The Washington Times featured an eye-opening article Sunday about the potential security pitfalls of social networking Web sites, highlighting one of the oldest weapons in the espionage arsenal.
According to the article by Shaun Waterman, security consultant Thomas Ryan set up a handful of personal profiles on social networking sites Facebook, LinkedIn, and Twitter featuring a gorgeous—and fictitious—young woman purporting to be an analyst at the U.S. Navy's Network Warfare Command.
Ryan named his character “Robin Sage,” and posted to her profiles relatively tame photos of a young Asian model from an amateur pornography site, according to the article.
(For more instances of using fake Facebook profiles of good-looking girls for mischievous ends, see "Hackers Using Fake Facebook Profiles to Peddle Fake Antispyware.")
“Within less than a month, she amassed nearly 300 social-network connections among security specialists, military personnel and staff at intelligence agencies and defense contractors,” Ryan wrote. Not only did the profiles attract "friends," but also invitations to dinner and recommendations to apply within the defense and intelligence sectors. One member of the military deployed overseas shared a photograph tagged with the location of where it was taken. A contractor at the National Reconnaissance Office who befriended Sage revealed answers to the security questions of his personal e-mail account by setting up his profile wrong. Other connections exposed contacts' home addresses and photos of their family.
Ryan told the Times that he intentionally loaded the profiles with counterintelligence “red flags.” The individual portrayed in the profiles appeared foreign and her profiles' claim of ten years of professional experience implied that she started working when she was 15. Her “name” is shared with the U.S. Army’s guerrilla warfare training exercise for Special Forces candidates.
A Pentagon spokesperson told the Times that the military should “address the behavior, not abandon the tool” of online social networking.
(For more on employee policies for social media, see "White Paper Urges Companies Devise a Social Media Strategy.")
♦ Photo by Robert S. Donovan/Flickr