TIME privacy

How to Manage Your Online Reputation

There’s plenty you can do to make sure the best parts of your virtual self pop up on that first page of search results.

When was the last time you Googled your name? If you haven’t, it’s a good habit to get into, because it’s exactly what a potential employer is likely to do when they’re sifting through a pile of resumes. “The stuff people care most about is what they find when they Google you,” says Michael Fertik, CEO and founder of online reputation-management firm Reputation.com.

That’s why it’s important that you own what you look like online. Depending on what you (or others) post on social networks or personal sites, what a search engine turns up may not reflect the accurate or professional picture you want it to.

But there’s plenty you can do to make sure the best parts of your virtual self pop up on that first page of a Google search. Here, we’ll walk you through how to do everything from maintaining current social media profiles to ensuring that your professional information appears first.

Decide What You Want Out There

While Facebook posts and photos might be for the eyes of friends and family only, privacy settings on more-public networks such as LinkedIn or Twitter can be more beneficial when relaxed. After all, you don’t want to be completely invisible on the Internet. “It’s weird for people in this day and age not to have an online profile,” Fertik says.

But if you haven’t been refining your Internet footprint over the years, your online profile may also include nuggets like ancient MySpace photos, an out-of-date company staff page, even out-of-context rants on old blogs — all of which can give someone the wrong impression.

Deleting these may not necessarily clear the Internet of the detritus. In an age of retweets, shares, and linkbacks, the same photo can exist on many sites across the web. So instead of wasting time and energy cleaning up a digital backlog, focus on strengthening existing profiles, which will help them beat the less-flattering stuff to the top of the search page.

Improve Your LinkedIn Profile

Surveys indicate that anywhere from 88% to 97% of recruiters go to LinkedIn to find candidates. LinkedIn profiles also turn up very high in Google search results, most likely due to the site’s high traffic, how often it’s linked to, and the amount of content users post everyday. So it’s not only a good idea to have a public LinkedIn profile, but to also ensure that it’s accurate, current, and grabby.

LinkedIn trainer and speaker Viveka von Rosen says that the Headline field (the line beneath your name) is the easiest — and most-often overlooked — place to grab attention when building a profile. “Rather than going with the default (your title at your current company) take the opportunity to say what it is that you do. Something like, ‘graphic artist working with startups in the Sudan,’” Von Rosen suggests.

Using keywords related to your field when describing yourself in the Summary and Experience sections can also help your profile turn up on Google if someone is searching for particular skills.

Once your profile is spruced up, you want to make sure it’s visible on the web. Head into Settings and select Edit Your Public Profile. Then check that reads “Make my public profile visible to everyone.” You can then reveal (or conceal) specific information within your public profile.

Von Rosen suggests allowing your Name, Photo, Headline and Summary to be open, while remaining cautious about revealing too much. “With identity theft, I limit what’s visible publicly – for example, in a page of Google search results,” she says.

Get Active on Twitter

If you’re on Twitter, regular posts relevant to your field can help build up your online profile for prospective employers. Like LinkedIn, Twitter profiles often turn up on the first page of Google search due to the site’s traffic and content flow.

Reputation.com’s Fertik suggests picking a Twitter username as close to your real name as possible. That way when someone searches for your name, it’s your Twitter and LinkedIn profiles that pop up alongside your personal website and company blog.

Changing your username is simple: Head to Account and enter the new name. If it’s available, it’s yours.

If your Twitter page is very personal — say, intended for friends and home to some off-color opinions — it might make more sense to limit access to only followers you approve.

Being cautious in that way can do a lot to boost your chances. A CareerBuilder survey found that two in five employers check social-media during the hiring process. Forty-three percent of employers rejected candidates based on inappropriate or discriminatory content on their profiles. On the flipside, 19% of recruiters who scanned social-media profiles hired candidates based on positives they found within.

To stop your off-color Twitter feed from showing up on Google, head to Settings, then Security and Privacy, and select Protect. Bonus: This also prevents the Library of Congress from archiving your tweets.

Dial Up the Facebook Privacy Settings

“Recruiters use Twitter to post jobs, LinkedIn to source candidates, and Facebook to eliminate candidates,” von Rosen says.

Many employers take Facebook profiles into account, even if they shouldn’t. A North Carolina State University study mapped Facebook behavior against personality traits. The researchers found that there’s often little correlation between a person’s real-life personality and how they portray themselves on Facebook, so employers could likely misjudge a candidate based on his or her profile alone.

To keep your Facebook profile out of search engine results, head into Settings, Privacy and select “No” in response to “Do you want other search engines to link to your timeline?” question.

Facebook no longer allows users to hide their profiles from the website’s own search, but you can control how much of your profile will show up. For example, changing who can see your posts and photos to “Friends Only” means that a potential boss would see only your cover photo, profile photo, plus any About info — where you live, work, or went to school — that you’ve allowed to be public.

If a potential boss is in your extended Facebook network, you might want to change who can see future and past posts. We recommend setting updates as viewable to Friends Only — at least during the application process.

You can also clean up your feed post-by-post. Under Settings, Timeline and Tagging, there’s an option to check how your timeline looks to the public (note that this includes anyone logged into their Facebook account). If the photos and statuses displayed aren’t career-friendly, you can change individual visibility by selecting the photo or status, clicking edit, then changing “Public” to “Friends” or “Only Me” from the drop down menu.

If you have a fan page or are the administrator for a group with a lot of fans, allowing these pages to hit the search engines is good for boosting your online profile. For these pages, head to Settings, General, and make sure that “post targeting and privacy” is turned off. You can also lift any country or age restrictions (the page default settings are open and public).

For more on Facebook privacy settings, including how to limit what’s shown to the Facebook public, check out our comprehensive guide.

Pull Up the Positive, Push Down the Negative

Outside your own profiles, there’s content on the web that’s out of your immediate control. Things like rants from ex-employees, customer complaints, or unwanted photos from a past flame can paint a negative picture.

If you find an unflattering photo or inaccurate info on someone else’s site, the best first step is to contact the site owner and request it be removed or updated. In most cases, the site owner will comply.

However, negative reviews and undesired content that has been posted on sites like newspapers, Yelp, Amazon, or Angie’s List might be harder to take down. These larger companies are unlikely to grant a request unless you can prove the content is defamatory or inaccurate.

If they won’t budge, you can try what services like Reputation.com do: publish more content to push the offending article out of the first page of search results. For example, publish a blog post, put up a photo set on Flickr, or add information to a public social profile, such as LinkedIn or Google+. “Make sure your latest and greatest resume info is posted in short narrative and bullet format on a variety of resume sites,” Fertik says.

For bigger cleanup jobs, Reputation.com (and agencies like it) can take on the task for a fee (from $100 depending on the scale of virtual damage). Reputation.com uses patented algorithms to publish search engine optimized content. For example, the service might write and publish your professional details and biography at a selection of websites they say are picked especially for your field. By publishing lots of high-quality content with good keywords, the negative content should be pushed further down the search results list.

Depending on the industry you want to work in, other social network accounts on less popular portals, such as Google+, Pinterest and Tumblr, can help build an even more rounded online profile. If you work in fashion or design, for instance, a Pinterest profile can both show off your work and help you engage with fashion and design followers (i.e., potential customers).

Increasing the right kind of visibility — and diminishing what’s less appealing — is key to putting your best face forward online. “If you’re not findable by your subject matter and name,” says Fertik, “people aren’t going to be able to give you the opportunities.”

This article was written by Natasha Stokes and originally appeared on Techlicious.

TIME Security

Here’s How Hackers Stole Over $1 Million From 1,600 StubHub Users

U.S. law enforcement charged 6 Russians and Americans who were allegedly part of a far-flung international hacking scheme

Six individuals in Russia and the United States have been charged with taking part in a broad international hacking scheme that attacked over 1,600 StubHub users’ accounts and fraudulently purchased more than $1 million in tickets.

In March 2013, StubHub discovered that more than 1,000 of its users’ accounts were compromised by hackers who were fraudulently purchasing thousands of tickets using the service. The tickets included Justin Timberlake concerts, expensive seats at Yankee Stadium behind the dugout, orchestra seats and sold-out Broadway shows. The tickets were worth over $1 million in total, law enforcement officials said.

StubHub told law enforcement officials of the breach, prompting a multi-national investigation into the hacking ring. Two Americans have been arrested and a third is expected to turn himself in over the coming days. Police are awaiting the extradition of a Russian national in Spain.

“Today’s law enforcement action reflect the increasingly global landscape in which financial and cybercriminals operate,” said Manhattan District Attorney Cyrus R. Vance, Jr. on Wednesday. “Financial crime is no longer local.”

Vadim Polyakov, the Russian national currently being held in Spain, allegedly hacked StubHub accounts to purchase more than 3,500 tickets. Police say Polyakov sent the tickets to three American fences, who resold them and laundered the profits through Russian nationals and others in London and Toronto.

Police say Gmail chats between two of the Americas, Daniel Petryszyn told Laurence Brinkmeyer, show the Americans knew the tickets had been stolen. “ … This guy [Polyakov] is pretty much admitting he is a hacker,” wrote Petryszyn. “I don’t give a f*** I will launder all the money they want.”

The Americans sent the ticket proceeds to bank accounts controlled by Polyakov and other individuals around the world.

During the months-long international investigation, law enforcement officials scoured the ticket purchases of over 1,000 fraudulent ticket sales, identified them with PayPal accounts and used search warrants to track associated email addresses.

One officer with knowledge of Russian used Facebook messages to discover that Polyakov was taking a vacation in Spain. On July 3rd, Polaykov was tracked to a hotel to a hotel in Barcelona, where Spanish authorities and the U.S. Secret Service arrested him.

StubHub said that customers were refunded for unauthorized transactions, and that customers were assisted in changing their passwords.

The hackers obtained customers’ logins through other sources, StubHub said, not by hacking StubHub’s systems.

“Customer accounts were accessed by cyber criminals who had obtained the customers’ valid login and password either through data breaches of other businesses, or through the use of key-loggers and/or other malware on the customers’ PC,” StubHub said in a statement.

Vance said it was unclear how the hackers originally obtained users’ names and passwords, but the transaction records show there may be others involved in the hacking scheme.

“With cybercrime, it’s very hard to say you’ve got it boxed up entirely,” Vance said. “We’ve got the core actors, though many more may follow elsewhere.”

TIME Security

Facebook and Twitter Users: Don’t Fall for MH17 ‘Actual Footage’ Scams

Be very careful which MH17 news stories you click on, especially on Facebook and Twitter, where scammers are exploiting the tragedy to spam you.

If you run across Facebook pages touting pictures of Malaysia Airlines MH17 crash victims, or tweets linking to reports on the disaster, warning: they may be fakes, harbor malware or redirect you to pornographic websites.

The BBC reports that fraudsters are exploiting the tragic destruction of Malaysia Airlines Flight 17, ostensibly shot down by a ground to air missile on July 17, by bait-and-switching users with promises of shocking video footage or tribute pages to victims that instead link viewers to spam or other offensive content.

In one instance, a Facebook page was created the day the plane crashed that purported to have video footage of the crash itself, says the Daily Mail. Clicking the link promising the video redirected viewers to a spam site, which of course contained no such video. The Facebook page has since been removed, but security expert TrendMicro, which blogged about some of this cybercriminal activity on July 18, expects MH17 exploitation to continue.

In other instances, as noted by TrendMicro, people may be using the tragedy to boost web traffic, posting suspicious tweets with links to malicious sites harboring malware, but also seemingly legitimate ones in hopes of “gaining hits/page views on their sites or ads.”

So beware and think before you click, especially if you see claims like “Video Camera Caught the moment plane MH17 Crash over Ukraine” (as noted by the BBC). There is no such video, and the chances are all but certain you’re being gamed based on someone’s perverse attempt to mine an unspeakable calamity. What you can do, on the other hand, is report such suspicious activity to Twitter or Facebook.

TIME Libya

U.N. Withdraws Libya Staff as Fresh Rocket Attack Strikes Tripoli Airport

Mideast Libya
In this image made from video by the Associated Press, smoke rises from the direction of Tripoli International Airport, in the capital of Libya, on July 13, 2014 AP

Facing spiraling unrest, the U.N. is withdrawing its entire staff from the country. "The mission concluded that it would not be possible to continue its work," read a statement

One person died and six were injured after a rocket assault hit Libya’s main international airport on Monday evening.

Tripoli International Airport had been closed a day before the attack because of fighting between an alliance of militia groups and rebels hailing from the western Zintan region, who have been in control of the airport for the past two years.

The terminal was attacked by “a large number of rockets, including Grad rockets,” a security source told the BBC.

Twelve planes were damaged in the barrage of fire and the control tower had taken a hit, with escalating clashes also forcing nearby Misratah Airport to close.

In response to the worsening security situation, the U.N. announced the withdrawal of its entire staff from the country. “The mission concluded that it would not be possible to continue its work … while at the same time ensuring the security and safety of its staff,” read a statement.

Tripoli is the main national transport hub, and as the only other international airport, Benghazi, has been closed for two months, there are no longer any flights to and from the E.U.

Libya has remained unstable since the fall of dictator Colonel Muammar Gaddafi in 2011.

[BBC]

TIME Japan

Japanese PM Abe’s Security-Policy Shift Blamed for Local Poll Loss

Japan's PM Abe delivers an address to both houses of parliament in Australia's House of Representatives chamber at Parliament House in Canberra
Japan's Prime Minister Shinzo Abe delivers an address to both houses of parliament in Australia's House of Representatives chamber at Parliament House in Canberra July 8, 2014. Lukas Coch—Reuters

Prime Minister Shinzo Abe faces backlash just weeks after reversing Japan’s security policy

The first signs of a backlash against Japanese Prime Minister Shinzo Abe have appeared since he dramatically changed the country’s defense policy earlier this month.

Abe’s party, the Liberal Democrats, lost a gubernatorial election in Shiga prefecture in what is perceived as a protest vote against the July 1 ending of the country’s ban on “collective self-defense,” reports Reuters.

The pacifist policy has defined postwar Japan, but Abe argued that the nation needs a new security policy in the current political climate, hinting at territorial disputes with China. In response, however, voter support for the 59-year-old Premier has already dropped below 50%, according to a recent public-opinion survey.

Abe is not up for re-election until 2016, but three other prefectures will elect governors later this year. Japan will also have several more polls next April.

The ballot also revealed divisions within the Japanese electorate regarding the East Asian nation’s nuclear policy following the 2011 Fukushima nuclear meltdown.

Many voters in Shiga prefecture are wary of the Prime Minister’s plans to restart nuclear reactors in neighboring Fukui prefecture. By contrast, Shiga’s new governor, Democratic Party member Taizo Mikazuki, called for Japan to reduce its reliance on nuclear power.

[Reuters]

TIME Apple

Chinese State Media: The iPhone Is a ‘National Security Threat’

China iPhone
Sina Corp.'s Sina Weibo microblogging service app icon is displayed on an Apple Inc. iPhone 5s in an arranged photograph in Hong Kong, China, on Tuesday, April 22, 2014. Bloomberg—Bloomberg via Getty Images

A Chinese state broadcaster has labeled the iPhone a “national security threat” to the country. CCTV, a news station whose reports can have wide influence, said that the location-tracking feature on Apple’s popular smartphone could be used to access state secrets, according to the Wall Street Journal.

Apple has been trying for years to gain a strong foothold in China, where it now generates more than 20 percent of its quarterly sales. The company inked a deal with China Mobile to bring the iPhone to the wireless carriers’ 760 million subscribers back in December. At that time, analysts estimated that Apple could sell 20 to 30 million iPhones in China this year alone. Right now, though, the device only has a six percent share of the smartphone market, according to the Journal.

Apple has not yet returned TIME’s request for comment on the matter.

The CCTV report could be given extra credence due to the disclosures by former National Security Agency contractor Edward J. Snowden about mass global surveillance conducted by the U.S. government. According to documents provided by Snowden to the New York Times, NSA hackers created backdoors into products made by Huawei, a major Chinese telcom company, to check for connections to China’s People’s Liberation Army.

[WSJ]

TIME Security

Android’s Factory Reset Doesn’t Totally Delete Your Stuff; Here’s How to Fix It

Jared Newman for TIME

A security firm dug through some old Android phones, and came up with plenty of unmentionables.

If you’re planning to sell or give away an old Android phone, be aware that a factory reset isn’t enough to safely wipe your data.

Security firm Avast reports that it’s possible to recover data from factory-wiped Android phones with the help of widely-available digital forensics tools. According to CNET, the firm purchased 20 Android phones on eBay and used various data extraction methods to recover e-mails, text messages and photos–including hundreds of nude male selfies.

“Although at first glance the phones appeared thoroughly erased, we were able to recover a lot of private data,” Avast wrote in its report.

Of course, Avast would like Android users to install the company’s security software, which is capable of performing a more thorough data wipe. But that’s not really necessary. As CNET points out, you can easily protect your data with Android’s built-in encryption tools just before getting rid of your phone.

To turn on encryption, go to Settings > Security and select “Encrypt phone.” Plug in the phone and set it aside, as the encryption can take an hour or longer. Once it’s finished, factory reset the phone like you normally would.

While this process won’t completely erase everything, it essentially locks up any data remnants and throws away the key, making it significantly harder for someone to recover sensitive information. You can also perform additional factory resets for added layers of protection, though this shouldn’t be necessary for most users.

The problem is that most people won’t know to take this extra step. The obvious fix would be to include a “thoroughly wipe phone” option at the time of the reset, so hopefully this is something Google will consider for future versions of Android.

TIME Surveillance

Report: U.S. Spied on Prominent Muslim Americans

Latest report based on documents leaked by Edward Snowden

The NSA and FBI monitored the emails of five well-known Muslim Americans between 2002-2008, according to a new report based on documents leaked by former NSA contractor Edward Snowden.

The Intercept, a news organization started by the journalist who first broke the Snowden story, reports that a government spreadsheet detailing the email addresses of monitored citizens was included in “FISA recap,” which refers to the secretive court that approves wiretapping and other intelligence activities.

Among the 7,485 email addresses listed on the spreadsheet are those of Faisal Gill, who served as an intelligence policy adviser in the Department of Homeland Security under President George W. Bush; Hooshang Amirahmadi, a professor at Rutgers University; Nihad Awad, executive director of the Council on American-Islamic Relations (CAIR), the largest Muslim civil rights organization in the U.S.; Asim Ghafoor, a lawyer who has represented clients in terrorism cases; and Agha Saeed, a former political science lecturer at California State University.

The five have denied any connection with terrorist organizations and do not have criminal records.

The office of the Director of National Intelligence denied the report Wednesday.

“It is entirely false that U.S. intelligence agencies conduct electronic surveillance of political, religious or activist figures solely because they disagree with public policies or criticize the government, or for exercising constitutional rights,” the office said in a statement. “Unlike some other nations, the United States does not monitor anyone’s communications in order to suppress criticism or to put people at a disadvantage based on their ethnicity, race, gender, sexual orientation or religion.”

Faisal Gill, who was accused of falsifying records in the mid-2000s to gain his security clearance but was later cleared by the Department of Homeland Security, found it “troubling” that the NSA was monitoring his Yahoo! and AOL email accounts.

“I just don’t know why. I’ve done everything in my life to be patriotic,” Gill told Intercept. “I think that certainly goes to show how we need to shape policy differently than it is right now,” he added.

Although the ODNI denied the report, the FBI and the Justice Department declined to comment. The Intercept says the reasons why the five were monitored remain unknown.

TIME privacy

How to Delete Yourself from the Internet

Americans love the Internet, with 87% of us active online. We have accounts everywhere, letting us kill time at work on Facebook, check Twitter for the latest news, cruise Pinterest for inspirational moodboards and hit Amazon for great shopping deals. On top of that, most of us also have a pile of inactive accounts created for discounts or one-off purchases.

With our digital footprints expanding, we are relaying more personal data than ever to trackers, hackers and marketers with and without our consent. Are we sharing too much? Do we have the right not to be tracked? Is withdrawing from the Internet entirely to preserve your privacy even possible? Let’s go over each of these issues.

Data dangers

Creating profiles at sites you use regularly has many benefits, such as ease of log-in and better suggestions for links or products you might like. But with growing concern over privacy terms that change at the drop of a hat, the sale of personal data by less scrupulous websites and the challenges of keeping stalker-y exes at bay, more and more Americans are deciding to reclaim and delete their personal data.

If you’re among the roughly 23% of Americans who use a single password for a handful of accounts, deleting inactive accounts is an important security measure. If a hacker cracked that password, you could suffer a domino-effect hacking of your other accounts too, especially if they are linked via a common email address.

Aside from the accounts and profiles we willingly create, our data is also exposed as hundreds of people search websites that comb police records, courthouse records and other public records such as real estate transactions, making our personal data publicly available to anyone who looks for it. Deleting this data isn’t as easy as you might expect — and many companies won’t remove your personal details fully.

Deleting your online presence

Tracking down all your data won’t be easy. There is no one service that will trawl the Internet for pieces of you, so start by tearing down your social profiles.

Start with JustDelete.me

A site called JustDelete.me provides an incredibly comprehensive list of email, social media, shopping and entertainment sites, along with notes on how difficult it is to completely erase your account and links to actually get it done. This is a great resource to help you remember and find unused profiles as well as gauging how much effort you’ll have to expend to shut it down.

Find other open accounts

Next, review your email accounts, looking for marketing updates and newsletters to get wind of other accounts you may still hold or companies that have bought your email address. Then go through your phone and check for apps that have required you to create accounts.

Once you’ve created a list of accounts, you then should sort them according to how often you use them, if at all. Delete any you don’t use. “Data is an asset to these companies,” says Jacqui Taylor, CEO of web science company Flying Binary. “Not only are these companies able to monetize you as their product, you aren’t even receiving a service in exchange.”

Working off your list of accounts, head back to JustDelete.me and use it as a springboard to start deleting accounts.

Downloading and removing your content

If there’s data you’d like to keep — say, photos or contact lists — you may be able to download them before deleting your account. Facebook and Twitter data can be downloaded in the respective Settings tabs, while LinkedIn contacts can be exported via Contact Settings.

At many sites such as Evernote and Pinterest, you won’t be able to delete your account. You can only deactivate it and then manually remove personal data. At sites such as Apple, this process includes a call to customer service.

Don’t forget background checking sites

To find out which background check websites have posted information about you, check out the list of popular sites on this Reddit thread. Then go to each and try searching for your name. See if you pop up in the first few pages of search results. If you do, the same Reddit thread has information on opting out, but get ready for a hassle: usually calling, faxing and sending in physical proof that you are who you say you are. After that, expect to wait anywhere from 10 working days to six weeks for information to disappear.

Sites that don’t allow complete withdrawal

A large number of companies make it impossible to delete all traces of your accounts. According to JustDelete.me, this list includes Etsy, the online marketplace for home crafters, which retains your email address no matter what; Gawker Media, which retains the rights to all posts you made; and Netflix, which keeps your watch history and recommendations “just in case you want to come back.”

Then there’s Twitter, which signed a deal with the Library of Congress in 2013 giving it the right to archive all public tweets from 2006 on. This means that anything you’ve posted publicly since then is owned by the government and will stay archived even if you delete your account.

To prevent future tweets from being saved, convert your settings to private so that only approved followers can read your tweets. (Go to the settings in the security and privacy section.)

Shut down your Facebook account by going to Settings, Security and then click “Deactivate my account.” You can download all of your posts and images first by going to Settings, General and then click “Download a copy of your Facebook data.”

However, you’ve already agreed to the social media giant’s terms and conditions, which state that Facebook has the right to keep traces of you in its monolithic servers. Basically any information about you held by another Facebook user (such as conversations still in the other person’s inbox or your email address if it’s in a friend’s contact list) will be preserved.

The divide between companies that make it easy to delete your data and the companies that make it difficult is clear. “If you’re the product (on such free services as the social platforms), the company tends to make it difficult,” Taylor says. Monetizing your data is the basis of the business model for such companies.

For services like eBay and Paypal, Taylor adds, you aren’t the product (both collect fees from sellers), making it easier to delete your account and associated data.

The right to be forgotten

Being able to erase social and other online data is linked to a larger issue: the right to be forgotten online. In the European Union, a recent Court of Justice ruling gave EU residents the right to request that irrelevant, defamatory information be removed from search engine databases. However, no such service is available to the residents of United States.

“You should be able to say to any service provider that you want your data to be deleted,” Taylor says. “If someone leaves this earth, how can their data still be usable by all these companies?”

When erasure isn’t an option

Much of our personal data online is hosted on social platforms that regularly update their terms of service to change how our data can be used. A privacy policy that you were comfortable with when you signed on could evolve to become something you don’t agree with at all.

“Your digital footprint is not under your control if you’re using these free services,” Taylor says.

But in an increasingly connected, virtual age, it can seem inconceivable not to have a footprint at all. Most of us use a social account to log in to dozens of other sites. Some sites require that you do so: for example, Huffington Post requires a Facebook log-in, while YouTube commenters need a Google+ log-in.

Employers frequently perform background checks through Google or dedicated third-party social media checkers. In many professions, an online portfolio of work on the likes of WordPress or Tumblr is a necessity. It’s becoming increasingly difficult to communicate socially without the aid of a Facebook or Twitter account.

Given the realities of our connected world today, not being online can be seen as a negative. The key, Taylor says, is to take ownership of your data. Control how much of your personal data is available online by pruning inactive accounts. Create new accounts selectively, and post with the understanding that within a single update to the terms of service, your data could become publicly shared or further monetized.

This article was written by Natasha Stokes and originally appeared on Techlicious.

More from Techlicious:

TIME Security

How to Hunt a Chinese Hacker

Private security firm Crowdstrike says alleged hacker Chen Ping was an avid photographer. CrowdStrike Intelligence Report

The private firm CrowdStrike followed an alleged Chinese hacker's footprints and uncovered a detailed picture of a menace to U.S. businesses

There are many photographs of Chen Ping. In one, he’s scarfing down pastries at a birthday party. In another, the camera catches him mid-laugh, standing in front of an ivy-covered wall. Chen photographed his dorm room, too, with bottles of rice liquor splayed across a desk next to a potted plant, clothes hanging in the corner. In a garden, he took photos of his girlfriend, catching a pleasant smile.

The photos are curious because Chen was supposed to be one of the faceless warriors in an emerging global cyber-war, according to researchers at the Internet security firm CrowdStrike. But the 35-year-old former resident of Shanghai left a trail of clues and photographs that researchers say led back to a People’s Liberation Army headquarters, where a covert team of Chinese hackers has been attacking telecommunications and satellite companies in the U.S. for at least seven years. The CrowdStrike researchers nicknamed Chen’s hacking ring “Putter Panda.”

To the Chinese army, the hackers are known only as People’s Liberation Army Unit 61486 — a group that a U.S. government official confirmed in an interview with TIME was responsible for cyber-attacks on American companies. The group came to light in a recent New York Times story. And Project 2049, a nongovernmental think tank based in Arlington, Va., claimed in a 2011 report that Unit 61486 was involved in the interception of satellite communications, as well as the acquisition of research in satellite imagery. But it wasn’t until researchers at CrowdStrike tracked down the hacker called Chen that the world got an unprecedented inside look at one of China’s notorious cyber-attack units.

CrowdStrike is part of a fast-growing group of young companies including FireEye, Sourcefire, OpenDNS and others that are challenging more established players for a bigger claim to the $67 billion cyber-security industry. They’re doing that by tracking state-sponsored hackers like Unit 61486 and independent cyber-criminals alike, anticipating their attacks before they happen. According to research firm Gartner, the security-technology industry is expected to grow to $86 billion by 2016. As cyber-attacks from state-sponsored hackers simply become a cost of doing business for many American companies, security researchers are making money by stalking hackers through fiber-optic cables and web domains to their computers back home.

At CrowdStrike, a 20-person team of researchers used technology ranging from the cutting-edge to the prosaic to find Chen’s Shanghai office address, and then monitored him and his colleagues. Companies like CrowdStrike say they are the first line of defense for U.S. companies’ intellectual property. “This is like real-time warfare,” says George Kurtz, co-founder of CrowdStrike. “We’re able to see exactly what they’re trying to do, where they’re trying to go and able to stop them in their tracks.”

Digital Warfare

It’s become increasingly clear that the future of espionage will be played out through fiber-optic cables, web servers and other computer systems. Cyber-espionage costs U.S. companies $30 billion each year in lost intellectual property alone, according to the Center for Strategic and International Studies (CSIS), and that doesn’t include the cost of cleaning up and recovering information. The FBI notified 3,000 U.S. companies that they had been hacked in 2013 by cyber-criminals or Chinese state actors. “We remain concerned that Chinese authorities continue to use cyber-operations to steal information and intellectual property from U.S. entities for the purpose of giving Chinese companies a competitive advantage,” a senior administration official told TIME.

Cyber-attacks are not a one-way street, of course. The National Security Agency is believed to have developed powerful capabilities to strike foreign entities. The U.S. badly disrupted Iran’s nuclear program through targeted network attacks in 2009 and 2010, according to multiple reports at the time. And the Edward Snowden leaks revealed that the NSA is engaged in the surveillance of email and telecommunications around the world, with the primary aim of bolstering U.S. national security — rather than the bottom lines of U.S. companies.

But security experts say Chinese cyber-programs are broadly focused on disrupting foreign businesses, taking valuable intellectual property and sensitive bidding information that Chinese corporations can use to their advantage. After hacking American manufacturers and corporations, the PLA passes on information to Chinese state-owned enterprises, often for a fee, says Jim Lewis, the director of strategic technologies at CSIS and a former foreign-service officer with the Departments of State and Commerce. Chinese corporate hacking is a robust industry, not limited to stealing foreign commercial secrets but also involves Chinese companies trying to best each other. “The Chinese are far and away the global leaders in terms of commercial espionage,” says Lewis. “The PLA will steal the F-35 plans, but they’ll also steal paint formulas or soap formulas.”

By keeping tabs on hackers and publishing open reports, private security companies like CrowdStrike may also be playing a role in pushing the U.S. to prosecute hackers. Last year, security firm Mandiant identified a different Chinese army group, Unit 61398, that allegedly hacked a broad swath of U.S. companies. Then in May, the Justice Department made history by charging five individuals from Unit 61398 for hacking U.S. businesses. The Chinese government denied the Justice Department’s claims, calling the accusations of hacking “made up” in official statements. “China is a staunch defender of network security, and the Chinese government, military and associated personnel have never engaged in online theft of trade secrets,” Foreign Ministry spokesman Qin Gang said last month.

CrowdStrike had long been keeping tabs on Chen’s Unit 61486 for its customers, but it wasn’t until the Chinese government’s denials that the firm decided to publicize its findings. “We put out the report specifically based on the denials of the Chinese government after the Department of Justice indictment,” says Kurtz. “We kind of got fed up and said, O.K., here’s a totally separate group than the one that was focused on by the DOJ and here’s all the proof.” CrowdStrike says it alerted the U.S. government before it released its report.

Unit 61486 began exploiting vulnerabilities in Microsoft and Adobe coding as early as 2007, hacking satellite and telecommunications companies, says Adam Meyers, head of intelligence at CrowdStrike. “There was a massive number of targets and data that were hit,” Meyers says.

Following Chen’s Tracks

Meyers’ team at CrowdStrike compiled a startling amount of information about Chen Ping (who happens to have a very common name), the alleged member of Unit 61486. CrowdStrike first looked at remote web domains being used to direct and control malware on infected computers. The web domains had to be registered, and the team found that many of the domains were registered under the same email addresses. One registered at least a half-dozen of the website domain names; someone with another email address registered several as well.

The big find, however, was a certain “cpyy” — operating with two major email providers — who had registered a large number of the remote malware-control domains. The CrowdStrike team cast a wide net to find cpyy, trailing the nom de guerre to a personal blog by a registrant named Chen. Chen’s blog profile, all in Chinese, stated he was born on May 25, 1979, and that he worked for the “military/police.” Another cpyy blog listed the identical birthdate and noted that the user lived in Shanghai. The blog said, “Soldier’s duty is to defend the country, as long as our country is safe, our military is excellent.” Meyers’ team was fairly certain it was the same Chen, given that same handle appeared repeatedly, but they needed more evidence to connect him to the PLA.

Sifting through the public records that connected Chen’s online profiles, the team found photos he posted. He shot with a Nikon, CrowdStrike said. He had a Google Picasa album with some of the same pictures in his blog post. Photos captioned “me” showed a young man with a bemused smile, laughing in a tent with a friend, doing pull-ups in front of a group of soldiers and playing guitar in a field. He took artistic photographs of objects in what he called “office.” According to Meyers, the photos revealed Chen was not just one hacker acting alone: in one, PLA hats were stacked in the background, and another photo of satellite dishes in his album “office” indicated ties to army signals intelligence.

Intelligence reports traced Ping’s photographs of his office and matched them to satellite imagery of an army building in Shanghai, according to the CrowdStrike Intelligence Report. CrowdStrike Intelligence Report

Chen was sloppy. When he registered one of the malware-control web domains, he input a physical address that tied him to a Shanghai building near the massive satellite dishes from his photos, Meyers says. Close analysis of overhead satellite imagery linked all the buildings in Ping’s photos to the very same address. And the CrowdStrike team found a Chinese website that listed the same address as a PLA building for Ping’s unit, 61486.

That implicated Chen, the unit and by extension, the Chinese government, according to CrowdStrike. “These guys are human,” says Meyers. “Sometimes when you’re behind the keyboard and you walk away from it, you forget there are other people out there who are going to be looking for you.” (Chen did not respond to request for comment to his listed email addresses. China’s Foreign Ministry did not return requests for comment.)

Covering Up the Trail

When the Justice Department charged the five alleged Chinese hackers in May with stealing trade secrets from U.S. companies, it named the hackers in the indictment and published photos of them. To some observers it was not so much an attempt to prosecute the accused hackers, who would have to be extradited from China, but more of a clear message to the Chinese army: We know how to find you.

“Cyber-theft is real theft and we will hold state sponsored cyber-thieves accountable as we would any other transnational criminal organization that steals our goods and breaks our laws,” John Carlin, Assistant Attorney General for National Security, said in a statement in May.

Experts say that going forward, the Chinese are likely to be more careful about leaving fingerprints behind in cyber-attacks.

Chen had been moved out of Shanghai to Kunming, Yunnan province, as early as 2011, CrowdStrike said, where according to Project 2049, the nongovernmental think tank, his army bureau (the 12th) has a facility. After Meyers’ team released its report, all the data that had been used to find Unit 61486 was scrubbed from the Internet, and Ping seemed to disappear. “They cleaned up all of his online presence real quick after that report came out,” Meyers says. “The next day, all of his sites were gone.”

Your browser, Internet Explorer 8 or below, is out of date. It has known security flaws and may not display all features of this and other websites.

Learn how to update your browser