UK police deny responsibility for poster urging parents to report kids for using Kali Linux
The UK's National Crime Agency (NCA) has publicly said it has nothing to do with a misleading poster designed to put fear into the hearts of parents and urge them to call the police if their children are using Kali Linux.
The poster, made public by Twitter user @G_IW, has reportedly been distributed by local authorities on behalf of the West Midlands Regional Organised Crime Unit (WMROCU).
It appears the creators of the poster are aiming to inform parents of what dubious software to look out for if they suspect their children are up to no good on the computer. While a good and reasonable intention, the disinformation on the poster, as described by @G_IW, is "staggering."
Virtual machines, the Tor Browser, Kali Linux, WiFi Pineapple, Discord, and Metasploit are all deemed terrible finds and the poster urges parents to call the cops "so we can give advice and engage them into positive diversions."
In reality, virtual machines (VMs) are a safe, perfectly legitimate way to run different operating systems and to test software without risking core computer systems. They can come in handy, for example, if software or games are designed for one operating system but are not compatible with another -- such as playing a Windows game on a macOS machine or vice versa.
The Tor Browser is open source software developed by the Tor Project designed to protect your privacy and is especially useful for those in surveillance and censorship-based states, civil rights groups, activists, and journalists.
Developed by Offensive Security, Kali Linux is a valuable OS used to learn penetration testing. The operating system is used by security professionals worldwide in white-hat security roles, as is the Metasploit tool, and WiFi Pineapple is also used for penetration testing -- but considering a price tag of a few hundred dollars, it is unlikely many kids have one of these stashed away.
The mention of Discord as a platform to "share hacking tips" is laughable, as you are more likely to come across gaming enthusiasts and meme-sharers than hacking communities.
Naturally, the poster has drawn the ire of many in the cybersecurity industry and as both the WMROCU and NCA logos were included, the NCA has been forced to publicly distance itself from the advisory.
In response, the NCA said the agency "was not involved in the production or release of this poster."
"There are many tools which tech-savvy children use, some of which can be used for both legal & illegal purposes, so it is vital that parents & children know how these tools can be used safely," the NCA added.
The team from Kali Linux might have enjoyed the marketing, though, given their light-hearted response to the poster.
The police force eventually responded, blaming a third-party:
"The poster -- produced by a third party -- was created as an aide memoire to assist teachers with safeguarding in schools. It was taken from wider information on cyber tools which could be used to commit cyberattacks, but equally have a legitimate purpose."
Make of that what you will. But it should be noted that we should be encouraging a healthy interest in cybersecurity as there are plenty of roles, both current and emerging, which require skilled, white-hat professionals, and we should not be trying to frighten parents, teachers, and children away from tools that not only protect our privacy but can also pave the way for successful future career paths.
Speaking to ZDNet, Jim O'Gorman, the Chief Content & Strategy Officer for Offensive Security commented:
"I think that the whole situation reminds me of the generational scares that happen with rock music, video games, and so on. Hopefully no parent would take it seriously and feel like they have to call the police on their own children if they find them using Kali or chatting with others on Discord, as that's pretty ludicrous.
These are all awesome opportunities for parents to engage with their children, find common interests, and spend time together while helping the child learn skills that will help them later in life.
If you don't understand something your child is into, instead of freaking out about it just ask the kid and learn from them. In the end, none of this entire issue has anything to do with Kali or any of the other tools called out in the poster, instead it just has to do with how to be a good engaged parent and some people's misunderstanding of what that means."
Industry: Cyber Security
- Architect | Cyber Security | Public sector Permanent
Architect | Cyber Security | Public sector Permanent Seeking a Security Architect with Public Sector / Cloud Security experience for a lead technical role. Public sector security architecture design experience essential. (MoD) Current project experience delivering HLD / assurance of computer networks / build evaluations. Active Security clearance required. If you are open to hear about a new / exclusive opportunity where you are interested to be more than a number in a company reach out to team today. Chris.firstname.lastname@example.org 07884666351
- CIAM Architect Azure B2C
We are seeking a highly skilled and experienced Azure B2C CIAM Architect for a contract starting on Jan 2024. As an Azure B2C CIAM Architect, you will be responsible for designing, implementing, and deploying an new Azure B2C Solution . Responsibilities: Design and implement an Azure B2C-based CIAM solution that meets the needs of our clients organization. Maintain and support the Azure B2C-based CIAM solution. Provide training and support to our employees on the use of the CIAM solution. Background designing, implementing, and maintaining CIAM solutions. Experience with cloud-based identity and access management (IAM) solutions. Experience with OAuth, OpenID Connect,and SAML. Excellent written and verbal communication skills
- Senior IAM Consultant
- Upto €110,000 depending on level of position
Senior IAM Consultant is needed to help lead and deploy IAM Projects for this expand IAM Consultancy The ideal candidate will have a deep understanding of IAM concepts and technologies, as well as experience in deploying and managing complex IAM solutions. Responsibilities Lead the deployment of IAM solutions for our clients Work with clients to understand their IAM requirements and design solutions that meet their needs Configure and implement IAM solutions using best practices Integrate IAM solutions with other enterprise systems Provide training and support to clients on the use of IAM solutions Stay up-to-date on the latest IAM technologies and trends We are looking for an experieneced IAM Consutlatn with: Strong understanding of IAM concepts and technologies,including identity lifecycle management,access control,and authentication Experience in deploying and managing complex IAM solutions Experience with IAM products and solutions,such as SailPoint,One Identity Manager,and Azure Active Directory Excellent communication and interpersonal skills Ability to work independently and as part of a team Fluent in German Candidates witll need to live and have the right to work within Germany to be considered.
- Security Architect - SOC Design - Outside IR35 London. SC / DV cleared
- Outside IR35
Security Architect - With in-depth SOC Design experience needed for Outside IR35 London. SC / DV cleared. 6 month rolling Immediate Experience delivering technical Security Architecture design / assurance of security design with mobile network experience. HLD / LLD Current SC Clearance a must. Willingness to undertake DV. London 3 days a week Immediately interviewing.