Cherchez la Femme
By Lex, on July 19, 2010
The combination of social networking sites and human nature – specifically, male nature – permitted a fictitious cyber threat vixen analyst to set up a network of bewitched intelligence and defense rubes into offers of employment and speaking engagements, among other things:
Her connections on it included men working for the nation’s most senior military officer, the chairman of the Joint Chiefs of Staff, and for one of the most secret government agencies of all, the National Reconnaissance Office (NRO), which builds, launches and runs U.S. spy satellites. Others included a senior intelligence official in the U.S. Marine Corps, the chief of staff for a U.S. congressman, and several senior executives at defense contractors, including Lockheed Martin Corp. and Northrop Grumman Corp. Almost all were seasoned security professionals.
But Robin Sage did not exist.
Her profile was a ruse set up by security consultant Thomas Ryan as part of an effort to expose weaknesses in the nation’s defense and intelligence communities – what Mr. Ryan calls “an independent ‘red team’ exercise.”
It is not the first time “white-hat” hackers have carried out such a social-engineering experiment, but military and intelligence security specialists told The Washington Times that the exercise reveals important vulnerabilities in the use of social networking by people in the national security field.
Ms. Sage’s connections invited her to speak at a private-sector security conference in Miami, and to review an important technical paper by a NASA researcher. Several invited her to dinner. And there were many invitations to apply for jobs.
This sort of thing is as old as civilization. These days, everything just happens more quickly.
