Monday, September 20, 2010

Interpol scammed by FaceBook: A lesson in identity providers

This is just embarrassing. 

[Interpol] Security chief Ronald K. Noble revealed that two fake accounts were created in his name and used to find the details of highly-dangerous criminals.

...

It is believed the cyber-criminals created Facebook profiles claiming to be Mr Noble. From there they gathered sensitive information about the suspects.

The lesson to be learned here is that FaceBook is not a trustworthy identity provider. Just because someone claims an identity on FaceBook doesn't mean a thing as anyone and create an account and say they are whoever they want to be. And really there isn't a lot FaceBook and do about it, vetting 500 million people from around the world isn't practical.

Don't get me wrong, FaceBook is still useful for all sorts of stuff, but exchange of sensitive law enforcement information isn't one of them and if you are responsible for care taking that sort of information you should know better.