Security Pros Take the Bait

Within one month of her online arrival, nearly 300 people connected with an attractive, flirtatious 25-year-old woman named Robin Sage through social networking sites. Her ‘friends’ included security specialists, military personnel and staff at intelligence agencies and defense contractors. Robin claimed to be a "cyber threat analyst" at the U.S. Navy’s Network Warfare Command – and posted photos of herself, bikini clad in some, on her online profiles.

In an article on the Washington Times website, Shaun Waterman says Robin Sage did not exist. She was a made-up profile by security consultant Thomas Ryan. In what he called an ‘independent ‘red team’ exercise, he created her in an effort to expose weaknesses in the nation’s defense and intelligence communities.

“It is not the first time ‘white-hat’ hackers have carried out such a social-engineering experiment, but military and intelligence security specialists told The Washington Times the exercise reveals important vulnerabilities in the use of social networking by people in the national security field,” says the article.

Of her various connections in national security circles, some inadvertently exposed personal data to her about their homes and families. Others invited her to dinner or invited her to apply for jobs.

To read the Washington Times article, click here:
http://www.washingtontimes.com/news/2010/jul/18/fictitious-femme-fatale-fooled-cybersecurity/