“Now each one of you please turn to the person sitting next to you,” Stefan Tanase told his audience, “and tell him or her the colour of the underwear you are wearing today.”
He paused, smiling at the shocked inaction in the audience, before resuming his address. “None of us would share such intimate details with strangers — in the real world. But unfortunately what is happening in the social network world is a different story.”
Stefan knows a thing or two about the dangers of careless mouse-clicks. He is a ‘Senior Security Researcher' with Kaspersky Lab, the $390-million Russian cyber security company. And he is “alarmed” at the indiscriminate, indiscreet abandon with which people put details about themselves on the social media.
In his address to a group of journalists in Moscow recently, he recalled an instance when some girls discussed the colour of their bra on Facebook — though in an innocuous context of the connection between the colour of the garment and incidence of breast cancer. The perspicacious Romanian has a good fix on the problem. As human beings, he says, we trust our friends.
The perception about social media is that it is a hangout for friends, so anyone you meet there is a friend. But there are criminals out there. The ‘friend' you just met in cyberspace may actually be an infected computer, programmed to send you links that will download malicious software on you. And what's worse, you may not even be aware that you are being compromised.
The world has come a long way since the time when whiz kids wrote vandal viruses for fun. Today, generating malicious software is big-buck business, which has moved into theft of identity and thereby bank account, into corporate espionage and into high-level diplomacy. (Remember Munk School reports about China stealing India's Defence secrets?)
Earlier, collecting information about an individual for the purpose of compromising him was relatively more difficult. Today the ‘recon part', as Stefan calls it, is a lot easier thanks to the social media.
He recalls another instance when a robbed couple said in a TV interview that they were surprised that thieves knew they were away, when they had not told anyone of their vacation. “We had just put it on Twitter,” they said.
So, the moral of the story is “keep away from the likes of Facebook”, is it ? No, says Stefan, “because it is unrealistic” but advises caution before clicking on a link. People are more likely to click on a link if it is received from a friend, compared with random spam mail, but therein lies the danger because you don't know if the link is really from the friend or not.
Mark Kelly, Chief Security Officer of Facebook, has been quoted as saying that he would “only add people that I have met in real life, twice.” At least, take the precaution of cut-pasting the link elsewhere and then clicking on it. Of course, it is always useful to keep an updated anti-malware to guard you.
There, again, is the danger of one falling into the trap of a rogue anti-virus software, offered free over the Internet. The rogue AV, actually a malicious software itself, will probably tell you that you cannot run two anti-virus software on your computer at the same time. There have been instances when people have uninstalled their regular anti-malware and got themselves rogue AV and got into trouble.
Stefan calls for raising the level of security awareness among the general public. Links holding malware come in sexy dresses — some couched in plainly amorous tempters, but also in the form of ‘news' that is of interest to you, such as ‘news' of a bomb blast in a city near you (geo-targeting) or something relating to your hobby (interest targeting) and the like. Here is where a genuine anti-malware would be of help.
Above all, circumspection is the name of the game — which is to exercise caution at every step.
Regardless of whatever protection you have, don't tell anyone on Facebook what you wouldn't want to tell the person sitting next to you in a conference.