David Raymond of the Virginia Cyber Range discusses their program and current security tips.
[Recording starts 0:00:00]
Bloomz www.bloomz.net is sponsoring today’s show, they are my favorite tool for engaging parents in the classroom. And at the end of the show I’ll tell you about a free webinar they’re sponsoring where I’ll teach you five habits you can start now to help your classroom thrive in the fall. cctea.ch/bloomz-spring Stay tuned to the end of the show.
“There’s been news recently of smart T.V.s that have the microphones have captured information that they were not intended to capture.”
The Ten-minute Teacher podcast with Vicki Davis. Every week day you’ll learn powerful practical ways to be a more remarkable teacher today.
VICKI: So this past week in spring break I actually spent over an hour dealing with a Russian hack attempt to take over my school’s domain name. Cyber hacking is real and those of us in I.T know it’s real. And the rest of the world is starting to realize that it impacts all of us.
Well, the State of Virginia is doing something about it with their Cyber Range Project. https://virginiacyberrange.org/So for our wonderful Wednesday today we’re talking to Dr. David Raymond @dnomyard who works with the Cyber Range about the kinds of things that we needed to be teaching our students to protect against cyber hackers. So David, how do we even start with helping kids understand how to protect themselves?
DAVID: Well, Vicki, that’s a great question. The first thing they need to understand is that what they do online stays online. So if they share information about themselves with their friends or with their family or anybody online via email or social media or whatever, you know, that stuff is there and if their social media accounts are not set in a way to make that information private then people can get to it beyond their family and friends. And you just don’t know who might be able to get to that information.
So the first thing I try to tell students is what you put online stays online and be very careful about what you post, particularly to social media. (Editor’s Note: Some of these topics are clarified in an article I wrote for Edutopia a While back What Your Students Really Need to Know about Digital Citizenship – hope this helps those of you who want to know more – https://www.edutopia.org/blog/digital-citizenship-need-to-know-vicki-davis – Vicki)
And then I like to talk to students about just sort of basic hygiene when it comes to using information technology systems whether it’s your smartphone or your laptop or your home computer. I talk about passwords a lot. You know, passwords are important and if you don’t set a good strong password on your social media accounts or your email accounts – you know, frankly, people are able to guess or do a brute force attack against your passwords and then all of a sudden they have access to all of your stuff. (See 10 Things Everyone Should Know about Passwords – https://www.coolcatteacher.com/10-things-everyone-know-passwords/ )
VICKI: I remember reading this past election cycle that Hillary Clinton’s campaign manager’s password was PASSWORD. And you’re just like, “Oh my goodness.” I mean, that factored in to what happened with the election. And you know, most people keep their passwords under their keyboards and you’re just like, “Oh, my goodness.” We have to get better at it than that, don’t we?
(Editor’s Note: I heard this from Julian Assange, http://www.dailymail.co.uk/news/article-4087092/Assange-says-14-year-old-hacked-Democratic-emails-reveals-John-Podesta-s-password-password.html however, there are those examining this who claim that this is not true – – honestly, there is no real way to verify what his password was, although admittedly many of his passwords are overly simplistic. So, whether his password was password or not, we can determine that his overly simplistic password did indeed cause him to be hacked if it is to be determined that he way he set his passwords was consistent with other passwords we know he had. http://www.politifact.com/punditfact/statements/2017/jan/06/jesse-watters/claim-john-podestas-email-password-was-password-la/ )
B Well, we do and we have to be careful when we receive an email from somebody asking us for our password to some account. I deal with the university students here at Virginia Tech on a regular basis and I’m involved in the security effort here. You get an email that looks realistic, it looks like it’s from your bank or it looks like it’s from your friend and it’s asking for your username and password to some account. And you’ll be surprised that the number of people who will type that information in.
What students have to remember is the bank is never going to ask you to send them an email asking for their password.
DAVID: Never. You just have to be smart about it. Understand when you’re clicking on a link that that might take you somewhere malicious. Another thing that we tell people that I think is pretty important is don’t use the same password in multiple places. So if somebody is able to crack your Facebook password and that’s the same as the password to your bank account then you could have some real problems.
VICKI: You sure can. The hack attempt I dealt with last week was actually pretending to be my webhost. And they were spoofing my webhost so it looked like it was from my webhost. And it took a little bit of intelligence to kind of understand that. Now, you’re even talking about digital forensics, what do you mean by that?
DAVID: Think of it like regular criminal forensics but in the context of some sort of a cyber-attack. Somebody hacks into your computer. Well, when they do that there’s always some kind of a trail of activity. Your computer keeps logs of when people access the computer and from where they’re accessing it. There is information changed in the file system and there are all these things that are sort of going on under the covers in the operating system. And if you have a skilled digital forensics person they can take your hard drive, make a copy of it and then they can dig into the hard drive itself and find this trail of activity. And often we’re able to identify the IP address or the specific location of the computer that hacked into to somebody’s computer. And we have to do that quite a lot here, actually, at Virginia Tech.
VICKI: Well and a lot of people mistakenly think because they have a Mac computer that they’re not going to get hacked. And I just read this week from McAfee that there’s over a 700% increase in attack son Macs right now. https://www.macrumors.com/2017/04/06/mac-malware-up-744-percent-in-2016/ So it’s not like we can just think, “Oh, I’m immune” can we?
DAVID: No. It really doesn’t matter. You know, when those computers have sort of had this history of being more vulnerable. I think nowadays it doesn’t really matter. Windows has gotten a lot better and the hackers have really up their game across the board. They can get into even smartphones in a lot of cases.
VICKI: So how can they get into our smartphones?
DAVID: Well, your smartphone is running an operating system just like your computer is so the same techniques apply. If they can get you to divulge your Apple I.D. password, for example, then they can get into your iPhone. And the same is true with most Android phones.
VICKI: You know, I see a lot of people taping over their webcams on their computers but I’m sitting here thinking you don’t tape over the cam on your phone. I mean, any place you have a camera or a microphone don’t you have some vulnerability or potential for listening?
DAVID: Absolutely, yes. So there’s been news recently of smart T.V.s that the microphones have captured information where they were not intended to capture. (See How to Keep Your Smart TV from spying on you – https://www.wired.com/2017/02/smart-tv-spying-vizio-settlement/ )And manufacturers have told people that they should go into the settings and turn off the microphone on their smart T.V.
VICKI: It’s so much. I mean, doesn’t this overwhelm people? I mean, these are not even things people are talking about, really.
DAVID: Yes. With all these news smart devices on the market – now we have smart door locks, we have smart thermostats. And at any time you put the word ‘smart’ in front of a device, it’s generally now internet connected and so the term that we use to describe these is the Internet of Things or IoT. These devices are all essentially running a computer inside of them and now they’re vulnerable to be attacked.
VICKI: So, David, as we finish up, how can school defend against hackers who want to steal our data, our private information or even the integrity of our systems. I mean, if we don’t protect our systems – say, a kid could go buy a grade and somebody hacks in for them. I mean, hacking is really – in some way, some people will consider an art form even though it’s a very criminal art form. How can schools even keep up with this because it really seems overwhelming from the school’s perspective as well as our students?
DAVID: Well, they really need to educate their students. And there’s sort of a basic level of education that I think all students should get. So they should learn basic social media awareness and hygiene of their electronic devices. And then the more advanced students – the student are really interested in protecting information technology and who’d maybe want to do that as a career later in life, the schools really should start teaching more of that.
And that’s something that I think, schools, at least in Virginia I know are very interested in doing. And the State is moving quickly to help them do that.
VICKI: Well, if 1 out of 7 people are likely to have a identity theft in their lives and so many things that can happen. (Here are current identity theft statistics – https://www.identityforce.com/blog/identity-theft-odds-identity-theft-statistics – this number I read some time a go and cannot find the original source. It looks like that our students may actually be much more likely to fall prey to identity theft with those 20-29 having a 1 in 4 chance!) We don’t want to operate from a perspective of fear, but the greatest software ever invented is the human brain, so we need to program it, we need to educate it. And this is part of our lives permanently. And we’re only as safe at our schools as our least educated user on our network. So it just makes sense from so many perspectives to educate our students about cyber safety. I encourage you to take a look at what Dr. David Raymond and Cyber Range are doing in Virginia. It’s a very exciting project and right now it’s available for teachers in in Virginia but I do hope that it will spread because it’s such a fantastic idea.
Thank you Bloomz for sponsoring today’s show. It is my favorite tool for parent engagement in the classroom. Just go to bloomz.net. Now, they are sponsoring the April free webinar on Thursday April 27th at 6pm Eastern. I’ll be sharing five habits you can start now to help your classroom thrive in the fall. There are things you can do now to have a better classroom. So join me by going to cctea.ch/bloomz-spring to register for the webinar. Or just go to the show notes are coolcatteacher.com/podcast for the link.
Thank you for listening to the Ten-minute Teacher Podcast. You can download the show notes and see the archive at coolcatteacher.com/podcast. Never stop learning.
[End of Audio 0:09:43]
[Transcription created by tranzify.com. Some additional editing has been done to add grammatical, spelling, and punctuation errors. Every attempt has been made to correct spelling. For permissions, please email [email protected]]