Wednesday, July 7, 2010

'Robin Sage' Profile Duped Military Intelligence, IT Security Pros

Via -

Seasoned red team hacker Chris Nickerson initially accepted Robin Sage's LinkedIn invitation because several of his colleagues had, but after making a few inquiries he realized something was fishy about "Robin," a twenty-something woman who purportedly worked for the Naval Network Warfare Command. "Within an hour, I started asking around, 'Hey did you get a friend request from Robin Sage?' ... and [friends] were saying, 'I thought you knew her.' I knew something weird was going on," Nickerson says.

So Nickerson started hammering away at Robin on Twitter, and quickly figured out it was a fellow red team hacker behind the phony persona. But not everyone caught on as quickly to the phony profile as Nickerson: Robin actually duped an Army Ranger into friending her. The Ranger then inadvertently exposed information about his coordinates in Afghanistan to Robin with his uploaded photos from the field that contained GeoIP data from the camera.

"You could see them talking about where they were going and where they were in Afghanistan and Iraq ... some were uploading pictures with geolocation information, and we were able to see them," says Thomas Ryan, the mastermind behind the social network experiment and co-founder and managing partner of cyber operations and threat intelligence for Provide Security, who will present the findings later this month at Black Hat USA in his "Getting In Bed With Robin Sage"

Ryan says Robin's Facebook profile was able to view coordinates information on where the troops were located. "If she was a terrorist, you would know where different [troops'] locations were," Ryan says.


Robin Sage gained a total of about 300 friends on LinkedIn, counting those who came and went, he says. All three of the phony woman's social networking accounts remain active -- the
LinkedIn profile currently has 148 connections, the Facebook profile has 110, and the Twitter account has 141 followers. Ryan officially ran the experiment for 28 days starting in late December and ending in January of this year.

Among Robin's social networking accomplishments: She scored connections with people in the Joint Chiefs of Staff, the CIO of the NSA, an intelligence director for the U.S. Marines, a chief of staff for the U.S. House of Representatives, and several Pentagon and DoD employees. The profiles also attracted defense contractors, such as Lockheed Martin, Northrop Grumman, and Booz Allen Hamilton.

Lockheed and other firms made job offers to Robin, some inviting her to dinner to discuss employment prospects. "I was surprised at how people in her same command friended her -- people actually in the same command and the same building," Ryan says.


I never followed Robin Sage on twitter, I only followed the "Real Robin Sage". ;)

No comments:

Post a Comment