By: Brian Prince, SecurityWeek
It was not a particularly creative way to conduct espionage, but the world of cyber-spying isn’t a science fair.
During the weekend, it was reported that senior military and government officials had been duped into Facebook ‘friending’ someone pretending to be U.S. Admiral James Stavridis, NATO’s Supreme Allied Commander in Europe. The ruse is reputed to be the work of Chinese hackers interested in gathering email addresses and other minor tidbits of information from whoever they could. Facebook took the fake account down as soon as it was discovered, but the situation underscores a central problem that has always plagued social networks – proving the authenticity of the user.
“The problem is that most Facebook profiles are unverified,” said Graham Cluley, senior technology consultant at Sophos. “That's not just a problem on (Facebook); it's an issue for other social networks too. Even if you do link up with a genuine profile, you can't always be sure that it's the real person talking to you as their account could have been compromised.”
For corporations, losing control of their identity on social networks can be an issue not only of corporate espionage, but also brand damage. Last year for example, the shopping site Dealzon accused online auction site Grabswag.com of stealing its identity and posting fake spam ads on Facebook. Anyone that clicked on the ads was directed to Grabswag’s site. Dealzon has said the company was flooded with hate mail from angry customers as a result.