- Running on empty: EPA slashes biofuel goals because of ethanol shortage
- ‘Gay Jeans’ that fade into rainbow-colored denim created
- Divided court strikes down big porn award
- Jimmy Carter: Don’t hurt Russian people with sanctions
- Oldest ex-MLB player dies in Cuba, 2 days shy of 103rd birthday
- ‘Top Gun’ for drones: Squadrons of carrier-based killers have Navy’s approval
- Bill Clinton to endorse Charlie Rangel for re-election
- Pfc. Bradley Manning is now Pfc. Chelsea Manning: Court says so
- Secret base U.S. special forces used to train Libyans now under terrorist control: report
- 9th suspect in N.C. kidnapping turns self in to FBI
Fictitious femme fatale fooled cybersecurity
Intel, defense specialists fell for ruse in test
Call her the Mata Hari of cyberspace.
Robin Sage, according to her profiles on Facebook and other social-networking websites, was an attractive, flirtatious 25-year-old woman working as a “cyber threat analyst” at the U.S. Navy’s Network Warfare Command. Within less than a month, she amassed nearly 300 social-network connections among security specialists, military personnel and staff at intelligence agencies and defense contractors.
A handful of pictures on her Facebook page included one of her at a party posing in thigh-high knee socks and a skull-and-crossbones bikini captioned, “doing what I do best.”
“Sorry to say, I’m not a Green Beret! Just a cute girl stopping by to say hey!” she rhymingly proclaimed on her Twitter page, concluding, “My life is about info sec [information security] all the way!”
And so it apparently was. She was an avid user of LinkedIn - a social-networking site for professionals sometimes described as “Facebook for grown-ups.” Her connections on it included men working for the nation’s most senior military officer, the chairman of the Joint Chiefs of Staff, and for one of the most secret government agencies of all, the National Reconnaissance Office (NRO), which builds, launches and runs U.S. spy satellites. Others included a senior intelligence official in the U.S. Marine Corps, the chief of staff for a U.S. congressman, and several senior executives at defense contractors, including Lockheed Martin Corp. and Northrop Grumman Corp. Almost all were seasoned security professionals.
But Robin Sage did not exist.
Her profile was a ruse set up by security consultant Thomas Ryan as part of an effort to expose weaknesses in the nation’s defense and intelligence communities - what Mr. Ryan calls “an independent ‘red team’ exercise.”
It is not the first time “white-hat” hackers have carried out such a social-engineering experiment, but military and intelligence security specialists told The Washington Times that the exercise reveals important vulnerabilities in the use of social networking by people in the national security field.
Ms. Sage’s connections invited her to speak at a private-sector security conference in Miami, and to review an important technical paper by a NASA researcher. Several invited her to dinner. And there were many invitations to apply for jobs.
“If I can ever be of assistance with job opportunities here at Lockheed Martin, don’t hesitate to contact me, as I’m at your service,” one executive at the company told her.
One soldier uploaded a picture of himself taken on patrol in Afghanistan containing embedded data revealing his exact location. A contractor with the NRO who connected with her had misconfigured his profile so that it revealed the answers to the security questions on his personal e-mail account.
“This person had a critical role in the intelligence community,” Mr. Ryan said. “He was connected to key people in other agencies.” He said that he reached out to the individual, and the misconfiguration was repaired.
But many other connections also inadvertently exposed personal data, including their home addresses and photos of their families.
“These are all important violations of [operations security] and [personal security],” Mr. Ryan said.
He added that he was surprised about the success of the effort, especially given that Ms. Sage’s profile was bristling with what should have been red flags.
© Copyright 2014 The Washington Times, LLC. Click here for reprint permission.
About the Author
Shaun Waterman is an award-winning reporter for The Washington Times, covering foreign affairs, defense and cybersecurity. He was a senior editor and correspondent for United Press International for nearly a decade, and has covered the Department of Homeland Security since 2003. His reporting on the Sept. 11 Commission and the tortuous process by which some of its recommendations finally became ...
- Senator's memo shows Iran links in Homeland Security's troubled immigration program
- Help wanted: Homeland Security plagued by vacancies at the top
- Dems back bill to fix problems in investor visa program
- Democrats proceed with Mayorkas vote despite pending investigation
- Game players don't think peace has a chance in Syria
Latest Blog Entries
TWT Video Picks
By Andrew P. Napolitano
Obama's veil of secrecy is pierced
- 'Top Gun' for drones: Squadrons of carrier-based killers have Navy's approval
- Pentagon plans to replace flight crews with 'full-time' robots
- America is an oligarchy, not a democracy or republic, university study finds
- Obama avoids 'red line' for China, prepared to impose tougher sanctions on Russia
- Nevada rancher Cliven Bundy hailed as patriot, ripped as lawless deadbeat
- Texas is next! AG warns BLM wants 90,000 acres after Bundy ranch standoff
- Russian bombers buzz U.K. airspace; jets scrambled to chase off 'Bears'
- Kansas will nullify local regulation of guns
- ISTOOK: Obama's sleight of hand hides hidden government's work
- CARSON: When government looks more like foe than friend
Top 10 handguns in the U.S.
Celebrity deaths in 2014