Monday, January 17, 2011

Life in the FaceBook Fish Bowl... A lesson in Security

This story is about both a hacker who abused people and in many cases caused damage that's impossible to repair and people who were foolish in what they allowed to be kept on line and potentially available for a hacker to obtain.

For to see someone's reputation destroyed by another with information they obtained by stealth or even just their being embarrassed in front of family, friends, and co workers is a tragic thing. And while this story again shows the dangers of not keeping safety and security in mind it's not the whole story.

As it's a story that also shows the danger of leaving photos or data on line that could prove damaging or embarrassing. Remember it's always possible that someone can break into any site or service. And of course there is also the chance of a mistake by a site or service provider that allows access to an account by someone with bad intentions.

So we see both the value of strong passwords and being careful of what you use as a security question as well as the use of good judgment as to what you leave "lying around" on line. Both are vital pieces in any online security and privacy strategy.

Just let this story serve as a wake up reminder of the dangers and pitfalls that not only FaceBook but all social networks expose us too. Keeping your passwords secrete and strong helps but so does not having incriminating or damaging things available to hackers if they do get into your accounts.

Amplify’d from

Calif. man used Facebook to hack women's e-mails

SACRAMENTO, Calif. – In a cautionary tale for users of social-networking sites, a California man has admitted using personal information he gleaned from Facebook to hack into women's e-mail accounts, then send nude pictures of them to everyone in their address book.

The California attorney general's office said Friday that George Bronk, 23, commandeered the e-mail accounts of dozens of women in the U.S. and England. He then scanned the women's "sent" folders for nude and seminude photos and videos, and forwarded any he found to all the women's contacts, prosecutors said.

Bronk coerced one woman into sending him more explicit photographs by threatening to distribute the pictures he already had. One victim told authorities the intrusion felt like "virtual rape."

Bronk, who lives in the Sacramento suburb of Citrus Heights, pleaded guilty Thursday to seven felonies in Sacramento County Superior Court, including computer intrusion, false impersonation and possession of child pornography.

Prosecutors said Bronk would scan women's Facebook accounts looking for those who posted their e-mail addresses. He would then study their Facebook postings to learn the answers to common security questions like their favorite color or father's middle name.

He contacted the women's e-mail providers and used the information to gain control of their accounts. He also often gained control of their Facebook accounts by hijacking their passwords, then posted compromising photographs on their Facebook pages and other Internet sites.

Investigators found 172 e-mail files containing explicit photographs of women when they searched Bronk's computer in September, according to a court affidavit. They were able to track his victims to England, Washington, D.C., and 17 states: Alabama, Arizona, California, Georgia, Illinois, Iowa, Kansas, Louisiana, Massachusetts, New Hampshire, New Jersey, New York, Ohio, Oregon, Texas, Virginia and Washington.

Piscak said one of her friends alerted her that nude photographs she had sent privately to her husband were posted on her Facebook page last fall. Facebook removed the photos the next day.

"I have a network of like 1,500 people, so they all saw my pictures. So my graduating class of 2007 saw that. I'm in the military, so all my army friends saw that," Piscak said. She had to explain the embarrassing situation to her family and husband, from whom she is separated.

Piscak used a different e-mail account to contact the person who had hacked her page.

"I said, 'Why are you doing this?' and he said, 'Because it's funny,'" Piscak said in a telephone interview. The Associated Press does not identify victims in sex cases as a matter of policy, but Piscak gave permission for her name to be used. She also said she has agreed to tell her story on a nationally televised talk show.

Piscak said she fears the postings could harm her future in the military and her plans for a career in criminal justice, though most people who saw the photos were understanding.

A second victim, Stephanie, 24, of Los Angeles, said she, the FBI and other authorities tried for seven hours to remove an album of 10 photographs that Bronk posted on her account before Facebook took it down.

"Then he wrote just crass, racist, disgusting comments on people's walls that I was friends with," said Stephanie, who did not want her last name used for fear the story could harm her career. She said she felt violated, "kind of a rape-like situation."

Stephanie said she originally had sent the private photos to a boyfriend, only to have them seen by her college professors and co-workers.

Both of the victims, along with Bronk's attorney, said Facebook should have caught Bronk's activities more quickly. Facebook spokesmen did not return telephone or e-mail messages Friday.

Bronk began his hacking in December 2009, prosecutors said. He will have to register as a sex offender because of his guilty plea.

Investigators caught on after a victim called Connecticut State Police, which referred the complaint to the California Highway Patrol. They used information from Bronk's confiscated computer to e-mail questionnaires to 3,200 of his Internet contacts, asking if they had been victimized.

Forty-six women said they had. Bronk was arrested in October and remains jailed on $500,000 bond.

The attorney general's office advised those using e-mail and social-networking sites to pick security questions and answers that aren't posted on public sites, or to add numbers or other characters to common security answers. Additional safety tips are on the California attorney general's website.


No comments: