Your own personal data or a goldmine for crooks?

Have you ever been robbed? Some of you may have. Are you active on social networks? You are? The two may be connected. For a lot of the threats to the security of our personal data, we only have ourselves to blame. Apparently, we are much too willing to share our likes and dislikes with our virtual ‘friends’ on the internet whom we may or may have not met, which we would not do with someone we had met even a few times in person.

Otilia Haraga

Incredible as it may seem, there is a social website called PleaseRobMe, which replicates the posts of people who comment on Foursquare, revealing where they are at any time with a view to highlighting how absurd and dangerous this practice is. In mid-February Twitter removed the PleaseRobMe account.

Website Foursquare, which is growing in popularity, is nothing more than a platform on which people post their current whereabouts. “To get an idea of the quantity of traffic we are talking about, we’ve just done a search for 4sq on Twitter and in five minutes I’ve counted 54 posts with people saying where they are,” Oliviu Talianu, business development manager at Panda Security Romania, tells Business Review.

Read more about

Simona Moisa, Dentons: Data protection challenges in legal due diligence operations

read more

People use this website to say where they are at every moment, to critique or suggest places to go and things to do there. The more frequently you post your location, the more points you earn.

“The flip side to all this is that anyone can tell where a person is at any time. If you’re out having a beer in a bar, it’s obvious that… you’re not home! All your efforts to make it look like your house is occupied when you go on vacation will be rather pointless if you’re telling the whole world that you are in Florida,” says Talianu.  The same can happen to users of Facebook or Twitter. “In some countries, Facebook is used to find potential victims for theft. Pictures can give you a clear idea of somebody’s status – how rich they are, where they live, etc,” adds the security expert.

But why are social networks such a perilous environment when it comes to the security of users’ personal data? A lot of it has to do with the fact that people are more willing to share things about themselves on the internet.

“Like pickpockets, cybercriminals like crowded places. And what are the most crowded places on the internet at the moment? Social networks, of course! Facebook, MySpace, Twitter, LinkedIn and many others are a paradise for criminals, since most people who open accounts there are willing to share a variety of information with virtual ‘friends’: confidential data, hobbies, photos, music, videos – exactly those things that they would probably not share with a stranger they had just met on the street,” Teodor Cimpoesu, managing director at Kaspersky Lab Romania and Bulgaria, tells Business Review.

“2011 is the year when users will be confronted with a new category of spyware that will have only one goal: to steal everything. It will pick up any information on users, up to and including eye and hair color, and will examine every document that is saved in the infected computer. This malware was created to steal the complete profile of the victims and not just some information on credit cards,” he says.  Details mined from accounts on Facebook, Twitter, LinkedIn and so on will sell on the black market at prices that start from tens or hundreds of USD, depending on the account – how popular it is and how many friends the user has, Cimpoesu says. Moreover, as we are now living in a global village, danger lurks everywhere and is not limited by physical frontiers.

“Due to the explosion of social networks in Romania, I estimate that towards the end of 2011, at least 10 percent of Romanian internet users will come across problems with the security of their personal data, as IT attacks are more complex, elaborate and subtle than in previous years,” Catalin Cosoi, spokesperson for BitDefender, tells BR.

The Consumer Behavior Study (CBS) carried out by Nokia Siemens Networks in 18 countries, including Romania, revealed that two out of three Romanians have trouble controlling the circulation of their personal data.

The poll reveals a growing sensitivity to the way personal data is handled by third parties in comparison to the previous year. The results show that suppliers of fixed internet and fixed and mobile telephony are the companies that consumers trust the most when it comes to the way their personal data is handled. On a scale of 1 to 10, these firms received 6.4-6.8 points for the degree of trust placed in them.

Online communities and governments are at the lower end of the scale, with 4.5- 5 points.

“In countries where the Facebook platform is popular, we will see more and more threats that will use this environment to proliferate: there are for instance links that lead to malicious websites where users can become infected with all kinds of malware that compromise the security of the computer and expose personal data. Such attacks can also circulate on other platforms such as Twitter and Yahoo Messenger,” says Cosoi.

Most Romanians (88 percent) think that data protection is very important but two thirds (65 percent) are willing to provide personal data for certain value-added services compared to only 46 percent of Europeans.

Romanians are concerned with having to share credit card data, as 86 percent of them consider data processing and storage as very risky – but this ratio is still lower than the European average which is 92 percent.

 “Among users, the first and most important aspect of this problem is the education process. It is vital for all of us to know what risks we run when we access various links and provide our account data to people who contact us via e-mail and networks,” says Cimpoesu.

The conditions under which personal data can be processed come under Law nr. 677/2001, which also stipulates under which circumstances it can be provided to third parties and the obligation of operators to take measures to protect such data.

Personal data can be revealed to third parties only when the targeted individual has consented to this, or in special situations. Penalties applied under Law nr. 677/2001 fall into three categories. For failure to notify the involved party or a notification made in bad faith, a fine between RON 500 and RON 10,000 is payable. For illegal processing and revealing personal data, the fine is between RON 1,000 and RON 25,000. For failure to fulfill confidentiality obligations and apply security measures the fine goes from RON 1,500 to RON 15,000. Refusal to provide information is punishable with a fine between RON 1,000 and RON 15,000.

“The authority has paid special attention mainly to petitions about the receipt of offers for database transactions. This type of transaction makes it possible to build a database of thousands of e-mail addresses and telephone numbers and, directly or indirectly, allow the transmission of commercial communication via electronic services to people who have not given their consent,” says Lina Savoiu, spokesperson of the National Authority for Monitoring the Processing of Personal Data.

“Most of the complaints received by the authority that were solved within 30 days concerned the receipt of spam messages, the sending of personal data of the debtors of various banks to the Loan Office or the Central Credit Register, revealing personal data and illegal processing or not respecting the right to oppose of the respective person,” adds Savoiu.

What a person can do following the illegal use of their personal data is to ask the respective operator to solve the problem. If they fail to do so within 15 days, the person can then take the matter to the authority.

How criminals  use personal data to their advantage

Call your credit card company and change the address of the account. Because the bill is being sent to another address it may be some time before you realize that someone else is using your card. By this time thousands of dollars of items may have been charged to your credit card.

Get credit cards in your name. When the impostor doesn’t pay the bills the bad debts go on your credit report. 

Open a bank account in your name. Criminals might then take out a phone or wireless service in your name. 

Open a bank account in your name and write bad checks using that account. 

Counterfeit checks, debit or credit cards, or authorize electronic transfers in your name. 

Buy themselves a car by taking out an auto loan in your name.

Get a job, even filing fraudulent tax returns in your name.

Give your name to the police if arrested.  

Get identification such as a driver’s license issued with their picture, in your name.  

Declare bankruptcy in your name in order to avoid paying the debts that they have incurred, or to avoid eviction.

Oliviu Talianu, business devlopment manager at Panda Security Romania