How social networking can hurt you

[Ellipse]

Let's put aside all the positive reasons to use
social networking services and focus on the
dark side. Most of the time, users don't even
realize how much private information they're
sharing over these services. There have already
been stories about people Twittering or
posting on Facebook that they're on holiday
and getting robbed, but the problems don't
end there.

At RSA Conference Europe 2009, Dr. Herbert
Thompson talked about how attackers are
launching innovative attacks against individuals
and companies using the information
shared over public social networking channels.

Dr. Thompson provided real-life examples
where he was able to break into online accounts
of several people (with their permission,
of course). He didn't use complex tools
or some esoteric hacking techniques, but
rather focused on publicly available information.

The problem is even larger when you realize
that you might not even be the one divulging
the information. Maybe you're the kind of user
that doesn't use Facebook, doesn't have a
blog and avoids being photographed. At the
same time, your e-mail password reset question
may be: "What's my mother's maiden
name?". This kind of data may be shared by
other people you know and it could become a
security problem.

The lesson to be learned here is that online
hygiene doesn't necessarily depend only on
the information you share, but it depends on
everyone around you. If you don't have a
Facebook page but a friend posts any personal
information related to you, it can come
back to haunt you.

We live in interesting times, in which we need
to control not only what we do online, but also
keep track of the information others are making
available online.

Should we define a set of security policies for
our friends? Surely, that would be a tough
thing to implement.

http://www.net-security.org/dl/insecure/INSECURE-Mag-23.pdf

 

[JonnyRadar]

Ellipse, thanks for posting this. It caught my eye because I just deleted my Facebook account a couple weeks ago. Couldn't feel better about doing that. :D

Regarding monitoring, don't know exactly how to say what I'm thinking, but I've been operating for a while under the premise that everything I say and do online is monitored, no matter what. IMO, instituting personal "security policies" wouldn't be that effective against battling the modern surveillance state, but only low-level identity thieves and hackers. If someone who's skilled at hacking/info-gathering really wants your info, they can get it, socially networked or not.

I could be wrong here, but I think the "bad" issue with social networking sites is the detriment to cognitive thinking and memory. People are "data dumping" their memories onto their web profiles so they don't have to retain the information in their own head. That, combined with television and all the other methods of mass hypnosis, is creating a generation of people who are cognitively "illiterate" while being highly "literate" with technology and screen interfaces.

I have students that, if I stop the lecture for say, 30 seconds, will have Facebook or MySpace loaded up and logged in before I can even look up to see who's paying attention. They're highly proficient with using the technology, but try to get a critical discussion going and there's nothing but blank stares. This for me is a worrying disconnect between cognitive ability and technological ability. Or else my lectures are just that boring. :P

My personal opinion is that monitoring and identity theft are par for the course in this world we live in, and trying to fix these problems while the technology that helped spawn them is still going strong is like spitting into the wind. But I'm willing to be wrong, perhaps security policies can allow social networking to be usable and safe in terms of privacy. As kind of a weak metaphor - we have seat-belts and airbags for automobiles, but tens of thousands still die in them every year. Safer, yes, but not ultimately "safe."

Should we define a set of security policies for
our friends? Surely, that would be a tough
thing to implement.

I'm curious what you had in mind. I think if the policies are implemented from the top-down (i.e. gov't and corporations), then they still have access to said information. And if the policies are implemented from the bottom-up (i.e. users and independent security folk), then the PTB will only push harder to standardize the policies and usurp them for their own purposes. Kind of a "damned if you do, damned if you don't" attitude, but that's how it strikes me.

 

[Ellipse]

Hello JonnyRadar,

People are "data dumping" their memories onto their web profiles so they don't have to retain the information in their own head.

Really interesting thought.

Quote from: Ellipse on Yesterday at 15:10:36
Should we define a set of security policies for
our friends? Surely, that would be a tough
thing to implement.

I'm curious what you had in mind.

For my part, I think, if we explain our friends the dangers of spreading their own informations through the web, we are more safe ourself.

19 11 94, about Atlanteans:

Q: (T) Did they lose control of this power?
A: It overpowered them the same way your computers will overpower you.

I think the lost of control of our informations in the net is part of this and giving attention to it is worth to pay attention ans spread the word. And, very important, is a way to avoid attacks.

 

[Arne]

Social networking is probably something that feeds Total Intel _http://www.totalintel.com/content/global-fusion-center with data for its Global Fusion Center. This "Hire a spy" company, with connection to CIA and Blackwather, offers anyone with the money total intelligence from the world.

_http://www.totalintel.com/content/global-fusion-center

The Global Fusion Center, or GFC, is a full-scope intelligence center monitoring the following functional areas:

* Political Violence
* Infrastructure Protection
* Geopolitical Developments
* International Criminal Activities
* Social Instability
* Political Conflict
* Environmental & Health Threats
* Macro-economic Surveys & Risks
* Information Operations

The GFC produces a steady stream of intelligence and analysis, and is staffed by subject matter experts who utilizes robust data feeds, cutting edge tools, and the appropriate workflows to track and monitor global events.

As the primary point of contact for our clients, the GFC allows for a joint analytic community between client and TIS, and ensures that all TIS operations are fully integrated, mutually supportive, and sustaining. Therefore, the GFC ensures that all TIS deliverables, be it a customized training module, an IT network security solution, or a due diligence activity, are fused with the latest intelligence, and all TIS clients benefit from the latest analysis.

Total Intelligence Solutions’ Global Fusion Center is the core of our operations, the link to our clients, and the source of our intelligence. Its fusion ensures that our deliverables are timely, tailored, and predictive and its intelligence-centric design guarantees value for our clients.

Combinding this with the best dataprossesing money can by it will give you a fairly accurate picture of the grand chessboard. I dont think they´re at the capasity of prosessing non-linear occurences yet, but you never know what technology the secret team got. And with Cofer "The Black Group" Black and Erik "Blackwater" Prince on board they probably have access to some high level info. Cofer Black could easy get some backdoor access to many of these social networks where milions now are storing their personal doings. His background is very interesting. Everywhere he went destabilisation occured..

_http://en.wikipedia.org/wiki/Cofer_Black

In 1993, Black transferred from London, England to Khartoum, Sudan, where he served as CIA Station Chief until 1995. This was at a low point in U.S.-Sudanese relations, particularly over the latter country's sponsorship of terror and the harboring of Al Qaeda founder Osama bin Laden. Black oversaw the collection of human intelligence on terrorist cells and support structures, and toward the end of his tenure, he was targeted by Al Qaeda for assassination

Note his role as Counterterrorist cheif prior to 911...

In June 1999 CIA chief George Tenet named Cofer Black director of the CIA's Counterterrorist Center (CTC).[4] In this capacity, Black served as the CIA Director's Special Assistant for Counterterrorism as well as the National Intelligence Officer for Counterterrorism.[5] Black's promotion was a part of Tenet's grand "Plan" for dealing with al-Qaeda.

And now they are selling high level intel to the highest bidder..