Small Ecosystems and Security

AdamElkus September 19, 2011

Anthropologist Robin Dunbar famously observed that most people can only maintain relationships at one time with 150 people. The average on Facebook is 120-230. And of that, only a fraction really matter to us. Penetrating a small circle is usually very difficult, especially if they are members of a network based around a tie that cannot easily be faked or replicated. Social media, however, is changing the security dynamics of “small” groups. By geographically disaggregating friend network locations and mixing professional and personal worlds together, it becomes easier to use deception to achieve targeted entries into professional ecosystems.

The Robin Sage case is famous because it illustrates the perennial problem of deception in small ecosystems:

In just a month, Sage made connections with hundreds of people from the US military, intelligence agencies, information security companies and government contractors. The 25-year-old navy cyberthreat analyst was invited to speak at security conferences and offered jobs at companies including Google and Lockheed Martin. …But there was a slight hitch: Robin Sage did not exist. The pretty cybergeek, supposedly educated at the Massachusetts Institute of Technology (MIT) and a prep school in New Hampshire, was in reality an avatar created by a security researcher to find out how social networking sites could be used to covertly gather intelligence.

Granted, Sage was easy on the eyes. But she also used a basic social engineering technique–manipulating social proofs–to gain her access. By accumulating lots of shared friends and contacts, she gained credibility by proxy with others. If you saw a friend request from Ms. Sage, you might also see a list of shared friends. While most focus on the “honey pot” aspect of men in the national security world chasing a young, pretty woman or the problem of sharing information on social network sites, the issue of social proof is really the most significant aspect.

Assuming Ms. Sage was a balding man and the pages she accessed were scrubbed of important details, the problem is still that she was able to use social proof to get the access in the first place. Small social ecosystems—especially those based around a common interest that is geographically dispersed–are uniquely vulnerable to this. Someone at the fringes of a small ecosystem can rather easily move in. Besides the embarrassment of being hoaxed and the potential exposure of valuable information, the revelation of deception in small groups tends to have a deleterious effect on group trust. While this is merely unfortunate in a group of close friends, it can be deadly to a professional network in today’s age of cross-disciplinary and cross-agency collaboration. Having a solid understanding of one’s own network is essential. Hub users that have a lot of friends tend to be the first targets of Robin Sages, since they are easy to add in order to build up a database of mutual friends that may entice a prospective target to believe that the Robin Sage is legitimate.

The move towards more and more compartmentalization of human “data” on social networks will follow small ecosystem deception–putting a premium on the ability to juggle multiple networks simultaneously while keeping touch with a very small, carefully selected group. Google+’s Circles and Facebook’s growing set of lists is one example. Others may try more extreme remedies. The social network Path heavily limits on the size of your network in order to keep it targeted towards your immediate friends and family.

About AdamElkus

Adam Elkus is a PhD student in Computational Social Science at George Mason University. He writes on national security, technology, and strategy at oodaloop.com for OODA, War on the Rocks, and his own blog Rethinking Security. His work has been published in The Atlantic, Journal of Military Operations Foreign Policy, West Point Counterterrorism Center Sentinel, and other publications.

Gain Powerful Insights Into The Future With OODA Loop’s Technology Tracking

In a continuation of our journey to bring the best, most actionable technology content to enterprise decision-makers we have merged our research and reporting activities into the OODAloop.com site (both CTOvision.com and OODAloop.com are owned and operated by OODA LLC). CTOvision will focus only on one small niche, a vision for a technology enabled future. […]

CTOvision and OODA: Big Changes Coming Soon

In a continuation of our journey to bring the best, most actionable technology content to enterprise decision-makers we are merging our research and reporting activities into the OODAloop.com site (both CTOvision.com and OODAloop.com are owned and operated by OODA LLC). This will give our community access to the same technology summaries we currently produce as […]

Give Your Career A Boost By Learning From Experienced Decision Makers

Our video and audio podcast, the OODAcast, provides content that can help accelerate your career and improve your decision making. The series is based on interviews of some of the greatest most accomplished enterprise technologists we can find. We ask questions designed to pull out lessons applicable to accelerating the career of any professional. We […]

Think Twice Before Deciding To Use A Personal VPN: You could be getting some really bad advice

From the 1930s to 1950s (far too long) the medical community just would not wake up to the fact that cigarettes could cause harm (see More Doctors Smoke Camels). Why did they stick with this misperception for so long? When so many good people come to the wrong conclusion it probably means some deeply human […]

Please help spread the word: USNI and NIP Essay Contest: This year’s challenge area a key one for the nation

Please help share the content at this link to any thinker/writer you know: 2020 Information Warfare Essay Contest This contest is open to all contributors, active-duty, military, reservists, veterans, and civilians. Generally the winners have had a solid understanding of the nature of modern conflict, but really any thinkers/writers should look over the contest and […]

Centripetal wins historic $2.6-$3.2 Bil vs. Cisco Systems; largest US patent infringement award to date

Editor’s note: I am proud to say I have a history with Centripetal Networks serving on their board and then later as an advisor. It was horrible to learn that a Tech Titan like Cisco was infringing on their patents. It is good now to see when the facts were reviewed justice was done. -bg […]

Super Bowl Ads Indicate Big Businesses Think You Are Afraid of AI

Tom Loftus provided an insightful review of some of Super Bowl ads in the 4 Feb 2019 Wall Street Journal. Like AI parody in SNL, these ads really poked fun at computers: Seriously, did anyone catch the commercials? If the Super Bowl is the zeitgeist, then it is safe to say that America is not […]

HBO’s Westworld: The Man In Black is a special kind of Twitter user

HBO’s Westworld is a modern take on the Michael Crichton SciFi tale of a robotic amusement park. The HBO version has a new twist. The creators/writers were all exposed to years of Twitter, which has influenced every episode and the entire arch of two seasons of the show. Now that season two is wrapping up, […]

All Enterprise Techies Should Watch HBO’s SciFi Epic Westworld: It will help us dialog over shared experiences on what we will not be creating

Westworld season one was a great mix of science fiction and drama and action and it was done in a way that should help people think through many tech ethics questions, like how do we want to treat our robots? Does treating robots with violence change our nature? Can robots become sentient? HBO has a […]

Related