Criminals Exploit Social Networks Like Facebook

Wednesday, October 06, 2010

Robert Siciliano


The sage advice used to be “don’t tell the world you are on vacation via your outgoing answering machine.” Then we pretty much eliminated answering machines and the advice pertained to voicemail.

As we got more technology, the same message was don’t tell the world you are on vacation via your emails auto responder.

For a few years now I’ve been warning people about how vulnerable they are when they post their whereabouts in social media. And it looks like the bad-guy figured it out and is taking advantage of peoples’ naiveté.

In Nashua, NH, police busted a bunch of burglars they say used Facebook as a tool to gather intelligence on who is home and who is not home.

Police said they recovered between $100,000 and $200,000 worth of stolen property as a result of an investigation.  Police said there were 50 home burglaries in the city in August.

Investigators said the suspects used social networking sites such as Facebook to identify victims who posted online that they would not be home at a certain time.

Be careful of what you post on these social networking sites,” said Capt. Ron Dickerson.

“We know for a fact that some of these players, some of these criminals, were looking on these sites and identifying their targets through these social networking sites."

It is obvious to me that none of these homes had home security systems, alarms or cameras.

Due to the fact they were successfully burglarized. And once an intruder enters your home and does their dirty deed, your “castle” and how you feel in it is never the same.

Protecting yourself is real simple. Be cautious about what you post on social media and consider an investment in a home security system.

Robert Siciliano personal security expert to Home Security Source discussing Social Media and giving out to much information on the CBS Early Show. Disclosures.

Possibly Related Articles:
Security Awareness
Facebook Social Media Cyber Crime
Post Rating I Like this!
David Kennedy I hate to ruin a perfectly good fairy tale, but the facts on which this are based bear a striking resemblance to bovine digestive effluent. What's worse, this has been known to those who pay attention to such things for almost three weeks.
Robert Siciliano David,
If you had a degree of intelligence you would have noticed that the exact story you used to try and negate my point, made my point. Ive written extensively about this issue before it was an issue and today more than ever Facebook is being used as a tool to gather intelligence on both sides of the law. And for you or any security professional to discounts its effects on the ability of the bad guy to use it to penetrate you or your organization means it's just a matter of time before it's successfully used against you.
Anthony M. Freed Robert - I agree with your assessment completely. And the fact that "this has been known to those who pay attention to such things for almost three weeks" has absolutely nothing to do increasing awareness amongst those who do not "pay attention to such things" - which is clearly the intended audience for your article.

Perhaps Mr. Kennedy will take this opportunity to avail us with some cutting edge revelations in a post of his own, thus contributing to the edification of our readers, as opposed to simply dishing nonconstructive criticism on the contributions of others.

What do you say. Mr. Kennedy? Would you do us all the favor of regaling us with an article of your own, or have you already exhausted your moxie?

Contact me for details on content submissions...
Bob Galley I could see where WMUR failed to supply details in its goal of sensationalizing the crime. Capt. Dickerson's quote, and the sentence above that, "Investigators said the suspects used social networking sites such as Facebook to identify victims.." both imply that the burglars randomly trolled Facebook. The Business Insider article states, "[The reporter] e-mailed Nashua, NH detective Dan Archambault, who told [him] that only two of the cases involved Facebook and in each case, 'one or two of the suspects were Facebook friends with the respective homeowners.' " In fact, it's WMUR's sloppy reporting that the BI reporter, Jeff Jarvis, slams.

Now, that doesn't repudiate Robert's article; it merely adds the details of "Don't set your status message to Everyone (or even Friends of Friends)" and "Be careful who you add as a Facebook Friend." Essentially, control what you give out and to whom.

In the BI article, it quotes a Facebook PR employee on how to use status updates to assist when the user goes on vacation. The user can create a group, say "Trusted Neighbors", and post a FB status just to that group when the user goes on vacation. Thus, the people in the group know to watch the house while the user is gone.

Personally, setting the default security on your status updates and photos - particularly Mobile Uploads - are key. If nothing else, create a "Trial Friendship" group and set it as the exemption to pretty much everything. That way, that new Mafia member or Farmville neighbor won't see the upload of you at the tourist attraction or the post about how your team's losing at the ball game you're attending.

Granted, if that "game friend" is really a potential thief trolling for info, they will see the converse -- they'll know when you /are/ home by the game-related notifications.
Robert Siciliano well said Bob
Anthony M. Freed Great points Bob. And in - ugh - "defense" of Facebook, they are making efforts to give users more control over their profiles and the applications that access them.

I think we all agree that the best defense is understanding risks and acting accordingly.
Katie Weaver-Johnson Good post Robert and I think it is critical that we continue to bring attention to stories like these to help educate Users on the risks of social networking sites if not used correctly. Users need to think twice before posting sensitive information, details, etc. online regardless of whether just their "friends" can see it or not.

Like Anthony said, the best defense is ongoing awareness (understanding risks and acting accordingly).
Christine Stagnetto-Sarmiento I agree with you Anthony. I have my profile in Facebook, but some pictures, and no more information. Also, I am not in a searching public website for them.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.