From Tony Bradley, CISSP-ISSAP
Social networking is all the rage. Various web sites have sprung up for the sole purpose of providing a place for users to express themselves, share with like-minded individuals, discover new things, and communicate with others.
The concept is so popular that even the 400-pound gorillas of the Web have jumped on the bandwagon. MySpace was snatched up by Rupert Murdoch's News Corp. Google has Orkut. Yahoo tried Yahoo 360, and is now beta-testing their new social network dubbed Mash. Microsoft just bought into a large stake of Facebook.
The concept of social networking has also been extended to other areas. For example, Youtube (also picked up by Google), provides users with the ability to express their creativity, network, rate their favorite video clips, etc. Some sites like Flickr, DropShots, or PhotoBucket provide users with the ability to post and share photos and family videos.
The bottom line is that social networking is hugely popular and it is big business. Unfortunately, child molesters, sexual predators, and scam artists have discovered that these sites can also be exploited to find victims.
There have been numerous instances of sexual predators and child molesters posing as children to network with young victims on MySpace.com. MySpace was also recently discovered to be compromised by attackers spreading malware on exploited profile sites. MySpace has taken steps and implemented security measures to minimize this problem, but users should still be cautious and aware.
While not directly related to a social network, Craigslist, the popular regional classified listings site, was recently used by a predator to lure a victim to her death. After listing a job opening for a babysitter / nanny, and arranging a meeting with the potential nanny, the killer then murdered the prospective nanny.
Photo sharing sites are used by thousands of families to post and share family photos. It is possible to restrict access and only let users you identify view the pictures, but many users are proud of their kids and their photographic skills and allow the general public to view the photos as well. Child molesters and sexual deviants can search through these sites and bookmark their favorite photos of young boys and girls.
Follow these steps to use social networking sites responsibly and avoid becoming a victim:
1. Be Skeptical. At least be cautious. The point of social networking is to find people who share your interests and establish a network of friends, but don't let down your defenses too easily. Just because someone claims to like the same music as you, or share a passion for scrapbooking, doesn't mean it is true. These new "friends" are virtual and faceless and you can't completely trust that they are what they say they are.
2. Be Diligent. Knowing that the potential exists for scam artists or sexual predators to be lurking about, keep an eye on your profile and be diligent about who you allow to connect with your profile. For photo sharing sites like Flickr, check out the users who are marking your photos as their Favorites. If some stranger is marking all of the pictures of your 7-year old son as their Favorites, it seems a little creepy and may be cause for concern.
3. Report Suspicious Behavior. If you have reason to believe that someone is a sexual predator or scam artist, report it to the site. If you look at the profile of the user marking your son's photos as their Favorites, you might find that they have marked hundreds of other young boy's photos as their Favorites. Flickr, and other such sites, should take action against this sort of suspicious behavior.
4. Communicate. Parents who have children that surf the Web and frequent these social networking sites should communicate with their chidlren. Make sure your children are aware of the threat, and that they are educated about how to use the Web safely. Make sure that they understand the risks and that they know they can talk with you about suspicious or malicious activity they encounter.
5. Monitor. If you want additional peace of mind, or you don't fully trust that your children will stay within the guidelines you have laid out, install some monitoring software to watch their online behavior. Using a product like eBlaster from SpectorSoft, you can monitor and record all activity on a given computer and keep an eye on your children.
URL to the article