Cautionary tales from the social-networking universe
Column: Cybercrooks shadow Facebook and other sites in order to steal from individuals and companies.
Martin Gee/San Jose Mercury News/MCT/NEWSCOM
Ah, social networking. It’s become the fabric of today’s Internet generation. Don’t have a Twitter account? Heavens, even Sen. John McCain has a Twitter account. Signed up with Facebook? Only losers don’t have a Facebook account. MySpace? Not bad, but it’s so five minutes ago.
But as lovely as social networking may be, there are a few problems. One of the biggest appears to be that you can kiss your privacy good-bye.
Now, I’m not talking about the predilection of some people to share intimate details about themselves on social networking sites. I’m actually referring to the other things that might help contribute to your financial ruin.
Those most enthusiastic about social networking are cybercriminals. They drool at the prospect of seeing the personal information of the 175 million people on Facebook. And they know how to use that information.
For example, cybercrooks take great interest in the names of pets or grandparents on Facebook pages. That’s the kind of information that banks and credit-card companies use to verify who you are when you bank online.
“There are so many people on social-networking sites that it is becoming profitable for bad guys to go there,” David Perry, global director of education at software security firm Trend Micro, recently told Agence France-Presse (AFP). “Bad guys can see all the things you post. You may be revealing personal information that is extremely valuable.”
Now Facebook has made revealing personal information even easier. This past week, it announced that users can change their privacy settings so everyone can see their profile. The company was actually responding to a request from many users who wanted the ability to share their information with even more people.
As I said, cybercrooks are drooling.
Now, I’d like to believe that people would be smart about their privacy control settings. I’d also like to believe that AIG was only thinking of the public good when it gave out bonuses. I am always guided by the words of a security expert at Carnegie Mellon’s cybersecurity unit who said to me years ago, “Given the choice between computer security and dancing penguins, people will take dancing penguins every time.”
Which brings us to Koobface. Aside from being a mildly clever riff on the word Facebook, Koobface is a computer worm that allows hackers to get hold of your passwords and do bad things on your Facebook account.
The most recent Koobface attack came in the form of a message claiming to be from friends that wanted to share digital video of the recipients. It prompted people to download viewing software in order to see the video. But what it really downloaded was Koobface.
“It steals your cookie on your [PC] – not just for Facebook but for a half-dozen social-networking websites including MySpace,” Jamz Yaneza of Trend Micro told AFP. “Your account is compromised at that point. Using the hijacked cookie, it tries to log in as you, goes through your address book, and starts posting messages and comments.”
Aside from bad guys trying to obtain personal information, there is the tendency by some to scan social-networking sites for what people are saying about their employers.
The Toronto Globe and Mail ran a story Monday about Twitter being the “new office gaffe trap.” Worse, people tend to share information about the internal workings of their companies. Netragard, an “ethical” hacking company, says it can gain access to any company’s most important data within minutes by using the information that is freely available on Twitter, Facebook, and other social networking sites.
Then there is the “who owns the stuff that you post” question on social networking sites. Facebook recently ignited a firestorm when it tried to change its terms of service to claim ownership over any content subscribers uploaded to the site.
To its credit, Facebook backed off and has asked its users to give it suggestions about how to resolve this issue. But as sure as flowers bloom in the spring, you can bet that social-networking sites, eager to make a buck off their free services, are going to continue to push the envelope on who owns the information posted on their sites.
So what can you do? Be smart. Once again, follow the maxim “don’t put anything on a social-networking site that you don’t want to see on the front page of the local paper.”
Don’t gripe about your boss or company online. Don’t talk about company business. Don’t share information that cybercrooks might use to gain access to your back accounts or credit cards. And don’t click on links that ask you do download software, even if it comes from a friend. Check with the friend first to make sure they actually sent it.