Network News

X My Profile
View More Activity

Planting Your Flag at Social Networking Sites

On Thursday I shared a laugh with a source at the expense of a mutual acquaintance: a security expert who has for the most part eschewed social networking sites. We were howling because someone who obviously knew enough about this person to push his emotional buttons had registered a Twitter account in his name and was posting some amusing but slightly mocking Tweets. The impersonated person even had several "followers" from the security community.

I mention this because it raises an interesting question for people who have embraced social media, but only to a certain point: That is, does it make sense to go ahead and plant your virtual flag at various social networking sites before someone else does it for you, and potentially uses it to make fun of you -- or worse -- abuse your good name to trick your acquaintances into doing something harms you both?

Indeed, as I noted last year, while social networking sites can be a huge time sink and a breeding ground for virus and worm attacks, there may also be danger in remaining a social networking site Luddite. After all, if you don't claim a space on these networks, someone else may do it for you as a way of scamming or attacking your friends and business contacts.

That piece told the story of two security researchers who did just that:

With the permission and good humor of security pioneer Marcus Ranum, Hamiel and Moyer created a LinkedIn profile on Ranum's behalf, including a photo of him and bits from his resume to make the profile look legit. In less than 24 hours, more than 50 people had joined his LinkedIn network. Among those taken in by the stunt was Ranum's sister.

"Even if you just put some basic information out there that's easy to find, you're kind of controlling your privacy that way," Hamiel said.

As you might expect, Web entrepreneurs already have seized upon this fear to make money. A site called knowem.com allows you to see whether your name or whatever nickname you favor is already registered at any of some 120 social networking sites on the Web today. For a $64.95 fee, the site will register all available accounts on your behalf, a manual process that it says takes one to five business days. "Don't fall victim to "Cyber Squatting" or social media identity theft - ensure that your username or vanity URL is saved for you!" reads the company's sales pitch.

knowem.jpg

Whether anyone could possibly use and maintain 120 different social networking accounts is beyond my imagination. I would think an automated signup service like knowem.com would be far more useful if there was also a service that people could use to simultaneously update all of these sites with the same or slightly different content.

What about you, Security Fix fans? Have you avoided social networking sites, or have you jumped in headfirst? Have security and privacy concerns kept you away from social networking sites? Would concerns about someone else hijacking your identity at these sites be enough to cause you to at least register your own names there? Sound off in the comments below.

By Brian Krebs  |  April 24, 2009; 5:11 PM ET
Categories:  From the Bunker , Safety Tips , Web Fraud 2.0  | Tags: knowem.com, paranoia, social networking  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Hack Against ISP Hijacks Bank, Google Adsense
Next: Scammers, Spammers Embrace Swine Flu News

Comments

This is not a bad idea. It was frustrating when I tried to log into an important site and found my company name was taken.

I came across knowem earlier and was amazed at just how many social media sites are out there.

The problem is you never know which one of these sites is going to be the next twitter, so there is a lot of value in getting your name early on.

Posted by: DavidSKlein | April 25, 2009 12:24 AM | Report abuse

I hope the readers of your blog have more important things to do in their daily lives that write or follow updates on social networking sites.

LinkedIn maybe the only site that passes the stress test of being professional and useful.

Posted by: AnonymousReader1 | April 25, 2009 7:46 AM | Report abuse

I totally avoid social networking sites due to exactly what you said - they can be " a huge time sink".

I deal with the public every day, and though I do enjoy it, I'm not too much of a social butterfly on the web.

Posted by: ohalvey | April 25, 2009 9:06 AM | Report abuse

It's absurd to be concerned about that possibility. If the rest of the world is so involved in social networking, that may be the problem, not what might happen if you don't participate. Acting out of fear is cowardice.

Posted by: Tojo1 | April 25, 2009 9:33 AM | Report abuse

I don't text, twitter, or tweet. I don't Facebook, MySpace, or Yahoo. I don't chat on company time.

I DO run a successful business using e-mail and a business website. Productivity--professional and personal--produces wealth and satisfaction enough for me.

Posted by: watchbird1 | April 25, 2009 12:43 PM | Report abuse

For myself personally I wouldn't be too worried, but I do recommend that my clients secure their Twitter name and others, just as I was advising they capture the correct domain name ten years ago. IT's about reputation management and whilst people will find a way of getting their negative views across if they really want to, why give them an easy route if it can be avoided?

On another note, I have read many articles of where children and young people have been cyber-bullied in this way leading to further bullying in the playground, but whether this is reason enough to squat on a name I don't know. My gut feel is not to worry about it until it happens and deal with it at the time, like with everything you can only plan so much and there's no point in worrying about what hasn't happened.

Posted by: pauladauncey | April 25, 2009 1:07 PM | Report abuse

I agree with Tojo1. Well said.

Someone impersonating me on a social networking site is the least of my worries. I'm not going to lose any sleep over it.

This pretty much sums up my feelings on social networking:
http://www.youtube.com/watch?v=PN2HAroA12w

Posted by: xAdmin | April 25, 2009 1:54 PM | Report abuse

quote - "Someone impersonating me on a social networking site is the least of my worries. I'm not going to lose any sleep over it."

My horse has always stayed in the barn and I see no reaon to lock the door.

Posted by: jayess1 | April 25, 2009 4:23 PM | Report abuse

Hi,

I was a social networking 'Luddite' for a long time as I thought it was a passing fad for teenagers without any real friends. I then discovered quite a few people I knew were on Facebook and registered my own account at the end of last year. It did cross my mind that someone else might open a 'clone' account, although who would bother unless you happen to be someone famous? I've since got in touch with some long-lost friends from 25-30 years ago - worth it just for that. It doesn't have to be a time sink - there's no pressure to be on it every day.

Posted by: datadefender | April 25, 2009 6:04 PM | Report abuse

@jayess1,

I don't have a horse or a barn. ;)

Seriously, I understand the "potential" risk in someone impersonating me on a social networking website. In reality, I just don't believe it justifies going around creating accounts in an attempt to mitigate that "potential" harm.

From the article, “if you don't claim a space on these networks, someone else may do it for you as a way of scamming or attacking your friends and business contacts.”

Ok, so my friends, family or co-workers, most of which know my dislike for social networking websites, get duped into believing I’m now on one and then get scammed or attacked because of it and somehow that’s my problem? Where is their personal responsibility here? Where are their critical thinking skills? Why should I have to take action to make up for their lack of these characteristics?

While this whole idea presented here is worthy of a little consideration, I think we are giving way too much credence to social networking sites and playing into the victim mentality.

Thus, the reason I concur with what Tojo1 said and is worth repeating,

"It's absurd to be concerned about that possibility. If the rest of the world is so involved in social networking, that may be the problem, not what might happen if you don't participate. Acting out of fear is cowardice."

Posted by: xAdmin | April 25, 2009 11:59 PM | Report abuse

This is Identity Theft. Try to imagine a defense for the perpetrator or the host site if they lack adequate safeguards and remedies to remove the stolen ID and provide permanent notice that it was stolen.

Posted by: Greybeard2 | April 26, 2009 7:16 AM | Report abuse

I have a LinkedIn account, but have eschewed all of the other social networking sites. Someone told me, "I just got on Facebook, and have started to reconnect with people from my past. I can't believe how everybody's on there!" My reply: "I know. That's why I'm not." If people care to get back in touch with me, I'm findable in other ways. The Internet already eats into enough of my free time, and I'm not old enough yet to succumb to nostalgia over my high school years, I suppose.

The idea that someone might seek to impersonate me online hadn't occurred to me. I have a doppelganger out there, and she's more visible on the Internet than I am, so it's possible I'd have to create MySpace, etc., accounts using a nickname, anyway.

Posted by: Heron | April 26, 2009 5:09 PM | Report abuse

I was advised by the curent head of the 'DC Area REIA' [Real Estate Investor's Association] that I NEEDED to get on Facebook and also Twitter.

I did so just in time to receive his SOS [from his secretary with Tradewinds-International, great name but International in a business name usually means only one local office LOL].

She advised me in an e4-mail, that he had just been kidnapped by Carribean Pirates on his 53' catamaran and that I should follow the kidnapping on either Facebook or Twitter.

SO before taking 'any appropriate action,' I wanted to call Tradewinds. Everyone had 'left for the day' and NO ONE had either an emergency contact number or his cell phone number. Additionally, NO ONE knew if he was in the Carribean, or not.

Thus I contact the 'appropriate' counter-terrorism source and advised them of what was occurring. They responded that they'd 'handle it from there.'

Since it seemed that 'the pirates' forget to grab his i-phone in the hijacking [which occurred as the Somalian hijacking of our US Ship was finishing] I posted a Facebook response that I hoped he wouldn't mind any 'timely surprises' [a Navy Seal rescue effort] to which he responded 'huh?'

After several exchanges, he advised me that 'this was merely a story -- and that everything would be fine in tomorrows posting.']

]A number of former Special Ops types thought that he should be arrested by the FBI for 'sending a hoax distress signal' to promote a real estate course being offered by either him or the DC Area REIA.

A number suggested a SERIOUS ethical violation[s] -- but in any event, so much for 'social websights.'

WHATEVER YOU DO -- DON'T CALL FOR HELP ON ONE --------------------- THEY HAVE LOST ++++ ALL CREDIBILITY ++++ AS BEING RELIABLE.

Oh yea, after embarrassingly calling off 'his rescue,' I asked to at least be enrolled FOR FREE in the course and for his cell number, so this 'misunderstanding'
not recur.

No deal on either so far.

Posted by: brucerealtor@gmail.com | April 27, 2009 1:58 AM | Report abuse

ping.fm has a pretty good service that allows you to update several dozen social networking profiles at the same time with a customized email address.

Posted by: amskatoff | April 27, 2009 9:11 AM | Report abuse

Long before there were social networking sites, I had a web site of my own up with information about me.

Some people asked me why I was doing this, and my answer was that if I put information about myself on the web, then other can find me and know who I am. My thinking was that identity theft would be more difficult if you could find a picture of me and read a few details about me.

I don't know if this has ever thwarted theft of my identity or not, but your posting does seem to give some support to the idea.

With the dawn of social networking site, I try to tie as many other sites together with my own web site to provide virtual citation and references. I think if it not as a silver bullet, but as a deterrent. If it's harder to fake information about me online than the next guy, then maybe the "bad guys" will go after someone easier first.

It's the same kind of deterrent that buying a home alarm system provides. Sure, if someone really wants to break into your house, they can probably do it with or without an alarm system, but if someone is looking for easy pickings, they might decide to pass on the alarmed house.

Posted by: Annorax | April 27, 2009 10:52 AM | Report abuse

From my viewpoint, I use social networking to build my credibility and have a web presence online for my business. Do I register with 65, or however many networks there are? No. There is a dot com called ping.com that will allow you to hit 36 social networks at one time with one Twitter message.

With that said, I use Google Alerts for my legal name as well as my "brand name" in order to see if anyone has squatted on my name and may be doing something that reflects any negative connotations of my name or how I do business.

Online reputation management is the best way to protect your reputation. If you don't do business online, no sweat. Let the chips fall where they may. However, with more entrepreneurial businesses starting up every single day, it is wise to see what's being said about you.

Within the last six months, I found a person from The Apprentice squatting on someone's name in the social networks who she was not even the same sex of the person she was impersonating. Not too bright, but obviously very desperate to ride someone's coat tails just to get her name out there, albeit inappropriately.

The choice is yours. Social networking is the wave of the future for online businesses. Stay with it, or stay behind, or ignore it. Your choice.

Posted by: nhawkins0016 | April 27, 2009 11:11 PM | Report abuse

I recently started testing a service called OnlyWire (www.onlywire.com). They have a much smaller list than Knowem but provide the automated post services you are looking for. There is a browser plugin that allows you to post to a large number of sites.

Setup is tedious but using the system is easy. There are still some quirks, such as having to deal with captchas, but thus far it looks promising.

I think this is very good for brand protection and brand building; however, you can certainly waste a lot of time.

Posted by: jeffatrackaid | April 28, 2009 11:14 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company