I recognize that this was intended as a "gotcha" sort of experiment, and I have no doubt that Mr. Ryan will reveal some information that he obtained from friending these folks. However, there were a number of people who did not fall for the ruse, and in some cases, publicly called out Robin Sage as a fake. I can't even attempt to name everyone, but as I recall there were at least a dozen people actively discussing the case at the time. I recall talking to Chris Nickerson at the time, and he said to me (and I'm paraphrasing), "I think I just stepped on someone's Black Hat talk," and this was right at the beginning.
When the profiles first became public, a few things were immediately suspicious to me:
- The name. Robin Sage just sounded familiar to me, but not as a person's name. A discussion with some friends, and a quick Google search confirmed what I had thought. At this point it was already obvious that the user was fake.
- The LinkedIn profile has apparently been deleted, but it was really over the top: "Robin" claimed to have been involved in the hacker community for ten years (but no one knew who she was), and claimed to be the "real life Abby Sciuto". In a community as small as the hacker community, you'd think someone would know a user like this. Of course, no one did.
Also to note: this experiment has already been done before, by Nathan Hamiel and Shawn Moyer back in 2009 at Shmoocon. So I'm not sure why its a "Hot Story" at Dark Reading, especially for Black Hat.
Mr. Ryan's abstract says "The experiment was conducted by creating a blatantly false identity..." So blatant in fact, that many people saw through the ruse. Let's hope for the sake of intellectual honesty that these results are also presented.