Data Forensics Expert Witness: Facebook Exposes Personal Data!

Unfortunately, this is not the first time Facebook has been in the news for its poor handling of data. In July 2012, there was a similar breach where a private security consultant used a piece of code to gather information on over 100 million profiles. This was not seen as a hot topic issue because the information gathered was not secured by the user, and therefore in the public domain. But, it does brings up some interesting points which many users seem to forget when they surf or post to social media.

For any social media sites, you should follow these rules:

Rule #1: Do not post private information on the internet, regardless of security or visibility options. If you are not comfortable with sharing your location with 1.1 billion users, it is strongly recommended you avoid posting that information. Be wary of who might use your profile against you.

Rule #2: Try to keep separate social media profiles for work and personal. LinkedIn and Facebook are perfect examples. LinkedIn, while useful for businesses, is not geared towards someone looking to keep in touch with friends and family. Facebook, is useful for both business and personal. But, keep in mind it is first and foremost a personal website.

Rule #3: Check your privacy settings. Facebook in recent years has really stepped up their game on how best to protect personal user data. One can now determine which posts and pictures can be seen by whom. You may decide you want your friends to see your new car, but do not necessarily want your jealous ex to know. This is done by simply changing the visibility setting on each post. It can also be done globally if you prefer.

Rule #4: The internet does not forget. Remember the ‘accidental’ drunken photo you posted online and thought you deleted? Odds are: somewhere out there remains a copy someone snagged before it was taken offline. This and other posts you might have created, could be used against you in a malicious manner. Think before posting. In other words: ‘Never post anything you don’t want printed on the front page of the paper.’

An amusing case to end on. A Wisconsin man claimed he could not pay child support. Yet he posted several pictures on his Facebook page showing him with several hundred dollars in cash. Needless to say, he is likely re-examining how best to protect his data as the judge at his hearing was not amused. He probably takes the phrase “think before you post” a little more seriously now.

Computer Forensics and Hacking Expert Witness: Howdy, I’m a Hacker!

The most common visual is the pale nerd in his mother’s basement who is getting into his university server to change his rivals grades to failing ones. Then there are the various Hollywood depictions which show “master criminals” manipulating traffic signals and financial markets. This is a fairly recent use of the word “hacker” and for years before it had a very different meaning.

In the early 90’s when Linux (a popular free computer operating system) was introduced, the word hacker did not even exist. Users of these operating systems referred to themselves as “hackers”, only due to their ability to manipulate and reuse programming code for their own purposes, outside of its originally intended purpose. If you think of them as chefs, everyone has that one basic recipe for lobster bisque, but each chef will put their own spin on the recipe to make it their own. They were / are very competent programmers that had a passion for writing their own programs.

The majority of these “hackers” used their skills for good. For example, helping a friend who needed new software to help keep track of inventory at a grocery store. Then there are some more famous hackers, including Steve Jobs and Bill Gates who made a lot of money creating a consumer computer for the home. A small percentage used their skills for less than honorable purposes, such as Kevin Poulsen and Adrian Lamo. These dishonorable hackers are what gave the noble hobby of computer manipulation its bad name.

Due to the large amount of media attention on the subject, in recent years, the term “hacker” has become synonymous with crime and people using their skills to steal and create fear. While this may be true in some instances, it is not the majority. Now we distinguish good from evil with (figurative) hats:

“White hat hacker” or “Ethical Hacker” is person who hacks for good to find their own or other organization’s vulnerabilities and report them for improvement.

When the term “Black” is useed along with “Hacker” they are considered to be someone who hacks for evil maliciousness or personal gain.

“Gray hat hackers” are in that limbo status between the two who may offer to repair a vulnerability for a fee.

“Blue hat hacker” are usually outside computer security consulting firms who test software or systems for bugs looking for exploits so they can be closed prior to software or system release.

Remember: not all hackers are bad.