RSS feed Get our RSS feed

News by Topic

BizReport : Internet : August 31, 2010

I.T. security employees let down guards on socnets

When Internet security firm BitDefender tried to befriend total strangers on a large social networking site using a fake profile, they found that the vast majority were happy to associate with a stranger - even IT bods.

by Helen Leggatt

When BitDefender set up a fake social networking profile and approached 2,000 total strangers to be a "Friend" they found an astonishing 94% accepted the request without knowing who they were befriending.

The random selection of strangers consisted of 1,000 men and 1,000 women aged between 17 to 65 across a wide range of professions and interests.

The fake profile was that of a "fair-haired woman, aged 21, acting as a very, very naïve interlocutor" which may account for over half (53%) of the strangers citing her "lovely face" as their reason for accepting the friend request.

Other reasons cited for accepting the friend request include:

- 24% said it was "a person that works in the same industry"

- 17% said it was "a known face - but I don't remember the place we've met"

- 6% said it was "an interesting profile"

Interestingly, more than 86% of the users who accepted the fake profile's friend request work in IT, an industry which has always been wary of social networking security. In fact, 31% of the friend accepters work in IT security.

BitDefender took the experiment a bit further by selecting 20 of the strangers with which to strike up an online conversation. Again, the experiment revealed that the most vulnerable users appeared to be those working in the IT industry.

After a half an hour conversation, 10% of them had disclosed personal information such as their address, phone number, and mother's maiden name information usually used in recovery passwords questions. After a 2 hour conversation, almost three-quarters (73%) revealed potentially confidential information about their workplace, such as future strategies, plans, and unreleased technologies/software.

"The puzzling reaction of IT security employees confronted with possible privacy threats, such as those described in the experiment, contradicts, to some extent, the general attitude towards such issues, as almost all security companies lay stress on the risks associated with social networks," said Sabina Datcu, BitDefender E-Threat Analysis and Communication Specialist, and author of the report "Social Networking and the Illusion of Anonimity" (.pdf).

"In other words, it seems like policies and regulations simply disappear exactly in an environment where they supposedly are stricter than elsewhere."

Tags: personal data, security, social networks

Subscribe to BizReport



Copyright © 1999- BizReport. All rights reserved.
Republication or redistribution of BizReport content is expressly prohibited without the prior written consent.
BizReport shall not be liable for any errors in the content, or for any actions taken in reliance thereon.