Since anyone can sign up for Facebook, Myspace, Twitter, LinkedIn etc and can use fake information, what is preventing someone from creating a fake profile or Doppelgänger of the target? If the target person is really well known then the Doppelgänger will have no problem collecting lots of friends under false pretenses. The possibilities are endless for what the Doppelgänger could do in this position now.
The above scenario was tested when Shawn Moyer created a fake twitter profile for Gadi Evron, a security specialist. A fake profile on LinkedIn was also created for Marcus Ranum the CTO of Tenable Security. The potential for abuse is clear. From the article:
Moyer noted that on any given social network there are what he called, "linkwhores." These are people that will accept friend connections from anyone else. So the researchers sent out friend requests to people based on a Google search for people that had security in their profiles. Moyer claimed they had more than 50 connections within 24 hours. They also got invites from other people, among them was Ranum's sister who was also fooled by the bogus profile.
The security researcher did the same trick on Twitter for noted security researcher Gadi Evron. Moyer claimed that the bogus Twitter profile actually received an interview request from a journalist who was looking for a source to talk about the Kaminsky DNS flaw.
So perhaps some online presence is better than none. What do you think?
No comments:
Post a Comment