Unwanted Content. Now What?

The world of social media has become fascinated with live authentic content. And, social videos now have more engagement than any other content format. Instagram, Facebook and Snapchat all offer video and visual content to users (for free) making them exceptionally popular.  One of the reasons these types of visual content are so attractive is that our brains actually crave visual communication.  Accessibility and low investment by the user have also contributed to the allure of these platforms making the sharing of images commonplace for the masses. Videos and images are everywhere.

So what if someone posts a video or image of you without your permission? And what if that video or image is compromising in some way?  Once posted to the internet, there is no erasing it but there are steps you can take to have that video / image taken down. Most mainstream platforms have reporting processes to address this type of thing and it’s important to note that they place a high priority on situations involving youth.

If you’ve run into an unwanted content situation, here are the steps to follow:

  1. Determine what website the content is posted on.
  2. Contact the website and make a request to have the content removed. See link at the bottom of this post for help with this.
  3. Be prepared to state whether or not you are a youth and if so, what age you were in the video / image as well as what age you are now.
  4. Identify yourself as the person in the video / image and whether or not you believe you are identifiable in it.
  5. Object to the posting and state that you object to the continued posting of the content.
  6. Explain that you did not post the content and that you did not give your permission for the content to be posted.
  7. If you are being intimidated, threatened or blackmailed in relation to the content, we recommend that you also make a report to cybertip.ca

Live authentic content can be fun and captivating, let’s work on keeping it that way.  If someone you know posts something you’d like taken down, tell them and take steps to have it taken down. In return, ensure that video / images you post are consensual and non-compromising.

Please note: Each social media platform deals differently with requests for content removal.  Our friends over at needhelpnow.ca have compiled a list of instructions for removing content from each of the most popular sites. Good luck!


Featured Image Credit/Copyright Attribution Under Standard License of Shutterstock


Our 5 Most Pressing Questions About Sextortion – Answered

Sam from Vancouver wanted to know more about sextortion after she read an article in Glamour magazine about a brave young lady, Ashley Reynolds, who turned her victimization into a 105 year conviction against her abuser, Lucas Michael Chansler. Well Sam, we’ve done our homework and are happy to report back!  What we learned is that sextortion can have devastating effects on victims and, sadly, that it is very easy to become a victim.

Here are our 5 most pressing questions about sextortion – answered.

  1. What is Sextortion?

Sextortion is a serious crime that occurs when someone threatens to distribute your private and sensitive material if you don’t provide them with images of a sexual nature, sexual favors or money.  The perpetrator may also threaten to harm your friends or family by using information they have obtained from your online profiles and electronic devices unless you comply with their demands.

  1. How does it happen?

There are a few ways this can happen, the first being that the perpetrator gains your trust by pretending to be someone they’re not via fake social profiles and lures you into an online relationship that results in you providing them with the material. Alternatively, they might be lurking in a chat room and simply recording your posts or live stream of sexually explicit images to be used as leverage against you.  Finally, they may hack into your electronic device using malware to gain access to your files and take control of your web cam and microphone without you knowing it.

  1. What can I do to protect myself?
  • Do not send compromising images of yourself to anyone no matter who they are or who they say they are
  • Do not open attachments from people you do not know
  • Turn off your devices and web cams when you’re not using them
  1. I’m a parent, how do I protect my kids?

Be nosy! It’s ok for parents to be nosy when it comes to the use of social media apps like Instagram, Snapchat, Kik, and ooVoo.  According to the Federal Bureau of Investigation (FBI), the average age of a sexploitation victim is 14 years with the youngest being just 8 years old so, this is your free pass for being a “helicopter parent.”

  • Be nosy!
  • Don’t charge or leave mobile devices in the kids bedrooms at night
  • Set up passwords for downloading apps that you know and control
  • Talk to your kids about the dangers of communicating and sending photos to people they do and do not know
  • Place a sticker over the camera on all computers and mobile devices and instruct your children to only remove the sticker when they are skyping with grandparents or during other supervised chats.
  1. What if it happens to me or someone I know?

If you receive sextortion threats you are not alone.  In most cases, the perpetrator is an adult pretending to be a teenager and you are most likely one of many victims being targeted by the same person. Don’t be afraid or too embarrassed to talk to an adult about what is happening. sextortion needs to be reported.

In the USA: Contact the FBI at 1-800-CALL-FBI or tips.fbi.gov

In Canada: Contact Cybertip.ca

While sextortion does typically involve young victims there are similar crimes that you will want to be aware of that also involve intimate images.  Those are Cyber Bullying and the Non-Consensual Distribution of Intimate Images, these offences are being responded to by various stages of new legislative authorities worldwide.   Public Safety Canada has a list of the countries that currently have legislation in place to protect against these crimes as well as a examples of existing Criminal Code offences that relate, such as Voyeurism, Obscene Publication and Criminal Harassment.

As for the Ashley Reynolds story, there are still a large number of unidentified victims being searched for by the FBI so that they may be informed that their abuser is behind bars and receive proper counseling.

For related info link to: Dissemination of Intimate Images & Get Cyber Safe

Featured Image Credit / Copyright Attribution Under Standard License of Shutterstock

Your Smartphone is Capturing More Than Your Selfies

The nerdiest of our in-house nerds recently took the plunge on researching smartphone sensor data and its potential for use as forensic evidence.  Since we know ya’ll can’t go more than a couple of hours without accessing your smartphones, we’ve summarized the “meat & potatoes” of her findings for you. Enjoy…

Technological advances are progressing at a faster rate of change than all of social change; business change; and legislative change put together. The distribution of such change has created an environment where society must adapt to face the influence that technology has on the future of crime and criminal investigations.  According to the Department of Justice, one of the three main influences that technology has on the future of crime is the development of new technologies to either stop or deter criminal activities.  These technologies will include new forms of digital forensic evidence.

Change in consumer needs and preferences is a critical variable in the evolution of digital forensic evidence. As consumers, we drive the popularity of devices that will ultimately provide digital evidence.  The wireless communications market continues to experience exponential growth in Canada and abroad. A 2015 study by Catalyst shows an increase in smartphone ownership by 24% year over year, declaring smartphones virtually ubiquitous in Canada. As smartphone penetration grows, the demand for newer replacement models follows with consumers increasingly using smartphones for activities that previously would have been accomplished by use of a landline or laptop. This wide-spread use of smartphones and their evolving capabilities introduces new opportunities in the field of digital forensics not to mention new concerns for user privacy.

Today, criminal investigations often involve telephone record analysis which identifies patterns in contact between subjects. This process involves a review of the number of calls made, time of the calls, parties called, etc., for the purpose of identifying devices that may be used in a conspiracy.  Just as traditional telephone record analysis provides valuable corroborating evidence of an overt act, it has been proposed that Law Enforcement Agency’s (LEA’s) may obtain authority to intercept smartphone sensor data to serve as digital evidence in the near future. The sensor data that are stored in most smartphones include: cameras, microphones, global positioning systems, motion sensors called accelerometer and gyroscope, and, environment sensors that capture proximity, light and temperature. These types of sensor data may provide context that constitutes evidence beyond the current scope of lawful interception systems by forming evidence chains when they are combined or when corroborated with other forms of evidence.

The context that is referred to herein has been demonstrated through research at Fordham University in New York where developers at the Wireless Sensor Data Mining (WISDM) Lab have created a system using smartphone sensor data that recognizes such activities as sitting, standing, walking, climbing stairs, and jogging. The WISDM states it is also “able to predict a user’s gender with 71 percent accuracy, and can distinguish between “tall” and “short” people and “heavy” and “light” people, each with about 80 percent accuracy.” Perhaps more relevant is the establishment that one’s gait as measured by a smartphone accelerometer, may be distinctive enough to be used for identification purposes. The progress made at WISDM Lab is mirrored by Shaun Gallager who, in his thesis, found that identifying an individual’s gait is as unique as identifying an individual’s fingerprint.

In addition to the identification of a user’s physical activities and stature, it has been suggested that smartphone sensor data may in fact provide a near-total data profile on the life of an individual. One study, found that by analyzing application usage and communication history, they were able to statistically infer a user’s daily mood average.  Initially with a rate of 66% accuracy, which gradually improved to 93% accuracy after a two-month personalized period. Similar discoveries were made by Lathia, N., et al (2013) who claim that smartphone sensor data “can unobtrusively sense human behavior and deliver feedback and behavioral therapy.” In their article, the authors discuss applications for behavioral monitoring and change and present the first holistic platform for large-scale digital behavior change intervention.

Given the vast array of future uses for smartphone sensor data, it is important to note that LEA’s will be required to standardize appropriate techniques for obtaining and processing this valuable sensor data.  Pioneers in the field will need to delve into this discipline in order to develop sound techniques for transferring and presenting the smartphone sensor data, perhaps looking to industry leaders for tools to bring efficiency to the process. And, they may be well on their way because both Apple and Samsung have introduced software for collecting and sharing smartphone sensor data signaling a growing interest in the use of sensor data across sectors.

So, what does this mean to the average citizen?  Simply put: your smartphone is collecting more than just your selfies, it is literally storing a near-total data profile on you that one day (soon), may be able to serve as digital forensic evidence before the courts. We’ll be keeping tabs on the forces that are supporting and / or hindering the increased use of smartphone sensor data as digital forensic evidence such as emerging case law and relevant sensor data research.

Featured Image Credit / Attribution Under Standard License of Shutterstock
Social Media

HR Teams are Looking at Your Online Presence. Keep it Classy!

Most people use social media to some extent and whether you like it or not, so do employers. Increasingly, HR departments are using social networks to screen applicants when hiring. According to numerous sources, the most common websites for recruiters to screen candidates on are: LinkedIn, Facebook, and Twitter. If you are a job seeker and have a blog, Facebook page, or any other online presence, you would be wise to:

  1. Carefully manage your image on social sites, and
  2. Be aware of the corresponding legal & privacy considerations when employers screen you online.

Even if you use social media simply to stay in touch with family and friends, or to keep up to date on what’s happening in your community, research shows that almost all employers say that they search and screen the social media profiles of job applicants. This means that if you use social media to post pictures of yourself drunk or naked (or both), or to air offensive views, you may want to clean-up your online act before you begin your job search. HR recruiters are reportedly looking at the social networking profiles of candidates very early on in the hiring process and, at the interview stage in particular.

The many reasons HR teams review the social profiles and activity of candidates include:

  • to gain a more personal view of a candidate than they can derive from a resume
  • they may simply be looking for potential passive candidates
  • they’re looking to see if the candidate will be a good fit with the corporate culture
  • to find out more about that candidate’s qualifications
  • they want to see if a candidate is creative
  • they may be screening out candidates for inappropriate behavior online

It’s important to keep in mind that this type of online “research” can cause a recruiter to form an opinion of a candidate. That opinion may or may not lead them to hire that candidate.  So, with that in mind, here’s what employers least want to see in a candidate’s social profile:

  • references about using illegal drugs
  • posts of a sexual nature
  • use of profanity

While we highly recommend taking a look at your publicly accessible information and making sure your online presence is tidy, there is a flip side. Employers who check out job applicants online do run a number of legal risks. First off, the collection of personal information by employers raises some privacy concerns and, distinguishing between the protected and unprotected online activity of a candidate is not always easy.  For the record, employers don’t need a candidate’s consent to view publicly accessible information on the open internet. BUT, that information must only be used for reasonable purposes that relate to recruiting or establishing an employment relationship.  This serves as a fine example of why your privacy settings are so darn important! This is in part, why job applicants are protected by privacy laws. In Canada, every province and territory has some form of public sector privacy legislation and an oversight authority.  In the United States, certain employee social media activities are actually protected against employer retaliation.  The caveat being, if you have publicly posted information about yourself without restricting who can view it, you will have a very difficult time arguing that that information was private.

Another risk run by employers who view job applicant’s social media posts is the potential for discrimination claims. Social media often reveals one’s ethnicity, sexual orientation, whether or not they are pregnant, married, or in support of a particular political party. This type of information is off limits during the hiring process, and an employer who obtains it from social media and then uses it as a basis for hiring (or not hiring) a specific candidate could face a discrimination lawsuit.

On a related note, there has been a fair bit of publicity around employers pressuring job applicants to provide their Facebook passwords. We’ll be keeping an eye on this topic as we hear that a number of states are currently considering legislation to ban this practice. Facebook has also reportedly weighed in on the practice by making soliciting passwords a violation of the site’s code of conduct. And, the US federal government is apparently investigating whether practices like these violate the US federal discrimination and privacy laws.  If this is your area of expertise, please do comment on this post!

Although the use of social content by HR can be a double-edged sword, you are not off the hook if your online behavior is unprofessional, offensive or just plain gross. Poor online behavior can work against you and leave a potential employer feeling like they may have dodged a bullet by not hiring you based on your sloppy online presence. The bottom line is that what you post and how you behave on social media can create a first impression of the sort of person you might be. All social media users need to understand that any personal information and communication posted on a social site can be viewed by an unintended audience so we highly recommend keeping it classy and utilizing those privacy settings!


Featured Image Credit/Copyright Attribution Under Standard License of Shutterstock

What You Need to Know About Wearable Tech

Tech accessories hit the scene at last September’s New York’s Fashion Week fueling a surge in partnerships between designers and tech giants who are now collaborating on pieces that include sleek watches that can answer your calls and elegant pendants that keep you on schedule.  So even though, fitness and health wearables remained the dominant trend at the January 2015 Consumer Electronic Show, wearable technology is gaining popularity quickly becoming more mainstream!

It’s been predicted that worldwide wearable shipments will rise by 158% in 2015, reaching 75 million units by end of the year.  Some say we have the recent release of the Apple Watch to thank for driving the demand for these devices but with things like pet wearables emerging on the market, we can tell ya’ll this trend won’t rest at watches and calorie counters.  That’s right, pet wearables are on their way, soon you will be able to purchase a GPS collar for the family pooch to ensure he never goes missing again.

Due to the popularity of these gadgets, companies will be expecting an increase in employees wearing personal devices to work and experts warn that that could lead to cybersecurity concerns.  Wearables can create an entry point to a company by running third-party applications while the device is connected the company’s network.  If a device is compromised while connected to the network, a hacker could potentially gain access to sensitive corporate data as well as personal information about the employee.  In case you’re not already aware, data about the device or ‘app’ user is collected by most applications and is often sold to third parties for purposes such as advertising.  If the transfer of that data is not encrypted at the time of the sale, it can be intercepted which creates another opening for a hacker.

With that said, many companies are embracing BYOD (Bring Your Own Device).  BYOD is an IT policy that allows and encourages employees to use their own mobile devices to access company data and systems.  Many companies are implementing BYOD policies because they believe that it will increase productivity and innovation; satisfy employees (many of whom may have been accessing corporate data from personal devices without the IT team’s knowledge anyway) and; save costs as employees purchase their own data packages etc.  However, the benefits of BYOD are met with equal or greater network security concerns.

As steps are taken to ensure network security and corporate data, the implications to the privacy of the individual posed by wearables devices must also be considered.  So, before you go and drop $400 on a snazzy new smartwatch, you may want to find out if your employer has a BYOD policy or perhaps they’d prefer that employees don’t don these new trinkets in their corporate space.



Featured Image Credit/Copyright Attribution Under Standard License of Shutterstock

Ransomeware: To pay or not to pay?

Every so often some genius comes up with a new way to make money on the internet and cashes in. HUGE.  A certain Russian caught our attention while we were reading about ransomware and we felt the need to let ya’ll know what he’s been up to.

For those of you unfamiliar with Cryptolocker, it first appeared in early September of 2013 and is considered in many circles to be the ‘breakout’ ransomware.  A number of different sources have reported that during its rather short lifespan, Cryptolocker successfully duped a whopping $30 million out of victims who were willing to pay ransom for their data.  What made it trendy in the world of Cybercrooks was the significant profit it earned over a relatively short time period. This enormous profit encouraged other Cybercrooks to try new variations of the model, including the targeting of mobile devices. It turns out that it takes a lot less effort (and time) to issue electronic demands for money than it does to collect credit card and bank account details in order to steal an identity.

Wondering how ransomware works?  Well, after infecting your computer via an e-mail attachment or a malicious website, ransomware automatically encrypts files, locks you out of your computer (or your files) and issues you an electronic ransom note that demands payment before access can be regained. There are two main types of ransomware:

  • File-encrypting ransomware scrambles your data files so you can’t open them and then offers to sell you the decryption key.
  • Lock screen ransomware accuses you of some kind of criminal activity and then offers to allow you to continue working if you pay the ransom.

The ransom amount ranges from $300 to $600. Although, there have been much higher ransoms reported. Payment is usually requested via the tough-to-trace cryptocurrency Bitcoin but, some people still pay with credit cards.

How to CYA…

  • Back up your files. All of them. Regularly.
  • Keep your software updated.
  • Use a proactive anti-virus software.
  • Enable your pop up blocker.
  • Exercise caution.

If your prevention efforts are for not, you’ll probably find yourself wondering whether or not you should pay the ransom.  Law enforcement will urge you not to pay, this is illegal activity that should be reported rather than succumbed to.  The experts say, it’s ok to pay but that it’s better not to.  By paying the ransom you’d just be encouraging these Cybercrooks to keep at it and there is no guarantee that they won’t come back and burn you a second time!

So, who is this trendsetting Russian mastermind behind Cryptolocker you ask?  His name is Evgeniy Bogachev.  Bogachev was identified by authorities as the leader of the cybercrime ring responsible for Cryptolocker during its disruption in June 2014. Bogachev remains at large and is wanted by the FBI.


For more on Evgeniy Bogachev you can check out the March 21, 2017 Wired article here: Inside the Hunt for Russia’s Most Notorious Hacker


Featured Image Credit / Copyright Attribution Under Standard License of Shutterstock

We’re Swiping Left on Tinder

The tinder plus video tells the story of a cute professional millennial women taking a fantasy trip across Europe where she conveniently finds a match on tinder with a dashing young man who re-appears in various locations around Europe to show her a swell time.  We admit the trip looks fun and we applaud tinder on hiring a great team to create the feeling of excitement and intrigue to advertise their dating… err sex app.  As we watch the promotional video, we wonder how this young lady (who works in a cubicle) can afford such an adventure (it looks like a fairly pricey vacation), then remind ourselves that this is a depiction of a fantasy and try to ignore the overt sexual innuendo.  This video makes us wonder if young women are really willing to sleep with complete strangers they meet via an app while travelling.  Obviously in order to buy into the concept of tinder we will have to throw logic out the window.  And that friends, is precisely why we’re swiping left on tinder.

Tinder is a mobile app that uses geolocation technology to map potential matches within a certain radius. Yep you heard us correctly. Does this concept suggests that proximity has something to do with compatibility? We know right?!  Our minds are blown by this!   Making matters worse, we also understand that there has been some debate over the exact purpose of this app. Some say it’s a dating app while others argue that its purpose is simply to make ‘hooking up’ with a complete stranger at a moment’s notice both possible and convenient.  Yikes, we wonder how many ladies have used tinder as a dating app only to find their matches are expecting sex on the first ‘date’.  Sounds like trouble.

So, let’s just take a minute to wrap our heads around geolocation technology and privacy.  We’ve read several lists of privacy tips and one thing that is always on those lists is to turn your location settings off on your mobile… meanwhile, tinder is telling us to leave our location features on so that the app can search our radius for potential matches and tell others where we are.  Hmmm. This seems questionable. Simply put, geolocation is the identification of a real object’s geographical location (objects such as mobile phones).  Tinder uses global positioning technology to identify your phone’s location and here’s where it gets real, tinder’s location data process is extremely accurate, it can narrow your location (or at least the location of your mobile device which is probably in your purse, which is probably over your shoulder) to within less than 50 feet.  That’s darn close when you consider that vulnerabilities within the technology itself have allowed people with basic programming skills to query the tinder API (Application Programming Interface) and pull user data.  Speaking of the tinder API, we dug a little bit further and discovered that just one of the many reasons hackers interact with tinder’s API is to create bots. These bots essentially take over the selection process for the user, this means you may be communicating with a bot, not an actual horny human being – Just sayin.

The real deal is that Tinder won Best New Start Up in 2013 which makes it an award winning app.  The fellas who created Tinder are application developers NOT relationship experts and are certainly NOT safety consultants.  Tinder from a purely technological view, is a pretty cool application but when you consider Tinder in terms of privacy, it is a nightmare.  Let’s not let the lines get blurred here people, anytime you leave your location settings on on your smart phone, your device can be located by virtually anyone AND your location data is stored in your phone which creates a history of where you have been… which can reveal your routine etc.   For tech savvy predators that stalk and hunt their prey, tinder is like Christmas morning.  Swipe left. Enough said.


Considering Online Dating? Consider This…

If you haven’t been hiding under a rock for the past 10 yrs and have made your way to this blog post, you’ve probably heard a phrase that goes something like, “on social media you can be whoever you want to be”.  Most of us associate this concept to putting forth an online image of ourselves that reflects our most perfect or marketable self.  Being whomever you want to be online can be a very empowering (and tempting) notion for people who are looking for a new job, building their personal brand or perhaps, looking to meet their next date.

From our perspective, online dating is the single most terrifying social phenomenon of the decade. One of our contributors recently told us about a domestic violence workshop she’d attended as a community policing volunteer a few years back. At this workshop a speaker from Corrections Canada informed the group about the alarming rise in the use of online dating sites by inmates. Yes, you heard us correctly, Corrections Canada means the prison system in Canada and, inmate means prisoner = a person who committed a crime and is currently locked up behind bars.

The speaker described a growing trend in target selection via the then popular dating site, Plenty of Fish. We will write more about target selection (and will probably launch into endless rants about Tinder) later, but for now we simply want to impress upon you the importance of being aware that EVERYONE can be whomever they want to be online. This includes: identity thieves, murderers and sex predators.

So, if you’re considering an in-person meeting with that guy (or girl) you’ve been chatting with for a while and who just happens to be coming to your area next week, consider this: there is a possibility that they are being released from jail in your area and have selected you as their next target. Oh, and that super cute profile pic you’ve been crushing over could have easily been snipped from Google images just to lure you in. Sad but true. Think you can relax because you live outside of Canada? Think again. Canada is not the only Country that allows it’s inmates access to the internet. And, well, the reality of the situation is that the internet knows no borders so please stay vigilant friends.

Featured Image Credit / Copyright Attribution Under Standard License of Shutterstock