Robin Sage
Encyclopedia
Robin Sage is a fictional American
cyber threat
analyst. She was created in December 2009 by Thomas Ryan, a security specialist and white hat
hacker from New York
. Her name was taken from a training exercise of United States Army Special Forces
.
in Norfolk
, Virginia
. She graduated from MIT and had allegedly 10 years of work experience, despite her young age. Ryan created several accounts under the name Sage on popular social networks like Facebook
, LinkedIn
, Twitter
etc. and used those profiles to contact nearly 300 people, most of them security specialists, military personnel, staff at intelligence agencies and defense contractors. Her pictures were taken from a pornography-related website in order to attract more attention.
Despite the completely fake profile and no other real-life information, Sage was offered consulting work with notable companies Google
and Lockheed Martin
and received dinner invitations by several of her male friends.
Not everyone was fooled by Sage's profiles, though. Ryan admitted that his cover was already blown on the second day, when several of those she tried to befriend tried to verify her identity using the phone number he provided, checking email addresses outside the social networking sites or using the MIT alumni network to find her. Others recognized the fake identity of Sage based on her implausible profiles. Yet no central warning was issued about the profile, and users continued to connect with Sage despite warnings not to do so.
military, government or companies (amongst the only organizations that did not befriend Sage were the CIA and the FBI). Using these contacts, Ryan gained access to email addresses and bank accounts as well as learning the location of secret military units based on soldiers' Facebook photos and connections between different people and organizations. She was also given private documents for review and was offered to speak at several conferences.
in Las Vegas
with a presentation he called "Getting in bed with Robin Sage". He explained that his short experiment proves that seemingly harmless details shared via social networking pages can be harmful but also that many people entrusted with vital and sensitive information would share this information readily with third-parties, provided they managed to capture their interest. He concluded that his findings could have compromised national security if a terrorist organization had employed similar tactics.
United States
The United States of America is a federal constitutional republic comprising fifty states and a federal district...
cyber threat
Threat (computer)
In Computer security a threat is a possible danger that might exploit a vulnerability to breach security and thus cause possible harm.A threat can be either "intentional" or "accidental" In Computer security a threat is a possible danger that might exploit a vulnerability to breach security and...
analyst. She was created in December 2009 by Thomas Ryan, a security specialist and white hat
White hat
The term "white hat" in Internet slang refers to an ethical hacker, or a computer security expert, who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems...
hacker from New York
New York
New York is a state in the Northeastern region of the United States. It is the nation's third most populous state. New York is bordered by New Jersey and Pennsylvania to the south, and by Connecticut, Massachusetts and Vermont to the east...
. Her name was taken from a training exercise of United States Army Special Forces
United States Army Special Forces selection and training
The United States Army Special Forces soldier trains on a regular basis over the course of their entire career. The initial formal training program for entry into Special Forces is divided into four phases collectively known as the Special Forces Qualification Course or, informally, the "Q Course"...
.
Fictional biography
According to Sage's social networking profiles, she is a 25-year-old "cyber threat analyst" at the Naval Network Warfare CommandNaval Network Warfare Command
Naval Network Warfare Command is the US Navy's information operations, intelligence, networks and space unit. NETWARCOM is charged with operating a secure naval network that enables information operations...
in Norfolk
Norfolk
Norfolk is a low-lying county in the East of England. It has borders with Lincolnshire to the west, Cambridgeshire to the west and southwest and Suffolk to the south. Its northern and eastern boundaries are the North Sea coast and to the north-west the county is bordered by The Wash. The county...
, Virginia
Virginia
The Commonwealth of Virginia , is a U.S. state on the Atlantic Coast of the Southern United States. Virginia is nicknamed the "Old Dominion" and sometimes the "Mother of Presidents" after the eight U.S. presidents born there...
. She graduated from MIT and had allegedly 10 years of work experience, despite her young age. Ryan created several accounts under the name Sage on popular social networks like Facebook
Facebook
Facebook is a social networking service and website launched in February 2004, operated and privately owned by Facebook, Inc. , Facebook has more than 800 million active users. Users must register before using the site, after which they may create a personal profile, add other users as...
LinkedIn
LinkedIn is a business-related social networking site. Founded in December 2002 and launched in May 2003, it is mainly used for professional networking. , LinkedIn reports more than 120 million registered users in more than 200 countries and territories. The site is available in English, French,...
Twitter
Twitter is an online social networking and microblogging service that enables its users to send and read text-based posts of up to 140 characters, informally known as "tweets".Twitter was created in March 2006 by Jack Dorsey and launched that July...
etc. and used those profiles to contact nearly 300 people, most of them security specialists, military personnel, staff at intelligence agencies and defense contractors. Her pictures were taken from a pornography-related website in order to attract more attention.
Despite the completely fake profile and no other real-life information, Sage was offered consulting work with notable companies Google
Google
Google Inc. is an American multinational public corporation invested in Internet search, cloud computing, and advertising technologies. Google hosts and develops a number of Internet-based services and products, and generates profit primarily from advertising through its AdWords program...
and Lockheed Martin
Lockheed Martin
Lockheed Martin is an American global aerospace, defense, security, and advanced technology company with worldwide interests. It was formed by the merger of Lockheed Corporation with Martin Marietta in March 1995. It is headquartered in Bethesda, Maryland, in the Washington Metropolitan Area....
and received dinner invitations by several of her male friends.
Not everyone was fooled by Sage's profiles, though. Ryan admitted that his cover was already blown on the second day, when several of those she tried to befriend tried to verify her identity using the phone number he provided, checking email addresses outside the social networking sites or using the MIT alumni network to find her. Others recognized the fake identity of Sage based on her implausible profiles. Yet no central warning was issued about the profile, and users continued to connect with Sage despite warnings not to do so.
Security problems revealed
Using those contacts, Ryan befriended men and women of all ages during a short time period between December 2009 and January 2010. Almost all of them were working for the United StatesUnited States
The United States of America is a federal constitutional republic comprising fifty states and a federal district...
military, government or companies (amongst the only organizations that did not befriend Sage were the CIA and the FBI). Using these contacts, Ryan gained access to email addresses and bank accounts as well as learning the location of secret military units based on soldiers' Facebook photos and connections between different people and organizations. She was also given private documents for review and was offered to speak at several conferences.
"Getting in bed with Robin Sage"
Ryan presented his findings as a speaker at the "Black Hat" conferenceBlack Hat Briefings
The Black Hat Conference is a computer security conference that brings together a variety of people interested in information security. Representatives of federal agencies and corporations attend along with hackers. The Briefings take place regularly in Las Vegas, Barcelona and Tokyo...
in Las Vegas
Las Vegas metropolitan area
The Las Vegas Valley is the heart of the Las Vegas-Paradise, NV MSA also known as the Las Vegas–Paradise–Henderson MSA which includes all of Clark County, Nevada, and is a metropolitan area in the southern part of the U.S. state of Nevada. The Valley is defined by the Las Vegas Valley landform, a ...
with a presentation he called "Getting in bed with Robin Sage". He explained that his short experiment proves that seemingly harmless details shared via social networking pages can be harmful but also that many people entrusted with vital and sensitive information would share this information readily with third-parties, provided they managed to capture their interest. He concluded that his findings could have compromised national security if a terrorist organization had employed similar tactics.