers are terms used, often interchangeably for persons who break into computer systems either for interest or material gain. The Information Security Industry considers a hacker to be a person who breaks into a system without the intention to perform malice or damage the system in any way. Hackers generally do not attempt to profit from their activities save the gaining of knowledge and skill. Crackers on the other hand are taken to be those persons who break into computer systems to modify, damage or break those systems often with the intent to gain either proprietary information or financial advantage. Threat As far as your children are concerned, the major threat from this group of computer users is that your child may become involved in the underground computer culture. The quest for information and knowledge is a lofty goal and many traditional hackers have contributed greatly to the computer security field. Where the issue evolves, is where your child is lured to the other side. The dividing line between the black hat and the white hat (read bad guys and the good guys) is often so fine as to be barely discernable. It is I believe far too great a temptation for our children to be placed in a position where the skills that they have learned may be turned for either thrills or material gain. If we add the urban myths and the hype surrounding the hackers/crackers as evidenced by movies such as ‘Wargames’ or ‘Sneakers’. We then have a situation where our children may be lured into the underground community attempting to replicate those acts.

Mitigation 1 This is a difficult one, so difficult that I was tempted to delete this section from the book. I mention this solely to pre-warn you the reader that the mitigation for his threat is really thin, verging on the trivial, but I feel that I must address it regardless. Maybe in the next edition of this book I will have something better, more concrete. As parents we seek to encourage our children in their endeavors, yet we must always be mindful that they remain moral and ethical in those endeavors. So when does a keen interest in computers, operating systems and how the Internet works cease to be a good pursuit and become a harmful activity. I suggest that the point where it becomes life dominating, where normal activities for a child of that age are foregone to sit at the computer screen. Even this may not be a reliable indicator, but just talking to them will reveal who their computing hero’s are. A child who see Kevin Mitnick (a renowned hacker/cracker) as a hero, someone to be emulated or a child who talks about the ‘Legion of Doom’ or Phrack magazine is certainly showing signs of being lured to the dark side of the Internet. In these circumstances, you as the parent need to take action to refocus the child’s attention away from the criminal to the thrill of the technology and what they can do with it. In the extreme case it may require that you gain some computer experience yourself and share their interest at the level that they are at. Topic 31 - Paedophiles I have left this topic till last because I suspect that many readers may have had the impression that this is what the book is all about. Its placement is more a function of how this aspect fits into the rest of the book and not its importance as a topic. I prefer to use the term child exploiters. This is mainly due to the stereo typing and social images that the term paedophile conjures up. Regardless of the term that I use, we are talking here about paedophiles – persons who prey on and exploit children – individuals that I consider to be the most dangerous manifestation of our species. Who are they I think that every adult or parent has a pretty clear idea of what a paedophile is. What is perhaps not so clear is who they are. Although there is no clear-cut paedophile profile, there are traits that online exploiters manifest. The online child exploiter seems to have a number of skills, which include social engineering and computer literacy. Many appear to have high levels of disposable income and are often employed in what we might call good jobs.

Since it is not my intention to attempt to teach you to identify an exploiter at sight, since it is plainly impossible, I want only to point out that we are dealing with very street smart and often intelligent people. Threat Perhaps this section is unnecessary, we all know what the object of these people is and what the nature of the threat they pose to our children is. Consider that there has been little perceived online activity tied to real life child exploitation in this country, I fear that we are complacent in this matter. We should be aware that in almost every international police operation to break up ‘pedo’ rings there have been at least one or more members located within Australia. This means that they are out there. In a recent 60 minutes story on online exploiters, there was a brief mention (too brief for many to notice I suspect) of a Brisbane exploiter being online and being tracked by the FBI during the course of an interview with a FBI officer. The main point I wish to make in this somewhat emotive issue is that statistically your child is more exposed to an exploiter in real life, however, their chance of coming to physical harm if they meet an online exploiter in real life is statistically so much greater. In many cases the exploiter ultimately causes a fatality. Online as in real life, these people hang out where the kids are. In real life it is the parks, playgrounds, shopping malls, around schools, in fact anywhere where kids congregate or frequent. Similarly online, it is primarily the kids chat rooms. But this is not the exclusive haunt, they will troll other areas of the internet attempting to identify potential targets. From their contact with them in chat rooms they will seek to establish contact through instant messaging and email. They may also attempt to contact through mail and telephone both landline and cellular. Child profile There is considerable discussion and debate regarding the traits of a potential exploitation target. Regardless of this debate, I consider that child exploitation targets tend to exhibit some of the following traits. Loner Estranged or disenfranchised from family Feel substantially misunderstood Considerable free unsupervised time Below I have listed a number of potential signs that your child may be in contact with a child exploiter. I have divided them into a number of groupings to make the task a bit easier to understand.

Please note that I am not saying that if your child exhibits one or more of these sign then the are definitely being an exploitation target. There can be a number of reasonable reasons for these signs. What I am saying is that if we look for the signs and then the reasons for those signs then we will be better prepared in the sad event of your child being a target. Signs 1 – Home Attitudes The main mitigation is to be observant. Both of your child’s moods and attitudes and of what they say. If your child’s moods change dramatically, they seem distant and insulated then you should investigate the causes. Are they having trouble at school, being harassed by peers. Watching your child’s conversation may indicate the possible presence of an exploiter in their life. Have they begun to mention a name that you have not heard before Signs 2 – Lifestyle Changes Always be alert for an increase in gifts and objects entering the house. Is your child receiving letters from an unknown sender? Is your child receiving letters without a return address? Is your child receiving letters with a post office box return address? Has your child received any gifts from unknown sources? Has your child mysteriously received a prize from a competition that you know nothing about. (I don’t know of any child that will not tell their parent of the contests that they enter and hope to win long before the drawing of the prizes) Is your child using someone else’s Internet access account Has your child be given a cellular phone or prepaid phone cards Has your child excessive disposable income Has your child presents and gifts in their room that you are not aware of the source. Has your child significantly and radically changed the style and manner of dress? Signs 3 – Accounting Signs There are a number of what is best termed accounting signs. These are signs which leave an accounting or paper trail. Are there phone calls to unknown numbers on your telephone bills, both landline and cellular? Are there phone calls to specific numbers at certain times of the day, often when the child is partly or fully unsupervised? Is the child spending more time online particularly at night?

Signs 4 – The Rest The last list is a mix of items that didn’t fit cleanly into the other categories. Phone calls received with hang-ups or wrong number claims. Child closing the screen session when online as you enter the room. Mitigation Basically this entire book is slanted with a view to mitigation against child exploiters. In this regard everything that precedes constitutes the mitigation. But if there was one final piece to this that has so far been left is unsaid, it would be the concept of a stranger. We teach our children via programs such as ‘stranger danger’, the principle of danger that arises from association with people they do not know - strangers. If my understanding of these programs is correct, then we teach our children that there are certain persons that they may approach or give personal details if they are lost or in danger. These persons comprise entities such as police, teachers and the like. In some cases the group may be extended to include medical, fire and rescue personnel. It is not solely dependent on the person’s job or role, but more, I suggest the circumstances that the child finds itself in. Children should seek help when they are lost or in danger. I want to expand this concept here and present an approach that parents may be able to use to teach children the danger of online association. This is the concept of ‘never lost online’. Simply, we can demonstrate to children that there is no situation online where they are either lost or in physical danger. It is a moderately simple task to show them that since they are never lost, there is no reason to approach or give out personal details to a person they meet online. At present I am attempting to formalise this into a program to be presented to schoolchildren. Until that time I’ll have to leave it to individual parent, teachers or caregivers to pursue this either alone or in small groups.

Closing Thoughts Well that’s it, version 2 of this book. I am aware that it is far from a definitive work on this subject, partly because of the constraint to get it out to you the parent and partly because of the dynamic changing nature of both the Internet and the services it offers. As fast as we, the Information Security Professionals mitigate or close off an exploit or an attack, the black hats, the exploiters and the paedophiles find another way to seek out and manipulate their targets. If you were sitting before me today, I would close with the following. Don’t just read this book for interest, but apply the mitigations as you see the need. I cannot see that we will ever be able to let down our guard, as such we all have to be vigilant and diligent to care for our children and their children. On a positive note however, the significant successful capture, prosecution and internment of online criminals and child exploiters should encourage us all.

Appendix A – Author Bio David Teisseire, CISSP has been involved in the computer industry for over 16 years as a systems administrator, software engineer, hardware maintenance engineer and senior consultant to organizations in such varied fields as education, manufacturing, legal, aviation and retail sectors. His background includes extensive experience on not only personal computers, but also mid sized Unix and Hewlett Packard systems David specializes in computer crime issues, with a particular focus on both local and international child exploitation and protection matters. He has written two books. The first “Teach Yourself Home Internet Security in 24 Hours” which focuses on protection strategies for families and individuals. The other book, “E-forensics Unleashed – A BackTracker’s Manual” is a comprehensive technical reference for law enforcement and forensic specialists in the field of computer crime investigation. He has also authored a number of articles and papers on both cyber-crime and Internet protection, including a submission to the recent South Australian Government's “Child Protection Review”. His submission is materially incorporated in Chapter 26 Section D – The Internet and Information Technology and Child Protection, and is further reflected in Recommendation 206 of that report. He has developed and presents Australia's only lecture series addressing the issues of Internet based child and family security. In addition, until recently, he fulfilled the role as moderator on law and ethics for a global security forum. David’s community involvement includes, a number of volunteer positions involved in the management and direction of one of Adelaide’s largest R-12 public schools. In addition he is a director of Wild Rivers Foundation, a not-for-profit child and youth lifestyle education foundation. David is a father of 4 and recent grand-father of 1. He lives in Adelaide, South Australia with his wife Sylvia and two of his children, Lara and Stuart.