• Welcome to the official Army of Club Penguin! Established September 29th, 2006, we have been the largest and best Club Penguin community since. Enlist today and start your journey!

    ~ Ugly & Roxy

  • Trophy Case

  • Recent Posts

[AUSIA] Clovers Battle HF – Results!

Addressed to the Army of Club Penguin

BATTLEGROUND, “Battle: ACP vs. Help Force” — Good morning ACP! On Saturday, April 29, our AUSIA division logged onto CPA Battleground in Battleground for a practice battle with our brother allies, Help Force! We met up in the Town before switching to the Iceberg.

Max Size: 31

Max Size Picture:

Continue reading

[USA] AA Training: Fast Room Changes

Addressed to the Army of Club Penguin

BATTLEGROUND, “Hardcore Training: Quick Room Changes”– Good evening ACP! Today on Thursday, April 27, our USA division logged onto CPA Battleground in Battleground to practice switching rooms quickly in preparation for the AUSIA Arena Tournament beginning next week and invade Duatopia! Troops logged on to the Town before switching to the Iceberg. There we did some tactics and formations (like we’ve been practicing all week) before diving into our event.

Max Size: 25

Max Size Picture:

Continue reading

[USA] Quest for Number One!

Addressed to the Army of Club Penguin

BATTLEGROUND, “Operation: Unscheduled Event”– Good evening ACP! On Saturday, April 22 (aka Earth Day), our USA division logged onto CPA Battleground in Battleground for an unscheduled event! We heard through the grapevine that ACP would clinch number one if we maxed 35 online today! Just a few hours before the event, DMs started letting troops know about the upcoming event, and we started logging on in the Town one hour before. After much work DM-ing and mentioning troops, we hit 36 troops online! 41 people logged on for ACP, and we appreciate folks taking time out of their weekend to help us.

Max Size: 36

Max Size Picture:

Continue reading

[UK] Coolguy Inducted as UK Commander!

Addressed to the Army of Club Penguin

BATTLEGROUND, “UK Commander Induction: Coolguy”– Good evening ACP! On Friday, April 21, our UK division logged onto CPA Battleground in Battleground to officially induct Coolguy as our UK Division Commander and invade Lard! We met in the Town and waited for troops to log on before moving to the Forest.

Max Size: 22

Max Size Picture:

Continue reading

[AUSIA] PIC & ACP CLASH IN PRACTICE BATTLE!

Addressed to the Army of Club Penguin

BATTLEGROUND, “Battle: ACP vs People’s Imperial Confederation”– Good morning ACP! Today on Thursday, April 6th, our AUSIA division logged onto CPA Battleground in Battleground for a practice battle with our allies, the People’s Imperial Confederation! Troops met up in the Town whilst the event was delayed for ten minutes, but we soon moved to the Snow Forts to begin our battle.

Max Size: 24

Max Size Picture:

Continue reading

[US] TROOP-U LEAD & Sanya’s Birthday!

[AUSIA] Shamrock sQUACKdown Results!

Howdy ACP!
Today we logged on to Club Penguin for a quacktastic event, the Shamrock sQUACKdown. We did tactics, we checked out the cool medieval rooms, but most importantly, we had fun! Don’t forget to react in #event-chat if you came and also #events if you can come to the next one. 

Max: 41

Thank you for all the pictures <3

ACP General // Third in Command


Staying Safe Online: IMPORTANT Online Safety Information

   PUBLISHED BY THE ARMY OF CLUB PENGUIN   

 
 

Do you know about the threats of malicious software, dangerous websites, sketchy links, and weak encryption? How about Denial of Service and Distributed Denial of Service (DoS/DDoS) attacks? Doxxing? If you feel like you could use some help with understanding these threats and their core cybersecurity concepts, this guide is definitely for you to utilize!

                                                

Preface

Today, many are targeted by attackers seeking to gain stolen assets and highly sensitive information—entire groups exist for this very purpose. Some, more than others, are intent on doing actual harm to unsuspecting people by using the internet to manipulate people like you. The threats are real, and it is imperative to recognize this in order to:

  1. Develop an ever-growing knowledge base to help us navigate the digital world;
  2. Use that knowledge to improve judgment and make good decisions online;
  3. Be aware of the complexities in practicing online safety to not only protect yourself but also protect others.

These threats exist here in our unique community too because of the inherent online nature of our community. Take it from someone that has spent almost 10 years in ACP: it’s an incredible experience and I wouldn’t trade it for anything. But it’s important to remember that by simply being online, there is always risk. In the greater CP Army community, there are also unique dangers to be cautious of, all of which are addressed herein.

While the internet is an amazing thing (don’t get me started), remember this as well: We’re all in a constant battle to protect our data and foster a secure internet community overall. It is my ardent hope that this online safety and cybersecurity guide will aid us in this collective fight.

I implore you, please share this guide and other great resources actively in your communities. Online safety is, unfortunately, not always taught in schools and people are constantly victimized because of this lack of knowledge and understanding.

We have a duty to help others and be part of the solution when in the position to do so, and today, we can all be armed with the information to protect ourselves and our communities. The good of one will have a profound impact on the many, and can even lead to others being contributive global citizens. YOU can be part of that! In this increasingly interconnected world, we need more of those people.

While this guide is only the tip of the iceberg, it is also my hope that this will inspire you to tip the berg and embark on your own journey to explore further.


Introduction

I want to start off by asking a question: when you think of the internet, what comes to mind first? Second? Third? There’s a lot to think about, and the list of platforms and services can go on and on. While it’s true that there are many wonderful benefits that the internet can provide, there is still a great need to protect oneself from the dangers of being so interconnected.

As technology advances, our society strengthens and advances with it. Unfortunately, while progress is made, the disastrous potential of malicious schemes is strengthened as well. This is why it is imperative to be aware of online threats to security, and how to protect yourself from these threats. And it all starts with knowledge. After all, as they say, knowledge is power. In this post, I will share some valuable information to get you started, and hopefully, we can all work together to expertly navigate the digital world safely together!

I would also like to add that while much of this information may already be considered common knowledge for some of you, there is a staggering amount of individuals that simply are not aware of this information.

Of course, it never hurts to review your online safety practices and consider how you may be able improve them or even help others do the same!

It is my hope that I can help you all more effectively protect yourselves and your friends from the very real threats that exist all over the web. And if you find something particularly intriguing to confusing, I highly encourage you to look more into the concept or topic yourself. If you do find out something new, share it with us via the Discord server or the ACP Twitter (@ACPArmy)!

REMEMBER: If you see something on the ACP Discord server that concerns you or you receive a message from someone that makes you feel uncomfortable, please alert staff immediately so that we can take the action necessary to protect our community.

We are here to ensure a safe, fun, and friendly environment for all, so don’t hesitate to communicate with us and ask questions or discuss concerns.

Table of Contents

  1. Protecting Yourself Online
    • Passwords and personal information
    • Look closely and avoid traps
    • Lessen vulnerabilities
  2. Other Threats
    • DoS and DDoS attacks
    • Doxxing
  3. What to You Can Do Next
    • Continue learning about online safety
    • Educate your friends and family
    • Take advantage of great resources
  4. Helpful Resources to Check Out
    • My online safety infographic
    • Federal Bureau of Investigation Safe Online Surfing game
    • Federal Bureau of Investigation Don’t Be A Puppet game
    • Code.org Cybersecurity
    • Khan Academy
    • Any other resources you know about? Let me know!


1. Protecting Yourself Online

Today, our technology that makes the digital world possible provides us with better ways to collaborate, solve problems, and advance the human condition. However, just as those who want to use technology for good are able to expand their capabilities, so do others who wish to steal your sensitive information and identity and do harm to you. Though it’s not exactly pleasant to deeply ponder, the reality is that someone is most likely after your information in one way or another.

Fortunately, if we’re aware of how attackers attempt to compromise our information, we can have confidence in our ability to repel such attacks. The following sections will explain how you can better protect yourself online, so be sure to read on!

Passwords and personal information

What protects your accounts from being breached? Passwords. Often times, for whatever reason, users do not adequately protect their accounts and instead use easy-to-guess passwords like “abc1234,” “qwerty,” or “passwordpassword.”

In order for passwords to be STRONG, they must be:

  • Diverse in characters
  • 12 characters or longer
  • Varied across websites and services
  • Free of personal information and dictionary words

The last point is a very important one: keeping your passwords free of personal information and dictionary words is critical to password security.

If someone uses words, or worse, personal information in their passwords, it is very easy for someone else to gain access to the account because it’s much easier to crack a password with words or information others already know or may be able to find out.

You can bet that malicious individuals will use every bit of information against their targets, so be careful what you set as your password and aim to randomize. Give them a run for their money and concede no clues or advantage.

For example, intelligence and national security agencies such as the Federal Bureau of Investigation (FBI) may use a database of personal information to try cracking a device password. But they aren’t the only ones with this capability; attackers make the same effort, so be sure to keep a tight hold of your personal information and strongly consider the possible consequences of sharing information about yourself—especially on your passwords. Without realizing it, you could easily be painting a target on your own back!

Sharing too much personal information can lead to being doxxed too (discussed later), which can even lead to being blackmailed or extorted. In short, DON’T give others an opportunity to take advantage of you.

Essentially, if any part of your password can be known to someone easily or is a common arrangement of characters (a dictionary word for example), you will be leaving your information’s main line of defense open to attack. And as we get older and have more accounts with critically important information and finances to protect, we have to ensure we take the necessary steps to SECURE our accounts.

Look closely and avoid traps

There are plenty of people after information for a variety of reasons. Maybe they want to sell that information to the highest bidder or use it to compromise someone’s account themselves. Whatever the case, attackers will set traps that you have to look out for. How can you spot and avoid them?

  • Use only SECURED (HTTPS) connections
  • DON’T click unfamiliar links
  • DON’T install unfamiliar software
  • Recognize suspicious offers
 

Secured connections will always have https:// and a lock icon at the front of URLs. HTTPS stands for Hypertext Transfer Protocol Secure, meaning that the website is using an encrypted connection to transfer data between your computer and the server taking your computer’s requests to access or submit information.

If you share information on a website that does not have a secure connection, submitted information is vulnerable and visible to attackers.

 
For those of you that may be familiar with VPNs (Virtual Private Networks), a very similar process happens when you decide to wisely access the internet via a VPN. Sometimes you’ll encounter security threats that are not entirely deliberate. Public wifi is one of those things. Because of the public nature of such networks, anyone can unleash attacks and intercept your information. 
 
When connecting to the internet in a coffee shop or library or hotel, strongly consider using one of the many free and paid VPN options to surf on a secured connection. Refer to section 4 for some options!
 
 
 
Malicious Links & Suspicious Offers

Another serious threat online is clicking unfamiliar links, which often come with suspicious offers. There are many approaches one might take to getting one to click a link that may appear harmless or look like a legit website at first glance. These links, however, are actually incredibly dangerous. Here’s why:

  1. Malicious links can be anything. Here are some possible surprises awaiting unsuspecting users:
    • Malware: Malicious software that is installed on your computer that can damage your machine and even your network itself as well as other devices on that network. There also exist programs that can take over your computer and gain access to all local data.
    • IP grabber: Services that can be shared via links used to ‘grab’ your Internet Protocol address (unique to each device and each router) & have personal information attached to them. IP address exposure can lead to a DoS/DDoS attack on your network or device.
    • Phishing scam: Websites that trick you into giving your account information by making it seem like you’re visiting the correct website. These are often shared through scam emails.
  2. Do NOT click on short links (these mask the actual website; use an online tool to expand such links and reveal what the actual destination is). An example of this is below:
  3. Your device could become part of a botnet, a network of computers used by someone to attack big websites and cause tremendous damage to digital systems by overwhelming a server with packets of information, a DDoS attack.
Note: if you encounter something unfamiliar but do not want to run the risk of exposing your system to a threat online, consider researching that website or link (not the URL; enter the name in a search engine).
 

In the first picture, I was sent a fake message from someone attempting to impersonate the popular YouTuber, Mr. Beast. I had recently watched his videos and have been following some of his social media accounts. This could have been a targeted attempt based on my interest that this person may have been already aware of.

In the second picture, after finding an online tool, I unshortened the link (without clicking it) and discovered through research that the website (again, I did not visit the actual site) was related to some sort of malware-affiliated site. I’m unsure of what exactly would have happened if I visited, but I was not intent on finding out.

I find it very interesting that not long after this, another account attempting to impersonate another YouTuber that I follow regularly sent me another link. This is a good example of how knowledge gives you the power to control the outcome of a situation, especially when it comes to online safety.

Additionally, installing unfamiliar software on unfamiliar online websites is another way to damage your computer. Even if you think a download is safe, consider the source of that software, and evaluate the situation by researching the source of the download. The best method of prevention for damaging your machine as a result of malicious software is not taking the risk in the first place.

Lessen vulnerabilities
Although there are websites that you may accidentally visit and people that are out there for your data and sensitive information, there’s a lot one can do besides playing it safe and learning to spot and dodge attempts to steal your information. Some ways you can fight back are:

  • Turning on 2FA, Two Factor Authentication. This allows you to further secure your accounts by linking a phone number to your account. In the event that someone does breach your account by cracking your password, your account will be locked by the 2FA feature and require a confirmation only achievable from the actual user’s phone.
  • Installing your security updates! Out of date software opens up holes in your device’s ability to defend itself and your data from attacks. Ensure you are actively checking for critical system updates and keeping up with the important installations.
  • Spreading your knowledge and helping others is a huge way to fight back against the threats to users of the open web. Unfortunately, the internet is fundamentally insecure and was never built for the purpose it now serves. But we have to roll with it, and we can make that easier by teaching each other and helping educate ourselves about the very real and possible threats to your information, devices, and even personal safety lurking around the internet.
There’s a lot each of us can do ourselves, and we can wage this fight against scams and online threats together. But to do that effectively, we’ll need to have a strong foundation of knowledge. And this guide is most certainly a great start.
 
 
2. Other Threats

There are quite a lot of threats to your devices and safety to look out for, and there are certain ones that fall into categories all their own. Two common examples of these would be doxxing and DoS/DDoS (Denial of Service/Distributed Denial of Service) attacks. These are often conducted with the intent to control and even do harm to other people. If you aren’t careful, these threats could slip into your reality and make it a nightmare to deal with. Therefore, the best protection is prevention.

So where does the threat begin? Specifically, what leads to users being victims of DoS/DDoS attacks or doxxing, and how do I prevent it? Consider the previous section’s information on deceptive links, where the main tool that attackers use to steal assets and more information can easily be your own information. Our world is so interconnected today, that we give lots of information about our lives and personalities away online.

And guess what? That’s free game for attackers, and you can bet they’re going to use that valuable knowledge in any way the can in order to find an angle – a vulnerability, a chance, an opportunity – to take advantage of you. That’s why it’s important that we carefully consider what information we share, how we share it, who sees it, and what the consequences might be.

The prevention? Don’t overshare. You’d be surprised how easily criminals can locate people and make attempts on their sensitive data. Here’s just one example of the dangers of sharing images online:

            Photos.  Photos taken from smartphones embed the GPS Coordinates in the photo, which will allow others to know the location of where the picture was taken and may be used to find you.  Beware of this when posting photos to online social media sites.  Remember that pictures posted online may be copied, altered, and shared with many people without your knowledge or consent, unless you use privacy settings to limit who has access to the pictures. (United States Department of Justice US Attorney’s Office, Northern District of Georgia website)                                                                                                   

We’re still not all aware of what one individual (let alone organized groups) can do to use technology against a target. It’s important to learn as much as you can about online safety and how the internet of today works so that you can protect yourself and teach others to do the same. We’re in this together, but we won’t win the battles if we don’t know what’s out there and who may be coming for our data, and how they’ll do that.

Now, there’s another similar threat that attackers will have up their sleeves. It involved gathering information about someone and releasing that information either right away or by blackmailing the person whose information could be released without their consent. In our online community, this threat is very real. This threat is called doxxing.

How do I protect myself? Don’t overshare and create unnecessary risk. Doing this helps people figure out your true identity. The more information someone knows about you, the more likely it is for someone to dox you and even extort you by using the info to get something out of you. Keep yourself safe. Keep your family safe. Keep your friends safe. Don’t overshare online. It is a real danger to be mindful of, and it has real impacts!

 


Denial of Service attacks happen when someone uses one’s IP address (unique to each device) to flood the bandwidth of a specific device, router, or server with the intent to manipulate one’s ability to access and use their internet connection. This can have serious consequences for those reliant on a strong internet connection. This is even the case for big-name websites as they’re often the targets of botnet attacks.

DDoS attacks specifically are large-scale botnet attacks, meaning that a vast network of devices is being used to simultaneously send data “packets” to a receiving machine or system. DoS attacks are not distributed; they only take place using one connection between the attacking device and the system under digital siege.

So what does this mean for you? It depends on the source of the attack and the circumstances.

I’ve been attacked and lost access to the internet for one hour (and I know this was a targeted, deliberate attack on my machine). Following that, there were no further issues. However, my IP address was exposed at some point, and there are many ways for someone to exploit websites and collect IPs that even I did not know about. It’s possible to reset IP addresses, but why bother going through the trouble if you can prevent it from happening?

Here are some ways to protect your IP address:

  • Be aware of how your IP is collected by the sites you visit and interact with
    • Ex. when commenting/posting on WordPress websites, normally your IP is viewable to those running the website).
  • Use a VPN. You’ll hear this again and again (and for good reason).
  • Don’t accidentally share it in pictures; be mindful of your screenshots!
  •  
 
 

[More to be added]