AOH :: ISNQ6524.HTM

Fictitious femme fatale fooled cybersecurity




Fictitious femme fatale fooled cybersecurity
Fictitious femme fatale fooled cybersecurity



http://www.washingtontimes.com/news/2010/jul/18/fictitious-femme-fatale-fooled-cybersecurity/ 

By Shaun Waterman
The Washington Times
July 18, 2010

Call her the Mata Hari of cyberspace.

Robin Sage, according to her profiles on Facebook and other 
social-networking websites, was an attractive, flirtatious 25-year-old 
woman working as a "cyber threat analyst" at the U.S. Navy's Network 
Warfare Command. Within less than a month, she amassed nearly 300 
social-network connections among security specialists, military 
personnel and staff at intelligence agencies and defense contractors.

A handful of pictures on her Facebook page included one of her at a 
party posing in thigh-high knee socks and a skull-and-crossbones bikini 
captioned, "doing what I do best."

"Sorry to say, I'm not a Green Beret! Just a cute girl stopping by to 
say hey!" she rhymingly proclaimed on her Twitter page, concluding, "My 
life is about info sec [information security] all the way!"

And so it apparently was. She was an avid user of LinkedIn - a 
social-networking site for professionals sometimes described as 
"Facebook for grown-ups." Her connections on it included men working for 
the nation's most senior military officer, the chairman of the Joint 
Chiefs of Staff, and for one of the most secret government agencies of 
all, the National Reconnaissance Office (NRO), which builds, launches 
and runs U.S. spy satellites. Others included a senior intelligence 
official in the U.S. Marine Corps, the chief of staff for a U.S. 
congressman, and several senior executives at defense contractors, 
including Lockheed Martin Corp. and Northrop Grumman Corp. Almost all 
were seasoned security professionals.

But Robin Sage did not exist.

Her profile was a ruse set up by security consultant Thomas Ryan as part 
of an effort to expose weaknesses in the nation's defense and 
intelligence communities - what Mr. Ryan calls "an independent 'red 
team' exercise."

[...]


_________________________________________________________________
Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit http://www.blackhat.com 

Site design & layout copyright © 1986-2014 CodeGods