BBC News
watch One-Minute World News
Last Updated: Monday, 12 November 2007, 08:09 GMT
Social networkers warned of risk
Page from Facebook
Users are being warned not to post personal details on their profiles
A quarter of the 11 million Britons who use social networking sites such as MySpace and Facebook may be leaving themselves open to identity fraud.

Get Safe Online, a government-backed campaign group, is warning against posting personal details online.

Its research also showed eight million people leave home wireless networks unprotected against intruders.

And more than half of the over-65s polled use a single password for every website they visit, the group said.

The group is advising older internet users to change their passwords more often.

'Rich pickings'

Tony Neate, managing director of GetSafeOnline.org, said a date of birth and address details were enough for someone to set up a credit card in another name.

"Although some of these details may seem harmless, they actually provide rich pickings for criminals," he said.

Man surfing in a park
People need to take care when using public wi-fi

Cabinet Office minister Gillian Merron said the risks can be easily fixed and did not mean people should stop using social networking sites, and wireless networks.

The poll of 2,000 adults also showed that nearly 30% admitted searching for former girlfriends and boyfriends on the sites, and almost one in three used them to find out about their boss, colleagues or a job candidate.

The survey also found 13% of social networkers had posted information about or photos of other people without their consent.

While 80% of people now have firewalls, anti-virus and anti-spyware products installed on their PCs, the usage of wireless networks is far more lax.

At part of the campaign, Get Safe Online and the Serious Organised Crime Agency demonstrated how easy it was to break into an unsecured wireless network.

High profile cases

It showed that not only was it easy to freeload on an unsecured network but also to hack into it and 'steal' potentially valuable information.

SECURING WIRELESS NETWORKS
Refer to the documentation that came with your hardware to find out how to protect the machine
Set up encryption to prevent eavesdropping
Make sure that every machine on the network has a firewall
Use public access points with care
Switch off SSID broadcast - this is the name of your wireless network
Use a unique, obscure password to access the wireless network
Restrict access to the machines you want to access the network by using its MAC address

A SOCA officer, taking part in the mocked-up demonstration for the BBC, took just a quarter of an hour to access and "steal" passwords and other personal information from a nearby laptop.

According to a survey conducted by the government and SOCA-backed Get Safe Online campaign, over 7.8 million people in the UK have left their internet access open for anyone to use.

"It took just 15 minutes to break into the network but it would take less than that to make the machine safe," said Tony Neate, managing director of the Get Safe Online campaign.

There have been several high profile cases this year of individuals piggybacking on other people's unsecured wireless connections.

Such freeloading is generally harmless and invisible to the user, unless the person stealing it is using large amounts of bandwidth which will noticeably slow the network down.

Stealing passwords

The mocked up SOCA demonstration showed that anyone with a wireless-enabled laptop could scan for unsecured networks and, if one was found, use it to surf the internet and send emails at someone else's expense.

The demonstration also showed that it only takes a limited amount of technical know-how to take the free usage of someone else's network to a different level.

"I am running a tool which is freely available from the internet which will scan the computer to see if it is vulnerable to any exploitation," explained the SOCA officer, who was only known as Stuart.

"A red X on the screen shows that a Microsoft patch for a known vulnerability [in this case, the Sasser worm] hasn't been applied so now I just need to use this information with another program - also freely available - which will allow me to input commands and gain control of the machine," he said.

In this particular demonstration, Stuart was able to access the victim's My Documents' folder which contained a document listing passwords for banking, e-mail accounts and social networking sites.

A Get Safe Online campaign earlier in the year found that 12% of the UK's net users had experienced online fraud during 2006 with an average loss of 875.

As part of this week's campaign the Get Safe Online team will be travelling around the country offering advice on how to stay safe and secure when using the internet.

VIDEO AND AUDIO NEWS
How unprotected computers can be hacked



SEE ALSO
The etiquette of networking
06 Jun 07 |  Technology
Too old for networking?
25 May 07 |  Technology
Hyper-connected generation rises
09 May 07 |  Technology
Q&A: Wi-fi explained
08 Mar 06 |  Technology

RELATED INTERNET LINKS
The BBC is not responsible for the content of external internet sites



FEATURES, VIEWS, ANALYSIS
Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit

PRODUCTS & SERVICES

Americas Africa Europe Middle East South Asia Asia Pacific