Recently, we suffered a major criminal cyber-attack on MOVIEGUIDE(r) and the Christian Film & Television Commission. A close friend and donor alerted us to the distribution of a number of
blog postings that were supposedly from our organization but, in fact, were links to pornography, including sadomasochistic homosexual content.
When we tracked the bogus links, they directed users not to our site on YouTube but to an intentionally deceptive imitation site. While we do have a MOVIEGUIDE(r) site on YouTube, in addition to Movieguide.org, the phony site included a picture of Dr. Ted Baehr alongside some very salacious and occult material, material on scientology, and hardcore S&M homosexual pornography.
As soon as we discovered the problem, we contacted the FBI and the web hosts of the fraudulent site. Thankfully it was easily deleted. However, when we later sent an email asking for prayers, we found that a number of other individuals and ministries had had similar attacks.
This begged a very important question, which we believe needs much better press: how can individuals and organizations protect themselves from cyber attack and what should you do if it happens to you?
The first line of defense when you receive a cyber attack is to contact the Internet Crime Complaint Center (IC3). This is a partnership between the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C), and the Bureau of Justice Assistance (BJA). Go to http://www.ic3.gov/default.aspx and file a compliant. They will then direct you to a site that gives good information on cyber crimes: www.lookstoogoodtobetrue.com
After filing your complaint with the IC3, you should contact the web host of the bogus site and ask them to remove it. Remember to tell them that you contacted the IC3.
Next, see if you can find the IP address of the hacker or attacker. An IP address is like the fingerprint of the digital world. With the correct IP address, you can track down your attacker and ask the attacker’s web service provider to remove offending sites.
Fourth, if you have not changed your password you should do so at this point. Make certain the password you choose is a very strong one. A good example would be take a book title or a sentence and use the first letter of each word. For example, THE CHRONICLES OF NARNIA by C.S. Lewis would be “tconbcsl”. Then add a number to the end and capitalize a letter or 2 like “tconbCSL41″. Having a combination of lower case and capitol letters, as well as numbers and other symbols, will make your password much stronger.
One of the quickest and easiest means of attack is to buy a website with some version of your name in the address. Alternatively, attackers can do the same thing for free on sites like YouTube, Myspace, Facebook, Wikipedia and Twitter.
If you have a website, the best protection is to buy all the extensions (.com, .net, .info, etc.) available with each of the following address combinations:
-Your full name
-Your name with middle initial
-The name you are most frequently called
To be even more secure, consider buying web addresses featuring your name in a negative context. Smart choices would include:
In addition to buying all the extensions for each of these, it would be wise to buy also addresses featuring the common misspellings of your name. You should also immediately create an account in your name on the numerous social networking, wiki, and free hosting sites, especially popular sites like:
-Wikipedia.com – where you should edit a few pages not related to anything you do normally
-Amazon.com – where you should review a book every so often with a link back to your true website, taking care never to review your own books though
Finally, more so even than website attack, false emails can be the most malicious of cyber-crimes as they hit directly at the people who trust you most. Your email carrier and web hosting company can help you guard against email address theft. Your part in the process is to set your email accounts with very strong passwords, as described above. Also, avoid logging into your email from an unsecured/public location.
The steps outlined above will help you limit cyber-attack and protect your name. There is no method that will completely prevent attacks. The internet is immeasurably large and the number of possible slanderous web addresses is infinite. We can only hope to significantly limit their impact. The steps above do this by stopping slander in its tracks and by enabling Google and other search engines to keep good news about you on the first page or two of their results.