Social Networking Suicide Can Be Painful

The safest way to delete a profile on a social networking site is to do it manually using the site in question’s own systems rather than hand over any details to a third-party that promises to do it automatically, according to security experts.

Commenting on the news this week that Facebook had blocked the Web 2.0 Suicide Machine from accessing its systems, Sophos senior security consultant Graham Clulely warned that users should be wary of using services such as Web 2.0 Suicide Machine, as any details they provide could be exploited.

“If you really want to wipe some (or all) of your data off social networking sites then it would be much better if you did it yourself, rather than hand over your credentials to an unknown third party to do it for you,” he stated.

Cluley went on to explain that he wasn’t accusing Suicide Machine of having nefarious intentions for any data that users choose to submit to the site but that individuals should always be wary of who they submit password and ID information to.

“I’m not suggesting that the creator of the Web 2.0 Suicide Machine is up to such shenanigans, but it wouldn’t take a criminal mastermind to build a website that offered this kind of service *and* attempted to use your username/password combination on a whole host of other websites,” he said.

Facebook released a statement earlier this week explaining why it had decided to block Suicide Machine from its systems. “Web 2.0 Suicide Machine collects login credentials and scrapes Facebook pages, which are violations of our Statement of Rights and Responsibilities,” the social networking site stated.

Responding the block by Facebook, Suicide Machine posted a statement on its site claiming that it would look to find a way around the ban. “After more than 50,000 friends being unfriended and more than 500 forever ‘signed-out’ users, Facebook started to block our Suicide Machine from their servers without any comment! We are currently looking at ways to circumvent this ungrounded restriction imposed on our service!,” the site stated. “If you wanna support us and can set up a decent proxy server, please do not hesitate to contact us at suicide [at] moddr[dot]net.”

Despite concerns about how information submitted to sites such as Suicide Machine could be exploited, Cluley admitted that the site was responding to a potential security need, as many people still post information on social networking sites that could be used by cyber-criminals for ID theft purposes. “There is plenty of evidence that far too many people are sharing far too much data willy-nilly via social networks online,” stated Cluley.

Speaking at the RSA Europe Security Conference in London last October, Herbert “Hugh” Thompson, chief security strategist for People Security and professor in the Computer Science department at Columbia University in New York, said that criminals are launching “innovative” attacks based on the information which people share online. “People are posting indiscriminately – they throw weird information out there. What has happened is there has been a growth in the technology for information sharing but not a comensarate education in what information we should share,” he said.

Thompson (pictured below) discussed an experiment he conducted with some acquaintences where he was able to hack into their email accounts using details gleaned from social networking sites and old CVs. He also cited the example of US vice-president hopeful Sarah Palin who had her Yahoo email account hacked in September 2008.