Journal of Strategic Security (Jan 2010)

The Weakest Link: The Risks Associated with Social Networking Website

  • Yosef Lehrman

Journal volume & issue
Vol. 3, no. 2
pp. 63 – 72

Abstract

Read online

The relatively rapid rise in popularity of social networking services is now well known. MySpace, Twitter, and Facebook have become well known sites and terms. According to the Web traffic tracking site Alexa.com, as of December 2009, Facebook had 350 million registered users, MySpace just under 475 million, and Twitter 44.5 million. Many people think very little of posting prodigious amounts of personal information on social networking sites, not realizing that this information puts them at risk. Specifically, those in the law enforcement and military communities may not realize that information posted on these sites can compromise operational security and potentially endanger lives. In July 2009, the Associated Press ran a story which was picked up by most major news outlets in the USA, in which it was reported that the wife of the incoming head of Britain's MI6 intelligence agency had posted pictures and family details on her Facebook page. Astonishingly, there were those that argued that this was not a security breach! Although it is true that, in general, photos of a vacationing family would not be considered sensitive, when you consider that the family taking the vacation includes the head of the British foreign intelligence service, it is easy to see how this kind of exposure could open the door to potential blackmail.We are all too aware of the possibility of terrorist "sleeper cells" living among typical American families under false identities. It is vital to understand how these individuals melt into the crowd, hiding their true identities while they hatch their nefarious plots. Recent events in Denver and New York City only serve to underscore the urgency of this need. This article will examine social networking in the context of social engineering. There are no easy or fast solutions to this problem, and this paper does not pretend to propose any. Rather, it is the purpose of this paper to enhance understanding of this very critical issue, and perhaps assist organizations and security professionals in developing policies and training which will mitigate this risk.

Keywords