Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English

Don’t post personal information on Facebook; if you do, urban legends could spawn

Don’t post personal information on Facebook; if you do, urban legends could spawn

  • Comments 1

Earlier this week, Yahoo Finance posted an article (courtesy of CBS MarketWatch) about six things you should never post on Facebook.  Two of them of note were your vacation plans and your home address:

Home Address

Do I have to elaborate? A study recently released by the Ponemon Institute found that users of Social Media sites were at greater risk of physical and identity theft because of the information they were sharing. Some 40% listed their home address on the sites; 65% didn't even attempt to block out strangers with privacy settings. And 60% said they weren't confident that their "friends" were really just people they know.

Vacation Plans

There may be a better way to say "Rob me, please" than posting something along the lines of: "Count-down to Maui! Two days and Ritz Carlton, here we come!" on Twitter. But it's hard to think of one. Post the photos on Facebook when you return, if you like. But don't invite criminals in by telling them specifically when you'll be gone.

The implication here is the reverse of security through obscurity.  Random burglars wouldn’t necessarily know when we are home and when we are not.  Consequently, to them, it is risky to randomly select a house and break into it, robbing it of valuable possessions because the home owners are possibly going to either be there or show up in a short period of time and catch them in the act.  The whole point of burglary is to avoid getting caught.

If you post your vacation plans on Facebook, so the theory goes, and couple that with your home address, you are in for serious trouble.  A thief could troll Facebook and see that you are away from home on a vacation and therefore are very unlikely to be at home.  Thus, it would be a trivial matter for them to break in and steal your stuff because the owners wouldn’t be there to catch them.  (Note to potential burglars of my place – I have nothing valuable other than an old laptop that doesn’t work, some books you’ll never read and a TV with a blurry picture; it’s not worth your time).

There is even a link to a New York Times story where some burglars picked which houses to rob based upon Facebook updates:

According to New Hampshire's WMUR Channel 9 News, three local men, Mario Rojas, Leonardo Barroso and Victor Rodriguez, have burglarized more than 18 homes in the Nashua area of New Hampshire simply by checking status updates on Facebook and then pillaging houses of victims who announced on the social network that they were not home.

Police told the news outlet that they recovered between $100,000 and $200,000 worth of stolen property as a result of the investigation.

All this points to a new avenue for crime.  Don’t set yourself up for things like this because it can be taken advantage of by malicious actors.

But does this call-to-action really hold up in real life?

We are constantly bombarded with invisible threats.  After all, the media has been known to hype potential threats when statistically speaking there has been no justification for doing so.  For example, the rates of most kinds of violent crime in the United States has fallen over the past two decades, but if you watched the news and listened to the media you would be unaware of this and may have even believed the opposite.  The idea behind this is that the media will over discuss a fear (that of our personal safety) in order to increase ratings.  More ratings brings in more advertising dollars, but the reality behind the story is that it isn’t accurate.

From The Faster Times:

The real Facebook burglaries story: I did a little reporting to get the real story behind the reports of a Facebook burglary spree that supposedly used the service - right after its launch of Places - to find victims who were away on vacation. I emailed Nashua, NH detective Dan Archambault, who told me that only two of the cases involved Facebook and in each case, “one or two of the suspects were Facebook friends with the respective homeowners. They basically had access to the walls and could read that the families were away on vacation. The information was only available to friends and the Facebook Places feature was NOT a part of this.  And finally my advice to Facebook users is carefully pick your friends and watch what you post.”

And my advice is don’t believe everything you read. So this was not a case of a criminal using Facebook to find any old random victim. The implication of the coverage is that we were all - all 500 million of us - at risk for being so foolish to make ourselves public on Facebook and make ourselves vulnerable to every criminal out there. No, it’s foolish to make the wrong friends. Always has been. Still is.

So you see, our Facebook reveals are no different than real life.  The number one source of shoplifting (retail theft) in stores is not by shoppers but by employees of the stores.  Similarly, much of the violent crime that is perpetuated is by people within our own social circles.  To be sure, random crime does exist but it does not occur as frequently as when there is a pre-existing link between the victim and the perpetrator.  You have to be careful who you know.  In the Facebook burglary story, there was a pre-existing link between the victims and the perpetrators.  This implies that they would have broken into the residence of the home owners even without Facebook, they were only looking for an opportunity to discover a vulnerabilities in their (soon to be ex) friends’ defenses. 

People are jerks with or without technology.

Leave a Comment
  • Please add 6 and 6 and type the answer here:
  • Post
  • A clear exception to this is cybercrime.  Technology does make it more frequent for an unknown assailant to commit crimes against people they do not have pre-existing relationships with.  That *is* a legitimate concern.

Page 1 of 1 (1 items)