Request for Information: Social Engineering Using Social Media

Monday, June 25, 2012

Joel Harding

94ae16c30d35ee7345f3235dfb11113c

Does anyone know an example(s) of Social Engineering using Social Media?  +1 if it was somehow connected with a Foreign Intelligence Service…

This question is precipitated by a ‘Navy Captain’ requesting me as a contact on LinkedIn.  If he is authentic, then he is very senior.  I asked a number of our ‘mutual contacts’ and nobody I know seems to know him, they must have all just blindly hit ‘accept’. 

Am I the only person checking out my contacts? He most likely would be a very good source for ‘insider’ and sensitive information, hence some people would accept his request.  But in this case I think he’d probably be asking more questions than giving answers.

These poseurs, aka posers, target seniors, who often blindly accept strangers, exposing themselves to Social Media Network exploitation.  It’s been done and people have been warned, it just seems as if everyone is ignoring the warnings.

Most people in senior positions want to help junior workers or students and accept their requests out of an altruistic drive to assist others. That is what people who use social engineering techniques rely upon.

By the way I instantly recognized ‘Robin Sage‘ as a hoax, but not because I’m a super-sleuth, I recognized the Robin Sage as the name used for a Special Forces graduation exercise here.

I went through the Special Forces Q course back in 1977 and later worked in support of the Robin Sage exercise as a Communications Sergeant in Special Forces, so it instantly jumped out at me. I was just plain lucky…  very few would recognize that name and throw up the BS flag.

We’ve been saying for years that the human element is the weakest link in cybersecurity. Just think, if reporters’ sources didn’t talk they’d be out of a job, their job depends on human weakness or a willingness to help. 

Heck, Kevin Mitnick (out of prison now and doing well), made a career out of human weakness and even wrote a book about it.  Kevin was an extremely talented hacker but what set him apart was his research into potential victims and then having the audacity to do Social Engineering on them.

For years we’ve been warned about Foreign Intelligence Services trying to infiltrate and exploit seniors in any National Security field.  Here is a prime example of human frailty, the weak link. There is no defense for stupidity.

The challenge to this story would be to get someone in the counterintelligence world or even a security corporation to give evidence of actual Foreign Intelligence Service attempts at exploiting social media.

If you have some information, please send me a comment and your contact information.  Thanks!

Cross-posted from To Inform is to Influence

Possibly Related Articles:
10803
General
Information Security
scams Social Engineering Security Awareness Social Media Exploits Information Security Impersonators Human Factor Infiltration
Post Rating I Like this!
D551093f5d8af724e17929c91eb90d63
Andrea Zapparoli Manzoni Hello Joel, I might have a few interesting examples for you :)
1340840748
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.