Forgot your password?
typodupeerror
Crime Security Social Networks The Internet IT Your Rights Online

Interpol Chief's Identity Spoofed On Facebook 64

Posted by timothy
from the 304-other-criminals-liked-this dept.
An anonymous reader writes "Ronald Noble, Interpol's Secretary General, has revealed that cybercriminals have opened two fake Facebook accounts using his name and used them to gather sensitive information. 'One of the impersonators was using this profile to obtain information on fugitives targeted during our recent Operation Infra Red,' Noble said. 'This Operation was bringing investigators from 29 member countries at the Interpol General Secretariat to exchange information on international fugitives and lead to more than 130 arrests in 32 countries.'"
This discussion has been archived. No new comments can be posted.

Interpol Chief's Identity Spoofed On Facebook

Comments Filter:
  • I don't get it (Score:5, Insightful)

    by something_wicked_thi (918168) on Wednesday September 22, 2010 @02:41AM (#33659612)

    How does spoofing his identity on Facebook help? Was someone dumb enough to send confidential information regarding a criminal investigation to one of these spoof users via Facebook? Please tell me that's not the case. But the article is short on details and I can't think of any other way such a spoof would cause any kind of leak.

    • Re:I don't get it (Score:5, Insightful)

      by Nursie (632944) on Wednesday September 22, 2010 @02:55AM (#33659662)

      My thoughts exactly.

      If this scam actually netted them any info then whoever provided it needs to be hung out to dry. This is ridiculous in the extreme.

      • Hmmm (Score:3, Insightful)

        by object404 (1883774)
        Y'know, one thing to come of this is that it's probably a good idea to create accounts in social media/networking sites even if you'll never use them just to "reserve" your identity and to deter impersonators a bit, kinda like reserving domain names before cybersquatters bag them. Use a separate "throwaway" email account for them.

        That way, if someone creates a fake account in your name, if people see that there's more than one account which has your name, it will give them cause to suspect that one of th
        • Re:Hmmm (Score:4, Insightful)

          by Psaakyrn (838406) on Wednesday September 22, 2010 @04:20AM (#33659896)
          Too bad names aren't exactly the unique thing they are, not is it possible to determine what future site/media will be the next big thing, nor are all social media/networking sites free.
          • Re: (Score:2, Informative)

            by muzip (1220080)
            You're right that having a name alone is not enough. In order to show that you are indeed yourself, you have to provide a picture, some real information about yourself, and add some real friends... A double edged sword here.
            • Re: (Score:2, Insightful)

              by object404 (1883774)
              Well, better than having a sole impostor owning your name, no?
              • by iiiears (987462)
                pgp/gpg sig?
                • A digital signiture on it's own is only part of the puzzle for identifying an entity (wheter that entity is an individual or an organisation). You also need a way to determine that the key used to make that signiture really belongs to the entity in question.

              • Re: (Score:3, Insightful)

                by apoc.famine (621563)
                Quite possibly not. If I'm only lightly active on Facebook, and someone mentions something about it, I may not realize that they've been communicating with an impostor. If I don't use Facebook at all, and someone mentions friending me on it, I can tell them right away that that's an impostor.

                Someone isn't likely to dig me up without having a mutual friend on Facebook. If they see their friend friend me, and they know I'm not on facebook, or have never seen me there before, they're more likely to figure ou
        • by KlaymenDK (713149)

          it's probably a good idea to create accounts in social media/networking sites even if you'll never use them just to "reserve" your identity

          That's exactly what I've done in various places. The trouble is that there are so many slight variations that will fool all but the technically savvy and critical friends and contacts. And, you're still not safe, with all the news stories about hacked accounts and leaked password lists.

          • by poetmatt (793785)

            you might not be the only one to want a particular user name and/or to have the same name as you do (and spelled the same way and/or variations). Also you're essentially trying to copyright your own name, without failing to realize that essentially there is no way to copyright your name. If I wanted to be KlaymenDK I'd just make KlaymenDK_ or Klaym3nDK or something like that. That's a very dickish move to do.

            There is no way to "own" your identity. It sounds nice, but it doesn't work. It sure does make it e

            • by KlaymenDK (713149)

              I agree completely -- online name registration cannot be guaranteed unless there was something similar to the domain-registration system, which would in turn obliterate anonymity.
              I'm not sure how to read your "dickish move", though: are you saying it's dickish to "hog" your desired user name (akin to a domain shark), or to create lookalikes for spoofing (akin to a domain spoofs (which, BTW, can also be hogged, see http://gogle.com [gogle.com]?

              Also, you remind me of an earlier discussion regarding online names. Actually

      • If this scam actually netted them any info then whoever provided it needs to be hung out to dry. This is ridiculous in the extreme.

        Probably they were hoping to snag some would-be informants rather than Interpol staffers.

    • Re:I don't get it (Score:5, Insightful)

      by Thanshin (1188877) on Wednesday September 22, 2010 @03:10AM (#33659714)

      Was someone dumb enough to...

      The answer to that question, however you end it, is most often "Yes".

    • Re:I don't get it (Score:5, Informative)

      by h4rm0ny (722443) on Wednesday September 22, 2010 @03:11AM (#33659716) Journal
      Apparently the whole summary is shit. According to the actual statement, someone attempted to impersonate him on Facebook and attempted to get information on the operation. There's nothing to indicate that anyone was stupid enough to actually fall for it. Of course they might have been, but there's nothing that backs up TFS's implication that this actually happened.
    • Re: (Score:3, Insightful)

      by captainpanic (1173915)

      (from TFA)

      "Our world is increasingly connected and networked and therefore also increasingly vulnerable to disruptions caused by intrusions and cyber attacks," he said. "Cybercrime is emerging as a very concrete threat. Considering the anonymity of cyberspace, it may in fact be one of the most dangerous criminal threats ever."

      I have nothing to hide, but apparently I have a lot to worry about.

      If Interpol’s Secretary General actually worries about the vulnerability, then perhaps it's not such a brilliant idea to store a lot of personal information on a bunch of servers???
      To me, this is the best argument for privacy at the moment: I am not so much worried that Interpol will turn evil. But I am worried that they cannot guarantee that all our personal data is safe on their servers.

    • Re:I don't get it (Score:4, Interesting)

      by AVryhof (142320) <{avryhof} {at} {gawab.com}> on Wednesday September 22, 2010 @05:13AM (#33660054) Homepage

      I wouldn't be surprised. While at drill this weekend, I learned that one of our people got activated, and her CO told her in a Facebook message.

      These types of things, as well as poor computer security practices in security agencies bother me.

  • Context (Score:5, Interesting)

    by cappp (1822388) on Wednesday September 22, 2010 @02:43AM (#33659618)
    The context of the statement

    In short, INTERPOL is ideally positioned to represent law enforcement interests in developing global information security standards, as well as to assist in the implementation of such standards across its membership, including by developing specific standards for the police community.

    But as you all know, even with the best standards in place, security incidents can always happen.

    Just recently INTERPOL’s Information Security Incident Response Team discovered two Facebook profiles attempting to assume my identity as INTERPOL’s Secretary General. One of the impersonators was using this profile to try to obtain information on fugitives targeted during our recent Operation Infra Red. This Operation was bringing investigators from 29 member countries at the INTERPOL General Secretariat to exchange information on international fugitives and lead to more than 130 arrests in 32 countries.

    This is why we constantly need to share our experience. INTERPOL’s Information Security Incident Response Team is a member of the Forum of Incident Response and Security Teams –– or FIRST ––, which I assume most of you know. Being a member of the FIRST enables INTERPOL to learn from the experience of other members and to share our own experiences for the benefit of others. But again, it is also a way to draw bridges between the police community and information security professionals from the private and public sectors worldwide.

    Also note that the actual statement says the impersonator was trying to gather sensative data, not quite the success as implied in the summary. The whole speech is available as a pdf here [interpol.int].

    I don't know about the rest of you but one of the original reasons I grabbed a Facebook account was to prevent just that kind of thing happening - the same reason I've registered the most obvious forms of my name in as many social networking and emailing services as possible - if I hold the accounts then I possess some control over other people's ability to misrepresent themselves as me.

    • Re:Context (Score:5, Funny)

      by Anonymous Coward on Wednesday September 22, 2010 @03:09AM (#33659710)

      if I hold the accounts then I possess some control over other people's ability to misrepresent themselves as me.

      Oh and I forgot to add... This is especially important to control rumours about the goat incident.

      cappp (sorry, I just logged out)

    • by nospam007 (722110) *

      Here's what computerworld said: Mind the 'was discovered only recently' seems to mean that they tried and succeeded for quite some time.

      "...secretary general Noble revealed that criminals had set up two accounts impersonating him on the networking site during this summer's high-profile global dragnet, 'Operation Infra-Red'.
      The fraud was discovered only recently by Interpol's Security Incident Response Team..."

  • The way the DNS system work now, If you buy the domain cocacolacoacola.com , It will get from you from the corporation cocacola. You don't see something strange in that?, a city can name of the streets "coca cola", and the corporation will not own the street. But I digress...

    If social networks continue to be important, and one is more important than all others, maybe judges will look at this the same way,and will see in very bad light if you create a account for Michael Jackson or Walt Disney. And I mean

  • Only an idiot .... (Score:3, Informative)

    by yams (637038) on Wednesday September 22, 2010 @02:45AM (#33659626) Homepage Journal
    ... would use Facebook to provide police level information, even to someone they know. At the least, they should be using an SSL secured e-mail service, if not the Interpol website (which, I hope, is SSL secured).
    • by c0lo (1497653)
      What? Are the interpipes free of phishing already? Weren't when I went to bed.
      (that is to say: the total intelligence in this world is constant, the population is raising. Yes, idiots still exists)
    • by tokul (682258)

      At the least, they should be using an SSL secured e-mail service, if not the Interpol website (which, I hope, is SSL secured).

      Only if you refer to S/MIME as SSL and forget to mention PGP/MIME. Otherwise your SSL secured e-mail service suggestion is useless. Email is not secured same way as website traffic.

    • Remember SSL only encrypts connections. Unless you trust every server in the email path and have them all configured to use SSL to talk to each other then it is not enough to provide security.

      For real security you want an end to end encryption and authentication solution and even then you shouldn't access the system from untrusted devices.

  • FTFA: He revealed this information when addressing the attendees at the first Interpol Information Security Conference in Hong Kong, and pointed out that this is why experience and information sharing between INTERPOL and the various law enforcement agencies around the world is a must.

    Or maybe just that Assange guy doing his thing.
  • So what is the news here?

    1) That someone opens a fake account in the name of someone else (I presume that happens on a regular basis anyways), or

    2) That some cluless idiots (sorry for the harsh words) do exchang SENSITIVE information on Facebook? And then they suddenly wonder how this information got into wrong hands?!

  • Come on (Score:4, Funny)

    by antifoidulus (807088) on Wednesday September 22, 2010 @06:25AM (#33660374) Homepage Journal
    Everyone knows that REAL international police chiefs only communicate via messages that will self-destruct in 5 seconds.
  • Fake Noble: hey, i lost my phone lol, i'm soooooo dumb. do you happen to have the numbers for international fugatives 1 - 130? k thx x0x0

  • Bustin' some international jewel thieves, yo.
  • That crazy Lupin, what will he do next?
  • by rakuen (1230808)
    This is more a complaint with phishing in general, but why on earth are people so gullible? Is it so hard to do a quick search on the web? Send an e-mail to the corporate address of whoever claims to be contacting you? Pick up a phone and talk to customer services? Shoot, even asking a friend for advice would be better than nothing.

    In this case, we're talking about the Chief of Interpol. Someone impersonated him to try to get information on a case. A case that they discussed. At a summit. IN PERSON
  • Interpol has released a late-breaking photo of the suspects [imageshack.us].

    The inspector charged with apprehending them has declined to comment [imageshack.us].
  • I hope he catches that damn Lupin!

Per buck you get more computing action with the small computer. -- R.W. Hamming

Working...