Stealing The U.S. Election

So I've never seen anything quite like this before.

The liberal media is completely trying to destroy Trump, and this is a true crisis of democracy.

They are jumping on him like a gang of bandits, ruthlessly punching and kicking him into the pavement, while reveling in the ascendancy of their absolutely do no wrong Queen of the 2nd Impeached President of The United States of America.

The saying that all publicity is good publicity, has now been proved totally false!

Sure, does Trump have a big mouth and say stupid and offensive things, absolutely.

Is it possible that the guy is flawed, but really doesn't mean it the way it comes out, as awful as it does?

Never-the-less, the power elite behind the Hillary machine have seized on these things to label him a fascist, racist, Nazi, demagogue, black soul, evil, and even today in the respected Wall Street Journal, a sociopath. 

(Hopefully the stupidity of the people saying these wild-a*s things is forgiven, so G-d forbid one day we shouldn't have a candidate who really is like that!)

On Sunday, in the New York Times Review Section, it is not uncommon to find 3 articles on a single page dumping on Trump and almost the entire section dedicated to his downfall. 

And of course, this treatment of one candidate, Trump, is not over-the-top at all, and completely fair and balanced thinking and coverage (sarcastic), as we wholly forgive Hillary for (alleged) lying, collusion, corruption, foundation money laundering voter rigging, and year after year of failed global policies (anyone out there been following that 80% of the people are dissatisfied with the direction of this magnificient nation). 

Add to that the murder-suicides of dozens of people associated with the Clinton's from Vince Foster in the Whitewater scandal to the killing of DNC staffer, Seth Rich, out of the blue just last month in DC. 

Now let me say right out that I am the first one to condemn Trump's outrageous and off-the-cuff statements about a disabled reporter, a POW Senator, and the the Muslim parents of a fallen soldier--yes, these are truly despicable and stupid things. 

But yet, when I watch the tapes and hear the guy speak, I think that very possibly he is just a huge, nutty-type of eccentric, like these very rich people, under the covers, tend to be. 

I think his mouth gets away from his brain, and yes while this is obviously not a good thing for an ostentatious Presidential candidate, why has the opposition been so successful at completely demonizing the guy (and don't just say that he did it to himself) and giving a bright shiny nickle to the other candidate?

Is saying stupid things (even very stupid and grossly offensive things) really the equivalent of being a Nazi and sociopath--and is he truly worse than someone involved in lying, collusion, corruption, and global leadership failures that literally can threaten our nation's security and take us down a path of true global disorder (how's that relationship with the powerful Russians, Chinese, Iranians, and North Korea as well as the state of unabated worldwide terrorism doing these days)?

The left, including many prominent media outlets, have jumped on the band-wagon to label the opposition and they have been unrelenting and ruthless at destroying only one of the candidates, Trump, while they continue to give Hillary more or less of a free pass--does anyone wonder about this? 

Rather than a fascist candidate, maybe what we really have is an an outrageous attempt at a fascist election system!

I wonder whether the people supporting this ones-sided narrative and single party election will come to regret their boundless political wisdom, hard and fast professional assessments, and vicious character assassinations, once we are well into the next term of President. 

What will the pundits and media say when the economic bubble tears, when major terrorism strikes big and bad, when global upheaval dangerously spreads, and all we get is more spin, deception, inaction, and leadership from behind--are you so sure that is better than a candidate with a big mouth, but also who can build big skyscrapers and skylines over a new horizon for this country? 

Will the pundits, media echo chamber, and the elites absolutely forcing Hillary to the top have a reckoning of thinking and conscience, with their air of puffery knocked out of them--will they have the presence of mind to question for a moment their choice of a candidate with a life-filled of scandal over a big-mouth, clumsy New York billionaire builder. 

Finally, when one thinks of insane and evil, aren't the activities that Hillary is accused of exactly those. 

Perhaps this is truly the crooked pot calling the big mouth kettle black, and the biggest election coup and voter fraud taking place right under your mightily socially engineered noses. 

(Source Photo: Andy Blumenthal)

Stealing The U.S. Election

{{{Democracy BERNS}}}

There is a fire that even these many fire extinguishers cannot put out, because it is our very democracy that is under attack and aflame. 

If secrecy, lies, perjury, corruption, and end-runs around the law weren't enough...now, we have the ultimate in democratic corruption.

Hacked emails from the Democratic Party show election rigging, collusion, and corruption at the highest levels. 

Emails document how DNC party officials questioned about:

"Whether they should raise doubts about the Sanders campaign."

One senior official says:

"Wonder if there's a good Bernie narrative for a story, which is that Bernie never had his act together, that his campaign is a mess."

Another official stated:

"Does he believe in a G-d. He had skated as saying that he has a Jewish heritage. I think I read he is an atheist. This could make several points difference with my peeps [people]."

Even Sanders' campaign manager said that the emails showed that party officials were:

"Planting negative stories about him with religious leaders in various states [to rig the election towards the former First Lady]."

This is a clear case of conspiracy--and I do not use this word lightly--where the election was being steered by a corruption-infected system towards a certain candidate denying the actual will of the people and their rightful candidate choice.

Ah, so much for a fair and just democracy.

The Democratic National Convention starts on Monday, and it looks like they will be celebrating their corruption not only in terms of a system rigged with superdelegates, but where collusion and political narrative thrive and the political opposition, Bernie Sanders, never even had any chance, let alone a fair and democratic one. 

Where is the accountability of these officials--are they too above the law as is their candidate.

No candidate for election should have a tacit nod of consent and support from officials and definitely should not be put in place when not in line with the will of the people!

We do not live in a dictatorship, in totalitarianism, in fascism--or perhaps, we most sadly do. 

It is incredible hypocrisy that we send election monitors around the globe to police and ensure fair elections, but here at home, we can't seem to effectively police our own system for fairness. 

The election for president in the exemplary democracy of the world, the U.S.A, should not have the powerful, the elites, the 1%, control who is elected to office.

The situation has gone from bad to worse with serious allegations of:
- Vanishing global moral "red lines" 
- Shady deals with our sworn "Death To America" enemies
- Laughter at murderous terrorist attacks
- Shutting of the eyes at the killing of police officers
- Money-laundering from private foundations
- Private servers exposing state secrets
- Election rigging

These are a treachery and a desertion of our very democracy, and unfortunately the fire of corruption is still burning in our beloved America while the convention just begins. ;-)

(Source Photo: Andy Blumenthal)

{{{Democracy BERNS}}}

A Winning Letter

So everyone with management responsibility whether in business or government gets their share of sales calls. 

People are competing to get their "foot in the door" and at the same time not get the "door in the face" to do business and of course make money--it's called capitalism and "it's the American way!"

Most of the time, managers don't have time to respond to all the calls they get. 

But this week, I received the most brilliant introductory letter from a 26-year old in technology services. 

I think it's important to share from this, because it's really the best I ever received from anyone looking to make a contact. 

First, the letter is handwritten, which right away made it more personal and so got my attention in the first place to even read it. 

Second, the person mentions some things that they know and like about me--demonstrating that they did their homework and was also subtly ingratiating about it, but not seemingly in a b.s. or over the top way.

Third, the person shows flexibility to any venue to get an opportunity to touch base (along with a sense of humor throughout), "over lunch, coffee, water, a warm glass of milk, etc."

Fourth, the specifics of what he's looking for..."I want to ensure I stay ahead of the curve. I am thinking you can provide some great knowledge." Elaborating later in his letter, he says, "what keeps you up at night, what will keep you up tomorrow and how will you overcome it."

Fifth, he tries to make it a win-win for a meeting and says what he can bring to the table..."Well, I can tell funny stories from my weekend, my budget to buy a Tesla one day or my engagements with other gov't agencies. You pick!"

Sixth, he provides a form of disclosure with a sense of trustworthiness saying, "I am in sales. However that is not my objective with you so I promise not to sell sh*t."  

Seventh, he works to connect to me personally again by referencing a funny blog I wrote about ties, and he says, "I promise not to wear a tie--I hate them too."

Eighth, he frames this cold call as completely casual, offering again to "steal some time...[or] if not I understand."

Ninth, leaving it open to get back with him, he writes, "Feel free to email, call, tweet, or carrier pigeon me."

Tenth, he wishes me well, "Take care Andy", and he signs it and includes his business card. 

My reaction is that this is either a young and brilliant salesperson seeking legitimately to network, learn, and make some possible future opportunity inroads unknown.  

OR

Of course, if I think more from a operational security (OpSec) and security awareness training perspective, I could be concerned about some smart "social engineering" going on here, but that wasn't the feeling I got from this. 

My gut thinks this is one highly motivated and intelligent young man creatively getting into his profession, and I must say, it was impressively done. ;-)

(Source Photo: Andy Blumenthal)

A Winning Letter

We're Giving It All Away

Nice little video from Mandiant on "The anatomy of a cyber attack."

Despite the typical firewalls, antivirus, and intrusion detection system, cyber attacks can and do penetrate your systems.

This happens through social engineering (including phishing attempts), automated spam, and zero-day exploits.

Once inside your network, the cyber attacker takes command and control of your computers, surveys your assets, steals user names and passwords, hijacks programs, and accesses valuable intellectual property. 

Mandiant performs security incident response management (detecting breaches, containing it, and helping recovery efforts), and they are known for their report "APT1" (2013) exposing an alleged significant government-sponsored cyber espionage group that they state "has systematically stolen hundreds of terabytes of data from at least 141 organizations."

Another fascinating report on a similar topic of advanced persistent threats was done by McAfee on Operation Shady Rat (2011) that reveals over 70 organizations (governments, commercial entities, and more) that were targeted over 5 years and had terabytes of information siphoned off. 

The overall risk from cyber espionage is high and the McAfee report states:

- "Every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact."

- "What we have witnessed...has been nothing short of a historically unprecedented transfer of [intellectual] wealth - closely guarded national secrets...disappeared in the ever-growing electronic archived of dogged adversaries."

In short we can't keep a secret--we're putting endless gobs and gobs of our information online and are not adequately protecting it in cyberspace, with the result that our adversaries are able to access, exfiltrate, disclose, modify, or destroy it.

In short, we're giving it all away - why? 

We're Giving It All Away

Learning IT Security By Consequences

This is a brilliant little video on IT Security. 

What I like about it is that it doesn't just tell you what not to do to stay safe, but rather it shows you the consequences of not doing the right things. 

Whether you are letting someone into your office, allowing them borrow your badge, leaving your computer unsecured, posting your passwords, and more--this short animated video shows you how these vulnerabilities will be exploited.

It is also effective how they show "Larry" doing these security no-no's with signs everywhere saying don't do this. 

Finally, the video does a nice job summing up key points at the end to reinforce what you learned. 

I think that while this is simpler than many longer and more detailed security videos that I have seen, in a way it is more successful delivering the message in a practical, down-to-earth approach that anyone can quickly learn core basic practices from. 

Moreover, this video could be expanded to teach additional useful IT security tips, such as password strengthening, social engineering, and much more. 

I believe that even Larry, the unsuspecting office guy, can learn his lesson here. ;-)

(Note: This is not an endorsement of any product or service.)

Learning IT Security By Consequences

Catching More Flies With Honey

There's an old saying that you can catch more flies with honey than with vinegar. 

And this is true in cyberspace as well...

Like a honey pot that attracts cyber criminals, organizations are now hiring "ethical hackers" to teach employees a lesson, before the bad guys teach them the hard way. 

The Wall Street Journal (27 March 2013) reports that ethical hackers lure employees to click on potentially dangerous email links and websites, get them to provide physical access to data centers and work site computers, or give up passwords or other compromising information through social engineering.

The point of this is not to make people feel stupid when they fall for the hack--although they probably do--but rather to show the dangers out there in cyberspace and to impress on them to be more careful in the future. 

One ethical hacker company sends an email with a Turkish Angora cat (code-named Dr. Zaius) promising more feline photos if people just click on the link. After sending this to 2 million unsuspecting recipients, 48% actually fell for the trick and ended up with a stern warning coming up on their screen from the cyber security folks. 

Another dupe is to send an faux email seemingly from the CEO or another colleague so that they feel safe, but with a unsafe web link, and see how many fall for it. 

While I think it is good to play devil's advocate and teach employees by letting them make mistakes in a safe way--I do not think that the people should be named or reported as to who feel for it--it should be a private learning experience, not a shameful one!

The best part of the article was the ending from a cyber security expert at BT Group who said that rather than "waste" money on awareness training, we should be building systems that don't let users choose weak passwords and doesn't care what links they click--they are protected!

I think this is a really interesting notion--not that we can ever assume that any system is ever 100% secure or that situational awareness and being careful should ever be taken for granted, but rather that we need to build a safer cyberspace--where every misstep or mistake doesn't cost you dearly in terms of compromised systems and privacy. ;-)

(Source Photo: Dannielle Blumenthal)

Catching More Flies With Honey

Robots: More Than A Technical Challenge

This is the DARPA Pet-Proto Robot (a predecessor to the Atlas model) showing some pretty cool initial operating capabilities for navigating around obstacles.

- Climbing over a wall
- Straddling a pit
- Going up a staircase
- Walking a plank

These things may seem simple to you and I, but for these robots, we are talking about their autonomously sensing what's around them, identifying and evaluating alternatives to overcome them, deciding on what to actually do, and then successfully executing on it.

Not bad for a machine (even if we are spoiled by the the great science fiction writers and special effects of Hollywood)!

We will be seeing a lot more progress in this area in the 27 months in response to the DARPA Robotics Challenge (DRC), where robots are being looked to "execute complex tasks" for "humanitarian, disaster relief, and related activities" in potentially "dangerous and degraded, and human-engineered" environments.

I'd say only another 15-20 more years and the robots will walking among us--but are we prepared for the significant shift about to occur. 

Think about it--these robots will be able to do a lot more of the physical work (construction, manufacturing, service, care-taking, even warfighting, and more), and while we will benefit from the help, jobs are going to continue to get a lot tougher to find if you are not in fields such as engineering, science, technology, design, and so on.

This is going to lead to continued, significant social, educational, and economic disruptions.

What is now a robotics challenge to meet certain performance benchmarks, may in the future become a human challenge to shift from a human-dominated world to one which is instead shared or commingled with machines. 

This means that we need to define the boundaries between man and machine--will we be working and playing side-by-side, how about loving or fighting each other, and is there the possibility that the machine will some day transcend the inventor altogether. 

I believe that we need significant more study and research into how robotics are going to transform the way we live, work, and interact, and how humanity will adapt and survive this new monumental opportunity, but also looming threat.

What is just an obstacle to overcome in a simulation chamber may one day become an urban battlefield where humans are not necessarily the clear winners.

While I love robotics and where it can take us, this cannot be a field limited to the study of hardware and software alone.

Robots: More Than A Technical Challenge

Big Phish, Small Phish

Phishing is an attack whereby someone pretends to be a trustworthy entity, but is really trying to get your personal information in order to steal from you or an organization.

Phishing is a type of social engineering where fraudsters try to deceive and spoof their victims by sending email or instant messages (or even by calling) and pretending to be a legitimate private or public sector organization. They then either request personal information, provide links to fake websites, or even create unauthorized pop-ups from legitimate websites to get you to give them your personal data.

Additionally, phishing emails can contain attachments that infect recipient's computers with malware, creating a backdoor to control or compromise a system and its information.

In all of these cases, the intent of phishing is impersonate others and lure consumers into providing information that can be used to steal identities, money, or information.

The word phishing alludes to the technique of baiting people and like in real fishing, fooling at least some into biting and getting caught in the trap. 

In this fraudulent type, perpetrators pretend to be legitimate financial institutions, retailers, social media companies, and government agencies in an attempt to get you to divulge private information like date of birth, social security numbers, mother maiden names, account numbers, passwords and more.

Once criminals have this valuable information, they can commit identity theft, break into your accounts, and steal money or information.

Spear-phishing is a derivative of this scam that is targeted on specific people, and whaling is when the scam is perpetrated on organization executives or other high profile targets,  which can be especially compromising and harmful to themselves or the organizations they represent.

The first recorded phishing attack was in 1987.  Over the years, the prevalence of these attacks have steadily increased. According to the Anti-phishing Working Group (APWG), there were some 20,000-25,000 unique phishing campaigns every months through the first half of 2011, each targeting potentially millions of users.  Additionally, as of March 2011, there were as many as 38,000 phishing sites.  The most targeted industry continues to be financial services with 47% of the attacks.

There are a number of ways to protect yourself against phishing attacks.

1. Delete email and messages that are unwarranted and ask for personal information
2. Do not click on links, instead go directly to a website by using a search engine to locate it or copying the link and pasting it into the browser
3. Configure your browser to block pop-ups
4. Use anti-virus, firewalls, and anti-spam software
5. Set up automatic security updates
6. Input personal information only into secure sites, such as those that begin with "https"
7. Only open attachments when you are expecting them and recognize where they are coming from
8. Check financial statements upon receipt for any fraudulent activity
9. If you are caught in a phishing scheme, notify law enforcement and credit reporting authorities immediately
10. Always be cautious in giving out personal information

Whether you consider yourself a big fish or a small fish, beware of those trying to catch you up on the Internet--hook, line, and sinker.

Big Phish, Small Phish

Be Careful What You Point That At

By now many of you may or may not have pointed your smartphones at a QR ("Quick Response") code to get more information on products, places, events, and so forth.

A QR code is a barcode that that generally contains alphanumeric information and takes you to a website when you read the QR code with your smartphone (i.e. by taking a picture of it with a QR reader app).

QR codes remind me of the barcodes in the store at the checkout line, but QR codes look more like a squared-off roschach test compared to the barcodes on items you purchase which are rectangular straight lines from top to bottom.

By reading the QR code, you don't have to remember or type any information into your smartphone--your just zipped right off to wherever the QR points you (usually after you confirm on the screen that you are okay with going to the URL).

But QR codes like with any information technology, can be used for good or evil -- for some reason though people seemed to have been unsuspecting of the sort of innocuous looking QRs.

Kaspersky Lab has issued a warning on QR codes after finding consumers in Russia scammed when they thought they were downloading an Android app and where instead infected with malware that caused them to send SMS messages to a premium number that charged for each message sent.

So while QR codes can take a reader to a harmless website for information, like other computer code, they can contain instructions that cause you to send email, SMS messages, download applications, etc.

So unless you know what you are QR reading (i.e. you have a high-degree of confidence in whoever placed the advertisement with the QR code)--think twice before scanning that barcode, because you may get a surprise package in your smartphone that you weren't expecting causing infection of your device, loss of privacy to the information stored on it, or costing you money for things you never wanted or intended to spend on.

Scanning a QR code while as simple taking a picture of a sunset--may not have as beautiful consequences.

(Source Photo: here)

Be Careful What You Point That At

When My Friend Got Hacked

True story.

So an old friend of mine had his account hacked on Facebook.

And the hacker is sending chat messages to my friend’s Facebook contacts—like me—pretending to be him—with his picture and name and all his online information.

He says that he is stuck in London, just got mugged—at gunpoint—losing his money and phone and needs my help.

At first, I’m thinking oh crap; my friend is in trouble and needs me. Then, I’m like wait a second, he’s pulling my leg. So I ask “are you joking?”

The hacker—pretending to be my friend—continues how it was such a terrible experience, but thank G-d they are still alive.

I’m on the other end of this chat—and questioning now if this person is really who they say they are—despite the REAL picture and profile.

I ask who are you with?

The hacker replies with the name of my friend’s wife. Her real name!

And the hacker continues with the mugging story and how they are leaving in a few hours for their return flight to the States, but need help.

Ok, I am happy to help my friends, but I want to know this is really my friend. Behind the scenes, I am contacting other mutual friends, family and so on to verify this story and resolve this.

On the chat, I ask—can you tell me something that only the two of us would know?

The hacker starts flipping out and gives me "?!?!?!...."

I repeat my question and ask if the hacker understands.

The hacker responds that they do.

And then ignoring my questioning, proceeds with the storyline asking me to wire money and that it will be okay, because they will need identification to retrieve the wire.

Now I ignore the hacker’s request and go back to my question about who this person on the other end of the chat really is?

No response.

"U there?"

Hacker is offline...for now.

When My Friend Got Hacked

What’s Lurking In The Update?

In defense, it is a well-known principle that you determine your critical infrastructure, and then harden those defenses—to protect it.

This is also called risk-based management, because you determine your high impact assets and the probability that they will be “hit” and deem those the high risks ones that need to be most protected.

In buttressing the defenses of our critical infrastructure, we make sure to only let in trusted agents. That’s what firewalls, anti-virus, spyware, and intrusion prevention systems are all about.

In so-called “social engineering” scams, we have become familiar with phony e-mails that contain links to devastating computer viruses. And we are on the lookout for whether these e-mails are coming from trusted agents or people we don’t know and are just trying to scam us.

What happens though when like the Trojan Horse in Greek times, the malware comes in from one of the very trusted agents that you know and rely on, for example, like from a software vendor sending you updates for your regular operating system or antivirus software?

ComputerWorld, 10 May 2010, reports that a “faulty update, released on April 21, [by McAfee] had corporate IT administrators scrambling when the new signatures [from a faulty antivirus update] quarantined a critical Windows systems file, causing some computers running Windows XP Service Pack 3 to crash and reboot repeatedly.”

While this particular flawed security file wasn’t the result of an action by a cyber-criminal, terrorist or hostile nation state, but rather a “failure of their quality control process,” it begs the question what if it was malicious rather than accidental?

The ultimate Trojan Horse for our corporate and personal computer systems are the regular updates we get from the vendors to “patch” or upgrade or systems. The doors of our systems are flung open to these updates. And the strategic placement of a virus into these updates that have open rein to our core systems could cause unbelievable havoc.

Statistics show that the greatest vulnerability to systems is by the “insider threat”—a disgruntled employee, a disturbed worker, or perhaps someone unscrupulous that has somehow circumvented or deceived their way past the security clearance process (or not) on employees and contractors and now has access from the inside.

Any well-placed “insider” in any of our major software providers could potentially place that Trojan Horse in the very updates that we embrace to keep our organizations secure.

Amrit Williams, the CTO of BIGFIX Inc. stated with regards to the faulty McAfee update last month, “You’re not talking about some obscure file from a random third party; you’re talking about a critical Windows file. The fact that it wasn’t found is extremely troubling.”

I too find this scenario unnerving and believe that our trusted software vendors must increase their quality assurance and security controls to ensure that we are not laid bare like the ancient city of Troy.

Additionally, we assume that the profit motive of our software vendors themselves will keep them as organizations “honest” and collaborative, but what if the “payoff” from crippling our systems is somehow greater than our annual license fees to them (e.g., terrorism)?

For those familiar with the science fiction television series BattleStar Galactica, what if there is a “Baltar” out there ready and willing to bring down our defenses to some lurking computer virus—whether for some distorted ideological reason, a fanatical drive to revenge, or a belief in some magnanimous payoff.

“Trust but verify” seems the operative principle for us all when it comes to the safety and security of our people, country and way of life—and this applies even to our software vendors who send us the updates we rely on.

Ideally, we need to get to the point where we have the time and resources to test the updates that we get prior to deploying them throughout our organizations.

What’s Lurking In The Update?

Knowing Who Your Friends Are

You’re on the Internet doing your business, but who is at the other end and how do you know that you can trust them?

That is what so called Reputation Systems are all about—creating mechanisms to authenticate the identities of partners online and measure just how trustworthy they are or aren’t.

Some familiar examples of reputation systems include everything from scores for vendors on Amazon or eBay to activity statistics on Twitter to recommendation distinctions on LinkedIn to networks on Facebook.

The idea is that we measure people’s trustworthiness through the number of transaction they conduct, reviews and recommendations they receive, and associations they keep.

These are all instances of how we unmask the identities and intent of those we are dealing with online—we obtain 3^rd party validation. For example, if a vendor has hundreds or thousands of transactions and a five star rating or 99% positive reviews or is a select member of a power seller” network or other select organization, we use that information of past performance to justify our current or future transactions or associations with them.

MIT Sloan Management Review, Spring 2010, has an article about reputation systems called “Online Reputation Systems: How to Design One That Does What You Need.”

According to the article, reputation systems are “the unsung heroes of the web,” because “they play a crucial role is building trust, promoting quality, improving collaboration and instilling loyalty.”

Without some way of knowing whom we are sending a credit card payment to, friending, or chatting with on the Internet, we would be violating the cardinal rule of safety that our parents and teachers taught us from the earliest time that we could understand that you “don’t talk to strangers.”

I remember a very good video for children produced by Service Corporation International (SCI) called “Escape School,” which taught just such lessons by Bob Stuber a former police officer and child safety expert.

Even as we grow up though the dangers from people criminals and predators still exist; hopefully we are a little older and wiser in recognizing it and dealing with it, but this is not always the case.

For example with online dating networks, people sometimes pretend that they are a rich brain surgeon or the proverbial “tall, dark, and handsome” physique to lure someone on a date, only to be exposed for who they really are upon the first date.

People are inherently driven to connect with others, and online we are able to connect easier then ever before—with people from all over the globe, virtually anytime of the day or night—and it is often tempting to let our heart lead and dismiss any concerns about who we are dealing with. Further, the veil of anonymity online seems to only heighten the opportunities for abuse.

The dangers of people pretending to be something they are not and the need for recognizing whom we are dealing with is an age old problem that society struggled with—from the snake oil salesman of time past to those occasional dishonest vendor on sites like eBay today.

The MIT article states “Small, tightly knit communities arguably do not need central reputation systems, since frequent interactions and gossip ensure that relevant information is known to all. [However,] the need for a central system increases with the size of the community and the lack of frequent interaction among members. In web-based communities with hundred or thousands of members, were most members typically know each other only virtually, some form of reputation system is always essential.”

Predators act out online everyday using social engineering to trick people into divulging personnel or organizational information, getting them to send money (like the fake emails from Nigeria or a lottery) or sending out malware when you click on the link that you know you shouldn’t be doing.

Another example with children is evident on NBC Dateline’s “To Catch A Predator” series where Chris Hansen stakes out the child predators who arrange meetings with kids in chat rooms on the Internet and then make their appearance at their homes or other meeting spots. Child predators prey on the fact that the children online don’t realize who they are dealing with and what their evil intentions are. Thank G-d, law enforcement and NBC has been able to turn the tables on some of these predators when law enforcement is pretending to be the vulnerable kids in order to catch the predators---who are fooled into thinking they are talking to children, only to be caught often literally “with the pants down.”

Whether we are socializing online, surfing the Net, or conducting some form of ecommerce, we must always pay attention to the identification and reputation on those we deal with. As the MIT article points out, with reputation systems, we can use ratings, ranking, and endorsements to build up information on ourselves and on others to build trust, promote quality, and sustain loyalty.

Of course, even with reputation systems, people try to manipulate and game “the system,” so we have to be ever vigilant to ensure that we are not duped by those hiding their true intentions or pretending to be somebody or something they are not.

As social creatures, optimists, and those of faith, we are tempted to just trust, but I prefer the motto of “trust and verify.”

Knowing Who Your Friends Are