When Exes Attack... Online

Woman Says Her Name, Number Posted Online Inviting Sex

That’s what a woman said happened after she ended a relationship a month ago.

She said her former husband sent her a text message telling her to check out Craigslist. When she did, she found her name, address and phone number on the Internet site, inviting people to drop by her home for sex.

So many people responded that she was forced to change her phone number, leave her home and now she is seeking a permanent restraining order against the 44-year-old man.

KMBC's Bev Chapman reported that people who use Craigslist know that it's a place to buy, sell, trade and meet people. For this woman, it's apparently a vehicle for revenge.

"I think it's insane," she said. "I feel like I'm losing my mind over the whole deal. I'm not safe. I'm constantly looking around."

The woman, who did not want her identity revealed, said that she just learned of the posting last weekend. Her ex-husband's post was under the Kansas City list page, in the column for personals, in the casual encounters section.

The posting was crude and explicit. It described her as fit, disease and drug-free.

"Within 45 minutes, I had 17 to 18 texts and phone calls," she said. One man even showed up at her home while a police car was parked in the driveway.

This was not the first incident with her ex-husband in the more than five years since their divorce. The couple reunited for three months last year, and ended it again a month ago.

"He goes through cycles," she said. "He loves me, he hates me."

The post was removed from Craigslist. The site's operators sent a message that said they believed the post was clearly harassment.

A spokeswoman for the Jackson County Prosecutor's office said they have seen a few cases of Internet harassment, but they can do nothing for the woman without a police report.

original article here

Our exposed predators: Dan Jacoby, Jeff Dunetz, aka YIDWITHLID, and others - did this SAME THING to their victims. Glad to see this woman's police department is taking this seriously. Many don't. - EOPC

Man Advertised on Craigslist for Models - then Tortured Them

By Matt Blake

A personal trainer who called himself 'Danger' has been accused of using Craigslist to stalk women and 'torture' them. Dejon Miller, 35, from Hollywood, allegedly used the advertising website to recruit female models to pose for his fitness website. But when they responded he would verbally abuse them and beat them, it is claimed.

Miller, from Los Angeles, was arrested on Wednesday after his girlfriend went to police claiming he had beaten her until she lost consciousness in an attack that police described as 'torture'. 'The victim actually did lose consciousness and probably was really close to actually passing away,' LAPD Det. Brandy Arzate told KTLA.com.

While he didn't give details of the abuse, he added: 'It was very unusual techniques that he would use. Something as a detective that I haven't come across before.' His charges include attempted murder, false imprisonment and spousal abuse. His bail was set at $1.3 million.

The woman said she met Miller after responding to an advert on Craigslist looking for fitness models. But police are also probing five similar claims by other women. 'If you Google him, he’ll look legit,' Det. Azarte told NBC. 'But the reality is if the women do end up in a relationship with him, there is a strong likelihood of abuse.'

On his website, SexyIsBack.com, Miller tells women: 'Let’s face it, all a woman really wants, is to be excitingly appealing and glamorous, right? If you want to be appealing you need the body. If you want to be exciting you need to be scene. If you want to be glamorous you need to be in style. Now with Dejon “DANGER” Miller’s creation of sexyisback!com, you have all 3 elements synergistically fused together to provide the ultimate experience of sexy.'

On his other website, e2fit.com, he adds: 'As a trainer, I like to keep things professional, realistic and a lil' funky at the same time - which you'll notice by my tattoos, many body piercings!'

original article here

Men Show Up Wanting Sex After 'Ex Posted Fake Craigslist ads'

By Mark Duell

(U.S.A.) A jilted boyfriend allegedly placed a series of fake adverts on Craigslist that appeared to be from his pregnant ex-girlfriend asking men for sex.

Andre Flom, 31, of Portland, Oregon, put up ads with her number and address - and up to 20 men would arrive at her home for sex, police said.

Postings under the name of Catlin Moser, 29, said ‘hit me up - I’m super horny’ and that she wanted ‘guys to take turns giving it to me good’.

The posts also asked people to remove a Japanese maple tree and a play structure from her garden, reported the Smoking Gun website.

‘He was posting my name, my phone number and my address on Craigslist for really obscene sex parties,’ Ms Moser told Fox affiliate KPTV. I was having men showing up at my house all hours of the night.'

He even allegedly posted the contact details of Ms Moser’s mother, who said she would get around 100 obscene text messages in five minutes. ‘The kinds of things that were being said were pretty obscene,’ the mother told CBS affiliate KVAL. ‘He'd set up times for them to come over.’

CONTENT OF THREE ADS ON CRAIGLIST

'What's up, my name's Catlin and I’m very real, looking for a sexy guy to come give me what I need, hit me up - I'm super horny'

'Having a party tonight at my house: encourage single guys to come through, lots of beer and single women, here is a recent pic of me, my name's Catlin, let's go boys'

'Hey, so I'm at home bored, lookin for a guy, or guys to take turns givin it to me good'

It began in October after Flom was convicted of domestic violence and more than 35 adverts were posted on the listings website, police said. Flom was convicted of strangling Ms Moser, who has a two-year-old son, last autumn and she won a restraining order against him.

One of the ads included her address, saying: ‘I’m very real, looking for a sexy guy to come give me what I need, hit me up - I’m super horny’. Another said she was ‘sitting at home bored’ wanting men to ‘give it to me good’ and was inviting people who ‘want to get a little dirty’.

Investigators subpoenaed Craigslist to give them records that showed nearly all of the fake adverts came from the same network location.

In a twist, investigators traced this to Flom’s next-door neighbour. But it turned out the man had an unsecured wireless router in his house. Police raided Flom’s home on Tuesday and took away a computer, modem and mobile phones, reported the Smoking Gun.

Flom was charged with computer crime and identity theft and is being held in Multnomah County jail in lieu of posting a $30,000 bond.

original article here

Husband stole $200,000 from Women met Online Dating

(Boston, U.S.) A married man met four other women online, romanced them over several years and then stole more than $200,000 from them by feigning financial and medical problems, authorities said.

Albert Lovering, of Waltham, Massachusetts, was indicted Tuesday on 23 counts of larceny, pleading not guilty on Wednesday.

Lovering, 54, met the women through various dating websites and deceived them into believing he was romantically attached to them, Middlesex District Attorney Gerry Leone said.

The women loaned Lovering money – including one who gave him more than $100,000 after meeting him just once – with the expectation he would repay them, but he never did, Mr Leone said.

'These allegations are extremely troubling and the defendant's lies spanned several years, targeting numerous victims who were conned into believing the defendant cared for them,' Leone said in a statement.

Lovering's lawyer, Daniel Flaherty, revealed his marital status as he asked a judge to release his client on personal recognizance as he awaits trial. He said Lovering has lived with his wife in Waltham since 1999.

The judge rejected the request and set bail at $10,000 cash.

Mr Flaherty did not immediately return a call seeking comment on the accusations, the Associated Press reports.

Lovering allegedly met the first woman in 2006 after they both placed dating ads on Yahoo.com.

The woman agreed to loan him $1,000 after he told her he had placed a bid on eBay on an item he had to purchase immediately, prosecutors said. He allegedly then told the woman he needed more money for several purchases and that he needed her to co-sign a loan.

When the loan was approved, he used the money for himself and did not repay the woman, Mr Leone said.

Lovering met the second woman in 2008 through a personal ad on Craigslist and courted her with 'romantic dinners and professions of warmth, affection and physical attraction,' Mr Leone said.

He also convinced her that he needed $28,000 to complete an eBay purchase, authorities said.

The woman never saw Lovering again, but he continued to communicate with her electronically, telling her he had to stay in hospital in New Hampshire for a serious medical condition, Leone said.

He allegedly told her that his health insurer would not pay several of his medical bills and that the hospital would not release him until those bills were paid.

'Based on his need, her affection for him and his promises of repayment, she sent a series of checks payable to him to a post office box,' Leone said. In total, the woman loaned him more than $70,000, he said.

Prosecutors said Lovering met a third woman in 2009 through Craigslist.

When they met for the first time, Lovering allegedly told the woman he owed the Internal Revenue Service back taxes and asked for a loan.

The woman loaned Lovering $7,200 and never saw him again, Mr Leone said. Lovering met the fourth woman through Plentyoffish.com, authorities said.

They met only once, but Mr Leone said Lovering led the woman to believe he was romantically interested in her and told her he needed a loan to pay back taxes. The woman gave him two checks totalling $1,500 on the promise that he would repay her, authorities said.

Mr Leone said Lovering told the woman in January 2009 that he was hospitalized in New Hampshire and unable to get discharged until all his medical bills were paid.

The woman repeatedly sent money to him through a post office box, investigators said. All told, she loaned him more than $100,000, they said.

original article found here

Sentenced to Prison for Net Harassment, Stalking and E-Personation

by LUIS HERNANDEZ

A Tulare man who authorities said harassed, repeatedly threatened and falsely impersonated a woman on the Internet was sentenced to 32 months in state prison Friday.

Michael Rosa, 36, received his sentence after being convicted of stalking, false impersonation, identity theft, and electronic harassment last month.

According to the Tulare County District Attorney's Office, while they were married, Rosa often threatened to kill the woman, whose name was withheld.

Rosa made numerous harassing telephone calls to her, the district attorney's office said. In April of 2009, the threats escalated, with Rosa calling and telling her he was on his way to kill her.

According to the district attorney's office, on August 2009, the woman began receiving calls from unknown men contacting her about an advertisement posted on Craigslist.

Investigators learned that Rosa had previously placed numerous ads on the Craigslist website, pretending to be the woman, the DA's said. The ads identified her by name and stated she was willing to perform sexual acts on men.

Several of the ads contained photographs that were taken during the course of the marriage, the district attorney's office said. Authorities said detectives were able to trace the online ads back to Rosa, who was interviewed and eventually admitted to placing the ads.

Detectives also secured evidence from Rosa's Internet provider and Craigslist linking the ads back to Rosa.

Tulare County Superior Court Judge Gary Paden sentenced Rosa.

130 Facebook pages to Harass - E-Impersonation

Prosecutors say a Los Angeles man created 130 phony Facebook pages and posted Craigslist profiles to harass his 16-year-old ex-girlfriend.

The Los Angeles city attorney's office says 22-year-old Jesus Felix pleaded no contest on Wednesday to two counts of violating California's new impersonation law and one count of making harassing telephone calls.

He was placed on five years' probation and ordered to perform 30 days of road-crew community service. A one-year jail sentence was suspended on condition he complete anger management and sex therapy classes.

Prosecutors say in a news release that Felix created Facebook pages and Craigslist listings using photos of his ex-girlfriend. The girl's mother discovered online profiles with her daughter's contact information as well as sexually explicit photos.

The Internet impersonation law went in effect Jan. 1.

original article found here

HOW TO MAKE E-IMPERSONATION A CRIME IN YOUR STATE? CLICK HERE

Probation for Man Posting Fake Orgy on Craigslist

Connecticut, USA - A Connecticut man has been sentenced to probation for posting a bogus ad about an orgy at the house of a neighbor with whom he had been feuding.

Court records show 44-year-old Philip Conran pleaded guilty to risk of injury to a
child last week in Hartford Superior Court.

He has been sentenced to three years of probation and 200 hours of community
service. He also has been ordered to pay for the West Hartford neighbor's house
alarm system.

Police say Conran posted the Craigslist ad in April 2010 and that several strangers
knocked on the neighbor's door. One man went to the wrong home, groped a teenage girl and was arrested.

Conran's attorney, Michael Georgetti, says his client regrets his actions.

original article here

Craigslist Affair Ends With Restraining Order

by John Ramsey

An extramarital affair that began on Craigslist has cost the former top enlisted Special Forces Command Soldier his position and is forcing him to retire early, he testified in Cumberland County court Friday.

Former Command Sgt. Maj. Mario Vigil took the stand Friday morning to ask Chief District Court Judge Beth Keever to order Connie Delaine Pruitt to stop contacting him and his family. Keever ordered Pruitt, who did not show up for the hearing, to follow a one-year restraining order that prohibits any direct or indirect contact with Vigil or his family.

Pruitt, of Durham County, says in court documents that she is pregnant with Vigil's child. In the military, adultery is a crime. She did not immediately return a call from a reporter Friday.

Vigil on Friday admitted to the affair and said he now just wants Pruitt to leave him alone so he and his wife can work to repair their marriage.

"I wish this court action would not have been necessary, but I was at my wit's end on how to protect myself and my family from further harassment from Connie Pruitt," Vigil said.

Vigil said he met with Pruitt three times after answering her Craigslist ad last September seeking men for sex. The third time, he said he told her he wanted to stop their relationship. That's when she told him she was pregnant. In court filings, Pruitt says she is expecting a child Aug. 2.

Vigil said he isn't sure whether she is pregnant or whether the baby is his.

"She wanted me to pay her," he said.

On Feb. 15, Vigil and his wife sent an email to Pruitt notifying her that they would consider any further attempts to contact them as harassment. But Pruitt didn't stop. She sent letters detailing the affair to Vigil's relatives and in-laws. After Feb. 15, she sent Vigil 65 text messages and more than 10 emails, he testified.

She dropped off packages at his workplace, including one that contained a poem, baby clothes and a sonogram picture.

On April 19, Vigil asked for a restraining order against Pruitt. His court date was delayed multiple times before Friday.

Vigil said he told his priest, his wife and his chain of command about his infidelity before Pruitt could go to them.

Pruitt, he said, kept asking for money. At one point, he gave her $480 for an abortion.

Documents from the military investigation into the affair say the adultery was substantiated, but there was no evidence to support Pruitt's other claim that Vigil shared classified information with her.

Vigil in 2008 became the top noncommissioned officer in the U.S. Army Special Forces Command, which includes about 14,000 Soldiers. He has served about 30 years in the Army, 4 1/2 years deployed in Desert Storm and the current wars in Afghanistan and Iraq.

Due to the investigation into the affair, he was relieved from his position as command sergeant major of Special Forces Command and received a letter of reprimand from Lt. Gen. John F. Mulholland, commander of the United States Army Special Operations Command.

Vigil said his retirement should be final within six months.

"Bottom line, I was wrong. I should never have been in a relationship with her," Vigil said Friday outside the courtroom. "I'll take my lumps for it, and I have, and I'll move on."

original article here

Craigslist Used to Harass... Again

Strange men showed up at house wanting sex

by Mark Potter

(Florida, U.S.A.) -- A Florida woman faces charges for posting a fake ad online, allegedly to harass her husband's ex-wife.

The ex-wife is Tracy Wilder, a divorced mother of three. She says she knew something was wrong when she began getting phone calls, text messages and visits to her home from men seeking sex.

"I feel violated. I feel our safety was compromised as a family. It's been terrifying," said Wilder. She says the men were responding to an explicit ad in her name on Craigslist-- an ad she insists she never placed.


original article here

Craigslist Used to Harass... Again

Strange men showed up at house wanting sex

by Mark Potter

(Florida, U.S.A.) -- A Florida woman faces charges for posting a fake ad online, allegedly to harass her husband's ex-wife.

The ex-wife is Tracy Wilder, a divorced mother of three. She says she knew something was wrong when she began getting phone calls, text messages and visits to her home from men seeking sex.

"I feel violated. I feel our safety was compromised as a family. It's been terrifying," said Wilder. She says the men were responding to an explicit ad in her name on Craigslist-- an ad she insists she never placed.


original article here

Posting Woman’s Data on Craigslist Brings Charges

By BILL BRAKSICK

(ILLINOIS, USA) A Sycamore man has been charged with a misdemeanor offense after reportedly posting a woman’s contact information and offers for sex on an Internet website.

Alexander P. Dominguez, 25, of the 700 block of South Main Street, is accused of posting a woman’s name, phone number and workplace information, along with offers of sexual contact, on the classified website Craigslist.

According to court documents, the woman received dozens of phone messages from unknown people propositioning her for sex.

Dominguez is charged with harassment through electronic communications, a Class B misdemeanor punishable by not more than six months in jail.

He appeared for a bond hearing Wednesday at the DeKalb County Courthouse via closed-circuit television from the DeKalb County Jail.

He was released on a $1,500 recognizance bond, which allows a person to be released from jail with no money posted but a signed promise to be present at future court dates.

He is due back in court July 19.


(our exposed cyberpath Dunetz/ Yidwithlid did this to his victims on MySpace... possible pending legal action)


original article here

Posting Woman’s Data on Craigslist Brings Charges

By BILL BRAKSICK

(ILLINOIS, USA) A Sycamore man has been charged with a misdemeanor offense after reportedly posting a woman’s contact information and offers for sex on an Internet website.

Alexander P. Dominguez, 25, of the 700 block of South Main Street, is accused of posting a woman’s name, phone number and workplace information, along with offers of sexual contact, on the classified website Craigslist.

According to court documents, the woman received dozens of phone messages from unknown people propositioning her for sex.

Dominguez is charged with harassment through electronic communications, a Class B misdemeanor punishable by not more than six months in jail.

He appeared for a bond hearing Wednesday at the DeKalb County Courthouse via closed-circuit television from the DeKalb County Jail.

He was released on a $1,500 recognizance bond, which allows a person to be released from jail with no money posted but a signed promise to be present at future court dates.

He is due back in court July 19.


(our exposed cyberpath Dunetz/ Yidwithlid did this to his victims on MySpace... possible pending legal action)


original article here

The 7 Deadliest Social Networking Hacks

Think you know who your real online friends are? You could be just a few hops away from a cybercriminal in today's social networks

By Kelly Jackson Higgins

It started with a stolen Facebook photo attached to an inflammatory profile. It led to online harassment, death threats, and emails to the victim’s boss questioning the victim’s character. But an online personal attack against Graham Cluley earlier this year is one example of how easy it is to use a social network to damage the identity of an individual -- or an entire company.

Cluley’s case shows just how rapidly social networks can spread a smear campaign or personal attack -- and how it can quickly spread to the victim’s professional life. Cluley, who is a senior technology consultant with Sophos, recently met another victim who experienced a similar attack on Facebook, Kerry Harvey. He says it was apparently an acquaintance of Harvey’s who built a phony Kerry Harvey Facebook profile that branded her occupation as a “prostitute,” complete with her cellphone number.

Could such a thing happen to you or employees at your company? You bet. Social networks are the next major attack venue for trolls, spammers, bot herders, cybercriminals, corporate spies -- and even jilted ex-lovers or enemies -- to make money, or just plain wreak havoc on their victims’ personal lives, security experts say.

“It's the easiest way to passively gain intelligence on the largest groups of society and nearly every walk of life,” says Robert Hansen, aka RSnake, founder of SecTheory LLC.

The root of the problem is that social networking sites by nature aren't secure. They typically don’t authenticate new members -- you can’t always be sure that your online friend is who she says she is -- and attackers can easily exploit and capitalize on the “trusted” culture within the social network. Users often don't deploy the security and privacy options that some of these sites offer, either.

Social networking application development tools like OpenSocial and third-party tools on Facebook, for example, can be abused by attackers to readily spread malware or lift personal information. There’s also the very real risk of corporate espionage, with attackers culling tidbits from personal or professional social net profiles to wage targeted attacks on businesses via their employees. And popular Web attacks, like cross-site scripting, can also be used against members of social networks.

And don’t think for a minute that your “private” or closed profile keeps you safe from an attack or potential personal embarrassment, either. “There is no such thing as privacy on the Internet,” says Adam O’Donnell, director of emerging technologies for Cloudmark. “You are only delaying the inevitable information leakage for any content you put online. My recommendation is to treat the Internet as if all content there lasts forever.”

Attacks on social networking sites have only just begun, so think twice before you get too personal with what you post on them, or too loose about accepting and trusting new friends and connections.

“You’re only going to see these attacks on social networks go up,” says researcher Nathan Hamiel, who along with colleague Shawn Moyer recently conducted some relatively simple but scary hacks recently on various social networks that they demonstrated at Black Hat USA and Defcon 16 this month. “We’ve noticed some weird social networking attacks since we did our talk” at those hacker conferences, he says.

Here's a look at the seven most lethal social networks hacks:

* 1) Impersonation and targeted personal attacks

* 2) Spam and bot infections

* 3) Weaponized OpenSocial and other social networking applications

* 4) Crossover of personal to professional online presence

* 5) XSS, CSRF attacks

* 6) Identity theft

* 7) Corporate espionage

1) Impersonation and targeted personal attacks
You’d think security experts would be relatively immune from social networking hacks since, well, they’re security experts. But a recent wave of nasty hacks targeting security industry figures such as Alan Shimel of StillSecure and Petko Petkov of GNUCitizen, where their personal email accounts and other private data were raided and posted on the Net, have demonstrated that a determined attacker can even get to the experts.

Putting yourself “out there” with a social network presence basically leaves you open for all kinds of attacks, even personal ones. Just ask Sophos’s Cluley, who faced hate messages, death threats to his wife, and his photo being superimposed on some pornographic images after his Facebook photo hack. “They didn’t use my name,” he says, but all it took was someone to recognize his face.

Twitter, the microblogging site where members post quick updates on what they’re doing or comments to multiple “followers,” introduces a whole other element to social networking security -- physical security, experts say. “I never talk about where I am, who I'm with, where I'm going, or any other specific details,” RSnake says. “But that doesn't stop anyone else who knows that same information from doing that behind my back - maliciously or not.”

Sophos’s Cluley says posting too much information on Twitter, such as your whereabouts or trip plans, leave you wide open to things like burglary or stalking. “Twitter is a fascinating thing. To be honest, it could lead to all sorts of physical problems, such as physical theft…or jealous ex’s” tracking what their ex is up to, says Cluley, who “tweets” his blog titles. “When I post to my blog, I’m not saying ‘I’m at the supermarket.’ First of all, who cares? I much prefer to wait until I get back” from the store to say what I’m doing, he says.

And as Hamiel and Moyer demonstrated at Black Hat USA and Defcon 16, you don’t even have to have a social networking profile to be targeted. The two researchers were able to easily impersonate security icon Marcus Ranum (with his permission) on LinkedIn, the social network for businesspeople. Ranum doesn’t have an account, so the two basically lifted Ranum’s photo off the Internet and gathered information on him online and built a convincing phony Ranum profile. (See LinkedIn Hack Demonstrates Ease of Impersonation.)

They channeled Ranum so well that they amassed 42 LinkedIn connections within 12 hour, even duping Ranum’s own sister into friending the phony Ranum profile.

2) Spam or bot infections
Spammers -- for plain old advertising, click fraud, or for bot recruitment -- need mechanisms that efficiently and effectively deliver and spread their messages, malware, or both. And attackers have already honed in on the social networking community, hijacking accounts and using their address books to spread spam, worms, or other malware.

“We’re seeing more and more malware via spam and links in spam. We’re seeing this with malware text on Facebook and Twitter that’s designed to draw people to particular pages,” Sophos’s Cluley says.

Most recently, attackers hijacked some Facebook accounts, and posing as members sent messages to their friends to dupe them into viewing a video clip link, which instead was actually a Trojan that silently downloaded malware onto their machine once they opened the link.

A recent report by ScanSafe found that in July, up to one in 600 profile pages on social-networking sites hosted some form of malware, mostly adware and spyware.

3) Weaponized OpenSocial and other social networking applications
Users often don’t think anything of installing an application in their browser. “But these applications can all have the same levels of access to their system, and some of the most private information is often [stored] in the browser, so it can be more dangerous,” Moyer says. “It blows my mind how people can think that downloading [these applications] is not as bad” as downloading some application to their system.

That makes third-party application services like OpenSocial a dangerously handy tool for attackers. “The addition of the third-party application service also allows for another avenue for code-based attacks to occur,” Cloudmark’s O’Donnell says.

It’s not that all of the developers of those social networking virtual kisses, secret crushes, or birthday reminder widgets are necessarily malicious. OpenSocial, for example, offers an option for writers of these tools to limit malicious JavaScript in these applications, but inexperienced developers typically don’t bother or know to use these measures, O'Donnell says.

“These are opt-in only, and a limited number of developers use the tools. What ends up happening is that developers with a limited amount of security-sensitive development experience create these applications that spread like wildfire, allowing a new vector for infection on many profiles -- and by infection, I primarily mean attacks focused inside the social network,” O’Donnell says.

Users don’t always realize that the third-party widgets for Facebook, for example, weren’t written by Facebook. Some have holes that collect more information on users than necessary or safe, and others have been written specifically to install adware or generate revenue. “To their credit, Facebook has closed down some of these apps that behaved inappropriately,” Sophos’ Cluley notes.

A rogue application called “Secret Crush” was circulating around Facebook earlier this year, spreading spyware instead of love. (See 'Secret Crush' Spreads Spyware, Not Love.) It sent victims an invitation to find out who has a secret "crush" on him or her, and lured them into installing and running the Secret Crush app, which spread spyware via an iFrame. The attack got more advanced and worm-like when it required the victim to invite at least five friends before learning who their “crush” was.

“They [these sites] are basically under constant attack,” Moyer says. “We think a lot of the Web 2.0 problems [with these sites] are more about how much trust is being placed on the client side.”

4) Crossover of personal to professional online presence
Even if you keep a MySpace account for personal use, and a LinkedIn one for professional networking, there’s no guarantee that those late-night partying pictures aren’t going to end up in front of your colleagues on LinkedIn, or worse, your boss.

“Consider everything on a social network to be public, whether it’s private photos or work history,” Hamiel says. “You can’t stop a ‘friend’ from copying your stuff and putting it wherever” they want.

There are some measures social networkers can take to prevent the details of their social and personal lives from spilling over to their professional ones. Cloudmark’s O’Donnell says he doesn’t bother with separate personal and professional social networking accounts: “For me I find it far easier to not keep them separate, and to present a professional face on both my personal and my professional profiles."

You can set up “limited” profiles on sites like Facebook. “I can add someone as a limited friend, and they don’t know they’re limited. They can’t see my holiday photos,” for instance, Sophos’s Cluley says. That way, “I’ve really tied down and parceled up what I want as my real close friends” on the site.

There are also privacy settings that can control what information you share with others on the social network, and what information Facebook apps can get and share about your profile.

5) XSS, CSRF attacks
Cross-site scripting (XSS) and cross-site request forgery (CSRF) vulnerabilities are obvious attack vectors, and some social networking worms have used XSS flaws to help propagate themselves. But most social networks have tightened their defenses against XSS attacks, security experts say, and CSRF attacks are not yet common.

XSS and CSRF do pose a big risk to these sites, especially when it comes to social networking applications, experts say. In an XSS attack, malicious code is injected into vulnerable Web applications and users who view those pages can get hacked. In a CSRF attack, an attacker basically tricks the victim's browser into making a request on his behalf -- as the logged-in user.

“Anytime [that] you, an attacker, can force a user to load HTML, the potential is there for browser exploits, botnet infections, and account manipulation via XSS/CSRF,” says HD Moore, director of security research for BreakingPoint Systems.

A CSRF attack could potentially jump and spread across multiple social networking sites that the user is logged onto -- effectively spreading the attack from one social network to another. It could, for example, force a victim viewing a CSRF-infected page on MySpace to post something on his own wall on Facebook if the wall-posting function was vulnerable. “I think [CSRF] certainly is one useful vector that's being overlooked now,” Moyer says.

Meanwhile, with the openness of social networks, attackers don’t really need to bother with complicated XSS or CSRF attacks. “But if you [the attacker] combine attack vectors, you could be a lot more effective. We think as long as [social networks] allow users to create markup in profiles and comments and link to external content, this will continue to be a problem,” Moyer says.

6) Identity theft
A social network profile can give away some valuable tidbits –- victim’s name and date of birth –- that identity thieves can use to guess passwords or impersonate them, and even eventually steal their identity, some security experts say.

But that doesn’t mean that identity thieves are crawling all over social networks, Hamiel says. “I just think that the claims that social networks are an identity theft magnet are overblown."

Social networkers sometimes inadvertently hand over the goods themselves: In a study Sophos conducted over a year ago, about 41 percent of Facebook users in the study gave out their email address, date of birth, and phone number to someone they didn’t know.

One safety tip for social networkers is not to answer all the questions posed to them by the site, and don't provide your true date of birth, Sophos's Cluley says. “You don’t need to tell Facebook your educational background, your phone number, etc. You don’t even have to tell them your real date of birth,” he says. “I want the identity thief to get the wrong date of birth.”

You can even make up a phony maiden name for your mother. “Don’t make it something that’s a matter of public record,” he says.

Even so, social networks basically tap into human nature’s innate need to socialize, and the bad guys know it. “People aren't very good at security,” RSnake says. “We were built to work in teams, we're pack animals.”
7) Corporate espionage
Even if an employer blocks access to social networks from the office, the organization still could be susceptible to corporate espionage attacks via its employees’ personal profiles.

To pull off a spear phishing attack, for example, all an attacker has to do is search for Company A’s employees on a social networking site and then pose as someone within the organization -- such as the head of human resources -- and email the employee addresses he finds, for example. A phony HR spear phish could look something like this, Sophos’s Cluley says: “Dear Fred Jones, Congratulations on joining XYZ Company. Click on this link to access our HR Intranet and then log in with your regular network username and password so we can update our files.”

A newbie to the company could easily fall for the ploy and hand over access to the corporate network, he says.

The only shot at preventing this hack is for social networkers to limit what they post publicly and to keep their employer’s name out of their profile. “Keeping the name of your employer... far away from your personal profiles can reduce the chance that someone will target your employer through you,” BreakingPoint’s Moore says. “The trouble is that even with completely separate personal and professional identities, it only takes one scrap of public information linking the two to negate all of the time that went into separating them in the first place.”

That’s because the “six degrees of separation” rule applies on most social networks: You’re only a few hops away from a bad guy. “We know that there are bad people on these networks using them to steal information,” Cluley says. “You may be only a half a dozen hops from an identity thief if we’re all connected.”

Responses to: editors@darkreading.com

ORIGINAL ARTICLE

Many thanks to support group member, Gypsy for this gem!

The 7 Deadliest Social Networking Hacks

Think you know who your real online friends are? You could be just a few hops away from a cybercriminal in today's social networks

By Kelly Jackson Higgins

It started with a stolen Facebook photo attached to an inflammatory profile. It led to online harassment, death threats, and emails to the victim’s boss questioning the victim’s character. But an online personal attack against Graham Cluley earlier this year is one example of how easy it is to use a social network to damage the identity of an individual -- or an entire company.

Cluley’s case shows just how rapidly social networks can spread a smear campaign or personal attack -- and how it can quickly spread to the victim’s professional life. Cluley, who is a senior technology consultant with Sophos, recently met another victim who experienced a similar attack on Facebook, Kerry Harvey. He says it was apparently an acquaintance of Harvey’s who built a phony Kerry Harvey Facebook profile that branded her occupation as a “prostitute,” complete with her cellphone number.

Could such a thing happen to you or employees at your company? You bet. Social networks are the next major attack venue for trolls, spammers, bot herders, cybercriminals, corporate spies -- and even jilted ex-lovers or enemies -- to make money, or just plain wreak havoc on their victims’ personal lives, security experts say.

“It's the easiest way to passively gain intelligence on the largest groups of society and nearly every walk of life,” says Robert Hansen, aka RSnake, founder of SecTheory LLC.

The root of the problem is that social networking sites by nature aren't secure. They typically don’t authenticate new members -- you can’t always be sure that your online friend is who she says she is -- and attackers can easily exploit and capitalize on the “trusted” culture within the social network. Users often don't deploy the security and privacy options that some of these sites offer, either.

Social networking application development tools like OpenSocial and third-party tools on Facebook, for example, can be abused by attackers to readily spread malware or lift personal information. There’s also the very real risk of corporate espionage, with attackers culling tidbits from personal or professional social net profiles to wage targeted attacks on businesses via their employees. And popular Web attacks, like cross-site scripting, can also be used against members of social networks.

And don’t think for a minute that your “private” or closed profile keeps you safe from an attack or potential personal embarrassment, either. “There is no such thing as privacy on the Internet,” says Adam O’Donnell, director of emerging technologies for Cloudmark. “You are only delaying the inevitable information leakage for any content you put online. My recommendation is to treat the Internet as if all content there lasts forever.”

Attacks on social networking sites have only just begun, so think twice before you get too personal with what you post on them, or too loose about accepting and trusting new friends and connections.

“You’re only going to see these attacks on social networks go up,” says researcher Nathan Hamiel, who along with colleague Shawn Moyer recently conducted some relatively simple but scary hacks recently on various social networks that they demonstrated at Black Hat USA and Defcon 16 this month. “We’ve noticed some weird social networking attacks since we did our talk” at those hacker conferences, he says.

Here's a look at the seven most lethal social networks hacks:

* 1) Impersonation and targeted personal attacks

* 2) Spam and bot infections

* 3) Weaponized OpenSocial and other social networking applications

* 4) Crossover of personal to professional online presence

* 5) XSS, CSRF attacks

* 6) Identity theft

* 7) Corporate espionage

1) Impersonation and targeted personal attacks
You’d think security experts would be relatively immune from social networking hacks since, well, they’re security experts. But a recent wave of nasty hacks targeting security industry figures such as Alan Shimel of StillSecure and Petko Petkov of GNUCitizen, where their personal email accounts and other private data were raided and posted on the Net, have demonstrated that a determined attacker can even get to the experts.

Putting yourself “out there” with a social network presence basically leaves you open for all kinds of attacks, even personal ones. Just ask Sophos’s Cluley, who faced hate messages, death threats to his wife, and his photo being superimposed on some pornographic images after his Facebook photo hack. “They didn’t use my name,” he says, but all it took was someone to recognize his face.

Twitter, the microblogging site where members post quick updates on what they’re doing or comments to multiple “followers,” introduces a whole other element to social networking security -- physical security, experts say. “I never talk about where I am, who I'm with, where I'm going, or any other specific details,” RSnake says. “But that doesn't stop anyone else who knows that same information from doing that behind my back - maliciously or not.”

Sophos’s Cluley says posting too much information on Twitter, such as your whereabouts or trip plans, leave you wide open to things like burglary or stalking. “Twitter is a fascinating thing. To be honest, it could lead to all sorts of physical problems, such as physical theft…or jealous ex’s” tracking what their ex is up to, says Cluley, who “tweets” his blog titles. “When I post to my blog, I’m not saying ‘I’m at the supermarket.’ First of all, who cares? I much prefer to wait until I get back” from the store to say what I’m doing, he says.

And as Hamiel and Moyer demonstrated at Black Hat USA and Defcon 16, you don’t even have to have a social networking profile to be targeted. The two researchers were able to easily impersonate security icon Marcus Ranum (with his permission) on LinkedIn, the social network for businesspeople. Ranum doesn’t have an account, so the two basically lifted Ranum’s photo off the Internet and gathered information on him online and built a convincing phony Ranum profile. (See LinkedIn Hack Demonstrates Ease of Impersonation.)

They channeled Ranum so well that they amassed 42 LinkedIn connections within 12 hour, even duping Ranum’s own sister into friending the phony Ranum profile.

2) Spam or bot infections
Spammers -- for plain old advertising, click fraud, or for bot recruitment -- need mechanisms that efficiently and effectively deliver and spread their messages, malware, or both. And attackers have already honed in on the social networking community, hijacking accounts and using their address books to spread spam, worms, or other malware.

“We’re seeing more and more malware via spam and links in spam. We’re seeing this with malware text on Facebook and Twitter that’s designed to draw people to particular pages,” Sophos’s Cluley says.

Most recently, attackers hijacked some Facebook accounts, and posing as members sent messages to their friends to dupe them into viewing a video clip link, which instead was actually a Trojan that silently downloaded malware onto their machine once they opened the link.

A recent report by ScanSafe found that in July, up to one in 600 profile pages on social-networking sites hosted some form of malware, mostly adware and spyware.

3) Weaponized OpenSocial and other social networking applications
Users often don’t think anything of installing an application in their browser. “But these applications can all have the same levels of access to their system, and some of the most private information is often [stored] in the browser, so it can be more dangerous,” Moyer says. “It blows my mind how people can think that downloading [these applications] is not as bad” as downloading some application to their system.

That makes third-party application services like OpenSocial a dangerously handy tool for attackers. “The addition of the third-party application service also allows for another avenue for code-based attacks to occur,” Cloudmark’s O’Donnell says.

It’s not that all of the developers of those social networking virtual kisses, secret crushes, or birthday reminder widgets are necessarily malicious. OpenSocial, for example, offers an option for writers of these tools to limit malicious JavaScript in these applications, but inexperienced developers typically don’t bother or know to use these measures, O'Donnell says.

“These are opt-in only, and a limited number of developers use the tools. What ends up happening is that developers with a limited amount of security-sensitive development experience create these applications that spread like wildfire, allowing a new vector for infection on many profiles -- and by infection, I primarily mean attacks focused inside the social network,” O’Donnell says.

Users don’t always realize that the third-party widgets for Facebook, for example, weren’t written by Facebook. Some have holes that collect more information on users than necessary or safe, and others have been written specifically to install adware or generate revenue. “To their credit, Facebook has closed down some of these apps that behaved inappropriately,” Sophos’ Cluley notes.

A rogue application called “Secret Crush” was circulating around Facebook earlier this year, spreading spyware instead of love. (See 'Secret Crush' Spreads Spyware, Not Love.) It sent victims an invitation to find out who has a secret "crush" on him or her, and lured them into installing and running the Secret Crush app, which spread spyware via an iFrame. The attack got more advanced and worm-like when it required the victim to invite at least five friends before learning who their “crush” was.

“They [these sites] are basically under constant attack,” Moyer says. “We think a lot of the Web 2.0 problems [with these sites] are more about how much trust is being placed on the client side.”

4) Crossover of personal to professional online presence
Even if you keep a MySpace account for personal use, and a LinkedIn one for professional networking, there’s no guarantee that those late-night partying pictures aren’t going to end up in front of your colleagues on LinkedIn, or worse, your boss.

“Consider everything on a social network to be public, whether it’s private photos or work history,” Hamiel says. “You can’t stop a ‘friend’ from copying your stuff and putting it wherever” they want.

There are some measures social networkers can take to prevent the details of their social and personal lives from spilling over to their professional ones. Cloudmark’s O’Donnell says he doesn’t bother with separate personal and professional social networking accounts: “For me I find it far easier to not keep them separate, and to present a professional face on both my personal and my professional profiles."

You can set up “limited” profiles on sites like Facebook. “I can add someone as a limited friend, and they don’t know they’re limited. They can’t see my holiday photos,” for instance, Sophos’s Cluley says. That way, “I’ve really tied down and parceled up what I want as my real close friends” on the site.

There are also privacy settings that can control what information you share with others on the social network, and what information Facebook apps can get and share about your profile.

5) XSS, CSRF attacks
Cross-site scripting (XSS) and cross-site request forgery (CSRF) vulnerabilities are obvious attack vectors, and some social networking worms have used XSS flaws to help propagate themselves. But most social networks have tightened their defenses against XSS attacks, security experts say, and CSRF attacks are not yet common.

XSS and CSRF do pose a big risk to these sites, especially when it comes to social networking applications, experts say. In an XSS attack, malicious code is injected into vulnerable Web applications and users who view those pages can get hacked. In a CSRF attack, an attacker basically tricks the victim's browser into making a request on his behalf -- as the logged-in user.

“Anytime [that] you, an attacker, can force a user to load HTML, the potential is there for browser exploits, botnet infections, and account manipulation via XSS/CSRF,” says HD Moore, director of security research for BreakingPoint Systems.

A CSRF attack could potentially jump and spread across multiple social networking sites that the user is logged onto -- effectively spreading the attack from one social network to another. It could, for example, force a victim viewing a CSRF-infected page on MySpace to post something on his own wall on Facebook if the wall-posting function was vulnerable. “I think [CSRF] certainly is one useful vector that's being overlooked now,” Moyer says.

Meanwhile, with the openness of social networks, attackers don’t really need to bother with complicated XSS or CSRF attacks. “But if you [the attacker] combine attack vectors, you could be a lot more effective. We think as long as [social networks] allow users to create markup in profiles and comments and link to external content, this will continue to be a problem,” Moyer says.

6) Identity theft
A social network profile can give away some valuable tidbits –- victim’s name and date of birth –- that identity thieves can use to guess passwords or impersonate them, and even eventually steal their identity, some security experts say.

But that doesn’t mean that identity thieves are crawling all over social networks, Hamiel says. “I just think that the claims that social networks are an identity theft magnet are overblown."

Social networkers sometimes inadvertently hand over the goods themselves: In a study Sophos conducted over a year ago, about 41 percent of Facebook users in the study gave out their email address, date of birth, and phone number to someone they didn’t know.

One safety tip for social networkers is not to answer all the questions posed to them by the site, and don't provide your true date of birth, Sophos's Cluley says. “You don’t need to tell Facebook your educational background, your phone number, etc. You don’t even have to tell them your real date of birth,” he says. “I want the identity thief to get the wrong date of birth.”

You can even make up a phony maiden name for your mother. “Don’t make it something that’s a matter of public record,” he says.

Even so, social networks basically tap into human nature’s innate need to socialize, and the bad guys know it. “People aren't very good at security,” RSnake says. “We were built to work in teams, we're pack animals.”
7) Corporate espionage
Even if an employer blocks access to social networks from the office, the organization still could be susceptible to corporate espionage attacks via its employees’ personal profiles.

To pull off a spear phishing attack, for example, all an attacker has to do is search for Company A’s employees on a social networking site and then pose as someone within the organization -- such as the head of human resources -- and email the employee addresses he finds, for example. A phony HR spear phish could look something like this, Sophos’s Cluley says: “Dear Fred Jones, Congratulations on joining XYZ Company. Click on this link to access our HR Intranet and then log in with your regular network username and password so we can update our files.”

A newbie to the company could easily fall for the ploy and hand over access to the corporate network, he says.

The only shot at preventing this hack is for social networkers to limit what they post publicly and to keep their employer’s name out of their profile. “Keeping the name of your employer... far away from your personal profiles can reduce the chance that someone will target your employer through you,” BreakingPoint’s Moore says. “The trouble is that even with completely separate personal and professional identities, it only takes one scrap of public information linking the two to negate all of the time that went into separating them in the first place.”

That’s because the “six degrees of separation” rule applies on most social networks: You’re only a few hops away from a bad guy. “We know that there are bad people on these networks using them to steal information,” Cluley says. “You may be only a half a dozen hops from an identity thief if we’re all connected.”

Responses to: editors@darkreading.com

ORIGINAL ARTICLE

Many thanks to support group member, Gypsy for this gem!

Online Dating & Online Prostitution Cause Rise in Rapes

By Christopher D. Kirkpatrick

excerpts from the article:
(NORTH CAROLINA, USA) Reported rape is up 16 percent in Mecklenburg County this year, fueled by the popularity of Internet dating and online classifieds offering sexual services, Charlotte police and experts say.

“In the past, (rapists) would have to hunt and stalk,” said Sgt. Darrell Price, who's in charge of Charlotte-Mecklenburg Police Department's sexual assault unit. “Now, all you have to do is (get on the Internet), and she's waiting for you at a hotel room.”

Officials also say a higher percentage of victims each year are coming forward to report rape. Nationally, the number of rapes reported to police has increased by 30 percent since 1993, according to the Rape, Abuse & Incest National Network, a nonprofit advocacy group.

Greater media coverage, including attention from Oprah Winfrey, is lessening the shame and social stigma of being a victim, says Brandy Redmile Stephens, victim services director for Charlotte's United Family Services. The nonprofit has been seeing more victims lately, but she couldn't say how many more.

“It's getting easier for them to understand that it's not something they should keep a secret,” she said. “They're more informed.”

In North Carolina, a new state law that passed this year allows victims to provide medical evidence anonymously and free before deciding if they want to call police. To be effective, medical evidence needs to be collected within 72 hours of an assault.

In the past, victims without medical insurance might have paid $800 or more for an ambulance, emergency room and for a doctor or nurse to collect the evidence, Stephens estimated. The state-run N.C. Rape Victims Assistance Program now reimburses a medical staff up to $1,000.

Medical professionals also used to require the victim to report the rape to police before they would collect evidence. So victims who had financial concerns or were too traumatized missed their chance to provide forensic evidence and regretted it later, Price said. Now, they can decide later if they want to file a police report and still preserve evidence, he said.

“It gives the victim much more power,” he said.

Outreach is helping
Rape is the only major crime category up this year, according to statistics.

Through July, there were 26 more rapes reported to police (185) than last year, when CMPD investigated 159 rapes during the same period. That goes against a two-year trend that saw fewer reported rapes in Mecklenburg.

Price said he believes the Internet is playing a role in the rising numbers. But he also explains the increase as a result of stepped-up outreach programs by the department during the past year and a half.

No Cyber-Case Registry
No central authority or group is counting how many sex crimes are Internet-related, said Parry Aftab, an Internet privacy lawyer and executive director of New York-based wiredsafety.org, an Internet safety group.

But she said it's clearly going up, and the dangers are real – even for women dating online through 'reputable' cyber-dating sites.

“The crimes are notoriously underreported,” said Aftab, who is regularly consulted by government and media outlets on the subject.

Her group advocates changing police forms and FBI crime reporting requirements to include a cyber category to better track it: “Right now, it just shows as a general sexual assault.”

Locally, experts say more date rapes and sexual assaults are growing out of Internet chat room introductions and from dates arranged through popular cyber-dating sites.

But Charlotte-Mecklenburg police also are reporting a surge in crimes against women who blatantly advertise adult sexual services on the Internet, Price said.

Some are prostitutes advertising through sites such as Craigslist, which offers free Internet classified ads. They try to hook up with clients in Charlotte hotel rooms, but end up getting robbed or raped, police reported. Others are arrested for prostitution in police stings.

Since September, Charlotte-Mecklenburg police say 13 robberies and five sexual assaults have resulted from ads placed by women advertising sex services. And police also arrested at least 24 prostitutes and johns in a June sting operation.

Concerned about the increase, Price said he sent an e-mail to Craigslist last week asking the online posting company to warn women advertising personal services that Charlotte had become too dangerous for them.

Craigslist has drawn fire in recent months for its adult services ads. S.C. Attorney General Henry McMaster threatened to file criminal charges earlier this year against Craigslist executives. Craigslist and its CEO Jim Buckmaster fired back with a lawsuit, which is pending. N.C. Attorney General Roy Cooper has also focused attention on MySpace and Facebook over sexual predators...

Craigslist did not respond to the Observer's request for comment about the Charlotte incidents or Price's request for the company to post a warning.

Authorities say the company has helped with criminal investigations, including helping track down a suspect police say raped a Kannapolis woman at her husband's request in late May 2009.

Price said he doesn't know how Charlotte might compare to other big cities but said the number of victims in “such a short period of time” is a concern for the department.

“It was a simple request. … It's just a matter of time before one of them gets murdered,” he said.

One in six women and one in 33 men will be a victim of sexual assault in their lifetime.

College-aged women are four times more likely to be sexually assaulted.

Sexual Assault Numbers

• In 2007, there were 248,300 sexual assault victims.
• Every two minutes someone in the U.S. is sexually assaulted.
• Approximately 73 percent of rape victims know their assailants.
• Only 6 percent of rapists will ever spend a day in jail.

For more information visit www.rainn.org. The group also runs a national sexual assault hotline: 1-800-656-HOPE (4673).


When meeting someone for the first time, remember to:

• Insist on a public meeting place.
• Tell a friend or family member where you're going.
• Take your cell phone.
• Consider having a friend accompany you.
• Trust your instincts.

For more information about personal safety online, check out these resources: http://getsafeonline.org, http://wiredsafety.org

original article posted here

Online Dating & Online Prostitution Cause Rise in Rapes

By Christopher D. Kirkpatrick

excerpts from the article:
(NORTH CAROLINA, USA) Reported rape is up 16 percent in Mecklenburg County this year, fueled by the popularity of Internet dating and online classifieds offering sexual services, Charlotte police and experts say.

“In the past, (rapists) would have to hunt and stalk,” said Sgt. Darrell Price, who's in charge of Charlotte-Mecklenburg Police Department's sexual assault unit. “Now, all you have to do is (get on the Internet), and she's waiting for you at a hotel room.”

Officials also say a higher percentage of victims each year are coming forward to report rape. Nationally, the number of rapes reported to police has increased by 30 percent since 1993, according to the Rape, Abuse & Incest National Network, a nonprofit advocacy group.

Greater media coverage, including attention from Oprah Winfrey, is lessening the shame and social stigma of being a victim, says Brandy Redmile Stephens, victim services director for Charlotte's United Family Services. The nonprofit has been seeing more victims lately, but she couldn't say how many more.

“It's getting easier for them to understand that it's not something they should keep a secret,” she said. “They're more informed.”

In North Carolina, a new state law that passed this year allows victims to provide medical evidence anonymously and free before deciding if they want to call police. To be effective, medical evidence needs to be collected within 72 hours of an assault.

In the past, victims without medical insurance might have paid $800 or more for an ambulance, emergency room and for a doctor or nurse to collect the evidence, Stephens estimated. The state-run N.C. Rape Victims Assistance Program now reimburses a medical staff up to $1,000.

Medical professionals also used to require the victim to report the rape to police before they would collect evidence. So victims who had financial concerns or were too traumatized missed their chance to provide forensic evidence and regretted it later, Price said. Now, they can decide later if they want to file a police report and still preserve evidence, he said.

“It gives the victim much more power,” he said.

Outreach is helping
Rape is the only major crime category up this year, according to statistics.

Through July, there were 26 more rapes reported to police (185) than last year, when CMPD investigated 159 rapes during the same period. That goes against a two-year trend that saw fewer reported rapes in Mecklenburg.

Price said he believes the Internet is playing a role in the rising numbers. But he also explains the increase as a result of stepped-up outreach programs by the department during the past year and a half.

No Cyber-Case Registry
No central authority or group is counting how many sex crimes are Internet-related, said Parry Aftab, an Internet privacy lawyer and executive director of New York-based wiredsafety.org, an Internet safety group.

But she said it's clearly going up, and the dangers are real – even for women dating online through 'reputable' cyber-dating sites.

“The crimes are notoriously underreported,” said Aftab, who is regularly consulted by government and media outlets on the subject.

Her group advocates changing police forms and FBI crime reporting requirements to include a cyber category to better track it: “Right now, it just shows as a general sexual assault.”

Locally, experts say more date rapes and sexual assaults are growing out of Internet chat room introductions and from dates arranged through popular cyber-dating sites.

But Charlotte-Mecklenburg police also are reporting a surge in crimes against women who blatantly advertise adult sexual services on the Internet, Price said.

Some are prostitutes advertising through sites such as Craigslist, which offers free Internet classified ads. They try to hook up with clients in Charlotte hotel rooms, but end up getting robbed or raped, police reported. Others are arrested for prostitution in police stings.

Since September, Charlotte-Mecklenburg police say 13 robberies and five sexual assaults have resulted from ads placed by women advertising sex services. And police also arrested at least 24 prostitutes and johns in a June sting operation.

Concerned about the increase, Price said he sent an e-mail to Craigslist last week asking the online posting company to warn women advertising personal services that Charlotte had become too dangerous for them.

Craigslist has drawn fire in recent months for its adult services ads. S.C. Attorney General Henry McMaster threatened to file criminal charges earlier this year against Craigslist executives. Craigslist and its CEO Jim Buckmaster fired back with a lawsuit, which is pending. N.C. Attorney General Roy Cooper has also focused attention on MySpace and Facebook over sexual predators...

Craigslist did not respond to the Observer's request for comment about the Charlotte incidents or Price's request for the company to post a warning.

Authorities say the company has helped with criminal investigations, including helping track down a suspect police say raped a Kannapolis woman at her husband's request in late May 2009.

Price said he doesn't know how Charlotte might compare to other big cities but said the number of victims in “such a short period of time” is a concern for the department.

“It was a simple request. … It's just a matter of time before one of them gets murdered,” he said.

One in six women and one in 33 men will be a victim of sexual assault in their lifetime.

College-aged women are four times more likely to be sexually assaulted.

Sexual Assault Numbers

• In 2007, there were 248,300 sexual assault victims.
• Every two minutes someone in the U.S. is sexually assaulted.
• Approximately 73 percent of rape victims know their assailants.
• Only 6 percent of rapists will ever spend a day in jail.

For more information visit www.rainn.org. The group also runs a national sexual assault hotline: 1-800-656-HOPE (4673).


When meeting someone for the first time, remember to:

• Insist on a public meeting place.
• Tell a friend or family member where you're going.
• Take your cell phone.
• Consider having a friend accompany you.
• Trust your instincts.

For more information about personal safety online, check out these resources: http://getsafeonline.org, http://wiredsafety.org

original article posted here