We’ve all been seeing a rash of Facebook account cloning. You see it when you get a friend request from someone that you’ve already friended. If you have a lot of Facebook friends, you may just think, “Oh, I thought we were already friends,” and accept the invitation. Shortly thereafter, you’ll get a private message from your new friend. It starts out innocuous. “How are you doing?” Then the scam starts. It may take you a while to realize that your friend wouldn’t really be trying to borrow a pile of money or get you to invest in something. By then, it may be too late.
If your account gets cloned, you may think you’ve been hacked. Don’t worry. You haven’t. Nobody’s figured out your password and broken into your account. They just followed these simple steps:
- First, they copy your profile picture and cover photo onto their computer.
- Then they create a new Facebook account using your name and a throwaway email address.
- They set the profile pic and cover photo to the ones they saved from your real account.
- Finally, they click on the “Friends” tab on your real account and start sending friend requests to everyone.
There’s a quick ‘n easy way to prevent that fourth step.
This will bring up a window that includes “Who can see your friends list?” If the button to the right of it says, “Public,” click on it.
I like mine being on “Friends” or “Friends except acquaintances.” That way, when one of my friends is looking for another of my friends on Facebook, they can just go to my friend list and find them. If you prefer nobody being able to see who you’ve friended on Facebook, use the “only me” setting.
When you get a friend request from someone that sets your Spidey-senses a-tingling, don’t just hit that “confirm” button. Search your friends list to see if you’re already friends. Click on their name to see their page. Warning signs of a cloned account are:
- They have hardly any friends, and the ones they have are all people you know as credulous or careless.
- There are no timeline posts and no pictures (other than profile and cover).
- The name and username don’t match (see picture below). This can also happen when you have friends without much computer and/or Facebook experience that don’t know to set their username.
Whenever I get a friend request from someone I think is a scammer with a cloned account, I always report it to Facebook and tell my real friend about it so they can notify their friends to be careful. You might want to do the same!
I have long been fascinated by computer hackers, and have a large library of books about hacking. When I got my hands on a pre-release review copy of Mafiaboy: A Portrait of the Hacker as a Young Man, I was pretty excited about another hacker biography.
Back when I began monkeying with computers as a junior high school student in 1972, one of the first things I discovered is that computer hacking is a mixture of technical and social engineering skills. The hackers I’ve known and admired were old school (similar to what’s known today as “white hat”). We never damaged anything or profited from our escapades. We learned a lot and played a lot of practical jokes on each other, but we didn’t do the kind of things mafiaboy did to land himself in jail.
For those unfamiliar with his story, Michael Calce (a.k.a. “mafiaboy”) hit the news when he used DOS (denial of service) attacks to bring down the websites of CNN, Dell, eBay, E*Trade, Yahoo!, and Amazon. He was variously reported as a 15-year-old “script kiddie” with no real technical skills and as a talented and dangerous computer hacker. I expected this story to explain what he did and how he did it.
I was disappointed.
Calce was not a traditional old-school hacker with a love of technology, digging for knowledge to use the equipment better. Nor was he an example of today’s malicious profiteer, extorting site owners and stealing private data for profit. He was a teenager whose quest for knowledge was focused entirely on bullying other so-called hackers online. His goal was to take control of huge networks of other people’s computers and use them as tools to take over chat rooms and kick other kids out.
If you’re interested in the psychology of a kid who made news worldwide for the damage he caused, you’ll probably enjoy this book. It’s factual and unapologetic. He reiterates how stupid he was and how much trouble his big mouth and braggadocio got him into, and it shows the ramifications of his actions.
If you want to know the details of what he did, how he did it, and what system administrators and software engineers have done to prevent others from doing it, this is not your kind of book. There’s little detail, and despite his claims of programming skill, he really seems to understand very little of what was going on behind the scenes.
Although he hired an experienced co-author to do most of the writing, it still doesn’t have the professional feel I expect from Lyons Press. As an example, the book opens with Calce’s arrest. He describes the police and FBI coming to his house to pick him up, and how his brother was reprimanded for speaking Italian to Calce. Then the police start conversing in French. Huh? Because the FBI was involved, I assumed the book was taking place in the U.S. Calce never bothered to include the minor detail that this was all happening in Canada.
Despite the label on the cover saying “Winner of the Arthur Ellis Award: Nonfiction Book of the Year,” the book is lacking as a piece of nonfiction. There’s no index. The “Mafiaboy Guide to Protecting Yourself Online” could have come from any of a thousand security websites (or my own writing from decades ago, for that matter), and shows no personal insights from the talented and experienced hacker he claims to be. His stories of other hackers are lifted from books and TV shows, not from his own interviews, so no new information is presented. The victims of his attacks aren’t interviewed.
I will be keeping the book with my other computer hacker books, but it’s more a tale of teenage angst and suffering (Look what they did to me! I couldn’t talk to my best friend for three years!) than a hacker book.
NOTE: This review is based on an advance copy, and there may be changes before its scheduled release on August 2, 2011.