Fake femme fatale shows social network risks

Researcher Thomas Ryan says fictitious Robin Sage character fooled many holding security, military and intelligence posts

Hundreds of people in the information security, military and intelligence fields recently found themselves with egg on their faces after sharing personal information with a fictitious Navy cyberthreat analyst named "Robin Sage," whose profile on prominent social networking sites was created by a security researcher to illustrate the risks of social networking.

In a conversation with Computerworld, Thomas Ryan, co-founder of Provide Security, said he used a few photos to portray the fictional Sage on Facebook, LinkedIn and Twitter as an attractive, somewhat flirty cybergeek, with degrees from MIT and a prestigious prep school in New Hampshire. Then he established connections with some 300 men and women from the U.S. military, intelligence agencies, information security companies and government contractors.

The goal, said Ryan, was to determine how effective social networking sites can be in conducting covert intelligence-gathering activities.

Despite some patently obvious red flags -- such as noting that the 25-year-old Sage had worked professionally for 10 years -- the scheme worked. The connections to Sage, who was depicted as a real-life Abby Scuito, a fictional character in CBS's NCIS television series, were established in less than a month. Many friends freely shared personal information and photos, invited the fictional threat analyst to conferences and asked her to review documents. Some "friends" at major companies, including Google and Lockheed Martin, even expressed interest in hiring her, he noted.

A security researcher created a fake online profile for a fictional cyberthreat analyst named "Robin Sage."

Had Sage really been a foreign agent, she would have had access to a lot of very useful information, said Ryan, who is scheduled to present his findings next week at the BlackHat security conference in Las Vegas. Excerpts from his interview with Computerworld follow:

What prompted you to conduct the experiment? One of the biggest drivers was all the talk about cyberwarfare and cyberespionage -- and what's real and what's not real. I wanted to see how much intel you could gather from a person just by lurking on a social networking site. I [also] wanted to see who was most susceptible to clicking. I wanted to see how fast this thing would propagate. One of the things I found was that MIT and St. Paul's [prep school] were very cliquey. If they don't remember seeing you, they are not going to click. You had less of a chance of penetrating those groups than the actual intel and security communities.

How many connections and friends did Robin Sage make? On Facebook, 226; on LinkedIn, 206; and on Twitter, 204. The connections on Facebook were security and military, LinkedIn was mainly security and intel, and Twitter was mostly hackers.

Did Sage mostly seek out these friends, or were they more likely to make the first move? It was a combination of both. I did approach a few people, [mostly] from the security industry. They had the most connections. They are the speakers, the ones that are always sociable.

What type of information can one get through such connections? Pretty much everything. I had access to e-mail and bank accounts. I saw patterns in the kind of friends they had. The LinkedIn profiles would show patterns of new business relationships.

Why do you think Sage was so successful at making new connections? Because she was an attractive girl. It definitely had to do with looks.

Were most of the connections male? It wasn't all men. The male versus female split was 82% to 18%. The highest number of women were from the intelligence community. The only women who were there from the security community were people promoting conferences and stuff like that.

Do you think a fictional male character would have been as successful in attracting "friends"? It depends on who the male was and how he was portrayed.

What did Facebook do when they discovered what was going on? Facebook shut down the Robin page and my personal page. They said, due to security reasons, I am not allowed to use Facebook again. LinkedIn just deleted the Robin account but [a cached version] is still there on Google.

What's the takeaway from the experiment? The big takeaway is not to friend anybody unless you really know who they are. The same tactic was used to infiltrate a secret Israeli base. The people on the base were the only ones on a private Facebook page. Somebody was able to gain access to it and gather intel on the base.

Anything else? I was never able to friend anyone from the CIA or the FBI. I tried. It just didn't work. Toward the end of the experiment, there was this massive influx of Arabs from overseas that were trying to get on the Robin page where all the military stuff was. I didn't really care for it. That was a bit scary.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan , or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com .

Read more about security in Computerworld's Security Topic Center.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags securityLinkedInCBSWeb 2.0 and Web AppstwittergovernmentGovernment/IndustriesFacebook

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jaikumar Vijayan

Computerworld (US)
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?