A top cyber security expert tells you how to be safe on social networks

David GewirtzEvents of the last few weeks have shown the world how important social media can be. Most of the news about events in Iran have come from Facebook pages and Twitter. Some are even calling the events in Iran a social media revolution. We can only imagine how vital these links are to those in that besieged country at this time.

But there’s a dark side to social networking too. As Facebook and Twitter become more poular there are those who would use them to scam, rob, and do worse. There have been reports of criminals using Twitter and Facebook to track peoples’s movements to rob, stalk, and assault them. Even now cyber criminals are at work on ways to exploit social networking.
 
Social networks are a fun and exciting way to reach out to friends and family, but they are also a potential dangerous place. Learn to protect yourself. Don’t miss a word of this interview with David Gewirtz.  
 
David Gewirtz is the Cyberterrorism Advisor for the International Association for Counterterrorism & Security Professionals and a columnist for The Journal of Counterterrorism and Homeland Security. He is a member of the FBI’s InfraGard program, the security partnership between the FBI and industry.
He is also author of the book, Where Have All The Emails Gone? How Something as Seemingly Benign as White House Email Can Have Freaky National Security Consequences, which explores the controversy from a technical perspective.
 
DD: What are the dangers of social networking on Facebook and how can you protect yourself?
DG: I’ve broken it out into four categories: employment, reputation, malware, and physical risk.

On the employment side, saying the wrong thing online can lead to career suicide, especially since employers and prospective employers are likely to see what you say. There’s also liability issues if you say something about an employer, someone who might be in litigation with your company could use your statements against them.

On the reputation side, something you say now could haunt you for years into the future. People have been known to post the most inappropriate things, which then stick with them for years. Imagine dating someone and having them do a Google search and the first thing they find is the day you got dumped, and so you posted about how much you hate the opposite sex. Or something you did that was borderline illegal. If you want a big job, sometime in the future, these posts could keep you out of the game.

Malware, phishing and identity scams can cause you serious financial loss. Posting personally-identifiable information helps criminals build a profile about you, and enough awareness about your friends, interests, habits that they can pose as someone you know and con you out of way too much money.

In the case of physical security and stalking, social networks give stalkers and other scary people an almost minute-by-minute update on your habits and haunts. Even thinking about that is scary.

There are two rules to protecting yourself: think before you post and don’t post personally-identifiable information, such as addresses, phone numbers, and especially birthdates.

DD: In a recent article you mentioned new scams that involved online banking. Can you describe how these scams work and what should we watch out for?
DG: Oh, they are legion, changing constantly, and highly creative. One of the most common is called phishing, where a criminal organization tries to fool you into thinking your on your bank’s Web site when, in fact, you’re on a clone that looks identical, typing everything they need to suck you dry. There’s a form of phishing calls spear phishing, where criminals target specific individuals by gathering lots of detailed information and using that in the scam.

What to watch out for: don’t give out personally-identifiable information and don’t go to your bank’s web site from an email or Facebook posting.

DD: Recently, I received emails claiming to be from one of my email providers claiming they were going to delete all of my email if "I did not take action” and they needed my user name and password.  I’m a little paranoid, so I deleted it and checked that my Norton was on. Is this a new type of scam?
DW: Yes, it’s a scam. Even if it weren’t, which would be worse? Losing all your email or letting some criminal have access to your email identity and then do things like retrieve passwords to your banking system? But it’s a scam. No legitimate provider will ever, ever, ever ask you for your user name and password. Ever.

DD:  How can malware enter your computer if you use good security software such as Norton or similar, and keep it updated. Are you still vulnerable to attack?
DG: Yes it can, and that’s something very scary. Much of the security source code for our anti-virus and anti-malware products has been provided to nation states suh as China as a condition of being allowed to sell into their country. Of course, those countries are often the ones that do the online scamming and penetration, so it’s kind of like hanging your house key on a ribbon on your front door.

The best answer is to keep updating virus definitions and keep paying attention to the security space as more and more information is known. This is an arms race and as the good guys develop protections, the bad guys develop penetrations and on and on and on. I know it’s scary. I wish it weren’t.

DD:  There are obviously some vitally important news applications to Twitter, but it seems very unwise to broadcast one’s movements on an open network. Have there been security problems resulting from these practices? And are there precautions that people should take when using Twitter to avoid being victimized?
DW: Yes. I strongly recommend being somewhat circumspect with your movements. If you want to tell people you’re going to a restaurant, it’s perfectly fine to tweet "I’m going to a restaurant". But don’t specify which one. But, really, there’s no good reason to be that public about your movements. Remember, Twitter and Facebook aren’t relations just between you and your friends. Everyone can see what you say.

DD: I make it a practice to post events only after they have they happened on Facebook. I also follow this practice in my column.  I am not worried about my friends’ behavior, but I have no way of controlling who they allow to see their pages. Am I being paranoid?
DW: As much as we’d like to say there’s no risk, imagine if you’ve got a jilted boyfriend or someone who’s been stalking you. Back before I was married, I dated my share of wackos and had one or two scary stalking situations. Now, I’m a big guy and can handle just about anything, but if you’re not able to protect yourself, letting someone who’s out to do you harm know exactly where you are is dangerous.

Even letting people know where you’ve been can be an issue if a habit profile can be derived. Better safe than sorry. Besides, how many people really need to know what you had for lunch today? Really?

DD:
What aspects of social networking seem the most benign, but are actually the most dangerous?
DW: I think the term "friend" in Facebook is a real problem because somewhere, deep down in our animal brain, once we hear "friend", we think the people on the list are people to trust. I would far prefer Facebook use the term "contact" or "connection" or even "people I know". Also, now that people "friend" me, I have to think about who of these people I want to have it known are my friends.

I wrote in FrontLine Security that I don’t use Facebook all that much, but generally have allowed fans to "friend" me because it just seemed polite to honor their enthusiasm for my work. But when I looked at one fan who asked to friend me who happened to be from Europe, I noticed his Facebook page said he was a member of the Communist party. Now, I work with homeland security, law enforcement, and am part of a special FBI program and the last thing I wanted was a so-called friend who was a Communist.

I had another instance of a fan who I’d allowed to friend me who suddenly sent me an invite to attend his birthday party, where (and this was obviously a joke) "turning 27 means party hats, heroin, and dead hookers". Even in jest, I can’t have someone who says stuff like that as a friend or even a "friend".

In both cases, I didn’t know these people.

There are a bunch of other risk areas, but I really think the questions asked like "What’s on your mind?" and "What are you doing?" can be the most risky. Speaking personally, it’s never, ever a good idea for me to share what’s actually on my mind! Although, sadly, if you really were able to look inside my head, you’d probably see a mix of images of my wife, big, juicy steaks, chocolate, and the latest Playstation games.

DD: Finally, how can we interact, do business, keep in touch –and be safe? Is it too much to ask?
DW: It’s really pretty simple. Be smart. If you wouldn’t run naked through your local town hall or library with your whoo-hah showing, you probably shouldn’t do the verbal equivalent online. Be a little paranoid. If you wouldn’t give your car keys to every stranger you encounter, don’t give your passwords out to every email you get. If you wouldn’t bring someone’s can full of rotting garbage into your home just because they asked, so don’t open attachments or run programs just because someone asks you.

As Ronald Reagan once said, "trust, but verify". Interpreting what he meant for today’s world: keep an open mind, but don’t let an open mind also be an open wallet or open computer.


For more information abut David Gewirtz or security related issues http://www.davidgewirtz.com
 
Share



TMI! Too Much Information!

Terry Milk Facebooks with the bestDarlings, I am no fan of the current cult of “too much information”. I have cringed a lot over the past decade. I have squirmed inwardly as women at cocktail parties — or worse, at the water cooler — have described their partners’ shortcomings as providers and lovers. I have sat in amazement as women I hardly know disseminated the most intimate details of their lives to me or anyone else who cared to listen.
 
Why am I surprised? From Oprah’s informative forums to Jerry Springer’s emotional Circus Maximus, it has become de rigueur to bare it all. Many faded careers have been revived through tawdry tell-all confessions. F. Scott Fitzgerald was wrong. Not only do American lives have second acts; the closer they are to a Jackie Collins novel, the better the public likes it.
 
Chatting with a trusted personal friend may be the only tried and true way to keep your sanity when hitting a rough patch personally or professionally. But spilling your personal business to all and sundry isn’t only ill-advised, it is plain tacky. In any relationship a lady owes her partner and friends loyalty and discretion. Losing your temper and being aggravated doesn’t rid you of that obligation, nor is it smart. It’s funny.
 
Our culture of too much information is pervasive and it is getting worse. Many people today loathe the telephone; they prefer email and texting. Facebook and Twitter are increasingly popular.
 
I use Facebook, but I am cautious about Twitter. Does anyone really need to know that much about my day and thoughts — or anyone else’s? I have been reading tweets from all types of people. I find most of it is drivel. Much of the content on the Facebook pages of many celebrities is just a desperate attempt not to slip out of the public consciousness for one minute, lest they lose their precious and lucrative celebrity. But is it interesting? Not a lot is, even from otherwise interesting people.
 
I like Facebook. It is a wonderful tool to communicate with friends you can’t see every day. It is fabulous for finding for old friends you may have lost touch with over the years, or been too busy to keep up with daily or weekly. It’s also a wonderful way to take part in discussions and share information with diverse groups and people.
 
I am fascinated by a journalist friend who has a vivacious ongoing conversation with many diverse friends on her Facebook page. She is always posting interesting articles, photos, and other media. She understands the potential of Facebook and how to use it. I think she personifies in the nicest way the expression “food for thought.”
 
I also adore the way some younger friends use Facebook to express and share their frustrations and make their social plans. For them, it is a shared social diary and a legal graffiti wall. Divine.
 
Many of my contemporaries are remarkably adept at Facebook. Perhaps it’s not surprising, as most of us are in communication or musicians and artists. Just try to shut us up. 
 
What I find interesting is that no one I know has been inappropriate on Facebook. Even the youngest and most uninhibited of my Facebook friends have not done anything I would be concerned about an employer seeing. Granted, when a few of my younger friends were in college there may have been a few more risqué photos posted on their pages, but nothing too X-rated. They quickly learned to edit themselves. But there have been no public breakups, drunken photos, or smutty language. Trust me this is not a dull unattractive bunch of young folks. They are darned good-looking and savvy – with a full quota of personal and professional drama. But they also have manners, judgment, and personal dignity.
 
It will be interesting to see where Facebook and Twitter lead. A media-savvy friend recently posted an article that exposed marketing scams on Twitter. It seems that people are paid to send positive tweets to push certain products. The same thing used to happen with blogs. Readers were fast to catch on to fake bloggers. It seems phony tweets are easy to spot, too. Facebook is a huge marketing tool.
 
As I stated, I find much of the content on commercial pages or celebrity pages dross. I think it’s as clear as glass when someone is writing just to stay visible or build their public profile. In the same way, it is just as apparent who are the "friend collectors" on Facebook. You know people who want as many friends as possible; they friend anyone and everyone. It is a simple thing to remove a friend, as I did with a developer who flooded my page with junk designed to build her marketing vehicle.
 
One thing Facebook does well is sort out those with something to say from those who have little to say. Some time ago, I had lunch with Bethenny Frankel of the New York Housewives, she told me she was quite proud her blog on Bravo because she wrote it herself. She said that she had been told by the Bravo producers that it was popular because it sounds just like her; it other words it is authentic. I like her blog because she always has something smart to say.
 
Broadcasting or sharing (and I find that a squirmy word) too much information is unfair, unwise, and undignified. A lady always has a touch mystery about her. If that sounds too old-fashioned for this sexting, texting, tweeting age, then try this street smart 70’s maximum: “Be discreet, keep you business out of the street.” I promise you my darlings, you will never regret what you don’t say.
 
 
 
 
 
Share