Thursday, August 30, 2007

Facebook and Identity Theft

Here's one more little rif on a recurring theme of mine. Recurring because some things need reiterating in order to keep folks (read: some of my very plugged-in, younger online friends in particular) on their toes. Hey, every frippin' year I have to accomplish the same half dozen computer-based training (CBT) modules on "Information Assurance" or the "Protection of Classified Information" or some such, so surely someone did a study that showed it was necessary. Surely they aren't making me repeat it because they think I might just hit the "Next Page" button as fast as the current page will load. Not me.

Anyway, long before I started seeing warnings pop up on the internet associating the risk of identity theft with the propensity of today's young to share everything about themselves on social networking sites, I was busy trying to convince some acquaintances that answering all hundred or more questions in three or four online surveys several times a week might be a fun way to explore the projection of one's various personae, but it was not a safe thing to do in terms of protecting one's future bank accounts. I've even sounded a few of those warnings here, as in my Independence Day post, for example.

Today, as I was catching up on some technology news, I came across an interesting article posted on CNet, titled, Facebook users open to cyberattacks, ID theft? Here's an excerpt that pretty much reiterates the message I've been trying to pass on, including a frightening example of exactly what I've been saying was possible:

However, Olson and Rick Howard, director of intelligence at VeriSign's iDefense Labs, said a longer-term problem is users' openness with personal information on public forums.

"They seem to have no sense of privacy," Howard said. "We think it could go two ways. In the future, they're either going to decide they're embarrassed by all the information they've put out there, or they may decide it's just the way it is and (that) it's OK to put information out there."

In a "thought experiment" the two conducted in the United States before visiting Australia, Howard said they managed to acquire enough information on one young user to steal her identity.

"We pulled down one person's name--in this instance, a female--and everything she put out there," Howard said.

"In 15 minutes of doing Google searches, we were able to collect enough information to steal her identity."
What makes the young particularly vunerable, as I've noted before, is that they have no idea, yet, which questions among the hundred or more in each survey reveal potentially compromising personal information. "Where were you born? What was your first car? What is your pet's name?" These sound like safe things to tell people who really want to know more about you. Problem is, they also function as security questions for online identification.

If you're the sort of person who reads blogs, you're probably not the sort of person who needs this warning. But how about your kids? Do you visit their MySpace and FaceBook profiles? Peruse the bulletins where so much about them is out there for all to see? It's worth your time. Educate them now and you may save them some pain later.