False flag: social engineering the social network of IO professionals

Some colleagues are reporting a phishing expedition to identify and engage Information Operations experts on LinkedIn. They’ve reported invitations from “George W.” who purports to be “Colonel Williams”, an “IO professional” in the DC area.

Invitations, with a number of wording variations, has been received by a number of active duty IO personnel recently.  Investigation by several others has shown that the profile is for a nonexistent person.

In short, be careful who you let into your social network. While you may not be passing along explicit data, bringing an unknown into your network allows the phisher – who may be a hacker, a curious teenager, looking for the next Wikileaks source or a foreign government – to explore and learn from your network. By bringing the person in, you impart a degree of trust the phisher will certainly leverage to gain additional access.

Below is a screenshot from the morning of 6 January 2010 of the LinkedIn profile for “George W.” The profile picture is stolen from another profile.

clip_image001