Thomas Ryan of Provide Security setup a fake identity using a photo of a hot looking female as a means of portraying the potential security threats posed by social networking sites like LinkedIn, Facebook and Twitter. Ultimately the experiment worked as the profiles were used to successfully socially engineering the U.S. government, military and intelligence communities.
And so it apparently was. She was an avid user of LinkedIn – a social-networking site for professionals sometimes described as “Facebook for grown-ups.” Her connections on it included men working for the nation’s most senior military officer, the chairman of the Joint Chiefs of Staff, and for one of the most secret government agencies of all, the National Reconnaissance Office (NRO), which builds, launches and runs U.S. spy satellites. Others included a senior intelligence official in the U.S. Marine Corps, the chief of staff for a U.S. congressman, and several senior executives at defense contractors, including Lockheed Martin Corp. and Northrop Grumman Corp. Almost all were seasoned security professionals.
It is great to see the U.S. government finally start to embrace social networking, but is the cost of being socially engineered worthwhile? How so many “smart” people fell victim to this ruse may appear to be surprising, but it really should not be. A picture of a hot chick is worth a lot of capital, especially in geek circles. Couple that with a wicked resume and connections to people in important organizations and you have a formula for socially engineering anyone, much less the government.
Hopefully the vulnerabilities exposed by social networking usage in this exercise will be used to help better educate the government, military and intelligence communities. This is one thing lacking in the government – quality education about the dangers of online social networking and the threats these tools pose to our government.
Recent Comments