If beleaguered Notre Dame football linebacker Manti Te’o’s story about being duped by an online imposter were true, he certainly wouldn’t be the first -- or the last – person to fall victim to such a hoax.
In fact, a social experiment conducted by a security researcher two years ago showed how even security-savvy people, military officers and intelligence officials, can been duped by a few photographs and well-crafted profiles on social media networks such as Facebook and LinkedIn.
Te’o is in the middle of major PR crisis after Deadspin.com published a story Wednesday claiming that the heart-wrenching story about his girlfriend Lennay Kekua and her tragic death from leukemia were a complete hoax.
The story of her death -- on the same day that his grandmother died -- and Te’o’s apparently indomitable courage in the face of such personal tragedy were a major theme throughout Notre Dame’s dream run to the Bowl Championship Series this season.
According to Deadspin, there’s nothing to show Lennay Kekua even existed, let alone died under the tragic circumstances described by Te’o to various media outlets. The whole spiel about Kekua having attended Stanford University, and of Te’o meeting her there, was all bogus, according to Deadspin.
Te’o has claimed that he was the victim of a cruel online hoax perpetrated on him by unknown people. He claims that he met and fell in love with Kekua online and carried on what he believed was an authentic relationship, both online and via the phone. He claims to have been truly shattered by news of her apparent death last year.
Whatever the truth behind those claims -- and there are plenty who think it’s full of holes -- Te’o’s story has focused attention on what are known as “catfish” Internet scams where people use fake online social media personas to trick others.
The name apparently is derived from a 2010 MTV movie called “Catfish,” which recounts the tale of an individual who was tricked into a deceptive romance by someone he met online.
Such deception is not uncommon. About two and a half years ago, Thomas Ryan, founder of Provide Security, a New York-based security firm, created a fictitious Naval Network Warfare Command cyberthreat analyst named "Robin Sage" to show just how susceptible people can be to fake online femme fatales.
Using just a few photographs and some brief descriptions on Facebook, LinkedIn and Twitter, Ryan managed to portray his fictitious character as an attractive, flirty cybergeek with degrees from MIT and an upscale prep school in New Hampshire.
Sage’s profile had some pretty obvious red flags, such as the fact that she claimed 10 years of professional experience even though she was just 25 years old. The name Robin Sage itself was derived from the name of a U.S. Army Special Forces training exercise.
Yet, in less than a month, more than 400 people, including those from the information security industry, military and intelligence communities responded to Sage’s Facebook friend requests and LinkedIn connections requests. Many of Sage’s new friends shared personal information and photos; others invited her to review documents and take part in conferences. Some of Sage’s highly placed connections, including a couple from Google and Lockheed Martin, even offered the fictitious character jobs at their companies without meeting her.
As Ryan described in an interview with Computerworld two years ago, Sage managed to make 226 Facebook friends, 206 LinkedIn connections and 204 Twitter followers before the profile was pulled. Most of Sage’s Facebook friends were from the security and military communities, while the LinkedIn connections were largely from security and intelligence.
If only Manti had met “Robin” before, he might have even avoided this whole mess.