First in a series
Parents of children old enough to surf the Internet often worry – and rightfully so – about what their child might be seeing online. Without common blocks on whichever search engine they use, a child can easily be inundated with pornography and violence so graphic that even the worst video games available pale in comparison.
These are well known facts, and in response, most parents take care to ensure their children are unable to reach those sites. However, there are many sites young people use on a daily basis that are just as bad and far more dangerous according to Cyber Crimes Specialist Eric Tamashasky who also doubles as a Deputy Prosecutor in Saint Joseph County.
Tamashasky recently spoke at length during a Youth Worker Cafe sponsored by the Indiana Youth Institute and Build A Better Blackford Community Foundation at Blackford County High School.
Tamashasky has attended several Secret Service training schools on cell phone forensics as well as having extensive training in online safety.
Tamashasky opened the seminar by saying, “When I talk to kids at schools I don’t talk to them from a morality standpoint. They don’t need me coming in there telling them it’s bad, don’t do it. They need to see what is.”
“They need to know how they can protect their privacy,” he continued. “If they can do that, we’re all doing something better.”
“The first thing I ask them,” Tamashasky said, “is how many of them have been hacked. Whether its Facebook or Instagram, it’s usually well more than half the group I talk to. Which means that people are trying to get into the kids’ stuff.”
Passwords are the key
According to Tamashasky, poorly constructed passwords are the number one reason hackers are able to access online accounts. “When you have a bad password, it’s easy to get into an account,” he said.
“If I’m sitting beside them in the library and they type in 12345 as their password, as soon as they get up, I sit down and guess what? I’m them,” he explained.
Tamashasky recommends using a sentence a student will remember to make up a hard to crack password. Something along the lines of: The Bruins will win every game in 2016 because they rock.
“If they use the first letter of word to create a password that can be hacked in 22 minutes,” he said. “So what you want is a mixture of upper and lower case letters. It doesn’t matter how you do it. You just need to get the up and down going, then 22 minutes turns into 8 days.”
“Notre Dame was founded in 1842,” he said. “I’ve seen that on sweatshirts. This is a great password. It could take a million years to hack that password. Here’s why, when a hacker tries to get into an account they use what are called rainbow tables. Rainbow tables are filled with movie quotes, the oxford dictionary, songs and quotes from books.
“So if the password is someone’s name, or something that makes sense, it’s susceptible to hacking,” he continued and pointed to the jumble of letters on the overhead screen, “This garbage is not. If you get flashy you can put in punctuation, Michigan fans could throw in a question mark, and if you do that…two billion years to break the password.”
Different passwords recommended for every site
Tamashasky also recommends having a different password for every site. “The reason this works, everyone on the Internet now encrypts their passwords. Encryption only goes one way. So the way the hackers do it is they run the same algorithm on Facebook that they know Facebook uses to encrypt the pass codes, when they get a match the password pops out. You do this and even though it gets compromised on one site, it’s not going to give them access to every site you’re on.
“If the same password is used in every place and one gets hacked, they are all compromised,” he insisted.
Lie on your security questions
According to Tamashasky, security questions for passwords are one of the main reasons people get hacked. “This is how celebrities and famous people, and children are getting hacked,” he said.
“When you make an online account, the Internet tries to help you,” he explained. “What they do is ask you random questions that help you if you forget your password. If you know the answers, you can get back in. The problem is, anyone with Google can find out that information and answer those questions and at some point get into the account.”
“There are no good questions,” he said. “There are good answers. The answer is lie. Never tell the truth. If the kids are honest, they will get hacked. This is where the kids are getting torn apart. They are deathly afraid of losing their accounts, so when they get the security questions, they answer the easiest question so they’ll always know.
“That question is the same one that their entire class knows,” he said. “It’s the one their entire neighborhood knows, their buss knows. That’s why their privacy is not secure on any of these sites.
“You’ve got to fix these two things,” he advised. “If the passwords are fixed and the questions are fixed, the account security is as good as we are going to get.”
In the next installment of this series, Tamashasky will address other cyber security issues for teens and adults. Look for it in Thursday’s edition of The News-Times.