Dear LinkedIn user: Meet Mr. John Smith!Oh, well. But my next question is this- what about that "Information Security" group on Linkedin? A few friends and I questioned the legitimacy of that (after joining) at a recent event.
You have a profile on LinkedIn.com and you have chosen to connect with "John Smith". This itself is not a problem, if it wasn't for the fact, that John Smith doesn't really exist (in real life). The profile was invented as part of a security experiment were we try to determine and illustrate potential risks using social networks, such as LinkedIn. The presentation was just released on the Fraud Europe conference in Bruxelles today.
We decided not to release any detailed information about who and how John Smith got connected with in his network. However, we felt obligated to inform all Linkin accounts hooked up with John Smith about this piece of research and the release of the final edition of "Social Networking Risk - Who Do You Want to be Today?".
With the paper being released we will delete the "John Smith" profile!
If you've not already guessed it, you're receiving this e-mail because you are linked with john Smith. We hope this will be a leason learned and nothing else ...
All data harvested during the past year, will be deleted. We will also inform LinkedIn and asking them to remove the profile.
You can download the presentation given at Fraud Europe conference at the following URL:
http://www.csis.dk/dk/media/LinkedIn-Threats.pdf
The technical paper, used as background for this presentation and released in January 2008, can be downloaded here:
http://www.csis.dk/dk/media/LinkedIn-V2.pdf
Best regards,
Dennis Rand, Security- and Malware researcher
CSIS Security Group
http://www.csis.dk
Bottom line, if it is on the Internet it is out there for all to see. Remember that, act accordingly, and you'll be OK.
Jack
