As adults get better at avoiding suspicious websites and fake email attachments, some hackers are shifting their strategy to go after a family's weakest link -- kids.
With a growing number of kid-friendly websites, online games and mobile apps now on the market, children are becoming important consumers of online content -- and a perfect target for hackers.
Why would a hacker want to target your child? Aside from sexual predation, hackers can use your child as a gateway into the home PC. With children, hackers have an easier way to install malware (e.g., viruses, computer worms, remote backdoors) on a family computer that is likely to also contain financial information and be used for online banking. Once a hacker is on the home PC, they can do any number of things -- record credit card data and bank logins (which they will later use to make transactions or sell it on the black market), steal your identities, spy on you through the webcam (a practice known as "ratting"), extort you, lock you out of your computer (known as "ransomware") and more. They're also able to steal children's identities and sell these on the black market.
It's important for parents to realize that just because you have parental controls on your computer, that doesn't mean your child is safe from online criminals. You don't have to go to an adult-oriented website to get infected. Even children's websites, education sites and well-known brands are vulnerable to hackers. In fact, web security hasn't progressed that much in the past few years -- many of the same threats that plagued websites years ago remain persistent problems today. According to a recent study by Veracode, 70 percent of web applications fail basic security standards.
There are dozens of ways your kids could be targeted online, but here are the ones most likely to happen in your home:
- Infected Websites - If the New York Times, NPR, Washington Post, Twitter and Facebook can get hacked, do you really think a kid's website is bulletproof? There's no such thing as a 100 percent safe website, as every site has a lot of different parts and pieces, and a good hacker can find a way in. If your kid visits an infected website, they could infect the computer with spyware, viruses or other types of malware. Recently, hackers have also used online ads to put malicious code on big websites.
- Spoofed Sites and Poisoned Searches - Kids learn how to Google their questions at a young age. If you don't have parental controls set, even innocent searches like "kissing" or "Halloween costumes" could lead to questionable sites, particularly if they search under "Images." But even with parental controls set, high-trending search terms (perhaps for a new movie or toy) could pop up results for fake websites that are deliberately placed there by hackers to lure victims.
- Malicious Apps - Fake apps that look like games but actually hide viruses are another growing risk, especially for kids. Malicious apps can spy on your kids, steal data or try to ring up bogus charges through in-app purchases. This risk is highest with apps that are downloaded from third-party app stores, but a number of fake apps have also been discovered in Android Market/Google Play and, in a few cases, in Apple's App Store.
- Data Breach - Sometimes, security is out of your hands. If your kid registers on a website, and that website's server is hacked, criminals could have access to whatever information was included in the registry -- name, age, billing address, credit card, etc.
This doesn't mean parents should keep their kids offline. However, parents should take a few important steps to protect their children and their home computers and network:
- Use a Dedicated Device - If this fits within your family budget, consider getting your child their own computing device -- whether it's an iPad or Android tablet, iPod Touch or inexpensive laptop (Toshiba, Acer, Asus, Samsung, HP all have models under $300). This is the best option because if your child's device gets infected, it won't put your family's online banking info, credit card data or other online accounts at risk. Stick with WiFi-only versions, so these aren't registered for a data plan.
- Share More Safely - If you have to share the home PC with your kids, take a few precautionary measures to lower your risk. First, have your kid use a different web browser than the one you use for online banking -- Chrome, Firefox and Internet Explorer 10 all have good security. Disable Java in your web browser by going into the 'settings' option - this will protect you against many common attacks. Make sure you have a good anti-virus program installed and keep both it and your operating system regularly updated.
- Lock Down Your Kid's Device - Set up parental controls on your kid's device -- this won't stop every attack, but it will help. Consider downloading a "white-listing" tool that prevents your kid from being able to visit websites that have been reported unsafe -- this will help catch even legitimate websites that might be temporarily infected. Go into the "settings" tab of your device and make sure it's prohibited from downloading apps, making in-app purchases or adding friends to online games. You should also consider disabling the camera, video and "location services" which track your child's physical location. Also, on traditional PCs, make sure your kid isn't logged in as a "local administrator."
- Track Your Kids - A lot of parents have mixed feelings when it comes to spying on their kids' online activities. Given the growing digital threats -- hacking, cyber-bullying, cyber-stalking, sextortion, etc. -- parents should push these concerns aside, particularly for younger kids. There are a wide range of software tools that can help you keep an eye on what your kids are doing online, what websites they're visiting and who they're communicating with - these include companies like Symantec, Trend Micro, MinorMonitor, UKnowKids, etc.
Follow David Kennedy on Twitter: www.twitter.com/@TrustedSec