Undercover Facebook investigator highlights dilemmas in keeping children safe online

Filed Under: Data loss, Facebook, Featured, Law & order, Privacy, Social networks

Australian Murdoch-owned tabloid the Herald Sun, published in Melbourne, Victoria, today reports on a thought-provoking war of words between two Victorian cybersecurity consultants.

Nathalie Brown, who runs a child behaviour consultancy called Easy Peasy Kids, claims in the Herald Sun that she created a fake 14-year-old Faceook persona and quickly stumbled into sexually-explicit rants about rape, violent anal sex and group sex by young teenagers.

Brown also claims to have quickly acquired 76 Facebook "friends", despite using a profile picture of a fairy.

Brown's rapid accumulation of friends is unsurspising. In Sophos's own "friending" experiments, conducted in 2007 and 2009, Freddi Staur of London quickly clocked up 87 friends (out of 200 requests), whilst Daisy and Dinette from Sydney locked in 95 friends between them (from just 100 requests each). Freddi was a 27-year-old green plastic frog; Daisy was a rubber duck in her early 20s; and Dinette a cat in her late 50s.

Brown's private digging into the adolescent cesspits of Facebook is interestingly timed. The redoundingly-named Standing Committee of Attorneys-General - which brings together the chief legal advisors of national, state and territory jurisdictions in both Australian and New Zealand - has recently been considering whether parents ought to have a legal right to access their children's social networking accounts. No decision has yet been reached.

Of course, Brown's lurking on Facebook wasn't quite the same as parents accessing accounts created by their own children, because she created an account with a fake name and birthdate for her own use. Her motivation seems perfectly reasonable, though: to experience first-hand the sort of online milieu in which her own 15-year-old daughter was hanging out.

Not everyone sees it that way. The Herald Sun quotes rival Victorian online child safety expert Susan McLean - a Victoria Police officer for 27 years and now a consultant running her own business, Cyber Safety Solutions - in unequivocal disagreement. "It's wrong in the extreme," said McLean. "She has no right to do this. Facebook would take a very dim view of this."

And, as several comments on the Herald Sun article point out, if Brown had been a 40-something man posing as a 14-year-old on Facebook, what she'd done would probably be in the news for being deviously creepy, rather than interestingly investigative. This is such a thorny issue that one commentator suggested that it's time for Facebook to drop its attempts to monetise the 13-17 year-old market altogether, officially restricting membership to those 18 years and over.

And there you have it: when it comes to looking out for your children online, it seems you're damned if you do, and damned if you don't.

Remember, you, and your children, need to be much more circumspect about choosing social networking "friends" than those who befriended Nathalie Brown's fairy, or Sophos's frog, duck and cat. Many teenagers seem to think their online identity is unimportant because they don't yet have any significant assets which a cybercriminal or cyberstalker might find worth stealing.

Brown argues differently, and she's quite right:

I could easily copy and paste [from the adolescent posts I came across] to reveal the full names, photos and even mobile phone numbers of some of those involved. In fact anyone could, because once you write on Facebook it no longer just belongs to you. It is there forever. Even if you delete it, it is there somewhere."

If you haven't yet thought about just how much information a crook might accumulate about you from social networks alone, and how that might have long-term value in the cybercriminal underground, watch this video we made after our experiences with Daisy the Duck and Dinette the Cat:

(Enjoy this video? Check out more on the SophosLabs YouTube channel and subscribe if you like.)


PS. You can buy the pictured T-shirt from Zazzle.

, , , , , , , ,

You might like

7 Responses to Undercover Facebook investigator highlights dilemmas in keeping children safe online

  1. Heather · 1518 days ago

    I was sitting with my daughter one day while she was on facebook and I noticed she had added several older men from the middle east and other asian countries. I asked her why she had added them, as they had sent her friends requests, she said "no reason". I Then told her to delete anyone she did not know personally, as she is only 13 and does not need 36 year old men being friends with her, or people she did not know.

    I think parents should talk to their children about who they friend, but not have control or access to their facebook, if they want to know then ask their children, if they dont trust their children then maybe they shouldnt allow them on the internet in the first place.

    • Wow, that must have freaked you out! Both my teenage kids are huge FB users and I have asked them about friending requests and such. They only have actual friends that they know. They included me as friend to allow me to see their postings, etc in the early days and once I was satisfied that it was ok we agreed I would not view their posts on my wall, it's all about trust.
      But, they also know many others who feel pressured into accepting every request or they feel the more "friends" they have the more popular they are.
      Remember, kids who have a good relationship with their parents are unlikely to go off to meet random strangers they meet online. It's generally isolated and vulnerable kids who do. If a kid does interact with these creeps, there's generally a useless parent(s) in the mix.

  2. I have repeatedly counseled my 17-year-old stepdaughter to not friend anyone she's not actually friends with, to keep her privacy settings high, and to ALWAYS log out of Facebook after she's finished with it. So the other day, I logged on to the PC that she uses (I generally use my Mac) to upgrade the antivirus software and, just to see whether she was following my advice, opened up Facebook. Sure enough, it opened right into her profile. I could see EVERYTHING. All her posts, all her friends' posts, the whole shebang, right there for anyone who chose to get on the computer and type in Facebook's URL.

    I struggled with what to do: change her settings to secure sessions so it would automatically log her out? (violates my "do not meddle -- make her learn lesson hard way" precept). Start randomly posting messages on her page and spamming her friends so she can understand that the issue is serious, but not actually be in danger? (violates my personal ethics... even though it seems like fun.) In the end, I simply put a password on the computer so that no one can use it without first coming to me. When she next tries to access the account from the PC, she will be obliged to come to me to request access, and I will demonstrate to her why it is I put the password there in the first place. In fact, I will make her watch me as I log in, go to her Facebook account, and peruse all her recent posts. I think that's a fair way to get the message across, don't you?

  3. Andrew · 1517 days ago

    For years and years the mantra has been to protect children by restricting access. Recently the shift has been to a view that children are better protected if they are made aware of the dangers and understand the risk. This should allow them to make informed decisions and be safe online. The problem seems to be that while this view is being taken on there are still some people neglect their responsibility to teach children about the risks out in the world. It is the responsibility of schools to help but most of all its up to the parents to teach their kids what is safe and what is dangerous online. I remember growing up and being told things like "don't talk to strangers" "not to take sweets from strangers". What we have now is the online equivelant and it seems that there are still a small number of people who don't understand that people on the internet are just as dangerous as people in the street.

    There are a number of factors that could contribute to this such as the technical illiteracy of the parents and their ignorance of the internet. Lack of internet and a computer in the home would make this difficult. This is where schools should be picking up the slack though and as children are still falling foul of predators it seems they are not.

    This report was written in 2008 looking at how to keep children safe on the internet. https://www.education.gov.uk/publications/standar...

    Maybe if these investigative reporters would look into what is being done to protect children rather than just exposing how children can be targetted it would in turn lead to a safer internet. I don't ever remember the newspapers sitting in a white van outside of schools offering sweeties just so they could prove a point.

  4. Jo. · 1516 days ago

    My, then, 11 y.o. was new to Facebook. One day she asked me to help her to report to police that an older man who'd been trying to 'friend' her and pals on Facebook over previous two days. At the police station the young officer at counter treated us like fools over-reacting. Humiliated, my daughter headed for the door. I stood my ground, further embarrassing her. I insisted that he take our details and contact the cyber crime unit or else I would. A week later he rang and emailed an apology, "The cyber crime unit was interested". Three weeks later they rang saying, "Your daughter's tip-off led to an arrest. Thanks"

  5. Rob · 1510 days ago

    A year or two back, I opened a new Facebook account simply to satisfy my curiosity over some rather risqué apps/groups that I'd not really want my usual account associated with. Totally empty profile, no picture, nothing, just a DOB that put me in my 40s. Using one app, I ran across a teenager at a school I attended some 30 years previously, with a totally open profile - I was looking at their pics to see how the place had changed, and at a whim, clicked the add-as-friend button.

    Immediately, and before the request was even responded to, FB started offering me "other people you may know", and they were all other kids at that school. Many with equally open profiles, and this continued even after the initial request was denied. Even more curious, I tried friend requests on a few, and in more cases than not, got accepted!! I even got requests back from their friends! I dropped the account after a couple of days; this was too scary, and I definitely didn't want to be accused of anything untoward.

    But yes, Facebook is a cesspit if you stray into the wrong circles. Once you learn to decipher the kids' awful language non-skills. (Do they not teach them spelling, punctuation, etc, these days?)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog