Küberpähkel (Cyber Challenge) competition: correct answers

Visitors could test their knowledge about the Internet security in the Cyber Challenge game in Robotex 2016 that was held from December 2-4. This time the game focused on topics related to the secure password and computer usage, technical knowledge and impact of pervasive Internet on people.
Approximately 900 people participated in the game during three days. LEGO Mindstorms EV3 robotics home user set and strategy game NATONIA of the Ministry of Defence was drawn for participants with score over 75%. The winner was Karell Veskimeister. Congratulations!

The test consisted of 5 different levels or grades where the next level answers the questions of previous levels as well as receives 3-4 additional questions.
Level I - up to the age of 6 - first 4 questions
Level II - up to the age of 9 - first 8 questions
Level III - up to the age of 12 - first 11 questions
Level IV - up to the age of 15 - first 14 questions
Level V - from the age of 16 - 18 questions

Some questions were quite a challenge for the participants. Here you can find the correct answers with comments:

1. What is a good password?

Levels I-II: your name; the name of the city where you live; your mother’s/father’s name; none of these.
Levels III-IV: your name and birth year, the name of the city where you live; your dog’s/cat’s name; none of these.
Level V: your name and the first four digits of your ID, the name of the city where you live and the postal code; your dog’s or cat’s name and 1234; none of these.

A strong password does not contain any personal information, in particular you should avoid personal data that can be found on the internet, like your name, the name of your school or company, the street or the city where you live, your cat’s or dog’s name. A strong password uses a mix of lower case, upper case, numbers and symbols and has 8-15 characters. A password should be easy to remember but difficult to guess. A long password is always better than a short one. For example, a password like RebaneRebaneRebane111 is much harder to crack than a password like 48op! You can test the strength of your password here: https://howsecureismypassword.net/

2. How often should you make a pause when you are using your computer, tablet or phone?

NB! The options vary according to the age level.
Levels I-II: every 10 minutes, every 20 minutes, every 30 minutes, every 45 minutes.
Levels III-IV: every 30 minutes, every 45 minutes, every 1 hour, every 1.5 hours.
Level V: every 45 minutes, every 60 minutes, every 1.5 hours, every 2 hours.

While there is no escape from technology in our modern world, it is always important to keep our health in mind. How am I sitting? Is the light sufficient? For how long have I been using my device without pausing for a break? An occasional carelessness will probably not do any harm but if you are in the habit of using your device for hours with no break, slouching in a chair or slumped on a sofa, paying no attention to light, it may well have affected your eyes or your posture. Mind your health!

3. What will I do if a pop-up like this appears on the screen? Mark all the correct answers.

a) close the pop-up window by clicking the corner X;
b) call on the number provided;
c) do nothing and ask for advice;
d) download the antivirus program offered on the site.

This is a fake warning message you sometimes get when surfing the web, purportedly telling you that your computer is infected with malware. Just close the window and nothing happens. However, if you panic and click a button or a link on this page, you can actually infect your computer with a virus. So, as always when you do not know what to do, ask a tech-savvy friend for advice. Or just call Child Helpline at 116111 and ask what they suggest you do. Everyone can contact Child Helpline for help and advice in matters related to Internet safety as well as other problems children may experience in life. Better be safe than sorry.

4. You want to play a cool game called The Angry Monster on your phone. You find several apps with a similar name, which have been rated by users. Which game is the safest to download?

a) Very Angry Monster FREE – download now;

b) Angry Monster;

c) Anggry Monster;

d) Angry Monster, start from level 10!

In the world of apps, you would be well advised to study the number of users, ratings and comments in official app stores (such as Google Play or App Store) before downloading anything. It is good if you know the name of the author of the original app. But even then you have to check very carefully all the app details (description, the author’s name, etc), and to look out for misspellings, suspicious rights, etc. If a free app promises to take you to a higher level faster than the original game or asks for unjustified data, you should not risk downloading it as this may be a way for cyber criminals to get access to your device and use it for something bad.
With younger kids it would be a good idea to set restrictions in their device so that any time they want to download a new app, the parents have to enter a password.

5. How many people of the world’s population (around 7-8 billion) are Internet users?

a) all of them;
b) half of them;
c) almost 3 billion people;
d) 1 billion people.

The world of the Internet is vast and there are many people there, just as there are in the real world. In Estonia there are 1.3 million people - just a fraction of the world’s population. Estonia is, however, special in that our people, children and adults alike, use the Internet much more, compared to some other countries and nations. It is easy to believe that if we have free WiFi available at every corner and most schoolchildren have a mobile phone in their pockets, the situation is the same in other countries. In fact just one third of the world’s population have an Internet connection. Therefore it is important for us to be knowledgeable about Internet safety, so that we could make the most of our devices and opportunities.

6. What are the two best lock screen security methods for a mobile device?

a) no password;
b) lock screen pattern;
c) PIN;
d) fingerprint scanner.

If your device has no password, everyone can use it - for example if you happen to lose your phone or if someone takes it as a joke.
A lock screen pattern is better than nothing but if you hold your phone against the light, you can see that the pattern is visible on the screen. One of the safest screen locking methods is using a PIN. The PIN should be a hard-to-guess combination. Codes like 1234 or 1379 (the corners) are not the best solution.
Newer devices are also equipped with fingerprint scanners or other biometric authentication methods such as voice or face recognition. It is also possible to authenticate users based on the way they walk and to designate safe zones (such as your room), where the device is automatically unlocked. This is really interesting and worth checking out!
Here you find more advice for the users of smart devices:

7. You are in Mustamäe Shopping Centre. Which of these WiFi networks is the safest to connect to?

a) Koduwifi;
b) Mustam2eforFREE;
c) Mustam2ekeskus_kylalisele;
d) Lasnam2e_salajane.

As Internet access is certainly regarded as a basic human right in Estonia and looking for WiFi is almost like a national sport here, it is very important to find a secure network.   By connecting to a malicious network, you basically let its owner watch everything you are doing in the Internet, your passwords, e-mails, etc. For reasons of safety, we recommend using your device’s mobile data for connecting to the Internet. If this is, however, not possible, you should find out which network is the official public network of the shopping centre. You should definitely avoid using any other networks, no matter how well their names may sound. In case you have set up a connection with a wrong network, you should later change your passwords in your secure home network.

8. What should I do if a screen like this is displayed in my computer? Mark all the correct answers.

a) restart the computer;
b) press Ctrl+Alt+Del;
c) press any key;
d) do nothing and ask someone for advice.

If the screen of your computer or smart device turns blue or black (bluescreen), it usually means that the computer has crashed. The problem may be resolved by just restarting the computer or by following the guidance on the screen. The guidance is usually given in English. If there is anything you do not understand, always ask for advice. Rebooting generally fixes 90% of the problems.

9. At which number should I call if I am concerned about an Internet safety issue?

a) 1188;
b) 116111;
c) 112;
d) 110;

Child Helpline can be contacted on their website http://www.lasteabi.ee/ as well as by phone. Everyone can contact Child Helpline at 116111 for help and advice in matters related to Internet safety as well as other problems children may experience in life. It might be a good idea to save the number in your (or in your child’s) phone. If you feel uncomfortable speaking by phone, you can also use Skype or the chat option on the website. There is also Child Helpline App, which can be downloaded. So whenever you are concerned about something, ask for help!

10. Do you know Internet slang? What does mean abbreviation LOL?

a) hello;
b) listen;
c) laugh out loud;
d) maybe.

In the world of the Internet, abbreviations are often used to speed up typing. Such abbreviations are often formed by the initial letters of words. Typically, Estonian Internet words are mixed with English. Some widely used acronyms in English include NP (no problem); LOL (laugh out loud); AFK (away from keyboard); YOLO (you only live once), ASAP (as soon as possible), etc.
By the way, do you know what Xoxoxo! stands for?

11. Someone from your school takes a photo of you unawares and posts it online. What will you do? Mark all the correct answers.

a) do nothing;
b) ask the poster to remove the photo;
c) contact the Data Protection Inspectorate;
d) contact a web constable.

Each step you take for removing an unauthorised photo from the Internet is better than doing nothing. Even if people post photos of you because they think you look great on them (eg a photo of you sleeping), it still violates your privacy. When posting a picture online, the person on the photo should always be asked for permission. You can ask the poster or the website administrator to remove the picture. And again - if you do not know what to do, always ask for help.
Here you can find some tips for managing social media http://noor.targaltinternetis.ee/sotsiaal-vorgustikud/

12. Mark the wrong statements. There may be several.

a) you can download anything from the Internet, there is no need to check where the files come from as this is something better left to IT specialists;
b) if a friend sends her photo gallery link via Facebook, Skype or e-mail and it contains the English text „Look at my pics:”, it should be opened immediately;
c) I use my computer in the restricted mode and enable the administrator mode only for performing maintainance tasks or updating the programs;
d) never use antivirus software. If the software is installed, it should not be updated.

Right behaviour:
  • You should regularly download updates and upgrades of the operating system and apps.
  • Use the computer mainly in the restricted mode. Enable the administrator mode only for performing maintainance tasks and updating the programs.

13. Which list includes viruses? There may be several.

a) Agenda, Byte Bandit, Commwarrior;
b) a-squared Free, HijackThis, F-secure Online Scanner;
c) Comodo BOClean, Spyware Terminator, Windows Live OneCare;
d) Melissa, Ping-pong, Sunday.

Computer programs often have weird names, which are hard to distinguish from those of viruses and other malware. Stop and think before you download anything into your computer or device - better be safe than sorry. You should always do an Internet search about the product you wish to download to make sure that it is good stuff and not likely to do any harm to your device.
HijackThis, a-squared Free, F-secure Online Scanner, Comodo BOClean, Spyware Terminator and Windows Live OneCare are all anti-virus or malware removal programs.

14. How do you call the unauthorised use of other person’s personal data (such as name, birth date, etc) or accounts (e-mail, Facebook, etc)?

a) identity theft;
b) phishing;
c) sexting;
d) frapping.

Frapping means taking over someone’s Facebook account for posting inappropriate or embarrassing content. Never forget to log out of your account whenever you are using a strange computer or device. Use passwords to protect your personal devices.
Sexting refers to the sending or posting of sexually explicit or erotic content (text, photos or videos) via text messages or on social networking sites. According to Section 178 of the Penal Code, the manufacture of works involving child pornography or making child pornography available is punishable. So, if an adult posts sexually explicit or erotic content depicting a child, this is considered a crime. Another reason why you should never share such pictures is that someone may use them for blackmailing you (“Send me another photo or I will post the one I have in the Internet”).
Phishing means luring victims to visit malicious websites. This is done by means of e-mails and text messages purportedly sent by, e.g banks or webstores (the messages usually look similar to the real ones sent by these organisations). Clicking on the link in the message, the victim is taken to a fake website (which again looks similar to the authentic ones) where they are asked to enter sensitive information (such as the Internet bank username and password).

15. I want to view a signed document with my ID card but a message like this appears on the screen. What will you do?

a) click Yes;
b) click No as my ID card is fine;
c) close the window by clicking X as this is probably a virus.

If you wish to use your ID card and you have not downloaded the required certificates or the certificates need renewing, you should click Yes for opening the file you want to read. However, if there is a chance that you yourself may want to sign another document electronically, you had better fix the problem by updating the software and certificates. For help, see http://id.ee/.

16. How do you call a network of computers that, unknown to their owners, has been set up to forward transmissions (including spam or viruses) and distribute pornographic content and pirated software to other computers on the Internet and is controlled by cyber criminals?

a) Trojan;
b) Botnet;
c) Rootkit;
d) DoS.

A Denial of Service (DoS) attack is a form of cyber-attack where the perpetrator seeks to make a server or router unavailable for legitimate users by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems. A DoS attack slows down network performance and the network resource may stop working.
Rootkit is a collection of software that enables administrator-level access to a computer, usually at the kernel level of the operating system, bypassing the security mechanisms. Similar hiding mechanisms are employed in various types of malware, unnoticed by the user as well as the anti-virus program.
A Trojan or a Trojan horse is a malicious program which creeps into your computer under the disguise of an innocent-looking application appears harmless but shows its malicious side once inside the computing device. Usually a Trojan does everything to hide its existence from the user of the computer but some Trojans may, for example, switch off your anti-virus program or firewall.
More information is available here: http://www.arvutikaitse.ee/arvutikaitse-algtoed/

17. You receive an e-mail message from a friend who is staying abroad, saying that he has accidentally locked his bank account and asking for your help. He asks you to send money to the account of his new friend or to send your credit card data so that he could make a payment. You call your friend but the phone is off. What should you do?

a) continue calling until your friend answers the phone;
b) try to contact your friend on several social networking websites;
c) make the payment yourself;
d) do nothing.

The best way to react is by ignoring the message. By answering such messages you may signal to the cyber criminals that you are an easy prey and they may continue approaching you.
To make sure that your friend and his accounts are all right, try to contact him directly. Your friend may not be aware yet that such scam e-mails have been going out in his name. There are things you can do to stop such scams.
You should definitely not make any payment unless you have spoken with your friend and made sure that the e-mail has been really sent by him. If you cannot contact your friend, do not make any action on the website provided as this is probably fake, designed for obtaining your sensitive banking information. You should never send anyone (not even your bank) your bank security PIN codes and credit card data through electronic channels.
According to the laws of Estonia, your should also inform the police of e-mail scams. Although such schemes are fairly common it is important that the authorities collect information on individual cases.

18. Credit card safety What should you do to avoid falling victim to fraud? Mark all the correct answers.

a) Do not let your credit card out of your sight when conducting a transaction.
b) Never answer an email that notifies you of an emergency situation and asks for your personal information, such as passwords, even if it looks like it is from your bank. Always call your bank and check the information.
c) If your credit card is eligible for a secure Internet shopping program (such as MasterCard Secure and Verified by Visa), prefer Internet stores participating in the program.
d) You receive an e-mail message with your bank’s logo, asking you to change your banking passwords for security reasons. If you are also asked to enter your old password, you can send them.

When it come to money and the risk of losing it, one cannot be overcautious. Your passwords belong to you as the account holder and your bank will never ask for them. All card transactions should be done before the owner’s eyes, not in some dark corner. When making Internet purchases, use a multi-stage security check if available. Never share you passwords or credit card data with anyone. This applies also to your old passwords and user names.
Parents should stop and think before they enter their credit card data in their child’s tablet. Some programs remember the data after you have once entered and do not ask it again for downloading updates, paying for points in games, etc. The little fingers are quick to click Yes but the child may not understand that there is real money involved. With younger kids it would be a good idea to set restrictions in their device so that any time they want to download a new app, the parents have to enter a password.

Many thanks to all participants!

The Cyber Challenge has been prepared on request of the Ministry of Defence, under the leadership of the Information Technology Foundation for Education in cooperation with IT Academy programme and Estonian IT College. The author of the Cyber Challenge questions, multiple choice quiz and explanatory texts is the Project Manager of the Digital Safety Laboratory of the Tallinn University, Birgy Lorenz.

Be sure to join the StudyITin.ee Facebook page from where you can find exciting and current information about what happens in the information technology and ICT area!