Services Winn Schwartau InfosecGate Home Site Map Contact
Interpact Security Awareness For Today's Business
Corporate Overview
Interpact's Services and Solutions
Security Awareness Training
Security Awareness Artwork
Interpact's Associates
Press Room
Contact Us
Winn Schwartau
Winn Schwartau: Speaker and Writer
Schwartau's Publications
Schwartau's  Schedule
Infosec Gateway


Security Awareness Promotional Art



Cybershock: An Interview with Winn Schwartau
Identity Theft
Protecting Your Family
Protecting Yourself and Your Workplace


Q: Why did you decide to write this book?

Because the average American has been left out of really understanding the Internet, as it has become bigger than anyone has ever imagined.

In the last 10 years, since I began testifying before Congress and working with the governments here and overseas, the goal has been to get movers and shakers to understand Internet security. In short, we have been speaking to the "choir" rather than to the "congregation." We now have national policy, awareness, publicity, headlines and some international cooperation. The warnings I issued 10 years ago have all come true—including international conflict in the cyberwar arena.

When my publisher asked me to do a Volume III of the hit series, Information Warfare, I said that the industry "got it" and it was time to take the message to the general public in a manner that they could both relate to and understand. This book gives people a set of action items to take in order to protect themselves and their families, as well as to educate themselves of the much larger corporate and national security concerns.

Q: Why is such information important now?

Tens of millions of Americans are diving onto the Internet and the vast majority has no clue of what they are getting themselves into. The Internet is a technical medium, which has evolved for day-to-day use by the average non-technical person. Trillions of dollars are moving across the Net. Privacy is being violated more then ever before.This book was written to give people the tools they need when they visit a very dangerous neighborhood.

Q: Who is your book written for?

Several overlapping audiences:

Non technical users

Parents of kids who know more than Mom and Dad

Teachers, for the same reason

Universities and schools for curriculum purposes

Corporations for security awareness programs

Information Age corporate workers who need the basics

Government workers, trainees and employees who need to know the dangers they face, and what they can do about them.

Q: Are there other books like yours on the market? What makes Cybershock different?

No other book takes such a comprehensive, picture filled, non-technical and entertaining view of the seedier aspects of the Internet. But perhaps more importantly, there has never before been a book like this aimed specifically at families and everyday Internet users.

Q: What do you hope readers will gain from this book?

To be afraid. And once they are suitably frightened, to proceed on the Net with eyes wide open. I hope that families and teachers will learn about what their kids are doing and get involved. I hope that people will begin to realize how little privacy they indeed have and how that can make them victims.

I hope that corporate and government readers come to realize how important they are to the security of their company and to this nation. They can do a lot of good by increasing their awareness, staying vigilant and acting on their instincts.

Lastly, I hope that kids see that cyber crime is not cool.

Q: How will Cybershock be received in the hacker community?

By and large they will like it; the book is non-tech for non-techs, so it really isn’t aimed at the hackers anyway. Further, I don’t portray hackers in the simplistic way most of the media does.

Q: Are all hackers criminals?

Absolutely not! The media and police have helped create the wrong impression for headlines. The vast majority of hackers today—true hackers—are highly skilled and talented computer enthusiasts, programmers and professionals. Too many others call themselves hackers when in reality they are nothing more than mouse-clickers with a wanna-be attitude. What makes hackers criminal is when they break the law. But keep in mind, some of the laws are wrong. Some are even terrifically stupid, in my opinion. For instance hacking and bringing down a kiddie porn site is illegal, but is it wrong? I believe we need to rethink our positions on this and other aspects of hacking.


Q: Isn't identity theft something that only happens in the movies? How common is it?

About tens of thousands of cases of identity theft occur every year—and that’s only the ones we know about. It is absurdly easy to do. Give me permission and I can own your life in 30 days.

Q: Will identity theft rise as more and more information is exchanged online?

Yes. Identity theft is only going to get a whole lot worse, and the government is largely responsible. We need to wake up Congress. The lack of privacy drives ID theft. Putting social security numbers on drivers licenses is sheer insanity! Medical records kept secret from you and me is a crime—except not in the eyes of the Congress. Mass marketing of my name and what I do is an invasion of privacy that the United States government ultimately encourages by not stopping it.

Q: What are the most basic steps to take to prevent identity theft?

Die. Barring that:

Never use a credit card

Buy everything with cash or money order.

Do not own a home

Do not own a car.

Don't travel.

Don't have a phone.

Q: So virtually everyone is at risk?

Unfortunately, yes. It's easy to be a random victim.

Q: When do most people realize that their identity has been stolen? Are there any early indications that such a thing is happening?

No, it's sort of like a car crash. You’re driving along just fine and then Whammo! My war-hero uncle’s ID was stolen and he only found out when the banks came after him for $250,000.

Q: What's the first thing you should do when you realize someone's stealing—or trying to steal—your identity?

Call the police and the FBI until you find someone who knows what the Internet is. Go to for information, support and contacts. Call your bank, credit card companies, mortgage company and advise them to put in your record that you are a victim and see if they have messed with your life there. Then establish a strong security procedure with them for any further business. Cybershock has all of the contact information you need.


Q: What should parents know before they allow their children to go online?

Parents need to know that if their kids go online, it’s potentially like sending them into sex and criminal central without a clue.

Ideally, a parent should know how to look through a computer’s history and records to see what their kids have been doing. However, smart kids know how to cover their tracks. You can install a "Parent Shield" or "Net Nanny" sort of program to do the work for you; but if the parents are technically lame, the kids can learn to work around the software.

To totally understand what your kids are doing online, parents need to become parents. They need to work with their kids, share and develop trust. Ask your kids to teach you how all this stuff works…and then be committed to learning it. Get technical! Impress your kids. Put the computer in the living room. Be a parent. Be a friend. Be a mentor. Be a good example.

Q: Is censor, watchdog, and v-Chip technology foolproof?

It’s all sheer garbage. Congress came to the conclusion that they could legislate against bad parenting. What a crock. The V-Chip is sort of OK because it is hardware in the TV itself. But the key codes had better be real strong; otherwise it’s useless against a porn-driven teen. And it’s worse with Net Nanny. Sure, it can keep a five-year-old from running into porn sites, but software is as easily bypassed as it is installed.

Q: Is it safe to shop on the Internet? When should you NOT use a credit card to make a purchase?

It is ALWAYS safe. Use your credit card anytime you want, EXCEPT if the site you are buying from asks for lots of personal information other than your shipping address. Reason: You have a better chance of getting your credit card information stolen from a local diner than the Net. Sure, some high profile cases show a million credit cards being stolen, but keep in mind that with American Express you have $0 liability for fraudulent purchases, and with VISA/MC the maximum limit is $50 (and with a few complaints you can make that $0, too).

Q: Is there other personal information that you should never give out when you're making an online purchase?

Don't give anyone anything that is not REQUIRED to get you your goods delivered.

Just say no.

No social security number

No banking information

No family names

No buying histories, likes, dislikes

Q: What basic advice would you offer parents? What are the steps that parents can take to prevent their families from being exposed to pornographers, stalkers, and other dangers on the Internet?

First they have to read Cybershock, get shocked and then choose. "Choose" is the operative word here, choose to get involved with being a good parent. Parents need to help their kids be aware that many of the same threats exist on the Net that we train them for in the real world. Don’t talk to strangers, right? Well, talking in cyberspace is like having a conversation with someone by writing on the walls in the men's room of a bus station.

Teach the kids the basics.

Don’t give out real name, phone number, address. EVER.

Don’t go to meet someone you met online. EVER.

If you see or hear something nasty, cut your connection and then tell mom and dad.

If it’s extreme, find the cybercop in your local police department.

Q: What questions should parents ask when their children say they went online at a neighbor's house or at school?

If parents have established a good rapport with their kids then they should have little to worry about. My daughter came to me when she was 12 and cried and cried when she lied to me about running into "nasty stuff" on the Net. She tells us everything - even when we don’t ask.

At school there should be little worry. From other kids’ houses? Back to parenting. Know the parents, the kids, and if ever in doubt, ask. But be careful not to destroy relationships by being too nosy. Kids want privacy. They will cross lines no matter what we do; we all did. Moderation is key.

Q: My family has become a target for spam. How do we get off these lists?

Fat chance.

Get a new email address. It's a drastic route that only works if you have a small circle of friends.

Get a second email address for surfing and another for business.

Stay off the porno sites so they won’t harvest your name and email address.

Use the filters in your (non-Microsoft) email software.

DO NOT email them back UNLESS they have a specific "Unsubscribe" message in their spam.

Talk to your ISP about filtering out some messages.


Q: Most large companies have security systems in place to protect the business from hacks, right?

Noooooooo! They think they do, but there is no such thing as 100% security. Period.

Q: So before you log in at work, what questions should any worker ask himself or herself?

"Who’s looking over my shoulder?" Then look. "Is it time to change my password?" Change it.

Q: Can private, internal email be read by someone inside or outside the company?

Sniffing internal email is child's play for computer support personnel. CYBERSHOCK tells the shocking story of just how easy it is to get promiscuous—the technical term for this technique.

On the outside, it’s harder. It depends, but if I want to, I can break in and get your email, yes.

Q: What rights do employees have if their private email is broken into?

First they cry, then they call their divorce lawyer, then they call Human Relations. This really depends upon company policy, what rules and guarantees there are, and if you were supposed to be using company email for personal purposes.

Q: If you're a small business owner who has decided to sell products on your new website, what are the first security steps you should take? What should you be aware of?

First, outsource the web site and the ecommerce to a third party who knows what they’re doing. You do the content, only. This will cost you something between Free and 5% of your sales. Make sure that the provider you use employs SSL encryption, Verisign authentication, and that they use AVS, Address verification for on line credit cards.

Assume that your site can be broken into, so only keep information there that you don’t mind appearing on the front page of the local newspaper.


Q: What national -- or international -- policy would you like to see changed as a result of Cybershock? How do you think policy experts should use your book?

I want to see personal privacy given the attention and laws it deserves. The United States guarantees it to its citizens but backs out of the deal every second of every day. I want to publish a CD of the private records of every member of Congress. Maybe then something would change.

Q: Who can learn the most from Cybershock?

Everyone, even I am using it as a reference.

Q: Is hacking here to stay? Or is it "conquerable"?

As my friend from the National Security Administration said, "Long after I am dead and gone, hacking will still thrive. Good luck."

Copyright © 2000-2001 Interpact, Inc. All Rights Reserved
For comments about this page, contact: Kelley Walker, Interpact, Inc.
Copyright PolicyPrivacy Policy
Interpact Inc

Check out our FREE security awareness promotional art.  Download your copies today!