Schneier on Security
A blog covering security and security technology.
« Al Qaeda Hacker Captured |
| Chameleon Weapons »
March 28, 2006
MySpace Used as Forensics Tool
Detectives used profiles posted on the MySpace social networking Web site to identify six suspects in a rape and robbery....
She knew only their first names but their pictures were posted on MySpace.
"Primarily, we pulled up her friends list. It helped us identify some of the players," said Bartley.
Posted on March 28, 2006 at 1:19 PM
• 15 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Investigators have long used a person's social record forensically -- letters and postcards, phone records, photos taken while on vacation, diaries and journals, and so on.
The only way this is different is that the records are digital instead of on paper. The major things of note are:
A: these records are no longer in someone's keepsake box, but held in trust by a separate organization which may turn these over without a warrant/subpoena "in the interest of cooperation". And without the cooperation (maybe even without the knowledge) of the person being investigated.
B: it is unlikely that someone could ever reliably destroy these records -- I can burn my paper letters, and be reasonably sure they are gone for good. If I delete a posting, it remains in backup tapes, organization archives, and in many browser histories and private archives. It's available forever, as long as someone found it interesting.
C: ubiquity of information. Keepsakes were often only kept when they related to close associates; with things like MySpace, the digital eqivalents are kept for even passing acquaintences. After all, they take zero space in your closet. ;-)
D: people think of such things as far more private than they really are.
This shouldn't be surprising, but it is a useful reminder that anything you say or otherwise record on the Internet is permanent public information, and one should behave accordingly.
In the case of MySpace, much of this information is "public" in that it is available to all. Additionally, if the victim cooperated then no subpoena is required to access her own records and to gain whatever additionnal access she may have to her friend's records.
USENET is much worse then the net in that regard, the vast majority of all USENET postings are freely searchable on Google News (and before that Deja) and indeed, it used to be sold on CDs...
An interesting attribute about social networking is that typical user observable identifiers are not unique or qualified in any way. For example, in the case of MySpace, you can have 100 users who all share the handle 'Bruce Schneirer'. Anyone can make such an account and the e-mail used to register the account is hidden to other users and investigators. From this point of view, spoofing could lead to integrity issues.
Using the keepsake anaolgy that radiantmatrix pointed out, this is different in that one user can not spoof someone's house or closet. While evidence can be physically planted in the real world, it can be totally fabricated online and still be accepted by an unsavey investigator. Without detailed records from the service provider (MySpace) correlated with records from the suspected user or their ISP, the link may not be as clear with reasonable certainty in some cases.
Your expectation of privacy on Myspace is about as much privacy as you'd get skinny dipping in the town fountain while the 4th of July parade goes by - you're only safe as long as no one turns around.
Creating a profile on myspace is similiar to enlarging your picture and writing your bio in giant letters on the front of your home. Most people in America won't see it, but it's there for anyone's drive-by. The person driving by can be a friend, foe, pervert, politician, or even a policeman.
This isn't rocket science. Perverts think they're completely anonymous. For the most part, they are until they hand out personal info or show up at someone's door. A local DA showed a group of us just how easy it is to find a pervert on the internet. In 15 minutes, the DA had some guy flashing his privates via webcam at what he thought was a 12 year old girl.
"In 15 minutes, the DA had some guy flashing his privates via webcam at what he thought was a 12 year old girl."
... or what he thought was a fellow-pervert pretending to be a 12 year old girl, more llikely ...
a lesson to web surfers. before you fill up those personal into the forms by BBS/BLOG/IRC/Mailinglist and other Myspace-like cyber sites, you'd better prepare to let those info known by everybody in the planet. Or don't do that.
at other side, that reflect the value of web info mining technology.
My co-worker made a myspace account of his brother with pictures of him, and listed him as being gay when he is not. He has posted compromising pictures of his brother that could support that claim, and the account has gotten messages from other people who believe the erroneous info.
What makes MySpace and similar sites very attractive for forensics is that the actual social networks are documented and open to navigation. Thus, speculations can be quickly made... but not proven. As posts above detail, these could lead investigators to either the truth or to false leads, depending on the amount of time and effort that the people under investigation take to construct bogus or defamatory records.
I'm not sure I understand the point you're trying to make by posting the URL of my blog?
If it's that I've associated myself with my "real identity", I know that -- my handle and my real name have been publicly tied together for a long time, and what's on my blog is what I want to share with the world.
If it's something other than that, would you please explain? I think I'm lost... ;-)
May it be that a troll has finally found this blog?
What happens to private messages exchanged between myspace members when one of them cancels their account? Are they stored on backup tapes forever and ever? will they ever become accessible by third parties?
myspace supposedly keeps all messages somewhere on file. i dont know how true that is. i do know htat is you save text from letters, they are null in court, as they can be manipulated...
i keep a file filled with screen shots of all correspondances on myspace and mybook... i have many female friends, somethimes they have friends blahblah blah, in this day and age, they can turn around and say anything, so it is best to save all letters.....
My family has a MySpace account. My son sent out some vulgar bumper stickers to everyone on our list (which consisted of my friends and his). I rarely log in to the account, other than to monitor his activity on occasion, which seems harmless. Well... After a co-worker quit, he later sued the company for back pay AND for sexual harrassment by me, via the myspace messages that were sent... Are they admissable, as the myspace had nothing to do with the business relationship between me and my coworker? Please advise. Thanks.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.