Recent open source reporting indicates that the Colombian National Police just arrested a group of criminals that were using Facebook to identify, profile and target victims for kidnapping. Initial reports the gang were using false Facebook profiles with pictures of beautiful women to target wealthy men as victims. They would use information in the victim’s profile to assist them is selecting potential targets. They would then engage the target in online discussions to build report and elicit additional information. After a period of time, usually a few weeks they would arrange to meet the victim. When the victim arrived at the prearranged meeting location he would be drugged – most likely with scopolamine – and moved to another location where they would be tortured and held for ransom.
This incident not only illustrates the vulnerability of revealing to much information about yourself in social network websites and to unknown persons online – which is the point of the post – but also touches on the use of drugs (probably Scopolamine in this case) in facilitating kidnaps which we discussed in “Devil’s Breath and the Ativan Gang” and also the process of victim selection, use of honey traps and utilizing technology to do a valuation of potential targets which have all been discussed to a degree previously.
The Facebook kidnapping gang is a clear example of what can go wrong if too much information is available in the public domain. Even information that is can only be viewed by friends or contacts can compromise you if you “friend” or “link” to people you don’t know or don’t know well.
Social networking is a key part of most of our lives now and most people use if for personal or professional reasons or both. The issue is not whether or not to use social networking but how to understand the vulnerabilities that exist and manage the type and amount of information available.
Social networks and the easy availability of online personal information is a huge force multiplier for stalkers, burglars, fraudsters, identity thieves, social engineers of all types, terrorists and kidnappers make it much quicker, easier and safer to compile detailed dossiers on potential victims and exploit that information to their advantage. Social networks also provide a vehicle to do a “cold approach” to a potential victim, establish rapport, gain additional information and arrange a physical meeting in person if desired. That appears to be what occurred in this case in Colombia.
It also significantly reduces the need for physical surveillance of the target and the vulnerability to exposure that exists with that activity. If the victim can be induced to voluntarily present themselves at a place and time of the criminal’s choosing it makes it much easier to carry out the kidnapping with limited risk.
The lesson here is not to eliminate the use of social networks which would be unrealistic given the role they now play in society. The objective should be to understand the vulnerabilities that exist – especially in the context of your personal situation and risk profile. Arguably a soccer mom from Annapolis, Maryland and a wealthy Colombian businessman have very different risks profiles and would need to manage their personal information differently. While the soccer mom still has some level of risk, barring exceptional conditions (such as a stalking situation) her risk profile is much lower than the Colombian businessman.
Some things to consider regarding personal security when using social networks:
- Security settings: most social networking platforms provide security settings that allow you to limit who is able to see what information about you and your personal network. Consider using these rather than the default settings.
- Posting Potentially Compromising Information: Not only can posting information about your drunken weekend put you in a precarious position with your employer, clients, etc. it also provides insight into your personal lifestyle that can be exploited.
- The risk of using applications like TripIt when linked to social networks that share your travel itinerary. This allows others to see where and when you are traveling.
- The risk of using Foursquare and other GPS related applications that use your smartphone to identify and post your location to people in your social network.
- Posting Photos: Posting a portrait photo of yourself gives a potential assailant who has never seen you before the ability to recognize you. Additionally many smartphone cameras also automatically geotag photos without the user being aware of it. When the photo is posted it is possible to retrieve the geotag to determine where the photo was taken.
Social networking is here to stay and its role in our personal and professional lives will only grow. There are numerous positive aspects of social media and it can be leveraged to your benefit in many ways.
It’s important to look at the potential impact to your personal security based on an honest assessment of your personal risk profile. You should consider limiting what you post, who you allowed into your social network or in some cases both depending on your situation.