David Kirkpatrick

February 19, 2010

The dangers of social networking

All those web 2.0 tools — blogging, Facebook, Twitter, MySpace (well, maybe not anymore), LinkedIn, Google Buzz (the new kid on the block), et.al. — are fun and somewhat addictive, but there are serious privacy dangers lurking in all that sharing.

Dangers as obvious as putting plenty of data out there for cybercriminals to harvest for phishing attempts and identity theft, not quite as obvious danger in putting discrete bits of corporate information out there in multiple locations that put together become useful to competitors, and even dangers as vanilla as broadcasting when you are home and not for local criminals seriously casing your home for a break-in.

That ought to be food for social networking thought.

From the link:

Pervasive social networking may herald the future’s most critical insider threat: cyber-chattiness.Individuals are simply revealing too much about their professional lives online. It might be possible, for example, to cross reference a Facebook post about a “big project that isn’t looking good” with other posts and piece together sensitive corporate information. And while a LinkedIn request for a job recommendation reveals a job seeker, two or more seekers in the same division could reveal company upheaval.

The threat from chatty insiders isn’t new, but a perfect storm might be brewing. Consider the following:

– People are broadcasting more of their lives online than ever before. More than 55 million status updates are posted every day on Facebook alone.

– A new batch of “Open Source Intelligence” tools now exist to help map out people’s lives and relationships.

– Lots of personal and business data online makes it easy for a hacker to personalize phishing attacks and in some cases, automate the personalization process. Tools and frameworks now exist to gather enough information about you online to custom craft emails that are very credible.

– Setting policies to stop employees from using these social networking sites at work doesn’t stop them from talking about work when online at home.

We are now starting to see some privacy stretch marks on the social networking bubble. Consider the case of Robert Morgan. Earlier this year Robert, a researcher at Microsoft (MSFT), updated his LinkedIn profile with details about his work on Windows 8 and its new 128-bit architecture. The problem was that Microsoft had never disclosed it was working on a 128-bit version of Windows (let alone working on Windows 8 or 9). This was a direct disclosure snafu made worse by the fact that anyone with an Internet connection could see it.