Interpol Chief's Identity Spoofed On Facebook

An anonymous reader writes "Ronald Noble, Interpol's Secretary General, has revealed that cybercriminals have opened two fake Facebook accounts using his name and used them to gather sensitive information. 'One of the impersonators was using this profile to obtain information on fugitives targeted during our recent Operation Infra Red,' Noble said. 'This Operation was bringing investigators from 29 member countries at the Interpol General Secretariat to exchange information on international fugitives and lead to more than 130 arrests in 32 countries.'"

I don't get it

[something_wicked_thi]

How does spoofing his identity on Facebook help? Was someone dumb enough to send confidential information regarding a criminal investigation to one of these spoof users via Facebook? Please tell me that's not the case. But the article is short on details and I can't think of any other way such a spoof would cause any kind of leak.

Re:I don't get it

[Nursie]

My thoughts exactly.

If this scam actually netted them any info then whoever provided it needs to be hung out to dry. This is ridiculous in the extreme.

Hmmm

[object404]

Y'know, one thing to come of this is that it's probably a good idea to create accounts in social media/networking sites even if you'll never use them just to "reserve" your identity and to deter impersonators a bit, kinda like reserving domain names before cybersquatters bag them. Use a separate "throwaway" email account for them.

That way, if someone creates a fake account in your name, if people see that there's more than one account which has your name, it will give them cause to suspect that one of th

Re:Hmmm

[Psaakyrn]

Too bad names aren't exactly the unique thing they are, not is it possible to determine what future site/media will be the next big thing, nor are all social media/networking sites free.

Re:

[muzip]

You're right that having a name alone is not enough. In order to show that you are indeed yourself, you have to provide a picture, some real information about yourself, and add some real friends... A double edged sword here.

Re:

[object404]

Well, better than having a sole impostor owning your name, no?

Re:

[iiiears]

pgp/gpg sig?

Re:

[petermgreen]

A digital signiture on it's own is only part of the puzzle for identifying an entity (wheter that entity is an individual or an organisation). You also need a way to determine that the key used to make that signiture really belongs to the entity in question.

Re:

[apoc.famine]

Quite possibly not. If I'm only lightly active on Facebook, and someone mentions something about it, I may not realize that they've been communicating with an impostor. If I don't use Facebook at all, and someone mentions friending me on it, I can tell them right away that that's an impostor.

Someone isn't likely to dig me up without having a mutual friend on Facebook. If they see their friend friend me, and they know I'm not on facebook, or have never seen me there before, they're more likely to figure ou

Re:

[Psaakyrn]

There is a solution. Too bad it's something which not many would like. The solution is to absolve all anonymity on the Internet, give everyone a biometric UID at birth, and be permanently associated with it. All interactions must go through a central server which ascertains that you are the correct person. Anyone found trying to commit identity fraud will be marked as treasonous, and given an extremely heavy penalty to dissuade such fraud. Needless to say it would be the end of Anonymous, along a host of o

Re:

[KlaymenDK]

it's probably a good idea to create accounts in social media/networking sites even if you'll never use them just to "reserve" your identity

That's exactly what I've done in various places. The trouble is that there are so many slight variations that will fool all but the technically savvy and critical friends and contacts. And, you're still not safe, with all the news stories about hacked accounts and leaked password lists.

Re:

[poetmatt]

you might not be the only one to want a particular user name and/or to have the same name as you do (and spelled the same way and/or variations). Also you're essentially trying to copyright your own name, without failing to realize that essentially there is no way to copyright your name. If I wanted to be KlaymenDK I'd just make KlaymenDK_ or Klaym3nDK or something like that. That's a very dickish move to do.

There is no way to "own" your identity. It sounds nice, but it doesn't work. It sure does make it e

Re:

[KlaymenDK]

I agree completely -- online name registration cannot be guaranteed unless there was something similar to the domain-registration system, which would in turn obliterate anonymity.
I'm not sure how to read your "dickish move", though: are you saying it's dickish to "hog" your desired user name (akin to a domain shark), or to create lookalikes for spoofing (akin to a domain spoofs (which, BTW, can also be hogged, see http://gogle.com [gogle.com]?

Also, you remind me of an earlier discussion regarding online names. Actually

Re:

[poetmatt]

also I have no idea why that was posted anonymous.

Re:

[Swave An deBwoner]

If this scam actually netted them any info then whoever provided it needs to be hung out to dry. This is ridiculous in the extreme.

Probably they were hoping to snag some would-be informants rather than Interpol staffers.

Re:I don't get it

[Thanshin]

Was someone dumb enough to...

The answer to that question, however you end it, is most often "Yes".

Re:I don't get it

[h4rm0ny]

Apparently the whole summary is shit. According to the actual statement, someone attempted to impersonate him on Facebook and attempted to get information on the operation. There's nothing to indicate that anyone was stupid enough to actually fall for it. Of course they might have been, but there's nothing that backs up TFS's implication that this actually happened.

Re:

[captainpanic]

(from TFA)

"Our world is increasingly connected and networked and therefore also increasingly vulnerable to disruptions caused by intrusions and cyber attacks," he said. "Cybercrime is emerging as a very concrete threat. Considering the anonymity of cyberspace, it may in fact be one of the most dangerous criminal threats ever."

I have nothing to hide, but apparently I have a lot to worry about.

If Interpol’s Secretary General actually worries about the vulnerability, then perhaps it's not such a brilliant idea to store a lot of personal information on a bunch of servers???
To me, this is the best argument for privacy at the moment: I am not so much worried that Interpol will turn evil. But I am worried that they cannot guarantee that all our personal data is safe on their servers.

Re:I don't get it

[AVryhof]

I wouldn't be surprised. While at drill this weekend, I learned that one of our people got activated, and her CO told her in a Facebook message.

These types of things, as well as poor computer security practices in security agencies bother me.

Re:

[El Torico]

Sounds like someone didn't pay attention during their OPSEC briefing.

Context

[cappp]

The context of the statement

In short, INTERPOL is ideally positioned to represent law enforcement interests in developing global information security standards, as well as to assist in the implementation of such standards across its membership, including by developing specific standards for the police community.

But as you all know, even with the best standards in place, security incidents can always happen.

Just recently INTERPOL’s Information Security Incident Response Team discovered two Facebook profiles attempting to assume my identity as INTERPOL’s Secretary General. One of the impersonators was using this profile to try to obtain information on fugitives targeted during our recent Operation Infra Red. This Operation was bringing investigators from 29 member countries at the INTERPOL General Secretariat to exchange information on international fugitives and lead to more than 130 arrests in 32 countries.

This is why we constantly need to share our experience. INTERPOL’s Information Security Incident Response Team is a member of the Forum of Incident Response and Security Teams –– or FIRST ––, which I assume most of you know. Being a member of the FIRST enables INTERPOL to learn from the experience of other members and to share our own experiences for the benefit of others. But again, it is also a way to draw bridges between the police community and information security professionals from the private and public sectors worldwide.

Also note that the actual statement says the impersonator was trying to gather sensative data, not quite the success as implied in the summary. The whole speech is available as a pdf here [interpol.int].

I don't know about the rest of you but one of the original reasons I grabbed a Facebook account was to prevent just that kind of thing happening - the same reason I've registered the most obvious forms of my name in as many social networking and emailing services as possible - if I hold the accounts then I possess some control over other people's ability to misrepresent themselves as me.

Re:Context

[Anonymous Coward]

if I hold the accounts then I possess some control over other people's ability to misrepresent themselves as me.

Oh and I forgot to add... This is especially important to control rumours about the goat incident.

cappp (sorry, I just logged out)

Re:Context

[cappp]

Well played my anonomous adversary, well played.

Re:

[nospam007]

Here's what computerworld said: Mind the 'was discovered only recently' seems to mean that they tried and succeeded for quite some time.

"...secretary general Noble revealed that criminals had set up two accounts impersonating him on the networking site during this summer's high-profile global dragnet, 'Operation Infra-Red'.
The fraud was discovered only recently by Interpol's Security Incident Response Team..."

And a new can of worms in open.

[Tei]

The way the DNS system work now, If you buy the domain cocacolacoacola.com , It will get from you from the corporation cocacola. You don't see something strange in that?, a city can name of the streets "coca cola", and the corporation will not own the street. But I digress...

If social networks continue to be important, and one is more important than all others, maybe judges will look at this the same way,and will see in very bad light if you create a account for Michael Jackson or Walt Disney. And I mean

Re:

[Nursie]

MMMmmmmmm Cloaca-Cola!

Re:

[neminem]

I prefer Dyspepsi: http://kol.coldfront.net/thekolwiki/index.php/Dyspepsi-Cola [coldfront.net]

Only an idiot ....

[yams]

... would use Facebook to provide police level information, even to someone they know. At the least, they should be using an SSL secured e-mail service, if not the Interpol website (which, I hope, is SSL secured).

Re:

[c0lo]

What? Are the interpipes free of phishing already? Weren't when I went to bed.
(that is to say: the total intelligence in this world is constant, the population is raising. Yes, idiots still exists)

Re:

[tokul]

At the least, they should be using an SSL secured e-mail service, if not the Interpol website (which, I hope, is SSL secured).

Only if you refer to S/MIME as SSL and forget to mention PGP/MIME. Otherwise your SSL secured e-mail service suggestion is useless. Email is not secured same way as website traffic.

Re:

[petermgreen]

Remember SSL only encrypts connections. Unless you trust every server in the email path and have them all configured to use SSL to talk to each other then it is not enough to provide security.

For real security you want an end to end encryption and authentication solution and even then you shouldn't access the system from untrusted devices.

Re:

[Vegemeister]

We Asperger's sufferers have lazy quadriplegics to make unintelligible posts.

On that note, are you Tei from above?

Re:

[Fantastic Lad]

Dragon NaturallySpeaking is sufficiently accurate that I don't even bother to check what it has transcribed any more, allowing me to rant at leisure while reading something else.

When it makes a mistake, I always have Asperger's sufferers to point it out for the benefit of everyone else.

I can't tell if this is standard narcissistic behavior or just basic ass-hattery. --This being an example of a person who lives so soundly inside a personal bubble reality that it doesn't even think it is necessary to go to the trouble of communicating correctly in order to believe that its thoughts are understood by the rest of the world; after all, why put in the effort since the universe and all of its contents are already a simple extension of its own ego? Babies exist for a period where there is no d

Re:

[Fantastic Lad]

Worked up? No. Just observing you, pointing out patterns and asking questions.

You might ask yourself why you find that so upsetting.

And it wasn't a mis-placed apostrophe. It was garbled weirdness of a high order and the particular brand of justification you used, among several other things and general observation over time. Basically, the bubble version of your reality is vastly different from the real one which everybody else can see.

Mirror, mirror. . .

You're not even picking your own words, reflecting

Re:

[FuckingNickName]

general observation over time

Oh, you're just one of those creepy stalkers who encounters someone on the Internet with more than one opinion he doesn't like and splatters with the crudest strokes an e-psychological diagnosis to summarily dismiss opposing ideas.

Even as the broken Turing readied himself to bite the apple, you'd still be telling him that you subjected him to treatment for illness, for his own good. What was his homosexuality, friend, if not a heinous misuse of idiom?

Re:

[Fantastic Lad]

Oh, you're just one of those creepy stalkers who encounters someone on the Internet with more than one opinion he doesn't like and splatters with the crudest strokes an e-psychological diagnosis to summarily dismiss opposing ideas.

Stalker? Ha ha! Don't flatter yourself. I simply pay attention to all the many thousands of things I read and tend to have a good memory. Trust me. You are not important. I know, it's probably asking the impossible for you to recognize that. Comparing yourself to Turing. . ? Oh dear! (And for the record, I have no problem with gays. I DO have problems with sociopaths and assholes, though.)

But if you want to clean up your act, you might try saying fewer thoughtless things and take the time to ensur

Re:

[FuckingNickName]

Someone merely with a good memory remembers your address.

A stalker hangs outside your house then pounces you with, "I've been watching you!" as if your front porch were simply on his route home.

You are a stalker and a hypocrite, a stereotypical sort who preaches selflessness while providing his name twice in his missives, a proto-troll who begins with a hyper-politically correct invective asserting that good grammar is a sign of compassion and rounds off his rhetorical Happy Meal by suggesting that the othe

Re:

[Fantastic Lad]

A stalker hangs outside your house then pounces you with, "I've been watching you!" as if your front porch were simply on his route home.

Yeah, that's actually kind of paranoid. Maybe get some sunshine and fresh air?

You are a stalker and a hypocrite, a stereotypical sort who preaches selflessness while providing his name twice in his missives, a proto-troll who begins with a hyper-politically correct invective asserting that good grammar is a sign of compassion and rounds off his rhetorical Happy Meal by suggesting that the other house is a "retard".

Calling "Asperger's" is any different? And I'm the hypocrite? At least I was being fair.

But you know what? You win. I don't have the energy to spare. So please, believe whatever you will.

Thank you, my homeboy, and good day.

Righto. Bye.

-FL

False Flag?

[srussia]

FTFA: He revealed this information when addressing the attendees at the first Interpol Information Security Conference in Hong Kong, and pointed out that this is why experience and information sharing between INTERPOL and the various law enforcement agencies around the world is a must.

Or maybe just that Assange guy doing his thing.

So what is the news here now?

[fluch]

So what is the news here?

1) That someone opens a fake account in the name of someone else (I presume that happens on a regular basis anyways), or

2) That some cluless idiots (sorry for the harsh words) do exchang SENSITIVE information on Facebook? And then they suddenly wonder how this information got into wrong hands?!

Come on

[antifoidulus]

Everyone knows that REAL international police chiefs only communicate via messages that will self-destruct in 5 seconds.

Re:

[GameboyRMH]

A web-based chat system running on an Xbox360?

How it went down

[Metabolife]

Fake Noble: hey, i lost my phone lol, i'm soooooo dumb. do you happen to have the numbers for international fugatives 1 - 130? k thx x0x0

Current Status:

[Drakkenmensch]

Bustin' some international jewel thieves, yo.

Miscreant

[spleen_blender]

That crazy Lupin, what will he do next?

Why?

[rakuen]

This is more a complaint with phishing in general, but why on earth are people so gullible? Is it so hard to do a quick search on the web? Send an e-mail to the corporate address of whoever claims to be contacting you? Pick up a phone and talk to customer services? Shoot, even asking a friend for advice would be better than nothing.

In this case, we're talking about the Chief of Interpol. Someone impersonated him to try to get information on a case. A case that they discussed. At a summit. IN PERSON

Criminal's baroque scheme foils Interpol again?

[kumanopuusan]

Interpol has released a late-breaking photo of the suspects [imageshack.us].

The inspector charged with apprehending them has declined to comment [imageshack.us].

Poor Zenigata

[deathtopaulw]

I hope he catches that damn Lupin!