Why did you decide to write this book?
the average American has been left out
of really understanding the Internet,
as it has become bigger than anyone has
In the last 10 years, since I began testifying
before Congress and working with the governments
here and overseas, the goal has been to
get movers and shakers to understand Internet
security. In short, we have been speaking
to the "choir" rather than to
the "congregation." We now have
national policy, awareness, publicity,
headlines and some international cooperation.
The warnings I issued 10 years ago have
all come trueincluding international
conflict in the cyberwar arena.
When my publisher asked me to do a Volume
III of the hit series, Information Warfare,
I said that the industry "got it"
and it was time to take the message to
the general public in a manner that they
could both relate to and understand. This
book gives people a set of action items
to take in order to protect themselves
and their families, as well as to educate
themselves of the much larger corporate
and national security concerns.
Q: Why is such information important
of millions of Americans are diving onto
the Internet and the vast majority has
no clue of what they are getting themselves
into. The Internet is a technical medium,
which has evolved for day-to-day use by
the average non-technical person. Trillions
of dollars are moving across the Net.
Privacy is being violated more then ever
before.This book was written to give people
the tools they need when they visit a
very dangerous neighborhood.
Q: Who is your book written for?
Several overlapping audiences:
Non technical users
Parents of kids who know more than Mom
Teachers, for the same reason
Universities and schools for curriculum
Corporations for security awareness programs
Information Age corporate workers who
need the basics
Government workers, trainees and employees
who need to know the dangers they face,
and what they can do about them.
Q: Are there other books like yours
on the market? What makes Cybershock different?
No other book takes such a comprehensive,
picture filled, non-technical and entertaining
view of the seedier aspects of the Internet.
But perhaps more importantly, there has
never before been a book like this aimed
specifically at families and everyday
Q: What do you hope readers will
gain from this book?
To be afraid. And once they are suitably
frightened, to proceed on the Net with
eyes wide open. I hope that families and
teachers will learn about what their kids
are doing and get involved. I hope that
people will begin to realize how little
privacy they indeed have and how that
can make them victims.
I hope that corporate and government readers
come to realize how important they are
to the security of their company and to
this nation. They can do a lot of good
by increasing their awareness, staying
vigilant and acting on their instincts.
Lastly, I hope that kids see that cyber
crime is not cool.
Q: How will Cybershock be received
in the hacker community?
By and large they will like it; the book
is non-tech for non-techs, so it really
isnt aimed at the hackers anyway.
Further, I dont portray hackers
in the simplistic way most of the media
Q: Are all hackers criminals?
Absolutely not! The media and police have
helped create the wrong impression for
headlines. The vast majority of hackers
todaytrue hackersare highly
skilled and talented computer enthusiasts,
programmers and professionals. Too many
others call themselves hackers when in
reality they are nothing more than mouse-clickers
with a wanna-be attitude. What makes hackers
criminal is when they break the law. But
keep in mind, some of the laws are wrong.
Some are even terrifically stupid, in
my opinion. For instance hacking and bringing
down a kiddie porn site is illegal, but
is it wrong? I believe we need to rethink
our positions on this and other aspects
Isn't identity theft something that only
happens in the movies? How common is it?
About tens of thousands of cases of identity
theft occur every yearand thats
only the ones we know about. It is absurdly
easy to do. Give me permission and I can
own your life in 30 days.
Q: Will identity theft rise as more
and more information is exchanged online?
Yes. Identity theft is only going to get
a whole lot worse, and the government
is largely responsible. We need to wake
up Congress. The lack of privacy drives
ID theft. Putting social security numbers
on drivers licenses is sheer insanity!
Medical records kept secret from you and
me is a crimeexcept not in the eyes
of the Congress. Mass marketing of my
name and what I do is an invasion of privacy
that the United States government ultimately
encourages by not stopping it.
Q: What are the most basic steps
to take to prevent identity theft?
Die. Barring that:
Never use a credit card
Buy everything with cash or money order.
Do not own a home
Do not own a car.
Don't have a phone.
Q: So virtually everyone is at risk?
Unfortunately, yes. It's easy to be a
Q: When do most people realize that
their identity has been stolen? Are there
any early indications that such a thing
it's sort of like a car crash. Youre
driving along just fine and then Whammo!
My war-hero uncles ID was stolen
and he only found out when the banks came
after him for $250,000.
Q: What's the first thing you should
do when you realize someone's stealingor
trying to stealyour identity?
Call the police and the FBI until you
find someone who knows what the Internet
is. Go to www.fraud.org for information,
support and contacts. Call your bank,
credit card companies, mortgage company
and advise them to put in your record
that you are a victim and see if they
have messed with your life there. Then
establish a strong security procedure
with them for any further business. Cybershock
has all of the contact information you
Q: What should parents know before
they allow their children to go online?
need to know that if their kids go online,
its potentially like sending them
into sex and criminal central without
Ideally, a parent should know how to look
through a computers history and
records to see what their kids have been
doing. However, smart kids know how to
cover their tracks. You can install a
"Parent Shield" or "Net
Nanny" sort of program to do the
work for you; but if the parents are technically
lame, the kids can learn to work around
To totally understand what your kids are
doing online, parents need to become parents.
They need to work with their kids, share
and develop trust. Ask your kids to teach
you how all this stuff works
then be committed to learning it. Get
technical! Impress your kids. Put the
computer in the living room. Be a parent.
Be a friend. Be a mentor. Be a good example.
Q: Is censor, watchdog, and v-Chip
Its all sheer garbage. Congress
came to the conclusion that they could
legislate against bad parenting. What
a crock. The V-Chip is sort of OK because
it is hardware in the TV itself. But the
key codes had better be real strong; otherwise
its useless against a porn-driven
teen. And its worse with Net Nanny.
Sure, it can keep a five-year-old from
running into porn sites, but software
is as easily bypassed as it is installed.
Q: Is it safe to shop on the Internet?
When should you NOT use a credit card
to make a purchase?
It is ALWAYS safe. Use your credit card
anytime you want, EXCEPT if the site you
are buying from asks for lots of personal
information other than your shipping address.
Reason: You have a better chance of getting
your credit card information stolen from
a local diner than the Net. Sure, some
high profile cases show a million credit
cards being stolen, but keep in mind that
with American Express you have $0 liability
for fraudulent purchases, and with VISA/MC
the maximum limit is $50 (and with a few
complaints you can make that $0, too).
Q: Is there other personal information
that you should never give out when you're
making an online purchase?
Don't give anyone anything that is not
REQUIRED to get you your goods delivered.
Just say no.
No social security number
No banking information
No family names
No buying histories, likes, dislikes
Q: What basic advice would you offer
parents? What are the steps that parents
can take to prevent their families from
being exposed to pornographers, stalkers,
and other dangers on the Internet?
First they have to read Cybershock, get
shocked and then choose. "Choose"
is the operative word here, choose to
get involved with being a good parent.
Parents need to help their kids be aware
that many of the same threats exist on
the Net that we train them for in the
real world. Dont talk to strangers,
right? Well, talking in cyberspace is
like having a conversation with someone
by writing on the walls in the men's room
of a bus station.
Teach the kids the basics.
Dont give out real name, phone number,
Dont go to meet someone you met
If you see or hear something nasty, cut
your connection and then tell mom and
If its extreme, find the cybercop
in your local police department.
Q: What questions should parents
ask when their children say they went
online at a neighbor's house or at school?
If parents have established a good rapport
with their kids then they should have
little to worry about. My daughter came
to me when she was 12 and cried and cried
when she lied to me about running into
"nasty stuff" on the Net. She
tells us everything - even when we dont
At school there should be little worry.
From other kids houses? Back to
parenting. Know the parents, the kids,
and if ever in doubt, ask. But be careful
not to destroy relationships by being
too nosy. Kids want privacy. They will
cross lines no matter what we do; we all
did. Moderation is key.
Q: My family has become a target for spam.
How do we get off these lists?
Get a new email address. It's a drastic
route that only works if you have a small
circle of friends.
Get a second email address for surfing
and another for business.
Stay off the porno sites so they wont
harvest your name and email address.
Use the filters in your (non-Microsoft)
DO NOT email them back UNLESS they have
a specific "Unsubscribe" message
in their spam.
Talk to your ISP about filtering out some
YOURSELF AND YOUR WORKPLACE
Q: Most large companies have security
systems in place to protect the business
from hacks, right?
They think they do, but there is no such
thing as 100% security. Period.
Q: So before you log in at work,
what questions should any worker ask himself
looking over my shoulder?" Then look.
it time to change my password?" Change
Can private, internal email be read by
someone inside or outside the company?
Sniffing internal email is child's play
for computer support personnel. CYBERSHOCK
tells the shocking story of just how easy
it is to get promiscuousthe technical
term for this technique.
On the outside, its harder. It depends,
but if I want to, I can break in and get
your email, yes.
Q: What rights do employees have
if their private email is broken into?
First they cry, then they call their divorce
lawyer, then they call Human Relations.
This really depends upon company policy,
what rules and guarantees there are, and
if you were supposed to be using company
email for personal purposes.
Q: If you're a small business owner
who has decided to sell products on your
new website, what are the first security
steps you should take? What should you
be aware of?
First, outsource the web site and the
ecommerce to a third party who knows what
theyre doing. You do the content,
only. This will cost you something between
Free and 5% of your sales. Make sure that
the provider you use employs SSL encryption,
Verisign authentication, and that they
use AVS, Address verification for on line
Assume that your site can be broken into,
so only keep information there that you
dont mind appearing on the front
page of the local newspaper.
Q: What national -- or international
-- policy would you like to see changed
as a result of Cybershock? How do you
think policy experts should use your book?
I want to see personal privacy given the
attention and laws it deserves. The United
States guarantees it to its citizens but
backs out of the deal every second of
every day. I want to publish a CD of the
private records of every member of Congress.
Maybe then something would change.
Q: Who can learn the most from Cybershock?
Everyone, even I am using it as a reference.
Q: Is hacking here to stay? Or is
As my friend from the National Security
Administration said, "Long after
I am dead and gone, hacking will still
thrive. Good luck."