Forgot your password?
typodupeerror
Facebook Security IT Idle

Chinese Spies Used Fake Facebook Profile To Friend NATO Officials 117

Posted by samzenpus
from the keep-your-friends-close-and-you-friends-list-closer dept.
An anonymous reader writes "Late last year, senior British military officers, Defense Ministry officials, and other government officials were tricked into becoming Facebook friends with someone masquerading as United States Navy admiral James Stavridis. By doing so, they exposed their own personal information (such as private e-mail addresses, phone numbers, pictures, the names of family members, and possibly even the details of their movements), to unknown hackers."
This discussion has been archived. No new comments can be posted.

Chinese Spies Used Fake Facebook Profile To Friend NATO Officials

Comments Filter:
  • by Anonymous Coward on Monday March 12, 2012 @11:50AM (#39326641)

    Who knew that if you weren't friends with someone, they couldn't see your data. Hmm. Seriously though. Senior NATO officials have Facebook pages! Dumb! Their private information is on those Facebook pages? Dumber...

    • by geekmux (1040042) on Monday March 12, 2012 @12:10PM (#39326895)

      Who knew that if you weren't friends with someone, they couldn't see your data. Hmm. Seriously though. Senior NATO officials have Facebook pages! Dumb! Their private information is on those Facebook pages? Dumber...

      Ah, no, Mr. Johnson happens to have a Facebook page. Mr. Johnson also happens to be married to Mrs. Johnson, and has two children and a dog. Mr. Johnson also happens to live in XYZ, America. Mr. Johnson also happens to have an email address, yes. And ALL of this information is probably public record and can be sourced from MANY different locations online anyway, so it's hardly "private information".

      The fact that Mr. Johnson also happens to be a "Senior NATO official" isn't a sign of being dumb or dumber, unless it explicitly is against Government regulation, and since Facebook has pretty much always been approved for use by Government employees, I seriously doubt it's against policy to have an account while serving.

      The only thing that would likely be an issue for OPSEC for certain personnel performing certain duties would be record of movement to develop pattern analysis. Now, if you're broadcasting that information like the average 13-year old girl (i.e. every 47 seconds), then yes, that is being dumb regardless of your job. If that's an issue, might as well ban Twitter and Facebook for damn near every Government employee who holds a security clearance.

      • by peragrin (659227) on Monday March 12, 2012 @12:21PM (#39327035)

        The trick does he seperate work from personal. The current trend in OS's is to combine everything into one. See windows 8, iOS, andriod etc.

        So if you can hack one you have easy access to another. Also realize youhack a personal network. Then wait for a secure machine to join it( NATO laptop) and hack it, or at least monitor the VPN connection.

        You use ones personal life to inflintrate secure work networks.

        It is why i dont use facebook, etc.

        • Somehow I don't think the Senior NATO officials are OS-based...

      • by Anonymous Coward on Monday March 12, 2012 @12:22PM (#39327055)

        NATO guide to Facebook:

        Using Facebook for personal use is perfectly acceptable, however do not use the system from work or make work related updates.

        Good status update: On my way home, looking forward to a nice home-cooked dinner.
        Bad status update: Just got out of a long meeting, looks like Spain is going to have some trade difficulties soon.

        • by Anonymous Coward

          Good status update: On my way home, looking forward to a nice home-cooked dinner.
          Bad status update: Just got out of a long meeting, looks like Spain is going to have some trade difficulties soon.

          They're both bad status updates. Information regarding the length of the meeting is still being leaked regardless of whether or not the meeting is explicitly mentioned.

          If you're "on your way home" at 3 in the mornig, odds are somebody is going to have some trade difficulties soon. (An adversary can draw simila

          • by Dr Fro (169927)

            I heard in my security class that during Gulf War I, some reporters correlated major strikes with the number of pizzas being ordered out late at night.

            • by Sulphur (1548251)

              I heard in my security class that during Gulf War I, some reporters correlated major strikes with the number of pizzas being ordered out late at night.

              Probably another post-hoc falacy.

          • by rHBa (976986)
            Good status update: The president's fine, I'm just running a few software updates before I come home.

            Bad status update: I just ran over Bo! I think we might need to force a password update this month.
      • by fedos (150319)
        "Going to Beijing again. looooooollll!!1"
    • by alcmaeon (684971)

      Remember, you need to pay trillions of dollars in taxes for defense, so the idiots we put in charge of defense can friend enemy spies on Facebook.

    • by TheLink (130905) on Monday March 12, 2012 @12:31PM (#39327209) Journal

      And even if you are friends with someone it doesn't mean they can see your data.

      At one point of time Facebook in the "confirm friend request" step let you add friends straight to a friend list of your choice. You could lock down that friend list really tight, so that they couldn't see much, while you _might_ be able to see their data (and thus decide whether "Spongebob" is really someone you know). Doesn't seem possible now. You have to add them as friend first then move them to the restricted list. So there's a window of opportunity for them to get the data out. If I'm wrong about this do tell me how to do it.

      But no matter what privacy "controls" and "promises" Facebook provides, Facebook can see all the data and actions, so NATO officials shouldn't be exposing confidential data and actions to FB. Especially since some of that data may be passed to people outside the USA whether by apps/partners or by people who are paid to moderate stuff: http://www.telegraph.co.uk/technology/facebook/9118778/The-dark-side-of-Facebook.html [telegraph.co.uk]

      • by DavidD_CA (750156)

        That feature disappeared for a short while, but it's back now. Whenever I confirm a friend request or request friendship, it immediately lets me put them onto a list.

        It even does this on the limited mobile web version, too.

        • by TheLink (130905)
          I only see the option when I request. I don't get the option when I receive requests. I have to confirm those requests first then only set the lists after.
          • by DavidD_CA (750156)

            If I recall correctly, I see the option immediately after accepting the request.

            It's a pull-down menu but I don't recall what it says. I think "Add to List" but I could be wrong.

            • by TheLink (130905)

              That's as I said:

              You have to add them as friend first then move them to the restricted list. So there's a window of opportunity for them to get the data out.

    • by Sir_Sri (199544)

      Actually senior officials having facebook pages really doesn't matter. Once you get up high enough it's pretty hard to keep hidden who or what you are in peacetime. It's simply not practical, because you still have to drive your kids to school, and buy groceries.

      There's probably a middle level, people who are actively involved in doing direct work that you don't want being paraded around publicly. But if you get called into congressional meetings (or called before parliament), if you have a press officer

  • People are dumb (Score:5, Insightful)

    by Monoman (8745) on Monday March 12, 2012 @11:51AM (#39326657) Homepage

    Social engineering FTW ... again.

  • That senior government officials are posting things deemed sensative to facebook? I mean, really? Let's hope they don't share launch codes with thier "inner circle" of facebook friends.. /sarc
    • Agreed! I'm on FB, but I don't post anything even remotely sensitive. Other than finding out when my last bowel movement was, there would be little point for a spy to "friend" me.

    • by Baloroth (2370816)
      I don't think personal details like these are considered "sensitive", exactly. It's pretty basic information that any spy (and most citizens, if so inclined) can find out with a few days worth of work. Facebook just makes it a lot easier, and also allows them to get more personal stuff they couldn't easily find, like pictures, which could be used to influence (bribe, extort, blackmail) them later. Which is why Facebook is pretty stupid overall: you never know what is going to come back and bite you in the a
      • by s.petry (762400) on Monday March 12, 2012 @01:48PM (#39328577)

        You obviously know little about how Social Engineering works if you believe that to be true. When I worked DOD it was recommended that we never post information to any Social network about where we worked, what we did for a living, who our co-workers were, etc.. This was not just for the protection of the Government, but also protection of your own family and friends.

        I no longer work DOD, but when I did I did not post on anything including /. with my credentials.

    • That senior government officials are posting things deemed sensative to facebook?

      Most of things mentioned aren't particularly sensitive, they are things that are public, or at least not security-sensitive though private-for-efficiency information that would usually take a little more effort for spies to compile.

    • Re: (Score:3, Funny)

      by travdaddy (527149)
      They mostly post battle plans for the next week. They say they're looking for suggestions but all they really want is compliments.
  • by Anonymous Coward

    There is no other way to communicate online other than facebook for government officials???

  • Seriously, why? (Score:5, Interesting)

    by Dynamoo (527749) on Monday March 12, 2012 @11:53AM (#39326679) Homepage
    Seriously, why do these people use Facebook anyway? It's just a massive security risk for people in that position, and presumably the only upside is they can post "Just nuked Tehran lol" on their wall when the balloon goes up..
    • Re:Seriously, why? (Score:5, Insightful)

      by Racemaniac (1099281) on Monday March 12, 2012 @12:01PM (#39326779)

      Because they are just people too. Who also want to stay in touch with friends & family?

      • if only. they're not just people. there is a world of difference between joe six-pack and a NATO officer in terms of privacy.
      • Re:Seriously, why? (Score:4, Insightful)

        by Dynamoo (527749) on Monday March 12, 2012 @12:12PM (#39326925) Homepage
        Because people in these high-profile and sensitive positions cannot expect life to be exactly normal. When the nature of the job means that you are advised to check under your car for bombs before you get in it, then a certain degree of caution is needed.
      • by Canazza (1428553)

        There's keeping in touch with friends and family and then there's checking in using 4Square when meeting with the President. A FB Page, in regards to a high-ranking official, should be kept separate from their working lives. No posting of your movements, no friending your colleagues unless you've met them and agreed to before hand (infact, that's common sense when it comes to FB normally).
        The fact that this Admiral, out of the blue, adds them to FB and they don't bat an eyelid or even think to pick up the p

  • I thought in this day and age, people (especially, ya know, important, educated people) would realize that doing things online is
    the same as doing them in public... except there's always a fly on the wall...
    a very smart fly... that never goes anywhere... and is a chatty cathy.
    • sorry for the double post, couldn't edit the previous, YES i know he was "tricked", my point was
      what are they doing putting anything useful on social networking sites to begin with?
      I would think with the way OUR military likes to do things, facebook would be a big no no.
  • Unknown Hackers? (Score:5, Insightful)

    by JustinFreid (1723716) <mail@justinfreid.com> on Monday March 12, 2012 @11:55AM (#39326705) Homepage

    Registering for Facebook with a fake name hardly qualifies as hacking.
    Surprisingly, the headline is more accurate than the story.

  • As I'm getting older I'm starting to value my privacy more and more. So... I deleted all my friends, posts, and pictures on facebook and renamed my name to a fictitious character. As I'm getting older I value my privacy. If I want to talk about something I'll wait until I see them. I don't need everyone knowing my business. I think all of us here should do the same. Too many people are addicted to facebook. It's an illness. Do you have any idea how many work colleagues hit facebook during work ho
  • by DontBlameCanada (1325547) on Monday March 12, 2012 @11:58AM (#39326733)

    Too bad you won't say "goodbye!". This is another example of s*** floats to the top in government, military and business.

  • by MetalliQaZ (539913) on Monday March 12, 2012 @12:00PM (#39326763)

    ...I do not think it means what you think it means. Fake Facebook profile == "hacker"?

  • by rs1n (1867908) on Monday March 12, 2012 @12:03PM (#39326819)
    While hindsight is 20/20, common sense should have prevailed when it comes to Facebook and security. Social networks should, on a general basis, be banned from all parts of the government in which security _could_ be an issue.
    • by PPH (736903)

      banned from all parts of the government in which security _could_ be an issue.

      Its not an issue of NATO officials using social networks at work vs home. Its one of revealing personal or family movements to foreign intelligence agents. Someone being deployed overseas, or attending a secret meeting can inadvertently reveal this when they post changing contact details. Or when their kids start posting photos of their friends at the new expatriate school.

      • by rs1n (1867908)

        banned from all parts of the government in which security _could_ be an issue.

        Its not an issue of NATO officials using social networks at work vs home. Its one of revealing personal or family movements to foreign intelligence agents. Someone being deployed overseas, or attending a secret meeting can inadvertently reveal this when they post changing contact details. Or when their kids start posting photos of their friends at the new expatriate school.

        The emphasis on _could_ was intentional, and in fact was meant to include what you've described.

  • by Anonymous Coward

    Are you sure they are spies but not some spammers?

    I guess anyone talking to one of these official would very well be labeled as spies.

  • Big Deal (Score:3, Insightful)

    by travdaddy (527149) <travo&linuxmail,org> on Monday March 12, 2012 @12:05PM (#39326841)
    Email addresses, phone numbers, family members? Those officials probably give out the same information when they sign up for customer appreciation cards.
  • Tweet: I am accessing hi-security government documents right now.
    Tweet: I am posting them online - please no-one look at them
    Tweet: They are located at xafdsfd.fdsfdsfds.com please do not go there.
    Tweet: They are not password protected so please don't open them.

    • I'd like to follow you on Twitter. My name is "Not_a_Spy" so obviously I'm a good guy. And I promise I won't look at those documents...scouts honor.
  • No damage (Score:3, Interesting)

    by Hentes (2461350) on Monday March 12, 2012 @12:20PM (#39327031)

    Their personal information is their property, and they are free to share with with the rest of the world. As long as they don't post sensitive military information on Facebook, there is no damage done.

    • by rs1n (1867908)
      This is disputable. Your personal information may be considered a security risk and need to be kept private -- possibly even for your own safety. For example, your spouse may work for the CIA, and your spouse may not even have a Facebook account. However, the "enemy" tracking your spouse would find some very useful information about your address should they happen to know that their target is also married to you. Then you post something like "*sigh* my husband/wife will be gone again, and I'll miss him/her
  • I'm not sure if the Chinese are better at spying, or just get caught more often.
    • I'm not sure if the Chinese are better at spying, or just get caught more often.

      That would suggest they're worse at spying, not better.

      Alternately, Western media reports on Chinese spys getting caught but not Western spies.

  • The article's headline and teaser lines mention Chinese spies, but the article itself provides nothing to back up this claim. Where are they getting this information from?
    • FTA:

      NATO officials are reluctant to publicly state who was behind the attack, but The Telegraph [telegraph.co.uk] says China is to blame. The publication quotes classified briefings in which military officers and diplomats were told the evidence pointed to “state-sponsored individuals in China.” The Guardian [guardian.co.uk] agrees, quoting a security source who says “the belief is that China is behind this.”

  • by Ambitwistor (1041236) on Monday March 12, 2012 @12:25PM (#39327105)

    +1 thumb up

  • A friend of mine who retired from CIA after 26 years once told me that his family was only happy for six of those years... and not six consecutive years. Cut off from family and friends back home and in contact only by letters and the occasional "home leave" of a month or two, he was trying to fit back in to the country he spent his life trying to serve (back in the days when the Agency was less of an operational force and more of an intelligence gathering organization). I can see how Facebook would have made their lives more enjoyable with all the family and friends news (and even minutia). I'm sure it's a security risk par excellance but I can certainly understand why they'd do it. And I can especially understand why a wife, stuck inside an apartment in Djibouti trying to order six months of canned food from Denmark, might.

    I don't expect Slashdot readers to grok it, though.

  • This just shows that the top 1% who run this world are a bunch of idiots. No wonder the world is such a mess!
  • I was once friends with General Marriott Suites.
  • When the other side used prostitutes, drugs, money, and various other ways of extracting secrets!
  • that not everyone who claims to be your friend is really your friend! Shit, and it took some Chinese chicks offering blow jobs before he spilled his secrets. Also, there is a huge tendency in many of these agencies to over classify everything. Good thing he really didn't know any!!
    I heard that the security team at Los Alamos wanted to classify a Soviet scientist's presentation! I guess someone had to point out that it had already been leaked to the USA.

One man's "magic" is another man's engineering. "Supernatural" is a null word. -- Robert Heinlein

Working...