Introduction to Cyber-Warfare - Proiect SEMPER FIDELIS

DO YOU REALLY KNOW ALL YOUR LINKEDIN CONNECTIONS? IMPOSTERS IN SOCIAL NETWORKSDuping Corporations and Military Personnel: Robin SageIn 2010, Thomas Ryan of the American security firm Provide Security conducted an experiment.He designed and subsequently operated fictitious user accounts on LinkedIn,Facebook, and Twitter under the name of “Robin Sage” 1 —the name is in reference to theculminating field exercise of the U.S. Army’s Special Forces Qualification Course. Usingthe photo of a woman who posed for a pornographic Web site and creating an esteemedresume including education from MIT, an NSA internship, and a current position at the NavalNetwork Warfare Command, he created a seemingly convincing profile—albeit one that hadsome subtle hints that the accounts were fake.Over the 28-day experiment, “Robin” was able to obtain 300 contacts on LinkedIn, over 100connections on Facebook, and about 150 followers on Twitter. She managed to make connectionswith individuals on the Joint Chiefs of Staff, the Chief Information Officer (CIO) of theNSA, a Congressional chief of staff, and scores of other personnel of the Department of Defense(DoD) and DoD contractors. Ryan interacted through the guise of his faked Sage accounts, soconvincingly that some firms (among them Lockheed Martin) even made “Sage” job offers.His expertise led “Sage” to foster discussions with military personnel. In the course of onediscussion, an Army Ranger even uploaded geolocated photographs a to her wall. Ryan notedthat individuals in the same command she claimed to work under befriended her on some ofthe sites—of course they had never met the fictitious “Sage.” One cyber-security expert fromNASA Ames Research Center asked her to review some technical papers. 2Ryan cites several factors that may have contributed to Robin Sage’s success in makingconnections on the various social networks. One factor he cites is Robin’s gender and attractiveness.He noted this with several anecdotal comments from male users who complimentedher on the pictures in her online profile as well as the fact that the majority of her connectionswere male. Another aspect that may have drawn connections to Sage was her false credentials.While most users accepted them without verification, one user was able to call her bluffand reveal her identify as false. 3,4173The Dangers of Transitive TrustPerhaps the most interesting aspect of how Robin Sage’s profile spread was throughtransitive trust relationships. Suppose user A trusts user B and user B trusts user C. Undertransitive trust, user A will then also trust user C based simply on the fact that user B does.We show this graphically in Figure 9.1.Transitive trust can be thought of someone “vouching” for another person. In an onlinecommunity, this can happen quickly by simply examining the friends of a new individual(i.e., user A in the figure would see user B listed as one of user C’s friends). Further, researchin social network analysis has indicated that relatively unconnected individuals with amutual friend tend to form a relationship in order to reduce social pressure. 5 In the network,this forms a “triangle” (as depicted in the previous figure), also referred to as a “cluster.” 6Ryan noted that transitive trust played a significant role in his fictitious profile adoptingmore friends. 7 This transitivity seemed to occur in three ways. First, transitivity would bea Photographs included data specifying the geographic location of where there were taken.