Before social media became an area to voice one’s opinions or call out others, most of these services allowed you to simply share your thoughts with some photos. Fewer people actually do this today, and perhaps it would be good for the country – dare it even be said the world – if social media returned to being more about social.
However, one group, the uniformed, may “overshare” more photos and information than it should. In recent years this has been a problem. The New York Times covered this in January 2019Some secrets of NATO were revealed in social media posts
DoD has warned service personnel about posting photos of military bases. The U.S. Army reminds soldiers to adhere to the Uniform Code of Military Justice. This includes not linking or posting material which violates the UCMJ, basic rules for soldier conduct. Soldiers should also be aware that social media platforms cannot be used to post/post comments on supervisors and release confidential information.
Many concerns are being raised about how service personnel could use social media to harm them or target them.
Targeted By Foreign Actors
Experts are concerned that the threat of foreign threat actors using social media to target military personnel could present a serious threat. Agents could approach them to try and win their trust. This professional foreign threat actor may take a while to get to know them and then convince or bait them.
Tom Garrubba (director of Third Party Risk Management) with Echelon Risk + Cyber said that Service members have a unique national security element to their roles. Foreign threat actors can befriend and win their trust in the long-term, but only then will they convince or bait them into revealing sensitive personal or business information. Humans have an innate desire to be liked. Many people do bizarre things to maintain the positive vibe in their social networks.
Problems could also be in the app itself. Garrubba recommended that members of the military do everything they can to find out who developed and owns an app, as well as how data is shared or captured.
“Often, these apps – like TikTok, WhatsApp, and others – allow the data to be sent to places such as China and other geo-politically sensitive regions without the user having any idea as to what is happening behind the scenes,” Garrubba continued. If a military member were to make use of such an app, they would do well to not discuss any personal information, including your family and position. They also should avoid commenting on or discussing strategic or political matters. They must be aware that such remarks can remain online indefinitely and could easily be used by others to threaten or entice you or your loved ones.
The same can be done to service personnel as for businesspeople. Many times, what someone shares on social media is the information that helps the bad actors. You can then use spear phishing to your advantage.
Dr. Darren Williams is the CEO of BlackFog, a cybersecurity firm founded by Dr. Darren Williams. “Spear phishing focuses solely on the ability for threat actors to target a system with highly tailored information,” he said. It is the attacks that are so obvious that people don’t notice them that they make the best threats. When your device is compromised, personal information is exposed online and people you know are victims of an attack, the threat to you is real.
Service members must be cautious about what they share and the links that they click. Dr. Williams said that it is easy to get tricked into clicking on the wrong link via social platforms. The threat actors are determined to trick you into clicking on the wrong link to obtain their payload. Therefore, avoid direct clicks to redirect you to another site that will make it easy to download a file.
Check out the Photos
Every piece of mail that was sent from or to a member of the military during World War II was thoroughly screened. Service members today can accidentally share too many things by simply snapping a picture and uploading it.
Jake Williams, SCYTHE’s executive director for cyber threat intelligence and Jake Williams explained that photos posted on social media could pose serious force protection threats.
J. Williams added that advisers can see photos of military units and assess their condition. They also have the ability to understand how installations are laid out for targeting. Although geographical tagging photos are becoming less common, they pose obvious operational security risk for anyone operating from bases. Open source intelligence (OSINT), even without the use of EXIF data to geotag photos, can be used often to locate where they were taken. BellingCat’s team is exceptional at this, and military personnel should assume that their adversaries will have the same (or better) capabilities.
What is the solution to these possible threats?
Service members must practice operational security (OPSEC), and manage their online presence. Matthew Marsden, Vice President Technical Account Management for Tanium (a private cybersecurity and information management company), said that service members must use all security settings available on each website and keep their online footprint as minimal as possible. While it can seem tempting to post photos and details about work-related travels, this could expose sensitive data.