Sophos Cloud Optix
It was recently revealed that late last year, a fake Facebook account was created in the name of James Stavridis, NATO’s Supreme Allied Commander. The bogus account handlers successfully reached out and befriended several NATO, military and Ministry of Defence (MoD) members, according to several media reports.
You might think that Facebook is an odd place for such senior officials to hang out, but Stavridis is no stranger to Facebook. In October last year, he actually used the social media giant to announce his plans to conclude missions in Libya.
It is not like these guys were swapping military or government secrets here, but the fake account would have given the creators access to information that was supposed to be for trusted friends only. Basically, it is embarrassing and perhaps even a little worrying that those given the responsibility to be our eyes and ears were duped so easily.
Most reports say that Chinese spies are behind the attack. The Telegraph reports:
NATO officials are reluctant to say publicly wo [sic] was behind the attack. But the Sunday Telegraph has learned that in classified briefings, military officers and diplomats were told the evidence pointed to "state-sponsored individuals in China.
Whether Chinese spies were behind this or not, there are takeaways here to help the rest of us avoid being conned by similar bogus attempts to access our facebook information:
Five free tips to avoid falling for Facebook scams
- When you receive a friend request, don’t just blindly click on it because you recognise the person’s photo. Think of how easy it is to grab a picture of someone from the internet. Sniff out the contact by clicking on the name to see how legitimate the account looks and search for the person’s name on Facebook to see if more than one account exists for that person. Better yet, get in touch with the person by phone or email and mention that you received a friend request.
- Personally, I don’t feel that Facebook is a place for people to connect with everyone they have ever met. LinkedIn is perhaps more appropriate for work contacts. Facebook ought to be for friends, old and new, and family. So choose who you connect with carefully.
- Check your privacy settings regularly. Because Facebook often updates their privacy settings, defaults can be set automatically that are perhaps too lax for you. It is amazing to see how much some of us reveal to the unwashed public. A good way to check out what you are displaying is to defriend someone you know and trust, and then check out each other’s profiles to see what is shown to all.
- Not only are fake accounts set up on Facebook, but accounts can also be hacked. Stealing a username and password can be much easier if your password is weak or obvious. Check out this new podcast from Naked Security on passwords tips:
Listen now:(11 March 2012, duration 14’35”, size 10.5MBytes)
Listen later:
- Avoid accessing your account from untrusted places like cybercafes or airport consoles. Try to only access any account which holds important information or requires a username and password from a device or computer that you trust.
Add as Friend courtesy of Shuttershock
Screenshot of James Stavridis’ Facebook page courtesy of Facebook
One tip: create another account for yourself and test the privacy of your main account.
"It is not like these guys were swapping military or government secrets here," … we hope perhaps they did it's very unlikely but a stray PM here or there … I believe loose lips sink ships still counts?
… if people tweet pictures of their private parts to perfect strangers, it is likely that military officials are providing coordinates for our satellite systems, usernames and passwords to get into those system, and the answer to the secret reset password questions to one another over Facebook. I have zero confidence that people use any sort of common sense to take even the slightest precaution to protect themselves online.
I’d say Facebook offers preview of what your profile looks like to strangers (the public). Why de-friend anyone?
Yesterday my wife got two friend suggestions from Facebook. They are people she knows, but who have no shared connection with anyone else on Facebook. She has only ever texted, telephoned and emailed those two people using her Gmail account. What possible algorithm could Facebook have used to suggest those two people? One person, maybe a far out coincidence, but two people on the same day strongly suggests to me that either the Facebook app on her iPhone has access to her address book, or Facebook and Gmail share information, which seems extremely unlikely to me.
Any ideas what to look for, where the leak may have happened?