Robert Siciliano Identity Theft Expert

The Marines recently banned soldiers from using and posting information to social media sites such as MySpace, Facebook and Twitter. This is for 2 reasons. 1. They fear the insecurity of these sites may facilitate malware on government computers 2. Leaking military data. In many situations, for years and years, due to secrecy and strategy issues, military personnel have long been barred from informing friends and family of their locations or missions they may be on in handwritten letters, email and over the telephone. These measures are obvious to prevent leaks that would impede the mission and the safety of the soldiers.

Its no surprise that they have now banned social media from this type of communication. I recently reported on Sir John Sawers, the incoming head of MI6, the British equivalent of the CIA and his wife posting sensitive personal information to her Facebook page, including the address of the couple’s London apartment and the locations of their children and Sir John’s parents. Military personnel should held to a higher standard. We are talking about national security here and we cant risk leaks that would cause a loss of life.

Anyone who thinks this is absurd and military should be free to do what they want need only look at sporting events for affirmation as to why this communication should be banned. Every time I watch a baseball game or a football game and you see the coaches talking to players or the pitcher talking to the catcher they cover their mouths with a hand, glove or paperwork. Why? Because there are thousands of “lip readers” watching the event and are happy to report to the opposing team on what was just said giving the other team an advantage. You’d think after all these years of lip readers watching them cover their mouths that lip readers would just give up. But no, that’s not the case at all. There’s always someone watching, waiting, hoping for someone to screw up so they can give the other team an advantage. Social media is the advantage the bad guy has today. Somebody is always watching. Waiting.

Social media is built on trusting relationships. Exploiting this trust of a target through fake accounts or through friending is the art of gathering information that could be used in password attacks. If you ever forget your password and have to reset it, a lot of the questions asked in the reset process are based on information that is already in your profile. Further, many networks have default privacy settings that are wide open and require a manual setting to lock them down.

Dark Readings John Sawyer (no relation to the above, and a very smart dude) reports that researchers created a virus called “ZombieSmiles” that hooks victim’s browser using BrowserRider–a web browser hacking framework for exploiting and remote controlling web browsers. Once the users browser is hooked, the virus gives access to data through the Facebook API including access to friends, groups, wall postings and what apps they have installed breaching any sense of privacy the user believes they had.

There are many “scripts” built into social media such as “Java” which makes everything pretty and functional. Applications or “apps” that are games like ”Mafia Wars” open your profile up to others. When a user chooses “accept” to allow a 3rd party app to access their data, like when you are having your birthday and it tells others, you are opening Pandora’s box.

So if I refuse you when you send me an app, its not because I am rude or inconsiderate, its because I think the costs of allowing an app to access my data far outweigh the benefits of you sending me a “Happy Birthday”. No offense, I just don’t want my identity stolen.

If you use social media and regularly update your status or profile with pictures, video, or information about your whereabouts or daily routines, please keep the following advice in mind:

  1. Before you post anything online, think about what a hacker, stalker, employer, or potential employer could do with that data. Could an ex, who’s fighting for custody, use the data against you in court?
  2. Don’t give away specifics. Don’t post your address, date of birth, kids’ names, pets’ names, phone numbers, or any account numbers or financial information of any kind. You really shouldn’t even post childrens’ photos online.
  3. Do not tell the world you are going on vacation! Or if you’re just going to dinner or the beach and won’t be at your house for several hours, why would you let potential burglars know that you’re away?
  4. If you’re a “partier” and like to imbibe, informing the world that you just smoked a joint is not only one of the worst things you could do for your career, it also makes all your friends guilty by association. And don’t announce that you’re hungover, because after the age of 23, you ought to know better.
  5. Before posting pictures or videos, consider what a criminal or potential employer might see. Could they be used against you in any way?
  6. If you let your kids use social media, you must monitor every aspect of their Internet activities. Pick up McAfee’s Family Protection software and take control of your childrens’ Internet use.
  7. Take advantage of privacy settings and lock down your profile, so that only those who you approve can view everything.
  8. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  9. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano Identity Theft Speaker discusses a Facebook Hack on CNN

Be Sociable, Share!