This white-hat hacker catfished a bunch of defense information security experts

One day Thomas Ryan, who worked as a white-hat hacker and cyber security analyst, created an entire social media background and history for Robin Sage, an attractive 25-year-old girl who claimed to be a cyber threat analyst at the Naval Network Warfare Command in Norfolk, Virginia.

Robin Sage Hacker photo INFOSEC

Her Twitter Bio read: “Sorry to say, I’m not a Green Beret! Just a cute girl stopping by to say hey! My life is about info sec all the way!”

“Robin” had great credentials for a 25-year-old woman. She was a graduate of MIT with a decade of experience in cybersecurity, and she knew how to network very effectively. Ryan purposely chose a relatively attractive woman because he wanted to prove how sex and appearance plays in trust and willingness to connect. He pulled the photo from an amateur porn site, looking for someone who didn’t look American.

amateur porn pixellated robin Sage

Some other possibilities considered by Ryan . . .

Robin added 300 friends from places like military intelligence, defense contractors, and other security specialists. She also connected on LinkedIn with people working for a former Chairman of the Joint Chiefs of Staff and at the National Reconnaissance Office, the U.S. spy satellite agency. The most vital information was leaked through LinkedIn.

She duped men and women alike (but mostly men) without showing any real biographical information. Within two months time (December 2009-January 2010), she acquired access to email accounts (one NRO contractor posted information on social media which revealed answers to security questions on his personal e-mail), home addresses, family information, and bank accounts. She learned the locations of secret military installations and was able to successfully determine their missions. She received documents to review, she was invited to speak at conferences, and she was even offered consulting work at Google and Lockheed.

There were many red flags, especially the claim to have worked in Infosec since age 15. Her job title didn’t exist. Her online identity could only be traced back 30 days. Her name is based on a U.S. Army training exercise. Ryan says some in the Infosec community were skeptical and tried to verify her identity but no real alerts were made about just how deceptive the Robin Sage profile really was, and so this greatest example of “fake it ’til you make it” went on as Robin continued to win friends and influence people. This exercise was not popular with everyone in the INFOSEC community.

Infosec outrage at Tom Ryan

Ryan wrote a paper, called “Getting in Bed With Robin Sage,” which described the extent of how the seemingly harmless details in social media posts were as damaging as the information given to her freely by those who sought her opinion. Robin Sage was more successful at networking and getting job offers than any recent college graduate I’ve ever heard.

Happy female college graduate

I can be anything, I’m a Phoenix!

The only agencies with people who never took the bait were the FBI and the CIA. Ryan told the Guardian, “The big takeaway is not to befriend anybody unless you really know who they are.”

NOW: The 5 most dangerous hackers of all time >

OR: The 6 most shocking military impostors ever >

TOP ARTICLES
SpaceX launching a third top-secret satellite

SpaceX is launching a secretive mission this month. The mission, shrouded in secrecy, has some considering it may be for the CIA or the NSA.

This is how the Air Force will use prop planes on high-tech battlefields

The Air Force is looking toward a light-attack aircraft program, known as OA-X, to produce a plane that meets its needs and gets the job done.

A retired SEAL commander on how to stop thinking and 'get after it' every day

This former Navy commander has some excellent advice on how to jump start your day, and "get some" in order to make it as productive as possible.

Marines return to battle in 'old stomping grounds'

The Marines recall their "old stomping grounds" as they return to Fallujah and the surround areas of Al Anbar Province to battle a new enemy.

How Chinese drones are set to swarm the global market

China has stepped up it's drone game, and even though United States technology can still compete, China's drones are kind of really in demand.

That time two countries' Special Forces squared off in combat

In an area the size of the Falkland Islands, British and Argentine special operators were bound to run into each other at some point – a lot.

5 times pilots got in trouble for having fun in the sky

When pilots decide to do some fancy flying in their high-performance fighters, it can land them in trouble once they're back on the ground.

This is why Nazis dubbed these paratroopers 'devils in baggy pants'

"American paratroopers – devils in baggy pants – are less than 100 meters from my outpost line. I can’t sleep at night," wrote one German commander.

9 ISIS weapon fails that you have to see to believe

Many bad guys just want record themselves laying rounds down range for social media purposes — and we're glad they did. Laugh away, America!

US Army recruitment campaigns, ranked from worst to best

Advertising can really impact recruitment for the military. For better or for worse, here are some of the Army's most memorable slogans...