Friday, 6 February, 2009

Social networking websites make recruiting spies difficult

Social networking websites make recruiting spies difficult
Ken Munro
A social networking world makes it harder for the intelligence services to recruit a spy without a profile.

Imagine the scene. James Bond enters the HQ of a criminal mastermind intent on world destruction. Waiting for him are a host of henchpersons, all armed to the teeth.

“We've been expecting you, Mr Bond,” says the evil Blofeld, stroking his white Persian cat. “We saw your Twitter update.”

The UK's universities are a prime recruiting ground for our intelligence services. Clever, well-versed students apparently make excellent espionage agents.

Herein lies the problem: if you're planning on having a second identity for undercover work, it doesn't help if your photos, friends and real name are splattered all over various social networking sites. Try finding a student at a university who hasn't done just that.

The UK's intelligence agencies are worried. From schoolchildren on Bebo, through Facebook-obsessed young professionals, to well-networked CEOs on LinkedIn, having an online presence is a must in this day and age. But with the explosion of social networking sites, it has become virtually impossible to find recruits who don't have some sort of an online trail.

Pandora's box is well and truly opened, so how do you go about suppressing your online identity?

The problem for national security staff is that once these details are out there, it is well nigh impossible to remove them completely.

Facebook has famously left traces of former members who believed their records had been deleted, and merely ‘deactivating' has very little effect – your details could still be there for those with the right technological knowledge to see for all eternity.

For civilians, this is hardly more than an annoyance. For the security services, however, the wrong details in the wrong hands could be a matter of life or death.

Even more worrying is the ease with which ‘live' accounts can be hacked. The Twitter incident at the beginning of the year, in which 33 celebrity accounts – including that of Britney Spears – were hijacked and used to spread scandalous rumours about their owners through the forgotten password function, is a case in point.

On the same website, a phishing campaign hit hundreds of users – including Stephen Fry – by posting links to sites that could steal their login credentials through the account of Barack Obama.

Take from this what you will, but a good start would be to have a crack at profiling yourself online. Find out what's already in the public domain, so at least you know where you might start in wiping the slate clean.

I did this as a favour for MI5 recently, looking at the information available online about its director-general, Jonathan Evans.

The intelligence agency appears to have handled the information available about him rather well, feeding carefully considered snippets to the press. No doubt this policy was implemented after the depressing ‘outing' of a previous director-general's home address by a journalist some years ago.

Although I could find bits and pieces of value (school, university, a possible mother's maiden name etc), the online identity was being very well managed.

However, the biggest single defence of the latest head of MI5 has to be his surname. How many ‘Evans' are there in the world? It's like finding a needle in a stack of identical needles. It would have been somewhat easier if his surname were a little less widespread. ‘Manningham-Buller', for instance, would have been perfect!

You could consider becoming ex-directory, have yourself removed from the edited Electoral Roll, delete any social networking profiles (don't forget old Friends Reunited appearances). And Google yourself, to see where you pop up. Sadly, though, you'll struggle to remove yourself from the register of births, deaths and marriages. Men in Black makes identity removal look easy, but getting the proverbial white Persian cat back in the bag is harder than it seems.

No comments:

Post a Comment