Getting In Bed With Robin Sage

Black Hat USA 2010

Presented by: Thomas Ryan
Date: Wednesday July 28, 2010
Time: 16:45 - 18:00
Location: Florentine
Track: Cyber War & Peace

Given the vast number of security breaches via the internet, the experiment seeks to exploit the fundamental levels of information leakage—the outflow of information as a result of people’s hap-hazard and unquestioned trust. The experiment was conducted by creating a blatantly false identity and enrolling on various social networking websites. By joining networks, registering on mailing lists, and listing false credentials, the conditions were then set to research people’s decisions to trust and share information with the false identity. The main factors observed were: the exploitation of trust based on gender, occupation, education/credentials, and friends (connections).

By the end of this Experiment, Robin finished the month having accumulated 100’s connections through various social networking sites. Contacts included executives at government entities such as the NSA, DOD and Military Intelligence groups. Other friends came from Global 500 corporations. Throughout the experiment Robin was offered gifts, government and corporate jobs, and options to speak at a variety of security conferences.

Through this 28 day experiment, it became evident that the propagation of a false identity via social networking websites is rampant and viral. Much of the information revealed to Robin Sage violated OPSEC procedures. The deliberate choice of an attractive young female exposed the role that sex and appearance plays in trust and people’s eagerness to connect with someone. In conjunction with her look, Robin Sage’s credentials listed on her profile resulted in selection perception; people’s tendency to draw unwarranted conclusions in their attempt to make a quick decision. By acquiring a large number of connections, Robin had the ability to identify the individual who was positioned to provide the most intelligence based on their involvement in multiple government agencies. The false identity combined with carefully chosen false credentials led to a false trust that could have resulted in the breach of multiple security protocols.

Thomas Ryan

Thomas Ryan: A 20-year security veteran, Thomas Ryan is the co-founder and Managing Partner of Cyber Operations and Threat Intelligence for Provide Security. The company was formed with the concept of the convergence of both physical and cyber techniques for Executive Protection, Advanced Red Teaming, Crisis Management, Threat Profiling, Threat Assessments and Penetration Testing. In his role, Mr. Ryan leads a team called Black Cell, a team of the most-highly trained and capable physical, threat and cyber security professionals in the world. Prior to founding Provide Security, Mr. Ryan had functioned as a security instructor for US Army INSCOM, USNORTHCOM, USSOUTHCOM and several other military and government agencies. His corporate experience has evolved from working at numerous security consulting companies. Mr. Ryan's passion for information security had him elected as the Chapter Vice President for OWASP NY in 2004, Board Member for NJ Chapter in 2005, then merging the two chapters in 2007 while still retaining his Board Member role in 2010. His contributions include participating as a co-author's of the OWASP Test Guide v2, and speaking at several industry events including the OWASP, INFRAGARD, ICCS, and ISSA.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats