5054617
story
Comments: 122 + - IT: Scammers Target Neopets Users on Wednesday July 01 2009, @11:00AM
background: url(//a.fsdn.com/sd/topics/topicsecurity.gif); width:59px; height:78px;
security
background: url(//a.fsdn.com/sd/topics/topicentertainment.gif); width:62px; height:44px;
entertainment
background: url(//a.fsdn.com/sd/topics/topicgames.gif); width:68px; height:77px;
games
An anonymous reader writes "If you have children that play on the popular virtual world game Neopets, you might want to warn them of a social engineering scam gleefully targeting 12-year-old kids. Neopets users looking for rare items are sent private messages from the scammers, who direct them to sites hosting keyloggers & trojans. They then use the infected PC as a means to get to data the parents might have stored there, be it credit card details, Paypal accounts or online banking. Seeing the screenshots of some of these people talking about putting these children into botnets is just unbelievable — if ever you wanted proof that people up to no good online will go to any lengths to get their hands on some money (or even just feel good about outsmarting a 12-year-old), here it is."
Related Stories
Submission: Hackers target Neopets users by Anonymous Coward
Once a woman has given you her heart you can never get rid of the rest of her.
-- Vanbrugh
All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2010 Geeknet, Inc.
Scumbags (Score:5, Insightful)
Jeeze, all scammers are scum of the earth. Why would you expect them to be any different with 12 yo kids?
[John]
And the parents? (Score:5, Insightful)
Whatever you do, don't blame the parents for:
1. Putting sensitive info on their computer, then
2. Letting their kid use that computer unsupervised, while
3. Leaving that computer relatively unguarded against intrusion.
Sure, not every parent can be expected to be a genius, but if you're going to let children use a computer on the internet, you have responsibilities to act as a sysadmin.
Not to mention responsibilities to act as a guardian. Just as with TV, the computer is not a babysitter. Worse, a net-connected computer is a social interaction tool where every pervert and scammer in the world has direct access to your child. And you're really going to just let them hang out alone with those people?
Parent
Re:And the parents? (Score:4, Insightful)
Sure, not every parent can be expected to be a genius, but if you're going to let children use a computer on the internet, you have responsibilities to act as a sysadmin.
I'm sorry: are you joking? So many people can't even act as their own sysadmin to the point that there's little difference between a child inadvertantly downloading tons of malware and the parents' own activities. No, no: the ordinary person's computer will only be safe when the next "version" of the internet is only accessable through cryptic terminal commands and the only people online are the ones who know what they're doing.
/semiTongueInCheekStatement
Parent
Re: (Score:3, Insightful)
Re: (Score:2)
Re:And the parents? (Score:4, Insightful)
Parent
Re:And the parents? (Score:5, Interesting)
And they will do so at their facility downtown, and take 18 months to do it.
Yes, you are innocent until proven guilty. But the initial investigation would start with you and your home network.
And, after the case is dropped, the local newspaper might print a retraction, saying that Mr. PitaBred is not guilty of distributing child porn. Of course, after the initial flurry of press coverage, you've lost your job, your kid is taken away for a time by DSS, and your front window has been broken 3 times by angry vigilantes.
Parent
Re: (Score:2)
3. Leaving that computer relatively unguarded against intrusion.
How exactly do you protect against your child clicking on a link, downloading a program, and executing it? Security goes out the door as soon as you choose to execute arbitrary code. A young child can't be expected to understand all of the security implications of using a computer online. I don't see a lot of blame for parents in this situation, nor for the kids (simply because they're too young to have been exposed to this before - this is where they learn not to trust people online). Ideally, you woul
Re: (Score:2, Interesting)
How exactly do you protect against your child clicking on a link, downloading a program, and executing it?
I can think of several ways, all of which should be practiced.
1. Don't let your kids log in with an admin account. Heck, don't let ANYONE log in with an admin account, including yourself.
2. Only let your kids run certain apps (at least on a Mac, this is as easy as clicking the Parental Controls option and choosing which apps to allow; dunno on Windows, but if nothing else there are 3rd party utilities for this).
3. Tell your kids not to open e-mail from strangers.
4. Tell your kids not to give out their e-mai
Re: (Score:3, Insightful)
I don't think you understand the mentality of a young kid. It's easy to say "don't open things you don't know about". But then they're playing their game, and they're looking for that one item that no one else has, and someone says "I used this program to just give myself the item, it works, here's the link", the kid is not going to flash back to you telling them not to open untrusted things, they're going to be so caught up in the fact that they think they're so close to getting this item that the progra
Re: (Score:2, Funny)
Jeeze, all scammers are scum of the earth. Why would you expect them to be any different with 12 yo kids?
hmmm... good question, so good, I think people should mod you up. Where will they get the mod points? Well, the secret Slashdot mod-point-getter! Just log into your slashdot account using their secret admin backend [string-emil.de] and you'll have all the mod points you want!
Webkinz (Score:5, Insightful)
Even sites that do have forums like Nick.com have moderators approve every post. I'm sure it's more expensive to run it that way, but I would think if your site is built to cater to young children, it's incumbent on you to either moderator-approve every posting like Nick does or limit postings to pre-approved phrases like Webkinz does. Anything else is just asking for trouble.
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Interesting)
Re: (Score:2)
Do people actually use such constricted environments for actual chatting?
NAME
JOB
BYE
Solution: (Score:2, Interesting)
Setup whitelist of sites your children can go to.
One way of doing this is via your router (Newer D-Links have this feature).
You can also use opendns.com, set it to filter everything desired, then make exceptions if needed.
This prevents them from going to domains without you first checking them out. I suggest you ask them to write a sites they frequent or check their browser history to get a base whitelist.
and a separate user account (Score:5, Insightful)
Parent
Re:and a separate user account (Score:4, Interesting)
hell no, use an entirely different computer for important (financial) stuff. This other computer is then hands off.
Parent
Time for a kid firefox plugin (Score:4, Interesting)
Probably already is one of these, but can we get a plugin for Firefox that dumbs down the browser for them.
I think one of the toy company's had a toy/software setup where kids could visit a limited amount of sites using a special controller. Something to keep them out of trouble.
I want to give my kid a login with just a link to firefox and this plugin on the desktop. They click it an are presented with a list of safe sites. Any attempt to go outside of the domain is blocked and the sound card goes crazy with ("hey mom and dad get your ass in here and watch your kid")....hell have it text me. If the domain is safe I simply type a password and it gets added.
Sure just surfing in Firefox will prevent some of this, but I don't want any chance of any sort of firefox bug getting exposed. Remember that even firefox can fall victim to some sort of buffer overflow.
A little offtopic, but I think a Live CD of Ubuntu that accomplishes this would be great. Just give my kid an older computer with no harddrive and the CD and let them go...
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Separate user accounts might work, as long as the kid cannot possibly install any software. Mac OS allows this, as well as whitelists and execution restriction
Thank heavens ... (Score:5, Funny)
My daughter spent an entire road trip (two days in the car each way) unlocking her NeoPet. The beeping was enough to make you drive with your elbows so you had both hands free to pull your ears off. Now I can simply say, "honey, if you play with your NeoPet character online, bad people will take all Daddy's money away and we'll have to live under a bridge." Aaaahhh, another aggravation averted. Thanks, scammers!
Re:Thank heavens ... (Score:5, Funny)
You let your children play games other than nethack?
And you call yourself a slahdotter!
Parent
Re:Thank heavens ... (Score:4, Funny)
I think the basis for questioning his Slashdotter credentials lies not with the games his kids play but in the fact that he managed to reproduce in the first place.
Parent
Re:Thank heavens ... (Score:5, Funny)
You let your children play games other than nethack?
I can't imagine the paranoia of a child raised on nethack, but I'll try:
"Don't go down the stairs carrying too much, Daddy, you'll DIE!"
"Don't pet the kitten, Daddy, it's not named. You'll DIE!"
"Don't drink anything until you've dipped an amethyst or unicorn horn in it or you'll DIE!"
Parent
The real solution (Score:4, Insightful)
The real solution is for the kids to have their own computer. And the adults do not use it for online banking, or anything else.
It's hard to believe the cost would be a problem, but if a netbook is too dear, old PCs are being given away. Put Linux on it, and it's their online playpen.
No need to argue about porn and whatnot. All of those concerns can be addressed depending as the age of the computer's owner varies.
Re: (Score:3, Interesting)
Giving kids their own computer is not a solution. You have to instruct them what is, and what it not, acceptable online.
I'll give you an example. I visited my nephew was he around ten, and he showed me some of the online games he liked to play. A window popped up advertising some kind of contest, and asking for information. I warned him to avoid it, but he said, "Oh, I enter these things all the time. It's okay, I use my dad's email address and social security number."
I had a talk with his father, and
Re: (Score:2)
"Oh, I enter these things all the time. It's okay, I use my dad's email address and social security number."
Umm.. Why in the hell would a parent give his SSN to a 10 year old? My kids don't even have their own SSNs at this point, much less mine.
windows only... (Score:2)
Seriously: " who direct them to sites hosting keyloggers & trojans.", not much of social engineering - if your basic setup is secure, it wouldn't work
Gee, really? (Score:4, Insightful)
Targeting the weakest link in the security chain? Who would have thought the spammers would do that? Alright, it's scummy to target this towards kids, but it has happened since the start of the internet. Think back to the bad old days of AOL and Compuserve chats, or telling scriptkidz that your ip address was 127.0.0.1 and to 'hack me if you dare'.
What does surprise me, is that people are letting their kids play on websites while logged in as administrator. How computer savvy do you have to be to realize this is a bad idea. Admin on their own computer, maybe. If you make them clean up their own mess and just smile when they lose their Neopet.
I know it's silly, but... (Score:4, Interesting)
Re:I know it's silly, but... (Score:5, Interesting)
This brings up an interesting side issue...
At some point, we (the human race in general, although Slashdotters more specifically) will be giving our kids robotic pets. What happens when they get hacked?
Parent
Re:I know it's silly, but... (Score:4, Funny)
First there's the TCO. Keeping them virus-free is a couple hundred a year, plus if you let your subscription to the Kibble service lapse your Pet will stop functioning completely.
They all come preloaded with Poop.app, which can't be removed but needs constant maintenance. And in my models, at least, this sometimes will randomly upgrade itself to Poop 2.0 (code named Diarrhea) - that's a mess to clean up from your desktop, believe me.
And mine always seem to be blocking my access to the Furniture suite of utilities - there are workarounds, sure, but it's just one more thing to keep in mind.
Don't get me wrong, they have a lot of features that make them very worthwhile, but they're not for everyone!
Parent
Not just kids! (Score:2, Interesting)
Re: (Score:2)
Which is worse - that adults play with them, or that they admit it? In a poll, either one would be the CowboyNeal option ...
Parents (Score:2, Insightful)
Re: (Score:2)
That's an easy thing to say. But to do that, you have to limit the child to being on the computer only to that length of time you are willing to do nothing else but supervise them. Half-an-hour a day? 15 minutes? Assuming that you're also using your free time with your child to read with them, help them with homework, and otherwise hang out.
12 years old, IMO, is borderline. I would start to allow some unsupervised online time at that point. My primary concerns, in any case, wouldn't be about identity theft
How about exploration? (Score:3, Insightful)
20 minutes? really? Way back in the stone-age, when I was a kid we'd spend hours exploring what our amazing Commodore 64s and Apple IIs could do. We'd dial into BBSs, and run our own. We'd write our own software, and tinker with other peoples' code. Sometimes we'd end up in places we weren't welcome (Hello Joshua, shall we play a game?). Our parents hadn't the vaguest understanding of what we were up to (boys? Why is the phone making a funny whistling sound? Did you hook up that video game thing to it
Scammers should pick in their intellectual equals (Score:2, Funny)
If they picked on kindergartners that would be a fair fight.
Haha (Score:2)
Amputation. (Score:4, Informative)
Amputation. At the hip. Preferably sterilization. And THEN let them do public service for the rest of their lives.
Ok, ok, a wee bit drastic. Or is it? It's the only way I can think of (the sterilization thing, anyway) which gives humanity a chance somewhere in the future, if not now.
Parent
Re:Amputation. (Score:4, Interesting)
You may get your wish. In the 1920's and 30's when Eugenics was popular the Supreme Court ruled it was perfectly legal for states to sterilize people, take their kids and sterilize them.
This will probably be proposed as a way to cut costs for the penal and health care system.
Parent
Re:OT: Go Play Outside (Score:5, Insightful)
I'm no parent
What you do, then, is you print out your post, and save it in a safe place. Then, read it again, on your first child's 9th birthday, and realize what an ass you sounded like in your callow youth. It's very humbling, and good for the soul. When I first started posting on Usenet in 1991, before I had children, I wrote some incredibly stupid and glib things about parents and parenting. I ran across a box filled with print-outs from that era about six months ago (yes, I did print out my Usenet posts... I was in love with the sound of my own voice way back then too) and was startled by my trite ignorance. I am trying to learn from that experience in lots of ways, but it's a wisdom only painfully won.
Parent
"I'm not parent" (Score:2, Funny)
Neither is any other Slashdot poster. Think about it.
Re:OT: Go Play Outside (Score:4, Insightful)
You're 'startled' mostly because parents spend a great deal of time compromising their [parenting] ethics away. It's hard to raise kids the way you think you will when you don't have - and 99% of all parents give up trying, while convincing themselves they aren't.
There is definitely an element of that (google project yes badmommymoments for a really awesome essay about getting back on track).
But I also see a metric ton of people who say they'll do this or that differently from people they know, and what they don't realize is, it WON'T WORK. Or, might not work with their kids. It turns out that children, far from being the blank slate at birth hypothesized by Piaget, have inborn personalities and temperaments that require individualized responses.
My oldest is "low persistence," which was highly convenient in the toddler years, because I could just hold a cabinet closed for a couple minutes and then he'd forget he ever wanted to open it... but it'll be a really difficult thing for him to cope with as he gets older, and has to work at things that don't come naturally. My younger son is VERY persistent, and if I just hold the cabinet closed, he will keep trying for a good minute, then will scream and rant (at 14 months, he may not be much for talking, but yes, he can RANT), then will, I kid you not, try to FAKE ME OUT so I will let go and he can go back and open that cabinet. We never needed to install child locks and such for kid #1, but definitely need them for kid #2.
A friend of mine followed the Continuum Concept parenting approach with her oldest, teaching him how to use the tools in his environment properly, rather than simply restricting access. At just over a year, he could put a DVD in the player right-side up, and they never had to worry about him sticking a cracker in there instead. So I asked her for advice when my oldest turned out to be the Implacable Destructo-Baby, who would systematically toss everything left on the coffee table over his shoulder, for example. She smiled, and nodded, and sort of implied I wasn't trying hard enough. Then her second hit that age, and she emailed me an apology... she now had her own Implacable Destructo-Baby, and wanted MY advice!
So people who have never raised a kid talk about how *their* kids will do this or won't do that, but the truth is, they have NO IDEA what the implementation is going to look like until they get there.
So while I agree that there's the issue of getting lazy and compromising one's parental ethics, I think a large part of the difference between what people say they will do and what they actually do has to do with having no idea how to actually implement their grand designs with the children they get.
Parent
Re: (Score:2)
Silly. Obesity comes from not taking a diet pill. Exercise and diet has nothing to do with it!
Wait. You mean I can't believe all the ads?
Re:OT: Go Play Outside (Score:4, Insightful)
Because it is impossible for a kid to play baseball in the park all day and then play a video game for half an hour after dinner.
And there's never weather conditions that make playing outside not such a great option.
Oh wait you could have your atari and still do sports, but no one else can take part in more than one activity? You are special!
Parent
Re: (Score:3, Insightful)
You clearly don't live in a city. It would be nice if nobody needed to, but most people do. Playing outside is ... risky. Traffic is only one of the reasons.
I'll agree that staying inside at that age isn't healthy, but neither is being outside and unsupervised. (And, yes, when I was growing up I did that, and it was essentially safe. That doesn't make it safe now.)