"I am a hacker for over ten years," says the profile of Robin Sage, a beautiful girl, created just to show that social networks can be a danger.
Hundreds of professional segments of IT security, military and people connected to the digital intelligence were recently embarrassed by sharing private information to a fictional character named "Robin Sage." She had profiles on social networks relevant, appeared as an expert in digital security body of the U.S. Marines and was created for the sole purpose of exposing the risks of involvement with social networks.
In an interview with Computerworld, the "father" of Robin, co-founder of Provide Security, Thomas Ryan, said he used some pictures to give a face and appearance of a normal person in Facebook , in LikedIn and Twitter . Thus, Robin, fond of computer and training at MIT (Massachusetts Institute of Technology), a character almost became real. Then she made connections with over 300 contacts between men and women, all from the army, intelligence agencies, and information security companies and companies with contracts with the U.S. government.
According to Ryan, the objective of this action was to determine the efficiency of social networks in the implementation of actions aimed to capture sensitive data.
People believe what they want to believe
Even with many warning signs - such as the absence of a professional resume in the last ten years in the life of 25 year-old - the scheme worked. Contacts Robin, represented graphically with the image of Scuito Abby (NCIS character in the series), began to emerge in less than a month. Several friends parted photos and personal information, some came to invite her to conferences and even asked to revise some documents. Other "friends" of large companies like Lockheed Martin and Google, came to entertain potential hires.
If it were seriously
If Robin was a spy, an external agent, she would have access to a large amount of useful information, says Ryan. Next week, Ryan will present the results of the experiment during the BlackHat Security Conference in Las Vegas. Here are excerpts from an interview with Computerworld:
Computerworld: What motivated you to do this experiment?
Thomas Ryan: The strongest motive was all this talk about war and espionage digital, the consistencies and inconsistencies on these issues. I was interested to see how much you can extract information from people via social networks. Also wanted to know who the people are more likely to click on something that does not know right. I was interested to know how fast such a phenomenon is spreading. I find that using the names of MIT and preparatory schools I attended was a good way. If people do not remember you, do not click. So, it is more difficult to enter these circles than in groups and information security.
CW: And how many connections Robin could do?
TR: On Facebook, 226; in LinkedIn , 206; Twitter followers, Robin got 204. Facebook connections were predominantly military and security officers; on LinkedIn, the contacts were agents of security and intelligence. Robin's followers on Twitter were mostly hackers.
CW: And where did the approach? Robin went after people or let them come to her?
TR: It was a bit of both. At first, I approached some people. most security staff. It is they who have the most contacts. These people are usually very open and very sociable.
CW: What kind of information could be obtained via these connections?
TR: Of all kinds. Since email addresses to bank data. I saw the patterns of friendships that exist. The profiles on LinkedIn, for example, have more recent business contacts.
CW: Why do you believe that Robin was so successful?
TR: Because it is beautiful. This helps a lot.
CW: And most of the contacts were men?
TR: Yes The ratio was 82% men and 18% women. Among women, the majority came from the security industry, made promotions of events and conferences.
CW: Do you believe that a male figure could do so successfully on the network?
TR: It depends on how it is presented.
CW: What was the action taken by Facebook to see that his character was not real?
TR: They deletaram my personal page and the Robin. They said that due to "security issues", I would not be allowed to use Facebook. LinkedIn deleted my page, but a copy still exists in the Google cache.
CW: What is the great discovery of the project?
TR: Is that one should not add someone unknown. The same tactic was used to infiltrate a secret base in Israel. Those were the only base on a particular page on Facebook. There were those who had succeeded in joining the group and receive sensitive information.
CW: Any other comment?
TR: I could never establish any relationship with people in the CIA or FBI. I tried that as well. When the experiment was coming to an end, I noticed an incredible increase of people in the Middle East by visiting the homepage of Robin, the search for government information and systems. Not that I have been scared, but it is hard to ignore such a thing.
