
Fake femme fatale shows social network risks - bluesmoon
http://www.computerworld.com/s/article/9179507/Fake_i_femme_fatale_i_shows_social_network_risks
======
ax0n
I'm "in" the sphere of people whom were targeted by this researcher. I never
was asked to friend her, but a few of my friends did friend her. A good number
of them don't really share anything actionable on Twitter, FB and the like.
They "friend" pretty much anyone, and opt to not share things that could come
back to bite them. A lot of people who "fell for it" didn't really fall for
much of anything. The couple of people who outright offered jobs and such?
They were had.

~~~
edanm
Were people offering actual jobs? Seems more likely they only wanted to
interview "her", which is a pretty reasonable thing to do. Doesn't give "her"
much power.

~~~
ax0n
I'd need to go back and grok the epic pile of shoddy journalism that this
event created. Somewhere, I thought I read that people were trying to hire Ms.
Sage's persona.

Also, this really isn't much different than what Shawn Moyer and Nathan Hamiel
did ahead of DefCon 16 and Black Hat Las Vegas 2008. They set up a twitter and
facebook account in the name and visage of someone who is a REALLY big name in
information security (who happened to have not yet gotten on board with social
networks) and just started going at it. They amassed a bunch of followers and
"friends" on a few different networks. They generally tried to say the kinds
of things this person would say in real life. They linked the account to that
person's real web presence, etc.

You really wouldn't know it was an impostor at first glance.

------
nostrademons
Welcome to the Internet, where the men are men, the women are men, and the
kids are cops.

------
JabavuAdams
It's funny that no one picked up on the fact that ROBIN SAGE is the code-name
for an Army Special Forces qualification exercise.

[http://en.wikipedia.org/wiki/United_States_Army_Special_Forc...](http://en.wikipedia.org/wiki/United_States_Army_Special_Forces_selection_and_training#Specialty_training.2C_ROBIN_SAGE_.26_graduation_.28Phase_IV.29)

~~~
rdl
Actually, a lot of people pointed this out, as well as the suspicious address,
and other inconsistencies (her age, lack of presence in the MIT student
database, ...)

Check out <http://twitter.com/fakerobinsage> etc.

The only question at the time was "is this a recreational troll, or is it a
"security researcher" trying to test the community?" -- it seemed too
amateurish to be a real intelligence gathering attempt.

------
aquark
> What type of information can one get through such connections? > Pretty much
> everything. I had access to e-mail and bank accounts

I know facebook et al. have their share of privacy concerns, but I think this
is a bit much to drop in without giving more details.

Seems like a non-story to me.

~~~
desigooner
+1 .. It'd have been nice if he had disclosed some of his methods. Just saying
"I had access to email and bank accounts" doesn't really do much. This fake
profile of a good looking lady is social engineering 101.

It's psychological more than anything else. When a good looking woman who
matches on your interests and qualifications, approaches you, it's but natural
for the person to lower their guard down. Also, a lot of people could have
been in touch for purely networking reasons, wanting to leverage the network
such an individual would possess.

------
woodrow
This is being presented at Black Hat on Wednesday
([https://www.blackhat.com/html/bh-us-10/bh-
us-10-briefings.ht...](https://www.blackhat.com/html/bh-us-10/bh-
us-10-briefings.html#Ryan)), so presumably more details (and hopefully less
spin) will be forthcoming or available then.

------
petercooper
Semi-dupe on the original (longer) article:
<http://news.ycombinator.com/item?id=1544661>

------
Groxx
More about "Robin Sage", with whom (which?) a fair amount of people's
stupidity about social networks was exposed.

~~~
sanderjd
Great comment, I'll be thinking about whether it should be "whom" or "which"
for days now.

------
yarek
On the Internet nobody knows you're a dog.

~~~
DaemonXI
I guess nobody heard that Sage goes in all fields.

------
Charuru
Somehow I doubt security and intel ppl actually put sensitive information on
their Facebook.

Or at least I hope so.

