Interpol Chief's Identity Spoofed On Facebook

An anonymous reader writes "Ronald Noble, Interpol's Secretary General, has revealed that cybercriminals have opened two fake Facebook accounts using his name and used them to gather sensitive information. 'One of the impersonators was using this profile to obtain information on fugitives targeted during our recent Operation Infra Red,' Noble said. 'This Operation was bringing investigators from 29 member countries at the Interpol General Secretariat to exchange information on international fugitives and lead to more than 130 arrests in 32 countries.'"

I don't get it

[something_wicked_thi]

How does spoofing his identity on Facebook help? Was someone dumb enough to send confidential information regarding a criminal investigation to one of these spoof users via Facebook? Please tell me that's not the case. But the article is short on details and I can't think of any other way such a spoof would cause any kind of leak.

Re:I don't get it

[Nursie]

My thoughts exactly.

If this scam actually netted them any info then whoever provided it needs to be hung out to dry. This is ridiculous in the extreme.

Re:I don't get it

[Thanshin]

Was someone dumb enough to...

The answer to that question, however you end it, is most often "Yes".

Re:I don't get it

[h4rm0ny]

Apparently the whole summary is shit. According to the actual statement, someone attempted to impersonate him on Facebook and attempted to get information on the operation. There's nothing to indicate that anyone was stupid enough to actually fall for it. Of course they might have been, but there's nothing that backs up TFS's implication that this actually happened.

Re:I don't get it

[AVryhof]

I wouldn't be surprised. While at drill this weekend, I learned that one of our people got activated, and her CO told her in a Facebook message.

These types of things, as well as poor computer security practices in security agencies bother me.

Context

[cappp]

The context of the statement

In short, INTERPOL is ideally positioned to represent law enforcement interests in developing global information security standards, as well as to assist in the implementation of such standards across its membership, including by developing specific standards for the police community.

But as you all know, even with the best standards in place, security incidents can always happen.

Just recently INTERPOL’s Information Security Incident Response Team discovered two Facebook profiles attempting to assume my identity as INTERPOL’s Secretary General. One of the impersonators was using this profile to try to obtain information on fugitives targeted during our recent Operation Infra Red. This Operation was bringing investigators from 29 member countries at the INTERPOL General Secretariat to exchange information on international fugitives and lead to more than 130 arrests in 32 countries.

This is why we constantly need to share our experience. INTERPOL’s Information Security Incident Response Team is a member of the Forum of Incident Response and Security Teams –– or FIRST ––, which I assume most of you know. Being a member of the FIRST enables INTERPOL to learn from the experience of other members and to share our own experiences for the benefit of others. But again, it is also a way to draw bridges between the police community and information security professionals from the private and public sectors worldwide.

Also note that the actual statement says the impersonator was trying to gather sensative data, not quite the success as implied in the summary. The whole speech is available as a pdf here.

I don't know about the rest of you but one of the original reasons I grabbed a Facebook account was to prevent just that kind of thing happening - the same reason I've registered the most obvious forms of my name in as many social networking and emailing services as possible - if I hold the accounts then I possess some control over other people's ability to misrepresent themselves as me.

Re:Context

if I hold the accounts then I possess some control over other people's ability to misrepresent themselves as me.

Oh and I forgot to add... This is especially important to control rumours about the goat incident.

cappp (sorry, I just logged out)

Re:Context

[cappp]

Well played my anonomous adversary, well played.

Only an idiot ....

[yams]

... would use Facebook to provide police level information, even to someone they know. At the least, they should be using an SSL secured e-mail service, if not the Interpol website (which, I hope, is SSL secured).

Hmmm

[object404]

Y'know, one thing to come of this is that it's probably a good idea to create accounts in social media/networking sites even if you'll never use them just to "reserve" your identity and to deter impersonators a bit, kinda like reserving domain names before cybersquatters bag them. Use a separate "throwaway" email account for them.

That way, if someone creates a fake account in your name, if people see that there's more than one account which has your name, it will give them cause to suspect that one of them is fake, making them more wary against fake accounts.

Re:Hmmm

[Psaakyrn]

Too bad names aren't exactly the unique thing they are, not is it possible to determine what future site/media will be the next big thing, nor are all social media/networking sites free.

Come on

[antifoidulus]

Everyone knows that REAL international police chiefs only communicate via messages that will self-destruct in 5 seconds.