http://www.darkreading.com/insiderthreat/security/privacy/showArticle.jhtml?articleID=225702468 By Kelly Jackson Higgins DarkReading July 06, 2010 Seasoned red team hacker Chris Nickerson initially accepted Robin Sage's LinkedIn invitation because several of his colleagues had, but after making a few inquiries he realized something was fishy about "Robin," a twenty-something woman who purportedly worked for the Naval Network Warfare Command. "Within an hour, I started asking around, 'Hey did you get a friend request from Robin Sage?' ... and [friends] were saying, 'I thought you knew her.' I knew something weird was going on," Nickerson says. So Nickerson started hammering away at Robin on Twitter, and quickly figured out it was a fellow red team hacker behind the phony persona. But not everyone caught on as quickly to the phony profile as Nickerson: Robin actually duped an Army Ranger into friending her. The Ranger then inadvertently exposed information about his coordinates in Afghanistan to Robin with his uploaded photos from the field that contained GeoIP data from the camera. "You could see them talking about where they were going and where they were in Afghanistan and Iraq ... some were uploading pictures with geolocation information, and we were able to see them," says Thomas Ryan, the mastermind behind the social network experiment and co-founder and managing partner of cyber operations and threat intelligence for Provide Security, who will present the findings later this month at Black Hat USA in his "Getting In Bed With Robin Sage" talk. Ryan says Robin's Facebook profile was able to view coordinates information on where the troops were located. "If she was a terrorist, you would know where different [troops'] locations were," Ryan says. [...] _________________________________________________________________ Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada July 24-29th, offering over 60 training sessions and 11 tracks of Briefings from security industry elite. To sign up visit http://www.blackhat.comReceived on Wed Jul 07 2010 - 01:45:40 PDT
This archive was generated by hypermail 2.2.0 : Wed Jul 07 2010 - 01:58:46 PDT