RSS Alerts

Related Links

Related Stories

  • Twitter, Facebook still suffering from internet packet delays
    The hacker attack on Twitter on Thursday afternoon UK time - which appears to have also spilled over to the Facebook social networking site - is now thought to have been the work of political activists who wanted to stop a pro-Georgian blogger - Cyxymu - from making his/her postings on the sites.
  • Social networking - a risk to information security?
    As the popularity of social networking sites continues to mount, it becomes increasingly important to consider the information security risks posed in the context of a wider data loss prevention and reputation management strategy. Cath Everett reports
  • Facebook profiles ruin chances of becoming a spy
    Facebook and other social networking sites are coming under fire for ruining the spy industry as finding new recruits without an online trail is becoming next to impossible, according to IT security specialist NCC Group.
  • Automated Twitter postings pose a severe security risk
    Twitter has again hit the IT security headlines, this time over the increasing widespread practice of automated retweets - automated repostings - by users of the social networking site/service.
  • Facebook hack steamrollers privacy settings
    Social networking site Facebook has fixed a potentially major security bug on its social networking portal software on Monday that, for more than two weeks, allowed hackers in the know to bypass user privacy settings on the service.
  • Face-off in Oxford
    Britain’s oldest university has become a flashpoint for students’ use of social networking and privacy, while companies debate whether to block or encourage Facebook and its rivals. SA Mathieson reports

News

RSA Europe: Social networking is the key to stealing an identity

21 October 2009

The realities of identity theft and the modus operandi of cybercriminals were explained to delegates at this week's RSA Security conference in London by Brian Honan, a principal security consultant with BH Consulting of Ireland.

In a practical ID theft security exercise that he shared with delegates, Mr Honan explained how a colleague - Marie Boran - set him the challenge of stealing her ID, but subject to the same parameters that an online fraudster would be limited to.

These working parameters, he explained, included not being able to directly contact her friends and family, and only having access to internet resources.

In his presentation - entitled `Knowing me, knowing you, how to steal an identity using Google" - he stepped through the procedures of using online portals such as LinkedIn, Bebo, MySpace, Flicker and Twitter, to mention but a few, to start to assemble a data file on Ms Boran.

“Where she had set her social networking profiles to ‘private’, I managed to get in via her friends. I found her date of birth via pownce.com, which was the key to stealing her identity”.

All online identities have a route, explained Honan, “normally a username or email address”.

“I found a lot of her professional information on LinkedIn, found a photo of her desk on PhotoSynth; which revealed a lot about her, and combining all of the information I’d compiled from various social networking sites, was able to register as her online at the General Register Office, which meant I was able to receive a copy of her birth certificate in the post”. This, therefore, would enable Honan to apply for a passport, mortgage, or driving license under her identity.

While Honan admitted that the process took him numerous hours, “there are tools available that will automate this process”. Sites such as 123people.com, pipl.com, friendscall.me, and maltego, are available to the black hat community to make the process of stealing an identity even quicker.

What goes online, stays online

“You need multiple security layers to protect your identity”, said Honan, “we’re leaving our footsteps all over the internet”.

The lessons that need to be learnt, advised Honan, include:

  • Personal data can reside on servers in the EU
  • Sites might not have good privacy policies
  • Data is permanent
  • Beware of social networking sites
  • Your friends can leak your information
  • You may not own your data
  • Data matching provides a full picture
  • Always review privacy statements and terms and conditions
  • Virtual world can impact the real world
  • What you put online can be used to hurt you
  • What goes online, stays online
  • There are no ‘secret’ questions anymore
  • It’s important to identify remote users
  • Revise acceptable usage policies for social networking sites

In conclusion, Honan told his audience that social networking security awareness is key, and advised everyone to “try and steal your own identity online”, in order to see just how easy it might be.

 

 

This article is featured in:
Identity and Access Management Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water