Want to stay secure on Facebook, Twitter? Lie!
27th May 2009 | 11:50
Sophos' Graham Cluley says false personal info is best
Sharing too much information
Telling lies is the best form of security on social networks. That's according to Sophos' Senior Technology Consultant Graham Cluley in an exclusive interview with TechRadar.
"One of the things we've been saying is to start lying. On Facebook, it asks you for your date of birth - under the terms and conditions you're not allowed to lie.
"I say 'screw them' and lie about [your] date of birth. I don't trust them to look after it, they revealed it once before."
And he says this preventative attitude applies to other areas, too. "With my online bank I lie about my mother's maiden name. But people feel compelled to tell the truth all the time.
"And it's like, first of all you don't need to fill in all those fields quite often and secondly, don't tell the truth. And that way, if they screw up or you're careless, who cares?"
Cluley is a popular and well-versed expert within the security industry and is known for his quotable repartee. "Social networks have shown to us that they can't be trusted. They have messed up on a number of occasions," he says. "Ultimately you can only trust yourself."
Don't share too much on Twitter
As well as social networks such as Facebook and LinkedIn, his advice also extends to Twitter. But, he says, common sense should be the top tool at your disposal.
"There was a US Senator in a helicopter above Baghdad saying 'hey isn't it great, I'm above the presidential palace.' And you think 'you twat.' What a stupid thing to do - not only endangering his own life, but the people protecting him as well. People aren't thinking about the consequences of what they're doing and the way in which that information can be used."
People share too much information. "I had a friend the other day that told everyone on Twitter that he was 34. And I said, 'hey you know what you've done, you've revealed your precise date of birth'. If you go on Twitter and search for 'birthday today' you'll find thousands of people revealing their precise date of birth...obviously a useful tool for identity thieves."
And he believes people should be more aware – but it's not necessarily their fault. "Fundamentally we are cavemen and haven't evolved. If we could roll out a security patch for people's brains, then maybe we would be worthy of living in the 21st century with computers," he says. "We are Neanderthal man who's been given a ZX81 and told to get on with it. We haven't a clue on how to properly protect ourselves; we're having too much fun pretending to be zombies or talking like a pirate."
Cluley adds that people can give things away simply by changing details on a site like LinkedIn. "But put your hacker mind on for a second and think ok, basically I can get a corporate directory of a firm from LinkedIn. I can find out who the head of HR is and forge an email claiming to come from them to a new recruit and get them to [reveal corporate information]. There's lots of things like that which you'd do completely innocently and not realise the repercussions.
"One of the things the bad guys want to do is that they want to become friends with you. Maybe your friends on Facebook are slightly different than on Twitter. I can then create an account [to fill that gap] and get inside your circle," says Cluley.
"All of these jigsaw pieces come together and it all begins to unravel. People are so much more willing to click on links on social networks. You can't really trust on a social network. If it's typed, you can't be sure it was written by [your friends]," he says.
But Cluley believes Twitter can be a very useful tool. "Twitter has purpose, where Facebook didn't really. However at the moment it feels like it's held together with pipe-cleaners and tin cans. Frankly they've probably been amazed by their growth. I'm sure they've got lots of issues. It does have a business purpose and that's going to make it interesting in the future.
"Of course, the criminals are going to go there too. You're out there in the plains of the Serengeti and the zebras are going to the water. And the lions are thinking, 'let's go there.' So the criminals are doing the same," he adds.
Do social networks have a place at work?
Do social networks have a place at work?
Cluley believes businesses also need to be careful when dealing with social networks, and encourage their employees to do the same. "We asked security minded people, have you been spammed on a social network. 33 per cent said yes. Have you received malware on a social network or been phished? 21 per cent said yes. There is a very real threat, a reasonable number of people now. Imagine if they were 19 or 20 year-olds entering your company now, spending longer on these social networks."
"So there are real risks to companies and one of them is that 40 per cent of people use the same password for everything they do. So if they know the name of your first pet, or they know your stripper name which reveals your mother's maiden name – you know..."
But Cluley warns against blanket bans for social networks within over-sensitive companies. "If the web and email were invented today, most [security people] would say 'you know what, we don't want it.' We live in an age where if you want to connect with new customers and monitor your brand, you've got to be on social networks...it would have drawbacks...just try to make it more secure."
And that should remain the case even where there are productivity concerns. "There are people that are Facebook crack addicts basically, constantly talking like pirates or biting each other as vampires rather than doing their work. I can understand [wanting to prevent this] entirely, and you might want to monitor how long people spend on these sites. But it would be a mistake to think that's the only issue here."
Fundamentally, Cluley believes attitudes need to change. "I think people view [social networking] as a huge playground and treat their computer as their own. We call them personal computers, but they're connected to the entire world. People have got the wrong kind of attitude.
"They type things they'd never say through a megaphone in Leicester Square and post them onto the internet."
Liked this? Then check out 20 cool Twitter mashups
Sign up for TechRadar's free Weird Week in Tech newsletter
Get the oddest tech stories of the week, plus the most popular news and reviews delivered straight to your inbox. Sign up at http://www.techradar.com/register