Data Safety

Users data and personal information are very important for: subjects (users), SNS, advertisers, providers and (cyber) criminals, of course from totally different perspectives. E-Crime Expert presented several posts on how the data could be vulnerable, offline or online, with this data is important for advertisers and providers, and will start presenting a series of specific Internet-related crimes, in order to increase awareness.

Identity theft criminals that have access to all information available on Facebook os similar SNS for example, are now targeting many users. If someone posts on his public profile on Facebook his date of birth, address, phone number, educational background, work details and personal pictures, this information could be retrieved and used by criminals to counterfeit driver license, bank cards, credit scores, ID cards, make online purchases, etc. For example, if someone applies for a bank loan, by having someone’s name, address, and contact details they could counterfeit an ID. In addition, if the criminal knows the current employer of the subject, they could produce a fake letter from the employer regarding his earnings, and contractual details (i.e. part-time, full-time, permanent employee, etc, which could be used to obtain a bank loan on the victim’s name). The chances to commit identity theft are growing exponentially with the amount of information available for an individual. According to Tsujihara Alice (special Agent), the FBI calls this social engineering: With social engineering, what you can do is you can use other people and resources and not necessarily have to go in through the front door hacking through a computer. There is a lot of electronic information of our personal information stored over the Internet.”

In terms of the information stored on Facebook, a user has access to the profile information of his contact list by the way Facebook’s service platform is built. Also, some Facebook users choose or have a lack of knowledge regarding how to make their profile information unavailable to other users (different than their contacts list). The risks occurring from here are similar to those from the offline world, such as: someone is upset with another person about a soccer game in the park, for example. They know each other by name and physiognomy and the upset person goes home, and checks his “rival’s” name on Facebook, finds his profile which might come along with address, phone number, etc. Therefore, potentially the upset person could go to the home of the person he is upset with. From there unpleasant things could happen such as: physical altercation, vandalism and even more serious crimes like stalking could occur. A situation could arise online as well; for example, someone gets in a disagreement with someone else on a Facebook Fan club page, and there are chances that this dispute could be dealt with in the offline environment as explained above.

Furthermore, if a user chose to delete his Facebook account, this is not technically possible on Facebook as actually the account goes offline and is not deleted in the first instance. Cached personal data of a user will be still available on the Internet and be searchable on Google, Yahoo, and Facebook as the different versions and updates of information are stored on different servers. Moreover, even if the private information could finally be removed, it should be kept in mind that at some point it was available on Faceboook where any user could have had accessed it, downloaded it or copied it onto his computer.

Another related example of downloadable personal data vulnerabilities is the Pirate Bay example where 2, 923 users (seeds) had downloaded 171 million public profiles (including names and email addresses) from Facebook out of 500 million registered users (at that time, in 2010). One could say that this is publicly available information, which is true if we refer just to those profiles freely available to anyone on Facebook, as anyone on Facebook could access individually all this data, but the point is that this was the first time when someone could compile in a single file so much of the users’ personal information, which could be used by different people to send group emails (such as spam, or Nigerian letters), or use the phone numbers for marketing purposes, or that personal data and preferences for online advertising. Furthermore, many of those users provided personal information such as home address and date of birth, which again could be used for criminal purposes such as by people who want to make fake ID cards, or open bank accounts in somebody’s else name. Indeed as mentioned above the information was publicly available (or not public if the profiles were closed to a particular audience), if someone manually scanned all those profiles, but the possibility of compiling all this information in a single file and having access to it, opens venues for organized criminal behavior and brings up the potential weaknesses of the security of private information concerning the users of this SNS.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Have you ever problems with your data? Have you ever tried to erase your online data? Would you be interested in checking the new Facebook privacy settings?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: