She was young, sexy and her credentials were stellar, but Robin Sage was no lady.
An internet security pro used the phony profile of a 25-year-old cybergeek as a honeypot to punk execs at the NSA, DOD and Military Intelligence groups.
Scammers posing as soldiers have used dating sites to dupe lonely-hearted women, but the so-called “Robin Sage Experiment” proves soldiers can be duped too.
One Army Ranger who friended Sage inadvertently exposed his coordinates in Afghanistan through uploaded war zone photos with embedded location data.
“If she was a terrorist, you would know where different [troops’] locations were,” Thomas Ryan, the white hat hacker behind Sage told IT security mag “Dark Reading.”
The Ranger should have known better. Robin Sage is the name of the final phase of special forces training before becoming a Green Beret.
The goal, said Ryan, was to determine how well social networking sites could be used to conduct covert intelligence-gathering.
A Facebook profile set up for the sensual MIT grad and “cyber threat analyst” featured photos of her in a sexy bikini and thigh-high socks.
It worked. The vast majority of her online friends were men.
“The big takeaway is not to befriend anybody unless you really know who they are,” Ryan said.[via Computer World, Dark Reading, Washington Times and Center for Investigative Reporting]