The Dangers of Friending Strangers: the Robin Sage Experiment

July 22, 2010

Adding tons of Facebook friends doesn’t necessarily make you popular; it may actually put you and the Defense Department (DoD)’s information security at risk—especially when you have friends you don’t even know. Provide Security, a cyber security company, illustrated this danger with the Robin Sage Experiment. The experiment created fake Facebook, Twitter and LinkedIn profiles under the alias, “Robin Sage.” A photo of a cute girl (borrowed from an adult website) and the job title “Cyber Threat Analyst” completed the fake profiles.

From there, Thomas Ryan, co-founder & managing partner at Provide Security, posing as Robin, sent requests and established social network connections with more than 300 professionals in the National Security Agency, DoD, and Global 500 corporations. Robin’s new friends revealed information to Ryan that violated military operational security and personal security restrictions. “The worst compromises of operational security I had were troops discussing their locations and what time helicopters were taking off,” Ryan said during a phone conversation.

People also sought Robin’s professional advice, invited her to dinners, and offered her job opportunities. Not bad in this economy, especially for a person who doesn’t even exist. “From one person I was profiling, I was able to get all the security questions for their email and bank account,” Ryan said. “These are questions like ‘what was your first car’?”

According to DoD’s directive-type memorandum concerning social media and Internet capabilities, it is the responsibility of military leaders on all levels to ensure the safety of DoD and personal information.

All service members are instructed to beware of operational security when using communications such as telephone lines and e-mail; however, service members need to remember that information posted through social media should be regulated the same way, despite the casual feel of many of these sites.

Read More

Ready for a Private and Secure Online Workspace – GoSecure

%d bloggers like this: