Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chinese Spies Used Fake Facebook Profile To Friend NATO Officials

Posted by samzenpus on from the keep-your-friends-close-and-you-friends-list-closer dept.

An anonymous reader writes "Late last year, senior British military officers, Defense Ministry officials, and other government officials were tricked into becoming Facebook friends with someone masquerading as United States Navy admiral James Stavridis. By doing so, they exposed their own personal information (such as private e-mail addresses, phone numbers, pictures, the names of family members, and possibly even the details of their movements), to unknown hackers."

13 of 117 comments (clear)

  1. Facebook is secure against hackers? by Anonymous Coward · · Score: 5, Insightful

    Who knew that if you weren't friends with someone, they couldn't see your data. Hmm. Seriously though. Senior NATO officials have Facebook pages! Dumb! Their private information is on those Facebook pages? Dumber...

    1. Re:Facebook is secure against hackers? by geekmux · · Score: 4, Insightful

      Who knew that if you weren't friends with someone, they couldn't see your data. Hmm. Seriously though. Senior NATO officials have Facebook pages! Dumb! Their private information is on those Facebook pages? Dumber...

      Ah, no, Mr. Johnson happens to have a Facebook page. Mr. Johnson also happens to be married to Mrs. Johnson, and has two children and a dog. Mr. Johnson also happens to live in XYZ, America. Mr. Johnson also happens to have an email address, yes. And ALL of this information is probably public record and can be sourced from MANY different locations online anyway, so it's hardly "private information".

      The fact that Mr. Johnson also happens to be a "Senior NATO official" isn't a sign of being dumb or dumber, unless it explicitly is against Government regulation, and since Facebook has pretty much always been approved for use by Government employees, I seriously doubt it's against policy to have an account while serving.

      The only thing that would likely be an issue for OPSEC for certain personnel performing certain duties would be record of movement to develop pattern analysis. Now, if you're broadcasting that information like the average 13-year old girl (i.e. every 47 seconds), then yes, that is being dumb regardless of your job. If that's an issue, might as well ban Twitter and Facebook for damn near every Government employee who holds a security clearance.

    2. Re:Facebook is secure against hackers? by Anonymous Coward · · Score: 5, Funny

      NATO guide to Facebook:

      Using Facebook for personal use is perfectly acceptable, however do not use the system from work or make work related updates.

      Good status update: On my way home, looking forward to a nice home-cooked dinner.
      Bad status update: Just got out of a long meeting, looks like Spain is going to have some trade difficulties soon.

    3. Re:Facebook is secure against hackers? by TheLink · · Score: 4, Interesting

      And even if you are friends with someone it doesn't mean they can see your data.

      At one point of time Facebook in the "confirm friend request" step let you add friends straight to a friend list of your choice. You could lock down that friend list really tight, so that they couldn't see much, while you _might_ be able to see their data (and thus decide whether "Spongebob" is really someone you know). Doesn't seem possible now. You have to add them as friend first then move them to the restricted list. So there's a window of opportunity for them to get the data out. If I'm wrong about this do tell me how to do it.

      But no matter what privacy "controls" and "promises" Facebook provides, Facebook can see all the data and actions, so NATO officials shouldn't be exposing confidential data and actions to FB. Especially since some of that data may be passed to people outside the USA whether by apps/partners or by people who are paid to moderate stuff: http://www.telegraph.co.uk/technology/facebook/9118778/The-dark-side-of-Facebook.html

      --
  2. People are dumb by Monoman · · Score: 4, Insightful

    Social engineering FTW ... again.

    --
    Keep the Classic Slashdot.
  3. Re:oh boy by Anonymous Coward · · Score: 4, Insightful

    Please dont misrepresent this. These government people are at fault here for being stupid.

  4. Seriously, why? by Dynamoo · · Score: 4, Interesting

    Seriously, why do these people use Facebook anyway? It's just a massive security risk for people in that position, and presumably the only upside is they can post "Just nuked Tehran lol" on their wall when the balloon goes up..

    --
    Never email donotemail@WeAreSpammers.com
    1. Re:Seriously, why? by Racemaniac · · Score: 4, Insightful

      Because they are just people too. Who also want to stay in touch with friends & family?

    2. Re:Seriously, why? by DarkOx · · Score: 4, Insightful

      It all depends on what you post there.

      No that is the problem it depends on what YOU post there and what everyone you are FRIENDS with post there.

      Maybe you don't post your going on vacation for week because you don't would be crooks to know for sure you are not at your house. Your girlfriend however is not so careful and or does not much care about her apartment. She posts she is out of town for the week and than tags you in some photos at the beech from her mobile.

      Now anyone in either of your circles has a pretty good idea YOU are out of town. This is problem. Someone with an 'in' could be at the friend of friend level, depending on not just YOURS but your FRIENDS privacy settings and some time to pick through the site and workout relationships (even if the info is not shared, they could do it through pictures etc, odds are the girl with your arm around her waste is wife or girlfriend not a sister, etc) can derive lots of information based on what others post that YOU never shared.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
  5. Unknown Hackers? by JustinFreid · · Score: 5, Insightful

    Registering for Facebook with a fake name hardly qualifies as hacking.
    Surprisingly, the headline is more accurate than the story.

    --
    Hey, how's it going?
  6. Even CIA officers have families... by SwedishChef · · Score: 5, Informative

    A friend of mine who retired from CIA after 26 years once told me that his family was only happy for six of those years... and not six consecutive years. Cut off from family and friends back home and in contact only by letters and the occasional "home leave" of a month or two, he was trying to fit back in to the country he spent his life trying to serve (back in the days when the Agency was less of an operational force and more of an intelligence gathering organization). I can see how Facebook would have made their lives more enjoyable with all the family and friends news (and even minutia). I'm sure it's a security risk par excellance but I can certainly understand why they'd do it. And I can especially understand why a wife, stuck inside an apartment in Djibouti trying to order six months of canned food from Denmark, might.

    I don't expect Slashdot readers to grok it, though.

    --
    No one ever had to evacuate a city because the solar panels broke!
  7. Re:Really by drkim · · Score: 4, Funny

    Actually, all secret government posting are done on MySpace now, because nobody ever goes there...

  8. Re:Anyone else not comfortable by s.petry · · Score: 4, Informative

    You obviously know little about how Social Engineering works if you believe that to be true. When I worked DOD it was recommended that we never post information to any Social network about where we worked, what we did for a living, who our co-workers were, etc.. This was not just for the protection of the Government, but also protection of your own family and friends.

    I no longer work DOD, but when I did I did not post on anything including /. with my credentials.

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.