Chinese Spies Used Fake Facebook Profile To Friend NATO Officials 117
An anonymous reader writes "Late last year, senior British military officers, Defense Ministry officials, and other government officials were tricked into becoming Facebook friends with someone masquerading as United States Navy admiral James Stavridis. By doing so, they exposed their own personal information (such as private e-mail addresses, phone numbers, pictures, the names of family members, and possibly even the details of their movements), to unknown hackers."
Re: (Score:2)
Atlantic Fleet/F&M/200+
Facebook is secure against hackers? (Score:5, Insightful)
Who knew that if you weren't friends with someone, they couldn't see your data. Hmm. Seriously though. Senior NATO officials have Facebook pages! Dumb! Their private information is on those Facebook pages? Dumber...
Re:Facebook is secure against hackers? (Score:5, Insightful)
Who knew that if you weren't friends with someone, they couldn't see your data. Hmm. Seriously though. Senior NATO officials have Facebook pages! Dumb! Their private information is on those Facebook pages? Dumber...
Ah, no, Mr. Johnson happens to have a Facebook page. Mr. Johnson also happens to be married to Mrs. Johnson, and has two children and a dog. Mr. Johnson also happens to live in XYZ, America. Mr. Johnson also happens to have an email address, yes. And ALL of this information is probably public record and can be sourced from MANY different locations online anyway, so it's hardly "private information".
The fact that Mr. Johnson also happens to be a "Senior NATO official" isn't a sign of being dumb or dumber, unless it explicitly is against Government regulation, and since Facebook has pretty much always been approved for use by Government employees, I seriously doubt it's against policy to have an account while serving.
The only thing that would likely be an issue for OPSEC for certain personnel performing certain duties would be record of movement to develop pattern analysis. Now, if you're broadcasting that information like the average 13-year old girl (i.e. every 47 seconds), then yes, that is being dumb regardless of your job. If that's an issue, might as well ban Twitter and Facebook for damn near every Government employee who holds a security clearance.
Re:Facebook is secure against hackers? (Score:4, Informative)
The trick does he seperate work from personal. The current trend in OS's is to combine everything into one. See windows 8, iOS, andriod etc.
So if you can hack one you have easy access to another. Also realize youhack a personal network. Then wait for a secure machine to join it( NATO laptop) and hack it, or at least monitor the VPN connection.
You use ones personal life to inflintrate secure work networks.
It is why i dont use facebook, etc.
Re: (Score:1)
Somehow I don't think the Senior NATO officials are OS-based...
Re: (Score:2)
Re:Facebook is secure against hackers? (Score:5, Funny)
NATO guide to Facebook:
Using Facebook for personal use is perfectly acceptable, however do not use the system from work or make work related updates.
Good status update: On my way home, looking forward to a nice home-cooked dinner.
Bad status update: Just got out of a long meeting, looks like Spain is going to have some trade difficulties soon.
Re: (Score:1)
They're both bad status updates. Information regarding the length of the meeting is still being leaked regardless of whether or not the meeting is explicitly mentioned.
If you're "on your way home" at 3 in the mornig, odds are somebody is going to have some trade difficulties soon. (An adversary can draw simila
Re: (Score:2)
I heard in my security class that during Gulf War I, some reporters correlated major strikes with the number of pizzas being ordered out late at night.
Re: (Score:2)
I heard in my security class that during Gulf War I, some reporters correlated major strikes with the number of pizzas being ordered out late at night.
Probably another post-hoc falacy.
Re: (Score:2)
Bad status update: I just ran over Bo! I think we might need to force a password update this month.
Re: (Score:1)
I just ran over Bo! I think we might need to force a password update this month.
LOL
Re: (Score:2)
Re: (Score:2)
Remember, you need to pay trillions of dollars in taxes for defense, so the idiots we put in charge of defense can friend enemy spies on Facebook.
Re:Facebook is secure against hackers? (Score:5, Interesting)
And even if you are friends with someone it doesn't mean they can see your data.
At one point of time Facebook in the "confirm friend request" step let you add friends straight to a friend list of your choice. You could lock down that friend list really tight, so that they couldn't see much, while you _might_ be able to see their data (and thus decide whether "Spongebob" is really someone you know). Doesn't seem possible now. You have to add them as friend first then move them to the restricted list. So there's a window of opportunity for them to get the data out. If I'm wrong about this do tell me how to do it.
But no matter what privacy "controls" and "promises" Facebook provides, Facebook can see all the data and actions, so NATO officials shouldn't be exposing confidential data and actions to FB. Especially since some of that data may be passed to people outside the USA whether by apps/partners or by people who are paid to moderate stuff: http://www.telegraph.co.uk/technology/facebook/9118778/The-dark-side-of-Facebook.html [telegraph.co.uk]
Re: (Score:2)
That feature disappeared for a short while, but it's back now. Whenever I confirm a friend request or request friendship, it immediately lets me put them onto a list.
It even does this on the limited mobile web version, too.
Re: (Score:2)
Re: (Score:2)
If I recall correctly, I see the option immediately after accepting the request.
It's a pull-down menu but I don't recall what it says. I think "Add to List" but I could be wrong.
Re: (Score:2)
That's as I said:
You have to add them as friend first then move them to the restricted list. So there's a window of opportunity for them to get the data out.
Re: (Score:2)
Well sure, like 5 seconds. Okay.
Re: (Score:2)
Actually senior officials having facebook pages really doesn't matter. Once you get up high enough it's pretty hard to keep hidden who or what you are in peacetime. It's simply not practical, because you still have to drive your kids to school, and buy groceries.
There's probably a middle level, people who are actively involved in doing direct work that you don't want being paraded around publicly. But if you get called into congressional meetings (or called before parliament), if you have a press officer
People are dumb (Score:5, Insightful)
Social engineering FTW ... again.
Anyone else not comfortable (Score:2)
Re: (Score:3)
Agreed! I'm on FB, but I don't post anything even remotely sensitive. Other than finding out when my last bowel movement was, there would be little point for a spy to "friend" me.
Re:Anyone else not comfortable (Score:4, Funny)
And you post that to facebook ? No wonder you don't have any friends!
Re: (Score:2)
And you post that to facebook ? No wonder you don't have any friends!
Exactly, that is the kind of thing you tweet, so they can call ytou and get that great echo effect provided by public restrooms.
Re: (Score:1)
Re:Anyone else not comfortable (Score:5, Informative)
You obviously know little about how Social Engineering works if you believe that to be true. When I worked DOD it was recommended that we never post information to any Social network about where we worked, what we did for a living, who our co-workers were, etc.. This was not just for the protection of the Government, but also protection of your own family and friends.
I no longer work DOD, but when I did I did not post on anything including /. with my credentials.
Re: (Score:2)
The code some idiot puts on their luggage
Gratuitous Spaceballs reference I take it?
Re: (Score:2)
Most of things mentioned aren't particularly sensitive, they are things that are public, or at least not security-sensitive though private-for-efficiency information that would usually take a little more effort for spies to compile.
Re: (Score:3, Funny)
Really (Score:1)
There is no other way to communicate online other than facebook for government officials???
Re: (Score:1)
Everyone knows Facebook is the new internet communications channel, gah!
Re:Really (Score:4, Funny)
Seriously, why? (Score:5, Interesting)
Re:Seriously, why? (Score:5, Insightful)
Because they are just people too. Who also want to stay in touch with friends & family?
Re: (Score:1)
Re:Seriously, why? (Score:4, Insightful)
Re: (Score:3)
There's keeping in touch with friends and family and then there's checking in using 4Square when meeting with the President. A FB Page, in regards to a high-ranking official, should be kept separate from their working lives. No posting of your movements, no friending your colleagues unless you've met them and agreed to before hand (infact, that's common sense when it comes to FB normally).
The fact that this Admiral, out of the blue, adds them to FB and they don't bat an eyelid or even think to pick up the p
Re:Seriously, why? (Score:5, Insightful)
It all depends on what you post there.
No that is the problem it depends on what YOU post there and what everyone you are FRIENDS with post there.
Maybe you don't post your going on vacation for week because you don't would be crooks to know for sure you are not at your house. Your girlfriend however is not so careful and or does not much care about her apartment. She posts she is out of town for the week and than tags you in some photos at the beech from her mobile.
Now anyone in either of your circles has a pretty good idea YOU are out of town. This is problem. Someone with an 'in' could be at the friend of friend level, depending on not just YOURS but your FRIENDS privacy settings and some time to pick through the site and workout relationships (even if the info is not shared, they could do it through pictures etc, odds are the girl with your arm around her waste is wife or girlfriend not a sister, etc) can derive lots of information based on what others post that YOU never shared.
Re: (Score:1)
I would also hope none of my colleagues are dumb enough to post "On super secret recce-mission with *name*, lol. Location: Afghanistan"
You have a point though, that facebook can be used to collect quite a lot of information, thats why its important to be aware of these issues, to keep sensitive stuff off it. And/or use a fake surname.
Re: (Score:1)
> Depending on your privacy settings you can limit tagging. You are a fool if you actually believe that works.
How? If I turn off location tagging, how can I possibly be tagged at a location?
Re: (Score:2)
Or, even easier...just don't have any FaceBook accounts.
I've never had one, never will....and my social life and communication with my friends hasn't suffered a bit.
Re: (Score:1)
Seriously? (Score:1)
the same as doing them in public... except there's always a fly on the wall...
a very smart fly... that never goes anywhere... and is a chatty cathy.
Re: (Score:1)
what are they doing putting anything useful on social networking sites to begin with?
I would think with the way OUR military likes to do things, facebook would be a big no no.
Unknown Hackers? (Score:5, Insightful)
Registering for Facebook with a fake name hardly qualifies as hacking.
Surprisingly, the headline is more accurate than the story.
Re:Unknown Hackers? (Score:4, Informative)
> Surprisingly, the headline is more accurate than the story.
More accurate than the submission, you mean. TFA (I'm new here) actually addresses that point:
This type of compromising attempts are called 'Social Engineering' and has nothing to do with 'hacking' or 'espionage', a SHAPE spokesperson said in a statement.
Re: (Score:1)
Story was meant to refer to the submitter's description, not the source article.
I can see how you could have taken it to mean the article.
Welcome to Slashdot. I'm old here.
Re: (Score:2)
Abstruse Goose [abstrusegoose.com]
I deleted my FB account 3 months ago (Score:1, Interesting)
You are the weakest link... (Score:3)
Too bad you won't say "goodbye!". This is another example of s*** floats to the top in government, military and business.
You keep using that word... (Score:3)
...I do not think it means what you think it means. Fake Facebook profile == "hacker"?
I'd fire them (Score:3)
Re: (Score:2)
banned from all parts of the government in which security _could_ be an issue.
Its not an issue of NATO officials using social networks at work vs home. Its one of revealing personal or family movements to foreign intelligence agents. Someone being deployed overseas, or attending a secret meeting can inadvertently reveal this when they post changing contact details. Or when their kids start posting photos of their friends at the new expatriate school.
Re: (Score:2)
banned from all parts of the government in which security _could_ be an issue.
Its not an issue of NATO officials using social networks at work vs home. Its one of revealing personal or family movements to foreign intelligence agents. Someone being deployed overseas, or attending a secret meeting can inadvertently reveal this when they post changing contact details. Or when their kids start posting photos of their friends at the new expatriate school.
The emphasis on _could_ was intentional, and in fact was meant to include what you've described.
spies? (Score:1)
Are you sure they are spies but not some spammers?
I guess anyone talking to one of these official would very well be labeled as spies.
Big Deal (Score:3, Insightful)
Twitter: (Score:2)
Tweet: I am accessing hi-security government documents right now.
Tweet: I am posting them online - please no-one look at them
Tweet: They are located at xafdsfd.fdsfdsfds.com please do not go there.
Tweet: They are not password protected so please don't open them.
Re: (Score:1)
No damage (Score:3, Interesting)
Their personal information is their property, and they are free to share with with the rest of the world. As long as they don't post sensitive military information on Facebook, there is no damage done.
Re: (Score:2)
Better at spying (Score:1)
Re: (Score:1)
I'm not sure if the Chinese are better at spying, or just get caught more often.
That would suggest they're worse at spying, not better.
Alternately, Western media reports on Chinese spys getting caught but not Western spies.
Chinese? (Score:2)
Re: (Score:3)
NATO officials are reluctant to publicly state who was behind the attack, but The Telegraph [telegraph.co.uk] says China is to blame. The publication quotes classified briefings in which military officers and diplomats were told the evidence pointed to “state-sponsored individuals in China.” The Guardian [guardian.co.uk] agrees, quoting a security source who says “the belief is that China is behind this.”
Hu Jintao likes this (Score:3)
+1 thumb up
Even CIA officers have families... (Score:5, Informative)
A friend of mine who retired from CIA after 26 years once told me that his family was only happy for six of those years... and not six consecutive years. Cut off from family and friends back home and in contact only by letters and the occasional "home leave" of a month or two, he was trying to fit back in to the country he spent his life trying to serve (back in the days when the Agency was less of an operational force and more of an intelligence gathering organization). I can see how Facebook would have made their lives more enjoyable with all the family and friends news (and even minutia). I'm sure it's a security risk par excellance but I can certainly understand why they'd do it. And I can especially understand why a wife, stuck inside an apartment in Djibouti trying to order six months of canned food from Denmark, might.
I don't expect Slashdot readers to grok it, though.
Re: (Score:2)
I apologize if this is a personal question, but, just out of curiosity, why did you friend serve for 26 years if it made his family unhappy?
First of all, it's difficult to look for a job when you're in Djibouti (I don't think he was... but he did serve in some seriously nasty places). It's also not easy to leave if you are, like most CIA staffers, overseas most of the time... you don't have a lot of US contacts (because you don't live in the USA) and you don't have a base of operations. Thirdly, you might not find it surprising to discover that there is not much of a one-to-one mapping of job requirements for a former CIA officer moving into t
Proof that NATO is run by IDIOTS (Score:2)
That's nothing... (Score:1)
Chinese Spies == Unknown Hackers (Score:1)
Well, obviously.
Whatever happened to the good old days (Score:1)
Didn't you learn in high school (Score:1)
I heard that the security team at Los Alamos wanted to classify a Soviet scientist's presentation! I guess someone had to point out that it had already been leaked to the USA.
Re:oh boy (Score:4, Insightful)
Please dont misrepresent this. These government people are at fault here for being stupid.
Re: (Score:1)
We've identified the problem (Score:2)
==> NATO officials... with Facebook accounts...
Oh. My. God.
Re:oh boy (Score:4, Informative)
I don't.
I don't have any FB accounts at all...fake or real.
Keeps things neater that way....
Re: (Score:2)
Re: (Score:1)
Maybe if she had a neon sign on the roof that said "Good Rapin' inside".
Re: (Score:1)
Re: (Score:2)
Close, but not quite. Facebook is evil and stupid; but so is NATO, and that's why they signed up ^^