UK Official Recommends Using Fake Info On Facebook

The security chief for the UK government’s network spoke at a conference on Internet policies and gave this piece of advice:

When you put information on the internet do not use your real name, your real date of birth … When you are putting information on social networking sites don’t put real combinations of information, because it can be used against you.

This brought about a good deal of debate on the issue, especially since Google+ and Facebook’s policies explicitly say you’re not allowed to use a fake name on their services. Others were concerned about cyber-bullies, which often do use fake names online, but it was pointed out that people can be found by the government and that the point of using fake info online is to prevent others from stealing your identity. If someone knows your name, address, email, and date of birth, they can do some serious damage.


Back in August, hackers took over a journalist’s online life in one hour, starting with just his Twitter handle — because every personal detail of his they needed was available online. No technical hacking was involved, just plain old social engineering: Twitter led to his website, from where they got his Gmail address. There, they saw his secondary Apple email. His name got them his home address, so they called Amazon customer service and, through clever manipulation, got the last 4 digits of his credit card number. Next, they called Apple, pretended to be him and since they had all the right info, Apple issued them a new password for his email.

Using his Apple email address, they got into his Gmail account with the automated password recovery feature. After they had control of his email addresses, it was simple to recover other passwords. They got into his iCloud account and remotely wiped his phone and computer, deleting everything on them. Finally, they got into his Twitter account, which was the hackers’ only goal: they wanted his Twitter handle. This was actually great news for him, since they could’ve emptied his bank accounts and ruined his real life.

And they did all of this without ever getting into Facebook. Imagine how much easier it would be if someone could look up all that information in the About section of your Facebook profile.

See also:


From BBC and Wired, via Slashdot

Comments are closed.