Three high-profile incidents in recent weeks have led senior Washington officials to claim national security in the United States is being undermined by people who don’t understand the need to keep secret certain information about how the nation defends itself.
Yet the gravest threat to national security may have nothing to do with the Washington Post’s “Top Secret America” series, the whistleblower site Wikileaks or a dozen Russians working inside the country clandestinely as spies. The biggest risk we face of sensitive information falling into the wrong hands may come from an unpleasant combination of the intelligence community itself and the male libido.
By now you’ve likely heard all about the beautiful femme fatale, Anna Chapman, one of several Russian nationals nabbed recently after a long FBI investigation and deported back home in exchange for four prisoners being held by Moscow under espionage charges. Among them it was Chapman who became a web phenomenon and inspired endless news stories when photos surfaced depicting her good looks.
In recent days you may also have learned about another alleged Russian spy, Anna Fermanova, accused by authorities of trying to smuggle night-vision devices out of the country. With the two women serving as tabloid distractions, there’s less of a chance you’re familiar with the name Robin Sage. She’s largely been overlooked but may tell a deeper story about the vulnerability of our intelligence apparatus.
A Facebook profile set up for the 25-year-old Sage contained similarly tempting photos. She claimed to be an MIT grad who worked as a “cyber threat analyst” at the Navy’s Network Warfare Command. One image featured her in a sexy bikini and thigh-high socks, while in another she gazed directly at the camera with a clear, exotic face and sensual eyes.
Within just a few weeks time, she gathered 300 friends and connections online ranging from military personnel and security specialists to workers at defense contractors and intelligence agencies. At LinkedIn, she became connected to men who worked for a secret office that operates spy satellites and others serving the chairman of the Joint Chiefs of Staff.
Sage’s ties included an intelligence official in the Marine Corps and top executives at the defense contractors Lockheed Martin and Northrop Grumman. She was invited to dinner and to apply for jobs. One asked that she speak at a security conference, and a NASA researcher sought her insight on a technical paper.
“Almost all were seasoned security professionals. But Robin Sage did not exist,” wrote the Washington Times in one of the few mainstream stories done about her. A security consultant named Thomas Ryan created the fictional Robin Sage to show that with the rise of social-networking sites, it could be relatively easy to penetrate defense and intelligence circles. The photos used for Sage’s profile, it turns out, were pulled from a website of amateur pornography.
To be fair, while Sage made a large number of connections, the FBI and CIA did not appear to be fooled. Across the Internet, multiple people figured out quickly that Robin Sage was bogus. Others she made contact with were initially skeptical and took simple steps to confirm Sage’s legitimacy before learning she wasn’t legitimate at all.
Still, “no central place was established for people to warn others about the scam, and tweets or other commentary questioning her authenticity didn’t stop others from connecting with her,” the Times reported. A Defense Department spokesman argued that any access to the web and e-mail services poses a threat, not just social-networking sites. “We should address the behavior, not abandon the tool.”
Cues from her online presence should nonetheless have discouraged the remaining intel and security professionals from rushing to become her friend. The job title “cyber threat analyst” doesn’t exist at the Naval Network Warfare Command, and the 10 years of experience she listed would have made Sage a teenager when she joined the workforce. Simple Google searches show that “Robin Sage” is the name of a special-forces military exercise.
According to the Times:
One soldier uploaded a picture of himself taken on patrol in Afghanistan containing embedded data revealing his exact location. A contractor with the [National Reconnaissance Office] who connected with her had misconfigured his profile so that it revealed answers to the security questions on his personal e-mail account. ‘This person had a critical role in the intelligence community,’ Ryan said. ‘He was connected to key people in other agencies.’ … [M]any other connections also inadvertently exposed personal data, including their home addresses and photos of their families. … [Ryan] added that he was surprised about the success of the effort, especially given that Ms. Sage’s profile was bristling with what should have been red flags.
In an interview with Computerworld, Ryan attributed the influence of Robin Sage to the fact that “she was an attractive girl. It definitely had to do with looks.” Of all the connections Sage made, 82 percent of them were with men.
So how did the social-networking sites react? Ryan said Facebook shut down Sage’s profile and barred him from using the site again, while LinkedIn deleted her account. By then the damage was done, and Ryan planned to present his findings at a security conference this summer. Robin Sage wasn’t scheduled to attend.
Here at Elevated Risk, we can’t help but wonder now if the FBI had to quietly dissuade colleagues in the intelligence and security communities from befriending Anna Chapman as their investigation of the Russian spy ring was underway.