A simple Facebook impersonation attack was used to tempt personal data from military and government associates of NATO’s supreme Commander James Stavridis, news sources have reported.
Despite NATO staff having been warned about fake Facebook pages in the past, The Daily Telegraph reports that “senior British military officers and Ministry of Defence officials” were among those temporarily fooled by 'friend' requests from the fake Stavridis page that appeared earlier this year.
The attackers will not have gained any vital information from this attack beyond a few phone numbers and a list if gullible and now embarrassed individuals worth targetting in their own right.
For the record, Admiral Stavridis does not have a Facebook page, nor would it be appropriate for a man with the job of heading the world’s most powerful military appliance to sign up for such a service in a professional capacity.
As with almost every other cyberattack with a geo-political dimension, the fake page attack is being pinned on Chinese intelligence although the level of sophistication required to create a bogus page would be open to anyone.
The frequency of fake Facebook pages claiming to be connected to important officials is now so significant that NATO has had to dedicate staff to liaising with the company to have them removed.
Last month, security company Barracuda published research that showed common features of malicious Facebook pages, which are 97 percent female, friend large numbers of individuals in a short space of time, and have a habit of embedding large numbers of tags on photographs, presumably for search engine optimisation reasons.
However, the phenomenon of impersonation is a trickier one. People are impersonated because there are deemed famous or important enough, which raises the issue of how the public can know whether a person is who they claim to be.
An infamous recent example of this at work is the battle between the service and author Sir Salman Rushdie to have his account re-activated after it was deemed fake because his pen name differed slightly from that stated in his passport.
Rushdie eventually vented his frustration on Twitter, which caught Facebook’s attention. The company eventually relented, accepting his identity as genuine.