What the Please Rob Me Site Tells Us About the Dangers of Social Media

I just returned from an extended trip to the U.K. and France to find that my home had not been robbed or otherwise tampered with during my absence.  I am blessed to live in an area of relatively low crime, and we have excellent neighbors that no doubt kept an eye on the house, but I was also careful not to tip the bad guys of our absence via social media outlets.

For those of you who have not heard, a small group of security types recently built a web site called Please Rob Me developed by Forthehack to illustrate the problem of information oversharing.  The creators used simple Twitter search mechanisms to illustrate that broadcasting where you were was also broadcasting where you were not: home.

The message of Please Rob Me was pretty simple: keeping things safe – whether they be family heirlooms or sensitive corporate data –is hard, and willingly providing bad guys with useful data makes it even harder.  Even when that useful data is in the form of innocent tweets.

We like to glamorize IT security as suave criminals working in some super slick cyber crime headquarters (think 24’s CTU but sinister) doing sophisticated tasks to perpetrate some grand and complex crime.  In fact criminals will always pick off the weakest link.  Broadcasting that you are away from home on a social networking venue is making yourself that weak link in regards to home break-ins, just as using a weak password or not following basic security protocols make you the weakest link in perimeter security.

Years ago, there was an excellent movie called “The Game” with Michael Douglas and Sean Penn.  The Michael Douglas character thinks he is going into a benign game and freely submits to answering several questions that seem completely innocuous on the surface.   In fact the questions generate a psychological profile that allows the organizers of “The Game” to get to all of his personal accounts and completely turn his life upside down.   By giving personal details freely on social media outlets you could be providing criminals the same pertinent data without them having to ask the questions.

Am I paranoid?  Anyone who knows me would tell you I am not.  But being the savvy security guy that I am, I made sure not to broadcast to the digital world that I would be on another continent for 9 days, and made sure my Facebooking teens did the same.  I am by nature private and guarded in how much of my life I wish to have floating freely in the digital ether.

Please Rob Me is also a very real and tangible warning to government agencies and businesses wrestling with policies regarding social media.  IT security is already a difficult and endless task of trying to keep up with the bad guys.  Giving cyber criminals an additional advantage by freely providing them information they can use against the organization introduces real risk.  The fact that this information comes from within the walls of the organization is not just ironic – it is painful.

When I left my first job at a large defense contractor, I was given a security debrief where I was told that “even the most innocent of information may be the missing piece in the large puzzle of international espionage”.  I remember the phrase perfectly not because I took it to heart, but found it funny in the context of my youth.  Thirty years later, that seemingly innocent information is being posted on the World Wide Web for the entire world to see.   And now that I am a lot older and hopefully wiser, I certainly take it seriously enough when it came to telling the world that I was leaving my home vacant.  It is good to consider what you may be doing for your employer’s valued possessions as well.