This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Scott McNealy, former chief executive officer of Sun Microsystems once said, "You have zero privacy, get over it." Source: Ezinearticles.com/Robert Siciliano
In response, the Federal Trade Commission states,
"Millions of American consumers tell us that privacy is a grave concern to them when they are thinking about shopping online." Source: Ezinearticles.com/Robert Siciliano.
Do you agree? Is privacy dead? Do you share your "status" on Facebook? Twitter? Do you have a MySpace page? Do you have a blog? Do you post your family photos on any of the above, or on Flickr?
Today, McNealy's statement is 100 times truer than it was in 1999. When you ask people if they are concerned about online privacy, they respond with a big, loud, angry "YES!" These same people use their Facebook pages to inform the world that they are about to go on vacationâ€¦
The lights are off and nobody's home!
Our personal information can be bought and sold. "Information brokers" sell our data to anyone with a credit card. One of the largest publicly traded information brokers in the world is a company called ChoicePoint. Last time I checked, they had 19 billion records on file.
So even if you don't update your Facebook status to tell the world you just made a tuna sandwichâ€¦ your phone number, your most recent address, or even your anonymous chat handle can be found on Zabasearch.com or iSearch.com. If you've ever committed a felony, your data may be on CriminalSearches.com. Heck, just Google your own name and you will be amazed at the information you can find.
All this makes it very easy for criminal hackers to commit identity theft. They use this available data to become you. Since your data is already out there, you'd better invest in identity theft protection and make sure your PC is up to date with Internet security software.
This chapter looks at how you can adjust your Facebook privacy settings so that you can really enjoy the experience!
Are Social Networking sites secured?
It would be nice to say that social networking websites are completely secure... Unfortunately, that is not true!
Since 2007, many Internet security experts have tried to give Facebook the benefit of the doubt. They have tried to look at the positive aspects of Facebook. They have tried to bring attention to issues and wait for solutions. They have tried to provide solutions. But now, they're ready to give up on Facebook. They have seen too many privacy and security problems within the Facebook Platform that have not been acknowledged by Facebookâ€¦ let alone fixed.
Experts have concluded that you should consider every action you take on Facebook; including the content you post on Facebook, to be public information. If that bothers you then stop using Facebook.
Some might contend that this is the Internet we're talking about - it's supposed to be public. Partially true, but many web sites provide services intended for private use. For example, I can use the Internet to check my bank account balance, open a new credit card, and contact my doctor. None of these activities are public activities. While I'm not naive enough to think that any online activity can be considered 100% secure, I can accept that these services provide a reasonable level of privacy and security.
At one time, Facebook fell into that category. You could use it to communicate with friends about your life and their lives. You could exchange messages, photos, and ideas never intended for public consumption. All the while, you could rely on Facebook's legendary privacy controls to ensure your content reached its intended audience only. Originally, Facebook didn't simply discourage you from public sharing - it wasn't even possible. You could hardly even communicate with people who had not approved you accessing their profile.
Unfortunately, Facebook introduced the Facebook Platform and they began shifting their priorities. They faced controversies along the way, from deceptive ads to the failed Beacon program. Most recently, Facebook rolled out new privacy settings, which many have criticized. I've spent time sifting through both news reports and code to understand what exactly was happening with my data. This started as little more than a hobby, but eventually it became more serious as I have made some disturbing discoveries.
For example, I discovered that advertisements in applications were making requests to the Facebook API for user information. The ad network queries were broad in scope and used to target the advertisements more effectively. I discovered that applications were leaking all your private data stored in your profile to advertising networks. Your private data could then be used in corporate advertising. I am sure that this is not what you were expecting when you set up your Facebook account.
During 2009, Facebook introduced its new technology platform for the website. Users have always had applications (things like Photos, Notes, and Events). Now they have more to choose from. The Facebook Platform enables anyone to build any application that Facebook could build.
In introducing the new platform, Facebook has unwittingly introduced several security flaws. If left unchecked, these flaws could be exploited by hackers and used for identity theft purposes.
The Month of Facebook Bugs, or FAXX Hacks, is a series of reports on vulnerabilities in Facebook applications. This is a volunteer research project coordinated by an anonymous blogger known as theharmonyguy.com. All of the security flaws or bugs they found were reported to Facebook and relevant application developers prior to publication.
Here is summary of the findings:
Many Facebook applications lack basic security precautions.
Security flaws were found in a wide range of Facebook applications.
Each security flaw can be exploited to execute malicious malware.
Security flaws allow an attacker to access profile information, including personal details, status updates, and photos, of a victimized user and their friends.
Security flaws can be used to send notifications or post feed stories, allowing for viral distribution of malware.
Clickjacking can often target users who have not authorized applications. Rogue applications could easily exploit clickjacking.
Proven solutions, which will fix these security flaws, are available in the marketplace. Unfortunately, at the time of writing, these security flaws have not yet been addressed.
Top 10 Facebook privacy issues
Listed below are the top ten concerns security experts have had with Facebook about their privacy settings:
Your name, your gender, your profile picture, your current city, the people you're friends with, the networks you've joined, and the pages you're a fan of can be viewed by anyone on the internet. These details are known as publicly accessible information. You have no control over this.
You may have placed a piece of content placed on your Facebook page and marked visible to everyone in your privacy settings. Obviously you were intending that your information be viewed by Facebook users, only â€¦right! Wrong, this information can be viewed by anyone on the Internetâ€¦ not just Facebook users! You don't have any control over this.
Any Facebook application can access your personal information as soon as you visit the application's website. You don't even have to sign-up or loginâ€¦you only have to visit the website. They can also access any content that you have placed on your Facebook page and marked visible to everyone in your Facebook privacy settings. You don't have any control over this.
When you connect a Facebook application like Farmville to your account, they have complete access to your profile information. They can access ALL your videos, photos, events, notes, links, groups and notifications etc. They can access your personal information regardless of any privacy settings you may make. The only information they cannot access is your contact information. You have no control over this.
You have no control over what your friends may do on Facebook. But, did you know that their actions may have an impact on you? For example, suppose your Facebook friend has signed up to the Farmville application. When they sign up, the developer of Farmville not only has access to your friends' details, but your private information and content, as well. You don't even have needed to visit Farmville's webpage or signed up. They can still access your profile and content regardless of the privacy settings that you may have installed.
If a Facebook application like Farmville places a post on your wall, your complete profile is made visible to anyone else who views your wall. You have no control over this.
Any change you make to your profile information or any feedback made by someone else about your content, will generate a story on your wall. This story is visible to anyone on the internet if you have marked visible to everyone in your Facebook security settings. You have no control over this.
Profile information, videos, photos and notes are visible to other Facebook users based on the privacy settings that you have made. This is the only thing you have any control over.
If you're invited to an event, the invitation is visible to other Facebook users who can view the same event. You have no control over this.
When you make changes to status updates and links, the change history is still based on the privacy setting originally used when posting. This means that other users can see the complete history of all the status changes you have made. You don't have any control over this.
Recent Facebook security breaches
Here are some actual security breaches on social networking sites that have been reported in the news since 2009. Links are provided to the complete stories:
Case #1: Australian Property Investor Has House Stolen By Nigerian Scammers
An investigation is underway into an international cybercrime scam network when criminals sold a Perth investment property using stolen credentials. The Western Australian man has been left $500K of pocket. Click here to read the full story.
Roger Mildenhall had been living in South Africa for more than a year when his Perth neighbours informed him that his house worth $500k had been put on the market and was being sold. Shocked, Mildenhall made further inquiries and learned that in June 2010, another investment property of his had already been soldâ€¦.leaving him out of pocket to the tune of $500K. Needless to say, he acted quickly and stopped the sale of the property on the market!
The alleged Nigerian thieves had gathered enough information on Mildenhall from the internet to satisfy all the current Western Australian regulatory requirements. It is alleged that the scammers had stolen Mildenhall's email account, personal, property documents from social networking sites using a phishing scam on Facebook accounts. The stolen details were used to create false documents and the funds were funneled into Chinese bank accounts.
The Real Estate Institute of Western Australia (REIWA) confirmed that the transactions were made via email, telephone and fax, without any face-to-face contact with the legitimate owner. There was no 100 point identity check done and one was not required by Western Australian laws. The real estate agent and conveyancing company had followed due process as required by current property sale laws and regulations. However, the steps required by law and taken by the selling agent are very "flawed".
The Western Australian Police Fraud Squad has confirmed an international investigation has been launched involving cybercrime. However, since the crime was committed outside Australiaâ€¦.outside the reach of Australian laws.
Case #2: Facebook &Twitter Account Holders Threatened By Hackers
ï»¿ï»¿ï»¿Online hacking of private information is no longer the domain of computer experts. At the click of a button anyone with a grudge could do it. Anyone with basic computer knowledge could hack between fifteen to twenty Facebook accounts in less than 20 minutesâ€¦.And the victims have no idea that their accounts were hacked.
Millions of Facebook and Twitter users now risk having their accounts hacked!
A new computer program called "Firesheep" has just been released. Strangers can use unsecured wireless networks at hotels, cafes and libraries, to easily access the private accounts of Facebook & Twitter account holders.
Click here to read the full story. What is the main issue here? Is it just another story that tells us that Facebook and Twitter accounts can be easily hacked? Or is that people are failing to take precautions and using unsecured wireless networks? We would think that both issues are relevant.
Case #3: Bryan Rutberg appeared to need help urgently... But friends, who helped him, were scammed.
This case was reported by Redtape Chronicles in the MSNBC website Friday, 31st January 2009 Click here to view video.
Let me tell you Bryan's story....
Bryan's daughter was among the first who noticed something strange on her dad's Facebook page. In the evening of Jan 21, she asked him why he'd changed his status to: "BRYAN IS IN URGENT NEED OF HELP!!!"
Initially Bryan didn't give it much thought and went to bed for a nap. An hour later, his wife woke him to check if there was a problem. Bryan then checked his Facebook page and realized that his account had been hacked.
Within minutes, concerned friends were calling him from all over, offering to help him. Many of his friends were sent e-mails, telling them that Bryan had been robbed at gunpoint while travelling in England. The e-mails said that Bryan needed money to get home. One friend immediately wired $1200 to a London Western Union branch to help Bryan.
For the next 24 hours, Bryan, a U.S.A citizen tried frantically to contact Facebook in order to get them to stop the hackers. But he was trapped in a Catch-22 situation and couldn't access his own Facebook account. The hacker had changed all his login credentials.
Bryan tried to remove the dire status message but that didn't work. Bryan then attempted to get a message on his "wall" using his wife's account, to let his friends know about the hoax, but that also failed. The hacker had "de-friended" his wife so that the strategy couldn't work.
Bryan had no way outside of Facebook to contact many of his Facebook friends... And before Bryan could deactivate his account, it cost one of his friends a lot of money. Bryan was left wondering how Facebook protects its users from this type of crime.
"By the next day, all was back to normal, but not without a huge amount of hassle and drama," Bryan said. By then, his cell phone was overflowing with messages from concerned friends. They sent endless e-mails to Bryan. One friend even called Bryan's employer, Microsoft, to warn them one of their employees was in trouble.
Bryan became the latest victim of a targeted version of the "Nigerian," or "419," scam. The first reports of such targeted Nigerian scams emerged back in November 2008. This is a relatively new crime trend happening in the Internet underworld. Cyber-criminals are attacking users on a much more personal basis. They send millions of random spam messages, hoping to get their claws into a few gullible recipients. Social networking sites and other databases have become their new stomping ground and they prey on their victims' emotions with quite believable story lines.
In Bryan's case, hackers used a phishing e-mail to get Bryan to log in to his Facebook account. The hackers stole his Facebook login, password and his entire Facebook identity. They changed his Facebook page to make it appear as if he was in trouble. Next, the hackers e-mailed a number of his friends, urgently asking for help.
"Can you just get some money to us," read the e-mail one of Bryan's friends received. "I tried AMEX and it's not going through. I'll refund you as soon as am back home. Let me know please." This message, as all Facebook messages, appeared next to Bryan's picture, making it look like the real thing.
One of Bryan's friends, Beny Rubinstein was tricked into believing the scam. He immediately wired Bryan $600 via Western Union. The next morning, Beny got a phone message requesting more money... So he went straight to the nearest retail store and wired another $600!
Beny e-mailed Bryan and explained how he got tricked:
"I thought the whole story was weird but given the circumstances my instinct was to help you out," Beny wrote. "I was afraid it was a scam, but since I transferred using your name and given the emergency situation, I did it."
Facebook has since confirmed Bryan's identity theft story. They have promised to improve user's security in response to the new scam.
However, Bryan isn't sure how effective Facebook has been. His main complaint is that he could not advise Facebook that a crime is in progress.
Facebook confirms it doesn't accept phone calls. Ryan McGeehan, a Facebook security team member, said they respond quickly when receiving a completed complaint form on their website. However, Bryan said he tried that process and received no response. Only a message sent to his cousin, an employee of Facebook, got results... the account was disabled! Bryan had no way of knowing which friends the hacker had contacted.
Facebook confirmed other cases of victims wiring money in response to similar looking scams. Up to now, this kind of hoax has not affected many Facebook users. However, Facebook does not refund any identity theft victims who have wired money through Western Union.
Facebook has had enough time to solve the Nigerian scam problem, but it's still failing to protect its users. Mark Neely, an Australian Facebook user was trapped in a similar identity theft scam on Jan. 14, 2009. He said he found the Facebook's online security report form very ineffective.
"I heard nothing from Facebook for over 40 hours," Mark said. "The hackers were still active in my account -- I was receiving phone calls and SMSs (text messages) from concerned friends throughout."
Only once Wired magazine approached Facebook, did Mark get a response. His account was disabled but Facebook refused to reveal which friends had been contacted.
Kevin Haley, a director of Symantec Corp's Security Response team, remarked that they have noticed a sharp increase in phishing attacks on social networking websites.
"It's easier to pretend you're someone else in the Facebook environment," he said. "We are seeing a tremendous amount of phishing for login credentials for social networks."
Bryan Rutberg isn't sure how the hackers stole his password... he says he probably replied unknowingly to a phishing e-mail. Facebook regularly sends e-mail messages to its users with links to their login pages. Unfortunately, this practice is gold for Phishers. It's very easy to replicate Facebook e-mails and get users to click on a false look-a-like login page, which then steals their passwords.
Facebook security recommends installing an anti-phishing filter to root out Facebook phishing. It also advises users to pay attention when they login, to ensure that they're logged into the authentic Facebook site.
Facebook recommends that identity theft victims complete this form on the Web site. You should keep the link handy because it's very hard to find using normal Facebook's navigation
Case #4: Mr Smith found his wife listed as a "Hot Date" by a Facebook advertisement on his Facebook page.
Cheryl Smith, a business consultant, posted a curious account on her blog - her husband was on Facebook and saw an ad for "hot singles" paired with a picture of his wife, Mrs Smith. She comments on her blog
"Or else your husband may just see a Facebook ad with your picture in it advertising hot singles in your area. I'm not joking. Not too long ago, my husband Peter had this ad appear on his Facebook page. Good thing we both have a sense of humour!" she said.
Case #5: The Secret Shame of Social Networking: How Silicon Valley Got Hooked on Scammers
Silicon Valley experts like to talk about social media as a potential geyser of cash.
The Valley fad of social network games like Mafia Wars and Farmville disguise some old-school scams. For example, Zynga gets one-third of its revenue from various "commercial offers" and lead-generation systems. The problem is that "special offers" do not disclose that members will be signing up for a monthly paid membership. Unauthorized deductions have been made from users' credit card details, which are stored in Facebook.
Recently, Lawyers, Kershaw, Cutter & Ratinoff announced that they are investigating complaints about unauthorized charges imposed on Facebook and MySpace users who participate in social games like "Farmville" and "Mafia Wars".
The legal firm claims that users of these games are charged without their consent for "special offers". Hidden charges are being made to credit and debit cards for use of phone text messages and auto-recurring SMS subscriptions.Â The companies and advertisers making the "special offers" make it very difficult - or impossible - for users to get their money refunded.
The law firm is currently investigating a number of companies including Zynga, RockYou, Offerpal Media, Super Rewards, Tatto Media, Double Ding, Gambit, SendMe Mobile, Video Professor, Facebook and MySpace.
TechCrunch provides the following examples of fraud committed on Facebook websites:
"Users are offered in-game currency in exchange for filling out an IQ survey... They are told their results will be text messaged to them... and are texted a pin code to enter on the quiz. Once they've done that, they've just subscribed to a $9.99/month subscription."
"Users are offered in game currency if they sign up to receive a free learning CD... The user is told they pay nothing except a $10 shipping charge. But the fine print, on a different page from checkout, tells them they are really getting a whole set of CDs and will be billed $189.95 unless they return them."
Increasing Phishing & Hacking Attacks on Facebook, Twitter and MySpace
Recently, a number of phishing attacks on social networking sites have been reported. For example, over the 2009 Easter weekend, Twitter suffered a malware attack. This caused Twitter to identify and delete about 10,000 tweets that could have spread a worm attack.
Then, in June 2009 Facebook was hit by a security flaw that could have exposed personal user information which included birthdate, gender, family details, home town, relationship status and political and religious viewsâ€¦ no matter if the user had the information hidden! This private information is gold for identity thieves. Facebook reports that it has now fixed this security flaw.
One of the popular MySpace phishing scams uses a domain name of RNyspace.com. This domain name shows up in the browser address bar as rnyspace.comâ€¦ very similar to MySpace. The site is designed to look very similar to MySpace and tells you that you need to log in. You need to be very careful to check the address in the web browser whenever you are asked for login information or personal financial information.
Phishing scams have a snowball effect on social networking sites Like Facebook & MySpace. Once the Phisher has your login information it is very easy to contact your friends. The Phisher pretends to be you and captures your friends' private information as well.
In April 2009, Sophos said its latest research into social networking found that 63% of system administrators in businesses worry that employees share too much personal information on their social networking profiles. This places their corporate infrastructure and the sensitive data stored on it at risk.
The findings also indicate that a quarter of businesses have been the victim of spam, phishing or malware attacks via sites like Twitter, Facebook, LinkedIn and MySpace.
Sophos research found that one third of organisations still consider productivity issues to be the major reason for controlling employee access to social networking sites. However, the threat from both malware and data leakage is becoming more apparent with 20% of business citing these risks as their top concern.
Users of Social Networking websites continue to give out too much information
Facebook defaults to the most open security settings imaginable and then it is up to you to change them to more secure settings. Unfortunately, new users just rush on in and set up their profile. They don't even think about privacy issues.
Recently, I spoke to a number of personal friends about the security concerns I have about Facebook. They admitted that they had not changed the default privacy settings in Facebookâ€¦ and some of them did not know the privacy settings even existed!
My question to you is thisâ€¦ Would you install a security system on your house and then publish your personal details in all daily newspapers or on national television? Of course not!
Unfortunately, this is what some people on Facebook and MySpace do! They open a new account and accept all the system's privacy defaults and away they go building a profile full of personal information. This leaves them open to phishing attacks from identity thieves. The thieves don't need to hack into the systemâ€¦ they just join in, become friends and people simply hand their personal information to them on a platter!
In August 2007, Sophos, an ITÂ security company published a press release article titled: "Sophos Facebook ID Probe Shows 41% of Users Happy to Reveal all to Potential Identity Thieves." Â
The Sophos Facebook ID Probe created a fabricated Facebook profile called Freddi Staur. They sent out two-hundred friend requests to individuals randomly chosen from around the world.
Sophos Facebook ID Probe findings were:
41% or 87 out of the original 200 Facebook friend requests responded to Freddi and 82 of them leaked personal information;
72% gave out one or more e-mail address;
84% listed their full date of birth;
87% leaked details about their education or where they work;
78% listed their current address or location;
23% listed their current phone number; and
26% provided their screen name for instant messaging.
In the majority of cases, "Freddi" was able to gain access to the photos of family and friends, likes/dislikes, workplace details, hobbies and other personal facts.
Users also leaked the names of spouses or partners while several people included their complete resumes. Incredibly, one user leaked his mother's maiden name!
Maybe you've been living under a rock or somewhere else in the universe or never been online before, so I will explain it this way. Your spouses' name, your resume and your mother's maiden name are often used by businesses, governments and websites to verify your identity. When you leak personal data like this on Facebook it's just like posting all your personal information on a highway advertising billboard in your city. This makes the job of an identity thief very, very easy!
In November 2009, Sophos repeated the experiment and found that users are still sitting ducks waiting to have their identities stolen. The results of the research even shocked top Australian fraud squad police. Almost half of users in the 20 to 30 year old age bracket, agreed to the rubber duck's request to become Facebook "friend". A similar result occurred with a group of internet users who were aged in their 50s. Many of these people agreed to become a Facebook friend of two cats.
The Facebook users in both age groups gave out very personal details to both the rubber duck and the cats. The personal information provided included:
Their full date of birth;
Their e-mail address and location;
Their full addresses; and
Their phone numbers.
The research has raised serious questions about the wisdom of average internet users. The information was given without any prompting. The friend requests were sent without any introduction and the Facebook users responded without considering any of the security risks. Again, this represents rivers of gold for the identity thief!
Another research company Webroot supports the research performed by Sophos. In 2009, Webroot questioned over 1,100 users of popular social networking sites like Facebook, LinkedIn, MySpace and Twitter. Webroot also found same lack of awareness by users to the risks involved in using social networking sites.
Of particular concern is the private information users upload to these sites:
80% of the respondents allowed some part of their profiles to be visible to Google and other public search engines.
73% allow visibility of all profile information through public search.
59% are not sure who can view their profile.
28% accept friend requests from unknown people.
36% use only one password for several different sites. This is more prevalent with younger people - 51% of 18-29 year olds do this, compared to 36% overall.
Young people will more easily share personal information on social network sites. 67% give out birthday information compared to 52% overall; 62% share hometown details compared to 50% overall; and 45% share workplace information compared to 35% overall.
Hackers are having a field day with the fantastic growth of social networks. Last year, people spent three times the amount of time on communities like Facebook than the overall growth rate of the Internet.
How can you avoid becoming a victim of a social networking security scandal?
Here are some great ways to avoid being a victim of security scandals when you use social networking sites.
Do not place any personal information on your personal profile like date of birth, driver's licence, social security numbers, telephone numbers etc. Identity thieves can use this information.
Do not store any bank information or credit card information on any social networking website. If your details are hacked, your credit card will be the first thing used.
Utilize your own security options not the site's default security options. For instance, you should make your own Facebook profile private.
Do not add every individual you receive a friend request from... even people you actually know. Their details could have been stolen and used to set up fake profiles. Always contact your friend using another medium e.g. telephone before you add them as friends.
NEVER SHARE PASSWORDS... EVER!
A Guide to Facebook Security and Privacy
Appendix 9 addresses Facebook's offered as well as seemingly excluded privacy and security settings. It explains the basics for securing and controlling your Facebook account privacy and gives you an understanding of the importance of proper privacy management on Facebook.
[Note: This updated article reflects the changes Facebook made to their privacy settings on 9 December 2009.
Did you know that you could purchase a US citizen's social security number for less than $50?
Yes you canâ€¦ It will cost you $35 from www.secret-info.com. or $45 at http://www.Iinfosearch.com Users can subscribe to a report containing a person's credit-card charges, and get an e-mail with some more "tips, secrets & spy info!" In fact, one web site promises that their licensed investigators can find any information for you that's out there anywhere.
Chapter 7 will show you that Social Security Numbers (SSN) is widely available on the web for any international identity thief to useâ€¦ No questions asked!