One of our guests was Shannen Rossmiller (see also here), a woman who had posed online as more than thirty different male jihadists. Another of our guests was Thomas Ryan, a man who had posed online as a female computer security specialist employed by the US Navy.
After September 11, Rossmiller, a judge from Montana, used her spare time to learn Arabic and then go online to get to know jihadists, including quite a few Americans. She was remarkably successful in getting them to divulge their secrets to her. They didn’t know that she was playing a role and that she was passing what she learned on to the FBI. Some of the jihadists whom she befriended are now in jail, including US Army Specialist Ryan Anderson who is serving five life terms for attempted espionage and providing material support to terrorists during time of war and Michael Reynolds who got thirty years to life for providing material support to terrorists during time of war.
Last year, Thomas Ryan, a security consultant, established an online persona named “Robin Sage” to see how much an edgy and cute (but fictitious) young woman could learn about the U.S. military and U.S. intelligence. Robin Sage’s biography was rife with clues that she was not a real person. These clues started with her name; “ROBIN SAGE” is the unclassified code name for a US Army Special Forces exercise run four times a year. These hints didn’t seem to register. In fact, “Robin” became a very popular presence on LinkedIn, Facebook, Twitter, and elsewhere where she was befriended by her supposed classmates and even one of her bosses at the Navy. She also connected with the CIO of the National Security Agency, a senior Marine Corps intelligence officer, and numerous defense contractors, among many others. Using these connections, “Robin” was able to get information about troop deployments (from an Army Ranger), acquire email and bank account passwords, and track people’s activities on the web.
What should we make of this? Our third guest, Defense Department official Jack Holt, suggested that the U.S. Government has yet to decide if the cyber world represents a “fortress to be defended” or a “field of maneuver” in which the Government can get things done.
Thomas Ryan’s work indicates the need to think about defense and Rossmiller’s work indicates the very valuable things that Government can do on the internet. The work of both of them, however, makes clear that things are not always as they seem online.