Definition Cyber-stalking can consist of a variety of activities, but it is generally defined as the continued and deliberate harassment , threatening

behavior, or unwanted advances towards a person through the internet or other forms of on-line and computer communications. Cyber-stalking does not include occasional junk mail, but it does include any methodical or deliberate attempt to harass the victim. Cyber-stalkers can find their victims through chat rooms, online communities, discussion forums, e-mails, or through a random search. Even people without access to the internet can be victims of cyber-stalking. All the stalker needs to do is find out personal information about the victim and they can then use that to impersonate the victim and solicit meetings with strangers without the victim ever getting on to a computer.

All rights reserved, except that permission is hereby granted to freely reproduce and distribute this document, provided that it is reproduced unaltered in its entirety and contains this copyright information: 2006 Pandora's Aquarium,http://www.pandys.org.

Stalking is a serious problem, and entails a deliberate pattern of threatening or annoying behaviour in the form of following you, threats, phone calls, letters, emails, sending "gifts" ("nice" gifts like flowers, or macabre items like dismembered animal parts), driving by your home, approaching you or your property, or surveillance - watching you, or tapping your phone.

http://www.rvap.org/pages/cyberstalking/

Cyberstalking 101 - by Gal Shpantzer

The Internet is often the first place a stalker goes to make contact with victims. From there, the stalking can take place on or offline in many variations ranging from personally intimidating the victim to gathering unwitting mobs of online users to aid in the crime.

We started seeing the dangers posed by cyberstalking back in 1999 in California when a former security guard put one womans life in serious jeopardy after she rejected his romantic advances. He simply posed as the victim in postings on bulletin boards catering to discussions of sexual fantasies saying she wanted to play rape games. He included her real phone number and street address, and complete strangers started showing up at her doorstep, wanting to fulfill her rape fantasy.

Stalking, which involves the repeated, unwanted conduct that causes fear in the target of the stalking behavior, has been recognized by all 50 states as a crime. While criminal stalking behavior involves implied or threatened violence rather than actual violence, it should be taken seriously. There have been many cases of physical violence following stalking behavior, up to and including murder/suicide. This is especially true in intimate partner stalking, during a breakup or after the end of a relationship.

As a newest form of stalking, cyberstalking is the online variant of the more traditional physical methods of surveillance and intimidation of stalking victims, such as showing up at work and home, mailing communications via US Post and others. Cyberstalking methods can include

use of email, instant messenger, chat rooms, websites, interactive portals, and social networking sites.

Cyberstalking is unique among stalking behaviors since it allows the stalker a perceived measure of anonymity and requires no physical travel in order to interact with the victim. It is highly efficient and can be directed at multiple victims with relative ease compared to physical stalking methods. But just because they cant be seen, doesnt mean they arent harming their victims. Cyberstalking can paralyze the recipients by means of humiliating, intimidating and even horrifically detailed threatening anonymous communications. And it can be just as dangerous, as in the case of the woman in California when men started showing up at her door wanting to act out her rape fantasies.

These same issues the ability to hide oneself and go after multiple targets across state lines, are also creating new technical and legal challenges to law enforcement, investigations and prosecutions. As a result, agencies are typically under-funded, their forensics investigators dont fully understand where and how to find and preserve digital evidence, and theyre all pushing against jurisdictional laws in the real world that dont apply to cyberspace.

There have been improvements over the years, as advocates, laws and enforcement step up to the challenges of this new way to harass and stalk victims.

In the next part of this series, we will examine some of the technical aspects of cyberstalking investigations and the first successful cyberstalking prosecution.

Gal Shpantzer, contributing analyst to the Security Consortium is a trusted security advisor to CSOs of large corporations, Silicon Valley startups, universities and non-profits. He has been a contributing editor of the popular SANS Newsbites security newsletter since 2002 and has co-authored book chapters, courseware and assigned papers on topics including IT ethics, Information Warfare (IW), business continuity, cyberstalking and digital forensics.

http://www.onlineuticacollege.com/articles/cyberstalking.asp

Hackers Overtake Insiders as Leading Cause of Data Loss

Friday, April 22, 2011 Contributed By: Headlines

The Identity Theft Resource Center has found that hacking accounted for the largest number of breaches in 2011 year-to-date. Almost 37% of breaches between January 1st and April 5th were due to malicious attacks on computer systems. This is more than double the amount of targeted attacks reflected in the 2010 ITRC Breach List (17.1%). Note that these numbers do not include the recent hackings of enormous quantities of email addresses from companies. Email addresses alone do not pose a direct threat as long as consumers realize that they are more susceptible to phishing scams. Phishing scams try to trick readers into providing personal information that can be used for identity theft. Paralleling the ITRC breach report finding is the recently released Symantec Internet Security Threat Report. This report discloses that over 286 million new threats were identified during 2010. Additionally, the Symantec report said they witnessed more frequent and sophisticated targeted attacks in 2010. This may partially explain why the ITRC observation of increased hacking has occurred so quickly. Additionally, a new survey by McAfee found that the most significant threat to businesses was data leaked accidentally or intentionally by employees. ITRC views these as two different types of breaches. Accidental breaches are those that happen by employee mistakes, and while they cause harm, the people who made a mistake never intended to injure the company. However, the insider who intentionally steals or allows others access to personal information is considered a malicious attacker. At first it may be difficult to know if a hacking was perpetrated by an insider or outsider, says Linda Foley, founder of the ITRC and data breach report manager. ITRC does not have access to the Secret Services forensic information has so we can only report on situations when information is released. As of April 5, 11.6% of 2011 breaches with known forms of leakage were insider theft. When these events are added to known hacking attacks, ITRCs breach database report indicates that 48.2% of published breaches are some form of targeted attack. The business community seems to be taking the brunt of hacking attacks, according to published reports of breaches. In fact, 53.6% of all breaches on the ITRC report were business related. The other categories, Banking/Credit/Financial, Educational, Government/Military,, and Medical/Healthcare all dropped in their respective percentage of reported breaches. Unfortunately, it is still difficult to ascertain the true cause of many breaches due to entities publicly stating the information was stolen or due to theft. Additionally, nearly half of breached entities did not publicly report the number of potentially exposed records. Several medical breaches ranging up to 1.9 million records caused a spike in the total records for the health services field.

This was probably due to mandatory reporting by HHS. Since other entities do not have that type of requirement, it is likely that entities in other categories also had breach events with large record exposure numbers that went publicly unreported. No conclusions can be drawn yet about how this year will compare to prior years. The one thing that is consistent, year after year, is that data breaches will occur. These events are outside the realm of consumer control. Due to our individually broad electronic footprints, our Social Security numbers and financial account numbers are in a vast pool of information that can be breached. The responsibility for protecting this personal identifying information is fully on those who request and store it. All entities that collect personal information need to understand and embrace the concept that only they can safeguard our information and that this safeguarding must be an urgent priority. Not only are hackers winning, but so are the thieves who steal unattended laptops and dig into dumpsters behind companies for paper data. Breaches just dont happen, they are allowed to happen. ITRC will continue to track, analyze and report on the situation of breaches of personal information. About the ITRC The Identity Theft Resource Center (ITRC) is a nationally recognized non-profit organization established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft. Visitwww.idtheftcenter.org. Victims may contact the ITRC at 888-400-5530. http://www.infosecisland.com/blogview/13282-Hackers-Overtake-Insiders-as-Leading-Cause-ofData-Loss.html