Ironically, if a child is seen to be using Windows 10, Android, Instagram, YouTube, Facebook, then their parents and guardians need to ensure that the children understand that such software and online services are a danger to their privacy and mental health, and should warn them of how advertising will manipulate them and cyberbullying harm them. That these entities do not care about them or reducing any potential harm.
Our governments need to be curating or writing guides to help parents and guardians teach children about these dangers and how to avoid them. Open source software and online services that respect the user are entities to cherish and encourage, rather than treat like a boogeyman who's earned the title without any material evidence.
Actually they do; in the UK at least, the NCSC (National Cyber Security Centre) provide lots of good information about cyber security, handling your passwords properly, child safety online, as well as various guidelines for other cyber security/safety online concerns.
No problem. I work in info-sec/comms-sec in the UK and it's an invaluable resource for guidelines on information handling and security practice. We often refer to it when we want to set a policy in the company I work for, for example on password strength in any given year.
I think it can be very useful also for startups that don't specialise in security to make sane security policies based on something "official".
I'll be sending my residential and micro business customers to it, as well. And it never hurts someone who thinks they're informed to read these guides.
This is close to parody-level solutions here. Although this really doesn't represent the whole of the UK but just the West Midlands region, the age old assumption that kids on Kali Linux + VBox + Discord = Hacking is really beyond comical these days.
Unfortunately, when it comes to some parts of the UK marketing their solutions to preventing cybercrime and blackhats, this is just one of their finest ideas. /s
Kali Linux seems to have become popular as an "elite" d00d's distro of choice, for whatever reason. In fact, it is specifically intended as a penetration-testing tool only and not for general-purpose use, because it forgoes some security mitigations that you generally want to keep enabled on your actual systems.
At least Kali seems to be taking it well... The top reply when I just looked at the tweet is from them:
---
Have to admit it’s sort of nice they give kids a roadmap on where to get started. We all know the easiest way to get a kid to do something is to tell them they can’t or should not, then they list specific item not to do. To bad they did not link to https://kali.training
---
That was my reaction too — if I were a kid seeing this, I’d immediately google the shit out of this list...
Maybe it’s some sort of clever reverse-psychology trick to train the next generation of GCHQ minions; or maybe it’s a social honeypot. More likely, somebody somewhere had to throw some money at friends and cronies and came up with this “campaign”.
One big reason is the Mr Robot TV series. The main character uses Kali Linux for "hacking", and it was quite a popular show amongst casual computer users. As a result, many people who had limited knowledge about security started installing Kali Linux on their laptops so they could be "hackers" too.
Maybe I’m just not remembering, but I don’t think the show ever goes into exactly what distro Elliots running. I’m pretty sure you only get glimpses of his de which is usually GNOME, but I’m pretty sure I saw cinnamon at one point.
Some people on the Unix & Linux Stack Exchange site have created a definitive answer for beginner questions about Kali, with the general theme that Kali is incompatible with beginners.
That's because it comes with stuff pre-installed and an easy interface. Apparently, this is enough for people to ignore that it uses root as the default user, is not at all stable, etc. It shows up on all the crummy "Top 10 Hacker Systems!" listicles as the top entry, so people use it. I guess no one wants to install ubuntu and add katoolin repos, because that's not leet enough.
> BackTrack was a Linux distribution that focused on security, based on the Knoppix Linux distribution aimed at digital forensics and penetration testing use.[4] In March 2013, the Offensive Security team rebuilt BackTrack around the Debian distribution and released it under the name Kali Linux.[5]
>Really top-notch logic there in the UK. Brexit's finest.
Relax. This is an example of some jobsworth in West Midlands, who has binge-watched Mr. Robot, got carried away trying to impress the boss' and released this under the cover of 'Safer Internet Day 2020' initiative. It is not a UK policy and it is definitely not related to Brexit.
This hasn't made it into the news cycle outside of social media, because of other pressing matters like Covid-19, storms, cabinet reshuffle etc. Once it does, most tech savvy Brits will be having a good laugh, while others will ignore the message entirely and start searching for these tools ─ either way it is a non-story.
The post was unnecessarily injecting political opinions and their view of the average intellect of those who hold others. It was humor, just not good humor. (And I'm even a strong Brexit opponent; though American.)
Although true kali Linux is bot general and has a bunch of "hacking" tools on it, how many people who will read this will know the difference? I could see many people seeing this and conflating it with Linux as a whole unfortunately...
Not sure about the /s on the end there. This was the finest idea they could come up with as evidenced by them running with it and distributing this leaflet. Presumably there were worse ideas they considered and rejected leaving this as their finest idea. Not a good idea but the best they could come up with.
I lived in the West Midlands... Let's just say CS/IT knowledge is severely lacking. On the other hand, if you're fine with a rather low wage (but more than enough to live comfortably) and being treated as unimportant all the time, there's plenty of work around.
This is Gold, though I'm not sure if this is satire.
Especially point 8 sounds like satire, but maybe that's just my Linux-infected brain and not what normal people think.
Wow. I honestly can't tell; is this satire? The sad thing is that this remains many people's view of computers. The first thing this person is missing is the ingenuity of people who want to get around stuff; some crummy filter or lower-powered hardware won't dissuade anyone who's curious.
I felt the same, and still am not sure but if it wasn't, just wow. It felt like just a naive parent not knowing what they're talking about but this one had me really scratching my head...
If your son has requested a new "processor" from a company called "AMD", this is genuine cause for alarm. AMD is a third-world based company who make inferior, "knock-off" copies of American processor chips. They use child labor extensively in their third world sweatshops, and they deliberately disable the security features that American processor makers, such as Intel, use to prevent hacking. AMD chips are never sold in stores, and you will most likely be told that you have to order them from internet sites. Do not buy this chip! This is one request that you must refuse your son, if you are to have any hope of raising him well.
I thought it was real at first but "Linyos Torovoltos" is just too silly. In retrospect the sections on AMD and the extensive list of hacker literature are also tells, people who think like this generally wouldn't delve into that kind of detail.
It hasn't rotted, I imagine they're moving hosting providers or something. Adequacy was up a few weeks ago, I have a friend who links it quite frequently, so I see it quite often.
I'm old enough to remember when Radio Shack was freaking people out by not selling them things if they had some unknown combination of components bought. They were so damn insistent on getting your address. Only store I always paid cash at because I was on an electronics kick and my friend had been told he was not allowed to buy some combination of components. That was friggin hilarious (he was building a controller for a pump), and I bought the components at another store location (Radio Shack was sadly the only game in town at the time).
no, they don't. anyone who took more than 30s to read further than the headlines would see that this is an example of a set of checks for users of TAILS and points out that extremists often use this. its pretty obvious they don't consider linux journal in its own a sign of extremism.
these would be refined to be more useful and then used together to check for TAILS_terms in a user's emails and they are also accessing TAILS_websites and then in conjunction with other flags to find POIs.
I think all or at least most Linux distributions include pen testing tools in their official repositories, Kali Linux just ships them out of the box. It seems that most kids using Kali Linux do it because it's "elite" or whatever, they don't know how to actually use it. I'm much more worried about a kid running Debian than one running Kali Linux, if only because Debian isn't "cool" so they must actually know what they're doing.
That being said, I don't expect law enforcement to be that sophisticated.
Let's just hope that parents that are computer savvy enough to actually find and identify kali linux on a kid's computer are smart enough to talk to their kid instead of snitching on their own to the police.
Snitch culture is a very dangerous and contemptible thing. It's what kept Cuba, NK, and the former soviet empire running. You just need to demoralize a small minority to watch over their neighbours, reward them with something petty, make a few big examples of individuals, and you can create a climate of fear to rule with.
Where I grew up, teachers used to punish tellers along side the alleged offender because it was bad for society.
Not OP but wouldn’t be surprised if it was around the Med... in Italy there is a kids’ saying that goes “a spy is not a child of Mary” (“chi fa la spia non è figlio di Maria”), i.e. grasses are going to hell.
Hadn't thought of it, but given Catholic schools and area, so probably similar. Early christians met in the catacombs of Rome, so the tradition of keeping it between you and your priest (sub rosa) might relate to the culture. Their whole mythology is about the consequences of betrayal to political authorities.
I wonder if there is a link between these snitch cultures and secularism/atheism. Rather puts a spin on "keeping it G," as well.
It’s somewhat hard to know how many informants the stasi had because of the destruction of records. Wikipedia suggests that this could have been as high as 500,000 (something like 1 in 30 people) or up to 2 million (something like 1 in 7) if one includes occasional informants
I am generally worried with were most of the anglosphere seems to be headed these days. The UK always had an irrational fixation towards surrveilance technology, but with a gaze at the political developements of the past years this existing infrastructure gets a whole new meaning I am afraid
Yes. We're laughing at the idiocy, but the idiocy is becoming more and more entrenched. And more and more idiotic.
And we're also missing the subtext - which isn't specifically about using Kali etc, but about the implication that anyone clever, curious, and different should be considered dangerous.
That's how it starts. One day you're rolling your own kernel, the next you're knee deep in Docker writing goroutines to keep one step ahead of the police.
> Have to admit it’s sort of nice they give kids a roadmap on where to get started. We all know the easiest way to get a kid to do something is to tell them they can’t or should not, then they list specific item not to do. To bad they did not link to https://kali.training
Seriously though, I bet they'll get a bunch of people downloading this stuff just because it's "forbidden".
"Hey guys, isn't it funny how so many people have no idea what's dangerous or not because we, as an industry, do an absolutely shit job of helping people understand computing in any meaningful way?"
Science had this problem until scientific communicators became really popular, which really started with Sagan. Since then I'm not sure we've had anyone near that level, though deGrasse Tyson ("Black Science Man") does a pretty good job (Sagan set a high bar). I'm not sure a character or even community like this exists for tech.
It's not, though there are a surprising number of servers that sell stuff like hacked accounts, shady coupon codes, etc. Very little actual hacking; I don't think I know anyone who uses it for anything serious. Also creepy as all get out to tell people to call the police on their own children.
What's really sad is the near certainty that there is some parent out there who reported their child to the police for playing Quake and now that kid has an official report floating around official networks flagging him for this. In these days of data crunching, social credit scores, and all forms of algorithmically driven assessments there's a significant chance that this could damage that kid in ways he might never even find out about.
This is one way to dumb down the population and fill them with fear. Given the current events in the UK, neither of these goals are surprising. Anti-intellectualism seems to be rising in many parts of the world and is clearly correlated with the rise of right wing authoritarianism. It makes sense as authoritarians want to keep people stupid and ignorant of what is going on by controlling them through fear. This is what happens when the culture adopts authoritarian views. The US isn't much better in this regard. One can really see the similarities between the societies when looking at their worst aspects, authoritarianism, anti-intellectualism, and fear mongering.
I think it's tangential to the recent discussions of decreasing computer literacy of modern children and teenagers.
Kids should break stuff apart, mess with the parts, try to reassemble them, bypass obstacles, change everything, ruin it all and make it whole again in their own ways. This is not just the natural way of learning, this is also the base of engineering and all scientific thought. If have children (or know someone who does) and don't encourage this behaviour, please reconsider.
Humans should be explorers, not the "consumers" of the universe.
I don’t know. I feel like the person that wrote this knew exactly what they were doing, and also knew the joke would be completely lost on whoever asked them to do this.
Nice advertising. Now those kids will know exactly what to download in order to access the deep web and try out exploits. Do they not know about the Streisand effect?
first, the email in the photo goes nowhere. its west-midlands.pnn.police.co.uk, not "uk" unless DNS in the UK does something we're not supposed to know about
Second, theres no mx or mailserver there...the SOA is AWS though...
THIRD:
If I see a kid with a $200 wireless hacking toolkit running TOR on a Kali KVM hypervisor full of metasploit nodes and actively discussing the whole thing on discord, and its my kid, im calling the local university.
Nope, police.uk is a real valid domain name that the UK police have been using for years. That isn't a sign this is a fake, although it may well be.
Registrations at the second level of ccTLDs is not uncommon, and Nominet has relatively recently opened .uk registrations to anyone, after a period of trademark and .co.uk-holders only.
sounds like infosec control freaks trampling civil right to self-development as if their voluntary submission to work related "need to know" practices extend to the public at large who did not sign the contracts they did...
whereas in the past people fought to get their skills recognized, soon people will fight for skill privacy
Don't really see the problem with this - the optimist in me believes that this can be helpful for parents who might be in over their heads. The leaflet isn't necessarily asking for vigilance to put kids on watch lists, just to give parents and kids some information on what is/not wrong to do.
"let us know so we can give advice and engage them into positive diversions"
Sounds like police actually trying to have a positive impact here.
Reporting your kid to the police for non-crimes will not have a positive outcome. Your kid will be on a list, never trust you again, and have to overcome so many more obstacles. Every generation of parents finds something that is "over their heads" and they need to deal with it like responsible adults. Know what your kid is interested in and not fear monger it. Deal with issues like an adult with educating yourself.
This is what the cynic in me is worried about. As somebody who grew up with parents who had no idea what I was doing on the computer (no fault of their own, they just didn't have access to the tools I did growing up), I can see them being worried. Providing advice and materials is exactly what I would hope the police would provide to them (which is in-line with what this brochure says).
I acknowledge that this brochure _might_ represent fear-mongering, but based on what's actually written in the brochure, it doesn't sound like the police are looking to put kids on a list.
Seconded. Police are not There To Help You. Police enforce the law. When in doubt of the law, they simply enforce. Don't ever tip someone off to the police unless you have a real reason to believe they have or will harm a person.
I don't know if you're in the UK, but this isn't true for most of our police, certainly outside the cities. If anything, this fact is something they're proud of.
As an example, I called them once (using a non emergency number before anyone says anything) because I was worried about a vulnerable relative who I couldn't get hold of and they were great - went to his house and called back to say he was fine, just couldn't hear the phone over the TV.
I know this is the internet echo chamber, but the police in my community, and everywhere I have lived, provide a lot of outreach opportunities to under-educated and under-privileged (east coast, USA, for reference).
I'm friends with police in a hard to police area, and they are good people. It really has nothing to do with the normal functioning of their community outreach or the individuals themselves. I find my friends are intelligent and care about folks.
Its the system you put your kid into by calling the police on them. Police don't have choices in a lot cases and the system around them has a lot of rules that capture people in them for years.
Having discord on a machine is a sign of being a gamer, or any number of other things. VMs have a multitude of legit uses.
These things are not wrong to use, at best what this will do is scare idiot parents, and perhaps put some talented, interested kids off from learning more about computers as a bunch of clueless authority figure in their life freak out about completely innocent computer use.
At worst kids will be traumatised, put on watchlists and strain could be put on family cohesion.
While I agree that having Discord should be innocuous, a parent who has no idea what Discord is should know that it could be used to talk to (potentially dangerous) strangers online.
A simple "Hey (son/daughter), the police told me that if anybody on Discord tells you to download LOIC, then you're probably in with the wrong crowd" is what I would hope would come of this (along with the typical internet stranger danger shpiel).
I also am scared of the worst case scenario you present, but this brochure doesn't seem like that to me.
A parent who has no idea what discord is but sees this poster is going to get the wrong idea, be suspicious of their kid and their kid's computer use, get scared and react badly.
"Hey kid stop doing that, turn off the computer we're taking it away, I saw that on a police poster" is more likely.
You don't tell people to contact the police over innocuous stuff like this. It's ridiculous.
The police in the UK are institutionally ignorant of computers and computer use, and this poster is harmful.
(edit: Can you not see this for what it is? Fear and ignorance in poster form?)
(edit2: The NCA have said they were not involved in this poster. Looks like an ignorant local police/council screwup)
My knee-jerk reaction was to see it as that, and usually that's the side I take, but the poster really isn't suggesting that learning these things are necessarily bad.
That's probably how most people will take it though, unfortunately.
Yeah, it really is, it's a scare poster. It's inviting you to phone the police (who have shown themselves ignorant by producing this in the first place) if your kid uses discord or virtual machines.
You're being deliberately contrarian here, to attempt to paint it as something positive.
Like I said, the NCA have distanced themselves from this nonsense, this is local cops who have no clue producing a bullshit poster.
>just to give parents and kids some information on what is/not wrong to do.
I'm not sure it's helpful to suggest to parents who may be in over their head that Discord and Virtual Machines are "wrong to do" or even things to worry about.
I didn't read that it was suggesting these things are wrong, but that the police (who I would and it seems here that they are) are educated on the topic, and can provide advice and materials to potentially prevent wrongdoing here.
Excuse me, but you seem to be reading the news. By gosh, is that.. is that a printing press in your garage there?
Pardon but you'll need to come with us. We need to make sure you aren't publishing the _wrong_ sorts of things. Don't worry, I'm sure this will get sorted out just fine.
Our governments need to be curating or writing guides to help parents and guardians teach children about these dangers and how to avoid them. Open source software and online services that respect the user are entities to cherish and encourage, rather than treat like a boogeyman who's earned the title without any material evidence.