Saturday, July 24, 2010

Foxnews:She is as Dangerous as She Lookst

She is as Dangerous as She Lookst

Robin Sage had the look. On her Facebook and Linkedin profile photo, she cast a piercing glance sideways from her dark brown eyes. An enticing smile lingered on her pink lips. And, she had the chops: out of MIT for just three years, she boasted of being in “the computer hacking scene for over ten years” and already had a position in Naval Network Warfare Command.

The national security community swooned. Robin soon collected high-level intelligence personnel, military officers, congressional staffers, and even soldiers on active duties in battlefields as her social network buddies. Recruiters for defense contractors invited her for dinners and phone chats.

But, behind the persona of this femme fatale is Tom Ryan, a thickset cyber security sleuth with a permanent five o’clock shadow. He runs a cyber security firm called Provide Security.

During an exclusive interview with Fox News Ryan said, “There is a lot of information leaked people don't know about.” He says people unknowingly revealed sensitive information to “Robin” through what they thought were harmless acts like posting photos. Ryan points out “If you use an iPhone, it will give the exact location where you are, the name of the person who owns it and the version of the software, different information like that.”

For example, one of Robin’s soldier friends posted a photo of his unit on surveillance duties at a mountain outpost in Afghanistan. That inadvertently exposed their location, because the photo contained GeoIP data from the camera. “There is so much information leakage out there. People don't understand what they are putting out,” Ryan said.

During the 28 days that Ryan ran the experiment, Robin gained a total of about 300 friends on LinkedIn. Her Facebook profile collected 110 friends, and the Twitter account gathered 141 followers. Her social networking skills were on vivid display when she scored connections with officials in the Joint Chiefs of Staff, the National Security Agency, an intelligence director for the U.S. Marines, a chief of staff in Congress, and several people in the Pentagon.

Ryan said his experiment is likely to prompt the national security community to take a hard look at its social networking policy. “I think it will change policy. It will probably help provide a guideline. My company is working on a policy to share with everyone.”

Ryan is heading to the Black Hat Technical Security Conference in Las Vegas. He will share his findings in a presentation titled “Getting in Bed with Robin Sage.”

In case you are intrigued, you can follow the Black Hat Technical Security Conference through LinkedIn, Facebook and Twitter.

Read more:

1 comment:

雅婷雅婷 said...