Posts

Do you know who your friends are?

It sounds like a plot out of  a summer spy movie, but security researcher Thomas Ryan tested what would happen when posting a fake profile of a real-life Abby Scuito. The results? Over 300 “friends” in the military, information security, and intelligence fields, a few job offers, and invitations to security conferences.

Ryan, the co-founder of Provide Security, said the goal of the study was to determine how effective social networking sites like Facebook, Twitter, and LinkedIn would be as tools in covert intelligence-gathering activities. He crafted “Robin Sage”, a 25 year old Navy cyber threat analyst who graduated from MIT. Even though the profile had some red flags, like a 25 year old having “10 years experience,” it took less than a month to make connections with many in security related fields. Virtual friends shared photos, personal information, invited Robin to conferences, and a few even expressed interest in hiring her.

If Robin were a foreign agent, she would have had access to a lot of very useful information, said Ryan, who is scheduled to present his findings at the upcoming BlackHat security conference in Las Vegas.

Even if you are not in the spy game, what can you learn from this?

  • Like your momma said, “If it sounds too good to be true, it usually is.”
  • If you don’t know them, don’t friend them.
  • Always be mindful of how information posted online could be used against you by identity thieves. For example, how many answers to your security questions for your bank account can be gathered from your Facebook profile?

Social networking has the potential to bring friends together regardless of distance, just be careful who you invite to the party.

Article Inspiration: CIO.com – Fake ‘Femme Fatale’ Shows Social Network Risks