privacy and social engineering

Brian Krebs also has a neat article up titled, “Alleged Romanian Subway Hackers Were Lured to U.S.” The article has this to say:

Investigators had subpoenaed Yahoo!, GoDaddy and other communications providers to snoop on Butu’s emails. Information gleaned from those messages included quite a bit of information about where he’d traveled, bars he’d visited, his friends, etc.

Armed with this information, U.S. investigators reached out to Butu posing as an attractive female tourist he had met while he was in France approximately one year earlier.

This, friends, is a classic example of social engineering by knowing a little bit about someone. In this case, he probably thought his emails were private, but investigators (or anyone else) could find similar information about someone on relatively public sites. Essentially: privacy is important.