Intelligence and Security Experts Duped on Social Sites

It’s generally a good idea to think twice before adding friends to your social networks for a number of reasons. But some people should think three or four times…especially if they are prone to sharing national secrets with virtual strangers.

A security researcher created faux profiles on Facebook, LinkedIn and Twitter and was able to befriend a few hundred people that work for the U.S. military, intelligence agencies, information security companies and others companies with access to sensitive information. All the researcher had to do to gain favor with these otherwise intelligent people was pretend he was an attractive 25 year old woman who worked in the security industry.

Those that security research Thomas Ryan befriended while using the Robin Sage persona did more than just let him view their personal photos and contact info. Some of them sent her documents to review and invited ‘her’ to conferences. ‘She’ was even granted access to a private Facebook page that was only supposed to be open to those on a secret Israeli base.

Most of us don’t work in jobs with such sensitive information, but this is a classic example of social engineering. If you haven’t adjusted your privacy settings in Facebook or your favorite social networking sites you should do so to protect against identity theft and other risks. It’s also important to remember that anything you post online can potentially be seen by many more people than you’d hope.

Read more about Ryan’s experiment over at Computerworld.