Posts Tagged malware
Captain Kirk’s Got the Lync Federation Blues
Posted by nleong in Enterprise IM, Public IM, Unified Communications, Web Security on August 9, 2012
Today’s post comes from Norv Leong, Director of Product Marketing at Actiance.
Star Trek’s popularity has spanned several generations. The captains’ names have changed (Kirk, Picard, Archer) through the years, but the fans’ devotion and passion have continued to chug along. The show was premised on federations and how many beings of different colors, shapes, and beliefs could still get along (save for the Klingons).
The same concept holds for federation when it comes to real-time communications. Gone are the days of closed networks where you can only talk or IM with folks in your own network (remember AOL back in the day?). Now, Yahoo! Messenger users can IM with Windows Live Messenger (WLM) users, and unified communications platforms like Microsoft Lync can federate with public IM networks, such as the aforementioned Yahoo.
The result when federation goes awry
This is great news for inter-planetary “keeping in touch,” but it also raises issues about security. Safely connecting to these public IM networks is of paramount concern for folks in charge of IT security. The old adage, “you never know who’s lurking out there,” couldn’t be more true. Tasked with ensuring that the security of their enterprise communications and collaboration platforms are airtight, great pains have to be taken to make sure that opening up to public IM networks doesn’t flood the corporate network with malware, worms, viruses, and the like.
This is where granular federation controls come into play. Being able to control which external parties can communicate with a given organization’s employees, groups, or networks is huge. Furthermore, it could very well be that a large enterprise has a regulatory duty to separate its business functions or divisions. Actiance Vantage enables organizations to control communications such that employees are blocked from contacting anyone (including external users) who might be on a blacklist.
This reduces the chances of malware infection, data leakage, and the potential to interact with another person outside of an ethical or regulatory boundary. It also means that you won’t be at the mercy of another organization’s security policy. Freedom to federate is great, but as Captain Kirk and his crew could attest to, you gotta be careful who you interact with because not everyone comes in peace.
“Get us out of here, Sulu! Warp factor 8!”
Chief Data Protection Officer (CDPO): The new C-level exec?
Posted by doates in Social Networking on December 14, 2011
The European Union (EU) may possibly be on the verge of creating a new C-level job title, according to a draft proposal from the European Commission. Reflecting the growing concern over security and data protection, the EU has proposed making it mandatory to have a data protection officer for the public sector, for large enterprises, and for organizations where the “core activities of the controller or processor consist of processing operations which require regular and systematic monitoring.”
This has definitely caught the attention of those in the financial services sector because the proposal also includes provisions for fining businesses up to five percent of their revenue for data breaches. That’s not a percentage to sneeze at when multiplied against billions of euros/pounds/Swiss francs. The potential for security breaches increases exponentially as more people turn to online resources to conduct business. Increasingly, financial services firms are utilizing social media and instant messaging to communicate with clients and prospective clients.
However, the downside is that all these new communications channels and transaction platforms are inviting targets for hackers. The Skypes and Twitters of the world all represent new channels for malware to enter the corporate network. Just a couple of weeks ago, this author himself was a victim of identity theft. So, the threat is real and billions of dollars are at stake. Just look what happened to Citigroup earlier this year.
Already, we’ve begun to see titles like “VP of Digital Marketing” and “Social Media Manager” pop up. So, it logically follows that we will see a “Chief Data Protection Officer” title emerge too. Hackers are becoming ever more sophisticated and the tools at their disposal are the most powerful they’ve ever been. The EU is therefore clearly keen to keep pace with the constant innovation flowing from the technology world. That innovation is responsible for much of the threat, but equally, advances in security and compliance technologies are also a key part of the solution and will be a critical part of the CPDO’s armoury.
The game of cat and mouse will no doubt continue, but at least, there’ll be a CDPO focused on minimizing, if not totally eradicating, the consequences of security and data breaches. Certainly, a framework around how security breaches will be handled and communicated to the public is a good starting point.
So maybe Brussels is finally doing the right thing!
FINRA 11-39: Applause, Missing Pieces, and Users
Posted by SarahActiance in Compliance, FINRA, Malware, Social Networking, Web Security on August 25, 2011
In the week that “retweeted” was officially added to the Oxford English Dictionary, after only two years of use, FINRA beats the retweet and issues new guidelines on social media, just 18 months after 10-06 hit our doorsteps, and “So, what do you read into 11-39?” is the question on the tip of everyone’s tongue.
As expected, a few points are clarified; the latest guidance has become more prescriptive in some areas and less so in others. (Puzzled looks abound, I’m sure.) If you’d rather hear more about this, than to continue reading, please join me on a webinar Wednesday, August 31st at 10am EST and I’ll explain.
I’ll start with the missing pieces of 11-39
What’s missing is the specific reference to individual social networking sites (I bet that’s not what you were expecting). And for this, I applaud FINRA. Examples were given in 10-06 – Facebook was mentioned twice (OK, three times if you look at the endnotes), Twitter four times, and LinkedIn just the once. Interesting that, in the conversations I’ve had with wealth management firms and wire houses, it’s LinkedIn that is the network of choice.
Why my applause though? Good job, FINRA, I say, because you’ve recognized that this world moves very quickly. Three months ago, YouTube was the fastest growing social network. Then it was Google+. And now, as Google+’s new member growth falls by 30% a day to 700,000, we’re not sure anymore. That said, LinkedIn has added 20 million new profiles since its IPO in May and now boasts 120 million profiles. Equally, since January 1, 2011, we’ve tracked 938 changes across Facebook, LinkedIn, and Twitter (yes, really!).
Good job, FINRA, because you’ve recognized that loyalty in our social world is somewhat limited. And, that just because Facebook, LinkedIn, and Twitter are today’s Holy Trinity of social, it doesn’t necessarily mean that they will be tomorrow.
What else is good?
It’s also good to see clarification on business versus personal commentary – this reinforces what we’ve been saying for some time, that “the regulator is interested in the communications related to the business and when the individual is representing the business” – the advice we have been giving since January 2010, is NOT to go against the Facebook rules (for instance) and set up two profiles, but take advantage of Facebook giving you the ability to set up a profile for personal use and a page for professional use, because contrary to a lot of public opinion, you CAN do this – as a businessperson, you can set up a specific page for your business use (drop me a note if you want step-by-step instructions). The SEC itself has stated that the content of an electronic communications determines whether it should be preserved. Just like the FSA out of the UK does. It doesn’t matter about the modality.
I do believe that, as an industry, we are perhaps being somewhat short-sighted by thinking that you can absolutely separate personal from business communications in the social world. I think the lines will continue to blur (increasingly so) as we become more accustomed to social. I do believe we’ll see more guidance on this as time goes on.
What else is new?
A proposed social media site must be approved in the “form in which it will be launched.” FINRA is talking here about the launch of new social media sites. So, if you’re launching a new design, a new Twitter feed, for instance, then the graphics that you’re using, the imagery, and the actual site – the “wireframes” in design parlance – need to be part of the approvals process. Third Party Data Feeds are referenced also. FINRA reminds us that the firm is responsible for checking the proficiency of the vendor of the data and its ability to provide accurate data – and it must regularly review for red flags.
Don’t Delete!
In reaction perhaps to the number of new companies popping up purporting to provide control and manage social media, FINRA specifically calls out details on technology that automatically erases or deletes content, stating that this precludes the ability of the firm to retain the communications in compliance with their obligations under SEA Rule 17a-4, yet further into the 11-39 guidelines, FINRA details more about the deletion of inappropriate third-party content.
It’s clear that a record of communications that doesn’t contain the full record is no record at all. However, I do hold to the fact that some content simply has to be deleted. I can’t control the 750 million other Facebook users out there (heck, I can’t even control what my little brother says on Facebook), and not all of those users have the same filtering mechanism that I have when it comes to content. I’ve deleted some friends and banned others because their language would offend my Mother, who to me, is my ultimate Facebook controller. In a corporate environment, I certainly don’t want the Actiance brand associated with profanity, racism, or a host of other comments, that we automatically delete through the use of our Urban Dictionary.
But we do record the fact that they were made. We also record the fact that they were deleted. We also record what the page looks like before and after the delete. Belt and braces. It might not be on the social network anymore, but it’s in the archive.
Mobile IS mainstream, and network barriers have crumbled.
And, it’s clear to see that the growth of mobile is having an impact; 250 million of the 750 million active Facebook users use the site through a mobile device – and on mobile, they’re twice as active. It’s clear that firms are concerned about mobile, rightly so, but equally, that FINRA is being sensible about how firms operate and how they do business. And, not all of us use devices that are firm-owned to post content and collaborate on social networks. That’s the way the world is changing. It’s one of the biggest challenges of today’s CIO: the personally owned device (whatever that might be – iPhone, BlackBerry, Droid, iPad, Tablet, Netbook). FINRA reminds us that it’s the communications, not the device, that is important.
The Users, the pesky Users…
FINRA gives an even bigger call-out about training and education. Human beings, I’m convinced were put on earth to create chaos. And in a social world, we can do this very quickly and very easily. (I should at this point, before our CEO, @Kambwani, sees this, reference that this quote is mine and mine alone.) But equally, you don’t just give 20,000 financial advisors access to LinkedIn and expect that they know what to do. In a lot of instances, there is a generational gap, injecting social into the DNA of individuals doesn’t happen overnight. FINRA is dead-right by saying that training is important, that certification is important. And regular training is not just a one-off, because people forget when they’re on a social network. They forget who they’re connected to, and who might see their content.
We are, after all, as human beings, ultimately fallible. And, we have technology in every other area of our business lives to protect us (anti-spam and security in the email world), to stop us sending our bank account details to Nigeria or our intimate personal details to hackers, Web filtering in the Web world to stop us playing online poker all day, and maybe even Actiance to limit our usage of Farmville to a mere 30 minutes a day. In other words, we use technology to protect us against technology. And it goes without saying that using technology to protect us from malware infection (our very own @jaeho9kim wrote about this recently right here on this blog), from ourselves, and from malicious intent.
I think I’ve rattled on quite long enough now, so I’ll leave you with this final set of questions. Did 11-39 answer your questions? Did it raise more? What do you think it didn’t cover? Tune in next week for our webinar – and for thoughts that I’ve gathered recently, when I got together with 60 Financial Services Marketing, Compliance, and IT professionals and asked them what they thought FINRA should issue in terms of guidance.
Social Media and Cloud Security, are they on the new Federal CIO’s radar?
Posted by actiancefederal in Malware, Social Networking, Unified Communications, Web 2.0, Web Security on August 8, 2011
Last week, it was announced that Steven VanRoekel would be replacing Vivek Kundra as the CIO at the Office of Management and Budget (OMB). It’s a high-profile position that essentially puts VanRoekel in charge of the federal government’s IT budget – currently about $80 billion a year. A tidy sum of money.
So, as VanRoekel assumes his new role, all eyes will be focused on how he handles the projects he’s inheriting from Kundra as well as new initiatives. Of the former, issues such as data center consolidation and the “cloud” are top-of-mind. Recently, much of the buzz, both in the government and in the private sector, has revolved around Web 2.0 and social media. However, they’re just two components of an overall security strategy.
VanRoekel must also take into consideration other types of application that factor into a comprehensive cybersecurity strategy. These days, hackers are pretty sophisticated and are quite adept at exploiting encrypted traffic to pass along viruses or other types of malware. For instance, unified communications (UC) platforms, such as Jabber, Microsoft OCS and Lync, and IBM Sametime, all enable federation, which is the ability to communicate with others who are not members of your UC community. The danger here is federating with outside networks that may present unknown risks, like viruses, hackers, enemies mining for confidential information, etc.
The same analogy holds for the “cloud” initiative. Cloud computing is all the rage, but there’s no shortage of companies and government agencies that are incredibly leery of turning over key computing processes and applications to the cloud. Security is almost always the first issue mentioned when talking to skeptics of the cloud. Multi-tenancy (i.e., sharing physical appliances that have been logically partitioned), data storage off-premises, and the relatively short history of this computing paradigm send shivers down the spines of the most experienced IT practitioners.
With the Internet being a global resource, the potential scope of security breaches is immense. Sophisticated hackers might reside in the US, China, Russia, Iraq, North Korea; you just never know. It is under this backdrop that VanRoekel will have to drawn upon his experience in the private and public sectors to devise a strategy addressing all of these security concerns. A daunting challenge for sure, but absolutely attainable, given today’s technology.
Wouldn’t you agree?
Safe Facebook = Clean Coal??
Posted by Jae Kim in Privacy, Social Networking on April 22, 2011
There have been lots of discussions around energy recently in the aftermath of the Fukushima nuclear disaster, especially about clean-burning coal technology and its hopes and reality.
I don’t know about you, but when I hear clean coal, I know I have to pay extra attention to actual scientific claims to differentiate marketing and political spins from scientific facts. I get a similar feeling when watching late-night TV ads, such as the one for the “no-exercise weight loss” drug. Something just smells fishy.
Well, that’s what I felt when I heard the words “privacy,” “safety,” and “Facebook” uttered in the same sentence.
The whole premise of Facebook and social media revolves around sharing. However, there’s an inherent risk: sharing information with someone with whom you didn’t intend. In fact, it happens quite often. Think about a disgruntled ex-employee who causes harm using inside information. Although information is shared in good faith, it can cause damage if you share too much information without some level of protection.
 |
| Behold, victims of hacked Facebook accounts. See for yourself at youropenbook.org. |
It should be noted that using Facebook, likewise, is inherently risky business. You can always share too much without proper protection. The only mechanism that protects us from someone using that information against us is mutual trust. We all value trust and that’s what’s keeping these social interactions possible in Facebook.
But, there are always cases where people fall victim to information piracy because of not knowing whom to trust or how much to trust. That’s a real problem.
When we meet people in real life, we rely on our senses to see, hear, read, and touch people around us and, ultimately, assessing just how trustworthy they are. Yet in Facebook, it’s not as clear-cut. It’s too easy for individuals with ill intentions to mask their true identities and pretend to be someone else. All they need is a fake Facebook account and copy-and-pasted picture to impersonate someone.
This problem manifests itself in multiple forms in Facebook.
One obvious case is people creating fake Facebook IDs. Although it’s clearly in violation of the site’s terms of use, Facebook is not validating anyone’s identities.
Another problem is the proliferation of malware in Facebook applications. Facebook has written an application developer’s guide to encourage good behavior, but there are too many individuals exploiting this “social trust.” As the number of people who abuse this trust grows, Facebook will ultimately become less reliable and will have to deal with less sharing as a consequence.
Yet another issue is unclear privacy policies. As I wrote in my last blog entry, the FTC determined that Google must be held accountable to third-party privacy audits. Adding a new feature without clear privacy guidelines is a bad thing, and the FTC has shown its willingness to go after such underhanded tactics.
It’s refreshing to see similar sentiments expressed in other bloggers like Graham Cluley at Sophos and Justin Williams at Classy Llama Studios.
The ball is entirely in Facebook’s court now. Will Facebook burn cleaner coal for the rest of the social media industry? Or will it continue to pollute social media with unregulated social pollutants?
What do you think? Please tell us how Facebook can build a more socially responsible environment for all of us.
#EPS? #EBITDA? #Cash on hand? #Twitter?
Posted by nleong in New Internet, Public IM, Social Networking, Trends, Unified Communications on March 31, 2011
Just five years ago, stringing the words in this blog title would’ve been complete nonsense. Fast forward to 2011, and they now make perfect sense. Hopping on the social media bandwagon, investors are now turning to new communications channels like Facebook, Twitter, and blogs to get the latest tips on hot stocks, rumored IPOs, and corporate scandals.
A March 2011 study by CMC Markets, Share Trader Insights Survey, hammers home the point: social media is being increasingly used by investors to gather trading information, especially among those of us under the age of 45. The study found that the under-45 demographic had the highest percentage of individuals using social sites like Facebook and Twitter to enhance their investment knowledge. The 25-34 segment was particularly notable, too. A whopping 59% of those under the age of 35 use Twitter to acquire trading information. Interestingly, investors over the age of 45 were more likely to use their iPhone to gather trading information.
In terms of which social media sites were deemed to be most useful, trading websites took the top spot with 57% of investors using this form. Beyond trading websites though, there was no clear social media site that investors preferred. Blogs, webinars, Facebook, Twitter, iPhone apps, and even YouTube were all cited by investors as being sources of trading information.
I won’t bore you with any more gory statistics, but the inside scoop is that social media seriously is a viable source of information for investors. However (deep breath), care must be taken to analyze all this mountain of data objectively (you don’t say…). It’s easy to post information on any of these sites and even easier for it to spread virally. Just think what could happen if someone started a false rumor on a company with the aim of sending the stock price soaring. If written persuasively enough and if that rumor appears on several social media sites, the rumor begins to take on a life of its own. The phrase “buyer beware” becomes that much more important, with due diligence, background checking, and due care assuming more prominent roles.
Along these lines, companies themselves have to be careful of what’s being posted about them in these social media fora. That’s why we’re starting to see organizations turn to technology to help them address this flood of social media content. Protection of the corporate brand and confidential information is top-of-mind for many firms. Add to that the constant threat of malware and viruses piggybacking on tweets and Facebook posts, and it’s easy to see why solutions have begun to sprout up to manage this social media content and ensure that it’s safely used within the organization.
Actiance Unified Security Gateway (USG) is the only secure Web gateway focused on these Web 2.0 and social media applications, on top of the usual security protections (anti-virus, anti-malware, and URL filtering). From allowing and blocking access to over 4,700 Web 2.0 applications to granular content and access controls for Facebook, LinkedIn, and Twitter, USG is the platform for making sure that social media doesn’t commandeer your corporate network and throttle your reputation.
It’s the enabler that lets you use social media productively and safely. Just don’t count on it to tell you whether to buy or sell the 1,500 shares of MSFT you’re sitting on.
Keep It Simple, Stupid
Posted by nleong in Application Filtering, Compliance, Employee Behavior, Enterprise 2.0, Enterprise IM, Malware, Unified Communications on February 24, 2011
We’ve all heard this saying before and it’s easy to get lost in the bewildering array of communications channels available to us. There’s the usual email, instant messaging networks (Yahoo!, Google Talk), peer-to-peer networks (Skype), enterprise IM applications (IBM Sametime, Microsoft Lync/OCS), and social networks (Facebook, Twitter). And these are just the big boys. There are literally thousands of IM, P2P, and social networks, in addition to those listed above.
To give you an idea of the bevy of tools out there, the US Department of Agriculture (USDA) uses over 21 different email systems, but they’ve recently decided to award Microsoft a contract to provide cloud-based email, Web conferencing, IM, and collaboration solutions. Similarly, the US General Services Administration (GSA) awarded an email contract to Google. What this goes to show is that messaging in large organizations (in this case, it’s the government) is starting to move to the cloud as companies look for ways to streamline their messaging systems, improve efficiency, and cut costs.
What with all these communications options available to end users, it’s all too common for folks to use Facebook, Yahoo!, or Skype while they’re at work on company-issued computers. Oftentimes, individuals use a combination of Web 2.0 (think Facebook or Skype) and enterprise (think Microsoft Communicator or Cisco Jabber) applications. The problem with doing so is that it opens up new vectors for malware to invade the corporate network. In other words, there are far more avenues for evil to infiltrate the corporate network these days than ever before.
Thankfully, platforms like Actiance Vantage make it easier to manage the proliferation of communications tools within the enterprise. From blocking virus attacks to managing file transfers to logging and archiving of all IM activities, Vantages provides end-to-end security and compliance coverage for an organization’s unified communications.
We can all learn a lesson from the government contracts cited above. Long ridiculed for being the poster child of bureaucracy and antiquated computer systems, it must be saying something to have two large agencies moving their communications applications to the cloud. Looks like the US government has taken heed of that old KISS principle after all.
Do you know where your TinyURL is going?
Posted by actiance in Employee Behavior, Malware, Social Networking, Web Security on April 28, 2009
As Jeff Chandler points out on the Performancing Blog, TinyURLs and the like have been a godsend for those active on Twitter, where you only have 140 characters to get your point across.
But clicking on an unknown link can make Internet-savvy users very nervous. It’s good to know that most Secure Web Gateways will automatically resolve the TinyURL, bit.ly or other short URL redirects and determine their real destination – and discover and thwart any potential malware threat.
True, you still don’t know exactly where you’re going to end up, but from a security standpoint you can click away with confidence. As long as you’ve got a good gateway Web security solution in place, that is.
Are these the Halcyon Days, or are they gone forever?
Posted by actiance in Employee Behavior, Enterprise IM, Malware, Public IM, Social Networking, Unified Communications on December 2, 2008
[Halcyon: Oxford English Dictionary: Definition adj & n calm peaceful]
Sarah Carter definition: sepia tinted memories of days where you only remember the good bits…often a rose tinted remembrance…
I don’t believe I’m surprised anymore by what happens in our increasingly connected world. Perhaps I’m a natural cynic. Having been in the IT security industry for more years than I’ll ever admit to, I’m naturally suspicious. When Steve Gold, one of our well known journalists in the UK, Skype’d me an unsolicited article synopsis text file that he wanted to interview FaceTime about recently, I wouldn’t accept the file until he’d answered a specific question I asked him in the Skype IM. As I explained to Steve, “Sure, we Skype each other regularly, but just because I know you doesn’t mean I trust you. And I certainly don’t trust your IT or some of the nefarious characters (I include myself in this list) you associate with and who send you files and information to investigate.”
I remember, you see, the days of the “I love you virus”, the days before we purchased anti-spam and email anti-virus without question. When I’d click on a link that someone in my trusted network would send me, or I’d open a .zip file and the only way that I could stop the resulted virus being propagated out to my entire contacts list, was to reach under my desk and pull out the network cable and then sit and wait red faced for helpdesk to come and rescue me.
It surprises me that people aren’t more suspicious, that there is a natural trust between users of real-time communications.
At FaceTime (in our labs and through working with customers) we see threats propagating over real time channels every day – protecting you from them, is after all our business. We’ve seen Trojans come in over a public IM network, propagate out to all your buddies and then hop over to an enterprise IM network.
So, is it just a matter of time then before we see malware and Trojans and worms written specifically for unified messaging and communications platforms, written to take advantage of the inherent trust shared between users? And are we currently in an equivalent halcyon period that I remember before ILoveYou and email? Or am I worrying about nothing?
Time, I guess will tell. But next time, I ask you for verification that you are who you say you are when you’re sending me a file over IM, or when you’re sending me your holiday pics over Skype…well, it’s not that I don’t trust you. I just think the halcyon days are long gone. Am I the only one?
Chris Boyd Catches Tween Hackers on BBC
Posted by actiance in Malware, Social Networking, Web 2.0 on November 26, 2008
Image via Wikipedia
I accompanied FaceTime Director of Malware Research Chris Boyd on a trip to BBC Television Centre in London earlier this month for an interview segment. We’d worked with the BBC Technology group on some footage during the summer and it aired earlier this week on the BBC website. This led to a rollercoaster week for us with the media here in the UK starting with a front page news story, in the UK’s fourth largest daily newspaper, the Metro. Not long afterwards, we were asked if we’d like to take part in Friday’s edition of BBC Newsround.
What sparked this media frenzy was the release of footage of Boyd, the leading man in FaceTime Security Labs research team, talking about the phenomenon of kids using the Net, using forums and other social networking sites to share, sell and trade stolen identities, credit cards, game cracks and expensive software license keys.
If you grew up in the UK in the 70′s or 80′s you’ll remember John Craven’s Newsround. At 5pm every day John Craven – and the latter teams, once he retired from his 27 year stint on the program, presented a 15 minute new programme, specifically targeted to young people. I grew up with it, as did many of my peers. Their kids are now watching the noughties version of this real world, real time show. So, you can imagine the excitement in the FaceTime camp when we arrived at Wood Lane tube station and walked up to the front gates of the BBC.
After we’d got through the public facing area – yes there are Daleks (they’re much smaller than I imagined.) and the Tardis (just exactly as I imagined) – we noticed that the Newsround offices are very much like any other office, albeit a primary colour oriented office. The team is young, bouncy (is that a real word to describe people?) and you can visibly see them translating your words into “young person speak,” as the target audience for Newsround is the 6-12 year olds. You can see coverage of this on the BBC website
Chris talked in his video article about how kids of twelve start on the hacker track by finding cracks for games and then, high on the resulting ego trip, show off their prowess to mates. While it might be fun and may make them the centre of their peer group, it’s still illegal, it’s still cybercrime, and it’s usually the beginnings of lifestyle that may stop them from having a career they would actually want to put on their CV.
Whilst Chris was explaining this, Ricky Boleta, our given Newsround presenter, was translating it into pre-teen speak. He was stunned that these young children were actually involved in this kind of criminal activity. Chris detailed some of the techniques these kids used to share, steal and pass on this information.
I’m pretty sure that unless you’re in our IT Security Industry, it’s nigh on impossible as a parent to understand what kids are up to these days whilst surfing – and I certainly know that most kids these days are more savvy at all the hacks they use to move up to the next level in World of Warcraft. Taking the next step to criminality isn’t hard. Perhaps this is the “noughties” version of stealing a penny sweet from the store. Except the life lesson that they’re going to learn is a darn sight harsher than a cane across the knuckles. (oo I’m showing my age and education there….)
I invite you to watch the BBC video and see what all the fuss is about.
