ABU DHABI // All Mohammed Hassan had to do was send friendship requests to several hundred Facebook users. Within a month, 38 people had become "friends" with the 17-year-old university student living in Dubai. What they did not know was that Mohammed Hassan did not exist, and that they had unwittingly sent information about themselves and more than 5,000 of their friends to a cyber criminal.
The case was highlighted yesterday by Dr Andrew Jones, the programme chairman of the degree in information security at Khalifa University in Sharjah, as an example of how social networking sites are used by criminals. Seventy per cent of users on social networking sites post their date of birth on their profiles, Dr Jones said. That information is valuable to cyber criminals. "People worry about identity theft but are happy to put the date of birth [on their profiles]," he said. "So you have a date of birth and a geographical location a pretty good start point if they want to go digging and find more about you."
Dr Jones was speaking at the International Security National Resilience conference, and outlined his research into the potential dangers in using social networking sites such as Skype, Facebook and Twitter. "Criminals can exploit these sites to carry out a range of activities," said Dr Jones, who spent 25 years in the British Army's Intelligence Corps. Such sites could also be used for fraud, burglary or robbery, he said.
"Most victims [in his research] were families of friends that users already had. They had personal relationships and the criminals exploited that," he said. Friends could be led to a location and mugged, he added. A criminal who took over someone's identity could even blackmail the victim under the threat of providing their information to organised gangs. Militant groups also use sites such as YouTube to post recruitment videos, said Dr Jones. Some people have been coerced into sexual acts by criminal groups who managed to steal their information, he added.