The growing use of social networking sites is leaving PC inadvertently open to identity thieves warned Hugh Thompson, chief security strategist at People Security.
Speaking at the RSA Europe Conference, Thompson said that people were unaware just how many clues they left for fraudsters. He said such carelessness was fuelling the rise of cybercrime. He told the conference about the way he managed to access one of his wife's friend's bank account in a couple of hours using publicly available data - a process that he had previously documented in a Scientific American article. He warned that most people's private accounts could be accessed in this way.
He identified three types of ways in which public data could be misused: direct use, where public data is converted; and what he called "amplification gateway data" where public data is converted to private data by using additional data. "For example," said Thompson, "fraudsters using the first four numbers of a credit card number to extract the remaining numbers."
The third technique was drawing on collective intelligence and correlating publicly available information, as an example, he cited the appearance of 10 senior executives all seeking recommendations on LinkedIn at the same time - "if you see one manager, that tells you that someone's job-hunting, 10 tells you something about the company - perhaps it's in trouble, perhaps there's going to be a takeover"
Thompson exhorted delegates to carry out their own self-hygiene tests. "Spend an hour on Google searching your own name and see what information is available. Old resumes are particular wealth of information. He said that the ‘reset your password' facility was also a security weakness, pointing out the way that Sarah Palin's webmail account was subverted last year was by resetting the password through the use of publicly available information,
He pointed out that users should take on greater responsibility to help reduce cybercrime. He said that consumers should look beyond traditional security measures and be aware of the amount of information that they were leaving scattered on the web.