By Kelly Jackson Higgins
July 06, 2010
Seasoned red team hacker Chris Nickerson initially accepted Robin Sage's
LinkedIn invitation because several of his colleagues had, but after
making a few inquiries he realized something was fishy about "Robin," a
twenty-something woman who purportedly worked for the Naval Network
Warfare Command. "Within an hour, I started asking around, 'Hey did you
get a friend request from Robin Sage?' ... and [friends] were saying, 'I
thought you knew her.' I knew something weird was going on," Nickerson
So Nickerson started hammering away at Robin on Twitter, and quickly
figured out it was a fellow red team hacker behind the phony persona.
But not everyone caught on as quickly to the phony profile as Nickerson:
Robin actually duped an Army Ranger into friending her. The Ranger then
inadvertently exposed information about his coordinates in Afghanistan
to Robin with his uploaded photos from the field that contained GeoIP
data from the camera.
"You could see them talking about where they were going and where they
were in Afghanistan and Iraq ... some were uploading pictures with
geolocation information, and we were able to see them," says Thomas
Ryan, the mastermind behind the social network experiment and co-founder
and managing partner of cyber operations and threat intelligence for
Provide Security, who will present the findings later this month at
Black Hat USA in his "Getting In Bed With Robin Sage" talk.
Ryan says Robin's Facebook profile was able to view coordinates
information on where the troops were located. "If she was a terrorist,
you would know where different [troops'] locations were," Ryan says.
Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit http://www.blackhat.com