Not a day goes by, it seems, when Facebook and the opportunities it presents for cyber criminal activity, isn’t in the News. Not mainstream News, of course, since cyber crime rarely involves sex, or violence.
Mainstream media, where salacious and violent news reports rule the airwaves, determined, it seems to me, it had nothing to gain by advising you of the following, very unsexy, non violent, Facebook threats – all from this week incidentally.
‘LOL is this you?’ spam spreading via Facebook chat
Facebook scam: “I may never text again after reading this”
How to Spot Facebook Scams Like ‘Dislike’
Facebook Fires Back at ACLU’s Criticism of ‘Places’
Facebook Warns of Clickjacking Scam
But, throw Facebook and sex into the equation, and mainstream media are out of the gate as if shot from a cannon.
The discovery, that a pedophile ring which used Facebook as their communication channel had been broken up, and the perpetrators arrested, made headlines around the world, just yesterday.
And why not? This is the kind of news event that allows the media to exhibit their moral outrage and indignation. But, when it comes to occurrences that can effect you, if you are a Facebook subscriber, for example – no outrage; no moral indignation. Curious, no?
Maybe I’m missing something here. Could it be that there’s consensus, in the mainstream media community, that Facebook users who become victims of cyber criminals are getting exactly what they deserve?
At one time, I gave the benefit of the doubt to Facebook users, since most typical computer users (I believed), made assumptions that sites like Facebook, and other social networking sites, were essentially safe, and harmless – that Facebook, and others, were looking out for their users interests.
I’ve long since given up on this rather naive view of Facebook users lack of culpability in any harm they were exposed to though. I find it difficult to be supportive of people who throw common sense out the window, and behave irrationally on the Internet.
Despite my hardened view that Facebook users who fall victim to cyber criminals are not entirely innocent, I was still taken aback by the results of a study conducted, and just released, by BitDefender.
For study purposes, BitDefender asked the participants to “friend” a test profile of an unknown, attractive young woman.
Selected stats from the study:
More than 86 percent of the users who accepted the test-profile’s friend request work in the IT industry, of which 31 percent work in IT Security.
The most frequent reason for accepting the test profile’s friend request was her “lovely face” (53 percent).
After a half an hour conversation, 10 percent disclosed personal sensitive information, such as: address, phone number, mother’s and father’s name, etc — information usually requested as answers to password recovery questions.
Two hours later, 73 percent siphoned what appears to be confidential information from their workplace, such as future strategies, plans, as well as unreleased technologies/software.
Study methodology:
The study sample group included 2,000 users from all over the world registered on one of the most popular social networks. These users were randomly chosen in order to cover different aspects: sex (1,000 females, 1,000 males), age (the sample ranged from 17 to 65 years with a mean age of 27.3 years), professional affiliation, interests etc.
In the first step, the users were only requested to add the unknown test profile as their friend, while in the second step several conversations with randomly selected users aimed to determine what kind of details they would disclose.
Additional details on this study are available here (PDF), as well as on the MalwareCity blog post.
Given the state of the current, and increasing cyber criminal activity on the Internet, it’s almost certain that exposure to cybercrime on Facebook will continue to escalate, and with it, the dangers that this presents. Given the type of behavior reveled in this study, cyber criminals are sure to have a field day.
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.
Bill Mullins' Weblog - Tech Thoughts 
I can only laugh at the results of this study.
Imbeciles is not strong enough.
Idiots… yes that’s better.
Thanks Bill. This was scary but essential to know.
Hi Jose,
My working title when I was writing this article was “Facebook Users Are Idiots!”. In the end, I decided this title was too harsh. Looks as if I should have used it after all. 🙂
Good to see you here.
Bill
I’ve always been under the impression that mainstream media only reports stories that are “newsworthy.” Translation: Stories that are in the public’s “best” interest that will garnish the most views/viewers which can be translated into advertising dollar statistics. That’s why anything having to do with sex, drugs, spies and violent crime get top coverage. That’s why movies and TV shows involving these themes make a bundle!
As you point out, computer security stories that have nothing to do with sex, drugs or violence aren’t very exciting. If my book included those themes, it would be on the New York times best seller list! LOL
Hey Mr. Reiner,
Even my cats would rather watch movies with “sex, violence and coarse language”, so, no doubt you’re right. 🙂
Notwithstanding the lack of sex, drugs and Rock and Roll, your book “Owned”, is a must read for those concerned with safety on the Internet.
If you’re a reader – take a run over to Mr. Reiner’s site – http://misterreiner.wordpress.com/the-book/.
This must read book will teach you:
– Computer security and hacking basics – Why hackers are so successful at breaking into computers – The five different types of hackers – Advanced hacker techniques – How Trojans operate and hide on computers – Why computer security personnel do not detect hackers
Bill
Hi Bill ~ interesting
Friendship request from a fair-haired woman, aged 21: I read your two links expecting to find a bias towards males being more credulous, but apparently that’s not the case or it’s unreported. So it is all down to a trustworthy face &/or a face that the viewer can relate to in a comfortable way.
I would not be so hard on JUST Facebook users. The real people I know are still impressed by the clean haircut, shiny shoes banking/finance brigade despite all the damage those types have caused. I conclude that it’s human to lean towards trust even with perfect strangers & nature hasn’t built us to handle the modern world. This has given the dishonest minority a huge advantage.
My questions for Facebook users:
“What’s the point ? What’s missing from your life ? Why ?”
Hey Nightjar,
You make an excellent point “The real people I know are still impressed by the clean haircut, shiny shoes banking/finance brigade despite all the damage those types have caused.” The old adage “looks can be deceiving”, has always been true; but, it has never been more so.
“What’s the point ? What’s missing from your life ? Why ?”. All are serious questions that need a thoughtful and considered answer. Despite the hype, the fact that a “public” Facebook even exists, is a bloody good indicator that at least part of the World has slipped its moorings.
Bill
Hey Bill,
I still get targeted even though I don’t use Facebook anymore. The account was cancelled months ago. But just about every day, there in my inbox, “so and so” has sent you a message on Facebook, or a “friend request on Facebook”. The scum just never give up.
Cheers
I hear ya Mal.
I had a Facebook account for about 2 months early on (it took me that long to recognize what a tempting target it was for crooks; duh!), and like you, I’m still getting invitations. Just as you say “the scum just never give up.”
Best,
Bill
Bill,
Great article and discussion. Here’s my two cents. I was at first surprised that some very sophisticated users were willing to give the kind of information that was given. I think we have a clash of realities going on here. The first reality is that of human nature and how it’s natural for we humans to communicate, be friendly, flattered, and generous. The other reality is that nothing…repeat nothing on the Internet should be fully trusted. I believe we humans, with our human nature, want to be friendly, etc. so much that we do so in spite of the risk and danger inherent in the Internet. Possibly the reason the IT security participants gave up the information was that they were being human, and wanted to please this “young lady” so much that they were fooling themselves into believing what they were doing was safe, in some twisted way. So, there it is: my theory on the “clash of realities”, possibly the reason some people act so stupid on the Internet, and worth about two cents US.
Best,
Paul
Hey Paul,
Pleasing young ladies is a zero sum game – at least on the Internet. 🙂 But, I do agree “it’s natural for we humans to communicate, be friendly, flattered, and generous.” What I don’t understand though – with a continued emphasis being placed on Internet safety, how it is that IT professionals would totally disregard the most fundamental safety precautions.
Mr. Reiner, over on his site, has a great article Computer Security, The Blind Man And The Elephant ( http://misterreiner.wordpress.com/2010/08/28/computer-security-the-blind-men-and-the-elephant/), in which he discusses the question of professional competency – “Not all computer professionals have the same perspective or knowledge when it comes to computer security”. I think the answer to this puzzling question of how certain IT Pros can be just as gullible as average users, is there.
Great comment – thank you for expanding this conversation.
Best,
Bill