http://fcw.com/Articles/2010/07/26/BUZZ-Robin-Sage-Thomas-Ryan-cybersecurity .aspx?s=fcwdaily_260710 <http://fcw.com/Articles/2010/07/26/BUZZ-Robin-Sage-Thomas-Ryan-cybersecurit y.aspx?s=fcwdaily_260710&admgarea=JOINT_CDWG&p=1> &admgarea=JOINT_CDWG&p=1
Cyber espionage lure catches some big fish An undercover cybersecurity expert demonstrates the national security risks posed by social media in government * By FCW Staff * Jul 26, 2010 Oh, the humanity! One might hope that the men and women employed by the military, the intelligence community and government contractors would be wiser than most when it comes to online scams. You'd think this would especially be the case with a so-called social engineering scam - one in which an individual assumes a fake identity on Facebook and other social media sites in hopes of finding well-placed "friends" who might inadvertently reveal valuable intelligence data. That's the kind of stuff they warn against in Social Media 101. And yet cybersecurity expert Thomas Ryan - posing as Robin Sage, an attractive "cyber threat analyst" working at the Navy's Network Warfare Command - managed to find more than 600 friends or followers across Facebook, Twitter and LinkedIn. Ryan's trap snared employees at some secretive places, including the National Reconnaissance Office, the Navy, Lockheed Martin and Northrop Grumman, according to various media accounts. "I wanted to see how much intell you could gather from a person just by lurking on a social networking site," Ryan told Jaikumar Vijayan at Computerworld <http://www.computerworld.com/s/article/9179507/Fake_i_femme_fatale_i_shows_ social_network_risks> . People accepted his/her online overtures despite some obvious red flags, such as the fact that Robin claimed to have 10 years of experience in cybersecurity despite being only 25 years old. And they began sharing information that, if Ryan had not been one of the good guys trying to make a point, could have compromised national security, such as troop locations and movement. "People also sought Robin's professional advice, invited her to dinners, and offered her job opportunities," writes Petty Officer 2nd Class Elliott Fabrizio at the Defense Department's <http://science.dodlive.mil/2010/07/21/the-dangers-of-friending-strangers-th e-robin-sage-experiment/> "Armed with Science" blog. "Not bad in this economy, especially for a person who doesn't even exist." Which just goes to show: Human nature trumps training more often than we would like to think. "It is not the first time 'white-hat' hackers have carried out such a social engineering experiment," writes Shaun Waterman at the Washington Times <http://www.washingtontimes.com/news/2010/jul/18/fictitious-femme-fatale-foo led-cybersecurity/> . "But military and intelligence security specialists [said] the exercise reveals important vulnerabilities in the use of social networking by people in the national security field." [Non-text portions of this message have been removed] ------------------------------------ -------------------------- Want to discuss this topic? Head on over to our discussion list, [email protected]. -------------------------- Brooks Isoldi, editor [email protected] http://www.intellnet.org Post message: [email protected] Subscribe: [email protected] Unsubscribe: [email protected] *** FAIR USE NOTICE. This message contains copyrighted material whose use has not been specifically authorized by the copyright owner. OSINT, as a part of The Intelligence Network, is making it available without profit to OSINT YahooGroups members who have expressed a prior interest in receiving the included information in their efforts to advance the understanding of intelligence and law enforcement organizations, their activities, methods, techniques, human rights, civil liberties, social justice and other intelligence related issues, for non-profit research and educational purposes only. We believe that this constitutes a 'fair use' of the copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use this copyrighted material for purposes of your own that go beyond 'fair use,' you must obtain permission from the copyright owner. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtmlYahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/osint/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/osint/join (Yahoo! ID required) <*> To change settings via email: [email protected] [email protected] <*> To unsubscribe from this group, send an email to: [email protected] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
