Fake femme fatale shows social network risks

Researcher Thomas Ryan says fictitious Robin Sage character fooled many holding security, military and intelligence posts

1 2 Page 2
Page 2 of 2

Did Sage mostly seek out these friends, or were they more likely to make the first move? It was a combination of both. I did approach a few people, [mostly] from the security industry. They had the most connections. They are the speakers, the ones that are always sociable.

What type of information can one get through such connections? Pretty much everything. I had access to e-mail and bank accounts. I saw patterns in the kind of friends they had. The LinkedIn profiles would show patterns of new business relationships.

Why do you think Sage was so successful at making new connections? Because she was an attractive girl. It definitely had to do with looks.

Were most of the connections male? It wasn't all men. The male versus female split was 82% to 18%. The highest number of women were from the intelligence community. The only women who were there from the security community were people promoting conferences and stuff like that.

Do you think a fictional male character would have been as successful in attracting "friends"? It depends on who the male was and how he was portrayed.

What did Facebook do when they discovered what was going on? Facebook shut down the Robin page and my personal page. They said, due to security reasons, I am not allowed to use Facebook again. LinkedIn just deleted the Robin account but [a cached version] is still there on Google.

What's the takeaway from the experiment? The big takeaway is not to friend anybody unless you really know who they are. The same tactic was used to infiltrate a secret Israeli base. The people on the base were the only ones on a private Facebook page. Somebody was able to gain access to it and gather intel on the base.

Anything else? I was never able to friend anyone from the CIA or the FBI. I tried. It just didn't work. Toward the end of the experiment, there was this massive influx of Arabs from overseas that were trying to get on the Robin page where all the military stuff was. I didn't really care for it. That was a bit scary.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.

Copyright © 2010 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
9 steps to lock down corporate browsers
  
Shop Tech Products at Amazon