Mr. Safety keeps watch on MySpace security

It was late August, and depending on whom you asked, MySpace was either a Web 2.0 prophet or the devil gone digital. While the business world was reading about the social networking site's US$900 million deal with Google, its expansion into Australia and its mention on Time's list of the 50 coolest websites, the security community was riveted by a different set of headlines. "Two teens arrested in MySpace hack," read one. "Three teens accused of sexually assaulting girl they met on MySpace.com," read another. A third: "Man accused of raping MySpace date."

At a conference in Dallas, Hemanshu Nigam had to address an audience focused on the latter set of headlines. And he was about to find out how public a stage he had stepped onto by taking the job as CSO of MySpace, the News Corporation entity on which owner Rupert Murdoch is staking his plans for a digital future. An hour before Nigam's first session, to be given at the annual Crimes Against Children conference, he and a staff member headed to the conference room at the Hilton to set up. They found a line outside the door.

"We asked somebody in line, Are you waiting for something?" recalls Nigam, who is also CSO for all of Fox Interactive Media. "And they said, Yeah, for the MySpace training. As soon as the doors opened, people kept coming, and they kept coming, and they kept coming. All of a sudden you had 4 feet by 6 feet of walking space, and all the way up to that you had people sitting on the floor. All the walls had people standing. It was crawling room only."

People were turned away. Everyone wanted to hear how MySpace could assist law enforcement with criminal investigations.

Nigam, a 42-year-old born in India and raised in Connecticut, took the stage, where he spoke both with the command of a seasoned federal prosecutor of child crimes and the empathy of a father of four. He described MySpace's 24-hour hotline for law enforcement, its track record of helping to find teenage runaways as well as rapists, and its efforts to get IP addresses and other crucial information to officers as quickly as possible. His words seemed to have their desired effect: Afterward, more than 90 percent of those assembled gave his talk a positive rating.

"He seems to be forthcoming in saying, We know there are issues that need to be addressed, and we are addressing them," conference organizer Larry Robbins says. "I didn't get the impression that he was trying to sweep something under the rug."

Law enforcement officers who have tested MySpace's response capabilities say it's not just lip service. "I was actually pleasantly surprised," says Deputy U.S. Marshal Robert Charette, who recently worked with MySpace to track down and arrest a man wanted in two states who was logging in to his MySpace account from a public library in Philadelphia. "We normally are used to waiting days and weeks on end [for subpoenaed information] from phone companies, and I expected a similar type of response from MySpace. But it was an immediate response, and they were extremely cooperative and a pleasure to deal with."

The fact is, the company had better be. MySpace is hot. Last July, according to the research service Hitwise, it passed Yahoo Mail to become the most-visited website in the United States. But as the number of profiles created at the Web community has exploded--to 150 million at the time of this writing, according to the company--so too has its appeal to everyone from small-time drug dealers to pedophiles to murderers. After all, it's just as easy for a criminal to sign up as it is for a 14-year-old who wants to share soccer photos or chat about Justin Timberlake.

The challenge for Nigam is to make the site a safer place for users (and, of course, advertisers) without destroying the very openness that has made it so popular. This places Nigam not just front and center at conferences about child safety, but also at the very nexus of culture, commerce and security. Despite MySpace's seeming ability to respond well when things go wrong, it's still far from certain whether Nigam can make the site measurably safer and more secure -- and whether he can ever do enough to appease MySpace critics, including an outspoken group of 32 state attorneys general who want to tighten access to the site.

When Nigam took over last May, "there was a sigh of relief breathed by many folks [who felt] that now, at least, something is going to get done. There's an open door, and there's someone that they can communicate with," recalls Derek Broes, a senior vice president at Paramount Digital Entertainment, who worked with Nigam at two previous jobs. "His biggest challenge will be accomplishing what MySpace wants to accomplish without damaging the company itself and building a poor user experience."

It's no easy task. But as Broes puts it, echoing the sentiments of others who know Nigam, "if anybody is going to find the solution, it's going to be Hemu."

Vulnerabilities in some Netgear router and NAS products open door to remote attacks

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Deep Security - Enterprise Virtualization Security

Advanced protection for physical, virtual and cloud servers

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.