Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chinese Spies Used Fake Facebook Profile To Friend NATO Officials

Posted by samzenpus on from the keep-your-friends-close-and-you-friends-list-closer dept.

An anonymous reader writes "Late last year, senior British military officers, Defense Ministry officials, and other government officials were tricked into becoming Facebook friends with someone masquerading as United States Navy admiral James Stavridis. By doing so, they exposed their own personal information (such as private e-mail addresses, phone numbers, pictures, the names of family members, and possibly even the details of their movements), to unknown hackers."

31 of 117 comments (clear)

  1. Facebook is secure against hackers? by Anonymous Coward · · Score: 5, Insightful

    Who knew that if you weren't friends with someone, they couldn't see your data. Hmm. Seriously though. Senior NATO officials have Facebook pages! Dumb! Their private information is on those Facebook pages? Dumber...

    1. Re:Facebook is secure against hackers? by geekmux · · Score: 4, Insightful

      Who knew that if you weren't friends with someone, they couldn't see your data. Hmm. Seriously though. Senior NATO officials have Facebook pages! Dumb! Their private information is on those Facebook pages? Dumber...

      Ah, no, Mr. Johnson happens to have a Facebook page. Mr. Johnson also happens to be married to Mrs. Johnson, and has two children and a dog. Mr. Johnson also happens to live in XYZ, America. Mr. Johnson also happens to have an email address, yes. And ALL of this information is probably public record and can be sourced from MANY different locations online anyway, so it's hardly "private information".

      The fact that Mr. Johnson also happens to be a "Senior NATO official" isn't a sign of being dumb or dumber, unless it explicitly is against Government regulation, and since Facebook has pretty much always been approved for use by Government employees, I seriously doubt it's against policy to have an account while serving.

      The only thing that would likely be an issue for OPSEC for certain personnel performing certain duties would be record of movement to develop pattern analysis. Now, if you're broadcasting that information like the average 13-year old girl (i.e. every 47 seconds), then yes, that is being dumb regardless of your job. If that's an issue, might as well ban Twitter and Facebook for damn near every Government employee who holds a security clearance.

    2. Re:Facebook is secure against hackers? by peragrin · · Score: 3, Informative

      The trick does he seperate work from personal. The current trend in OS's is to combine everything into one. See windows 8, iOS, andriod etc.

      So if you can hack one you have easy access to another. Also realize youhack a personal network. Then wait for a secure machine to join it( NATO laptop) and hack it, or at least monitor the VPN connection.

      You use ones personal life to inflintrate secure work networks.

      It is why i dont use facebook, etc.

      --
      i thought once I was found, but it was only a dream.
    3. Re:Facebook is secure against hackers? by Anonymous Coward · · Score: 5, Funny

      NATO guide to Facebook:

      Using Facebook for personal use is perfectly acceptable, however do not use the system from work or make work related updates.

      Good status update: On my way home, looking forward to a nice home-cooked dinner.
      Bad status update: Just got out of a long meeting, looks like Spain is going to have some trade difficulties soon.

    4. Re:Facebook is secure against hackers? by TheLink · · Score: 4, Interesting

      And even if you are friends with someone it doesn't mean they can see your data.

      At one point of time Facebook in the "confirm friend request" step let you add friends straight to a friend list of your choice. You could lock down that friend list really tight, so that they couldn't see much, while you _might_ be able to see their data (and thus decide whether "Spongebob" is really someone you know). Doesn't seem possible now. You have to add them as friend first then move them to the restricted list. So there's a window of opportunity for them to get the data out. If I'm wrong about this do tell me how to do it.

      But no matter what privacy "controls" and "promises" Facebook provides, Facebook can see all the data and actions, so NATO officials shouldn't be exposing confidential data and actions to FB. Especially since some of that data may be passed to people outside the USA whether by apps/partners or by people who are paid to moderate stuff: http://www.telegraph.co.uk/technology/facebook/9118778/The-dark-side-of-Facebook.html

      --
    5. Re:Facebook is secure against hackers? by PenquinCoder · · Score: 2

      You don't know how social engineering works, do you?? Maybe you shouldn't be allowed to access the internet; you'll probably sleep better at night.

    6. Re:Facebook is secure against hackers? by Dr+Fro · · Score: 2

      I heard in my security class that during Gulf War I, some reporters correlated major strikes with the number of pizzas being ordered out late at night.

      --
      ********************
      I object to Intellect without Discipline.
  2. People are dumb by Monoman · · Score: 4, Insightful

    Social engineering FTW ... again.

    --
    Keep the Classic Slashdot.
  3. Re:oh boy by Anonymous Coward · · Score: 4, Insightful

    Please dont misrepresent this. These government people are at fault here for being stupid.

  4. Seriously, why? by Dynamoo · · Score: 4, Interesting

    Seriously, why do these people use Facebook anyway? It's just a massive security risk for people in that position, and presumably the only upside is they can post "Just nuked Tehran lol" on their wall when the balloon goes up..

    --
    Never email donotemail@WeAreSpammers.com
    1. Re:Seriously, why? by Racemaniac · · Score: 4, Insightful

      Because they are just people too. Who also want to stay in touch with friends & family?

    2. Re:Seriously, why? by Dynamoo · · Score: 3, Insightful

      Because people in these high-profile and sensitive positions cannot expect life to be exactly normal. When the nature of the job means that you are advised to check under your car for bombs before you get in it, then a certain degree of caution is needed.

      --
      Never email donotemail@WeAreSpammers.com
    3. Re:Seriously, why? by Canazza · · Score: 2

      There's keeping in touch with friends and family and then there's checking in using 4Square when meeting with the President. A FB Page, in regards to a high-ranking official, should be kept separate from their working lives. No posting of your movements, no friending your colleagues unless you've met them and agreed to before hand (infact, that's common sense when it comes to FB normally).
      The fact that this Admiral, out of the blue, adds them to FB and they don't bat an eyelid or even think to pick up the phone to ask him if it's genuine...

      --
      It pays to be obvious, especially if you have a reputation for being subtle.
    4. Re:Seriously, why? by DarkOx · · Score: 4, Insightful

      It all depends on what you post there.

      No that is the problem it depends on what YOU post there and what everyone you are FRIENDS with post there.

      Maybe you don't post your going on vacation for week because you don't would be crooks to know for sure you are not at your house. Your girlfriend however is not so careful and or does not much care about her apartment. She posts she is out of town for the week and than tags you in some photos at the beech from her mobile.

      Now anyone in either of your circles has a pretty good idea YOU are out of town. This is problem. Someone with an 'in' could be at the friend of friend level, depending on not just YOURS but your FRIENDS privacy settings and some time to pick through the site and workout relationships (even if the info is not shared, they could do it through pictures etc, odds are the girl with your arm around her waste is wife or girlfriend not a sister, etc) can derive lots of information based on what others post that YOU never shared.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
  5. Unknown Hackers? by JustinFreid · · Score: 5, Insightful

    Registering for Facebook with a fake name hardly qualifies as hacking.
    Surprisingly, the headline is more accurate than the story.

    --
    Hey, how's it going?
    1. Re:Unknown Hackers? by sootman · · Score: 3, Informative

      > Surprisingly, the headline is more accurate than the story.

      More accurate than the submission, you mean. TFA (I'm new here) actually addresses that point:

      This type of compromising attempts are called 'Social Engineering' and has nothing to do with 'hacking' or 'espionage', a SHAPE spokesperson said in a statement.

      --
      Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
  6. You are the weakest link... by DontBlameCanada · · Score: 2

    Too bad you won't say "goodbye!". This is another example of s*** floats to the top in government, military and business.

  7. Re:Anyone else not comfortable by Cro+Magnon · · Score: 2

    Agreed! I'm on FB, but I don't post anything even remotely sensitive. Other than finding out when my last bowel movement was, there would be little point for a spy to "friend" me.

    --
    Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
  8. You keep using that word... by MetalliQaZ · · Score: 2

    ...I do not think it means what you think it means. Fake Facebook profile == "hacker"?

    --
    "Here Lies Philip J. Fry, named for his uncle, to carry on his spirit"
  9. Re:Anyone else not comfortable by PIBM · · Score: 3, Funny

    And you post that to facebook ? No wonder you don't have any friends!

  10. I'd fire them by rs1n · · Score: 2

    While hindsight is 20/20, common sense should have prevailed when it comes to Facebook and security. Social networks should, on a general basis, be banned from all parts of the government in which security _could_ be an issue.

  11. Big Deal by travdaddy · · Score: 2, Insightful

    Email addresses, phone numbers, family members? Those officials probably give out the same information when they sign up for customer appreciation cards.

    --
    Adidas To Bring Back Sneakernet
  12. No damage by Hentes · · Score: 2, Interesting

    Their personal information is their property, and they are free to share with with the rest of the world. As long as they don't post sensitive military information on Facebook, there is no damage done.

  13. Chinese? by eternaldoctorwho · · Score: 2

    The article's headline and teaser lines mention Chinese spies, but the article itself provides nothing to back up this claim. Where are they getting this information from?

    1. Re:Chinese? by Sechr+Nibw · · Score: 2
      FTA:

      NATO officials are reluctant to publicly state who was behind the attack, but The Telegraph says China is to blame. The publication quotes classified briefings in which military officers and diplomats were told the evidence pointed to “state-sponsored individuals in China.” The Guardian agrees, quoting a security source who says “the belief is that China is behind this.”

  14. Hu Jintao likes this by Ambitwistor · · Score: 2

    +1 thumb up

  15. Re:Anyone else not comfortable by travdaddy · · Score: 3, Funny

    They mostly post battle plans for the next week. They say they're looking for suggestions but all they really want is compliments.

    --
    Adidas To Bring Back Sneakernet
  16. Even CIA officers have families... by SwedishChef · · Score: 5, Informative

    A friend of mine who retired from CIA after 26 years once told me that his family was only happy for six of those years... and not six consecutive years. Cut off from family and friends back home and in contact only by letters and the occasional "home leave" of a month or two, he was trying to fit back in to the country he spent his life trying to serve (back in the days when the Agency was less of an operational force and more of an intelligence gathering organization). I can see how Facebook would have made their lives more enjoyable with all the family and friends news (and even minutia). I'm sure it's a security risk par excellance but I can certainly understand why they'd do it. And I can especially understand why a wife, stuck inside an apartment in Djibouti trying to order six months of canned food from Denmark, might.

    I don't expect Slashdot readers to grok it, though.

    --
    No one ever had to evacuate a city because the solar panels broke!
  17. Re:Really by drkim · · Score: 4, Funny

    Actually, all secret government posting are done on MySpace now, because nobody ever goes there...

  18. Re:Anyone else not comfortable by s.petry · · Score: 4, Informative

    You obviously know little about how Social Engineering works if you believe that to be true. When I worked DOD it was recommended that we never post information to any Social network about where we worked, what we did for a living, who our co-workers were, etc.. This was not just for the protection of the Government, but also protection of your own family and friends.

    I no longer work DOD, but when I did I did not post on anything including /. with my credentials.

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

  19. Re:oh boy by cayenne8 · · Score: 3, Informative

    Who doesn't have a fake facebook to friend pornstars and sluts?

    I don't.

    I don't have any FB accounts at all...fake or real.

    Keeps things neater that way....

    --
    Light travels faster than sound. This is why some people appear bright until you hear them speak.........