13
13
0
Like it or not, we all have a digital profile or “footprint” that we leave all over the internet and it can be used against us by all sorts of nefarious characters. It is important for service members in particular to pay close attention to their digital profiles. Both state and non-state characters have been known to target service members specifically in order to gather open-source intelligence or plan attacks. Fortunately, there are steps we can take to make this harder and help mitigate the various threats to our digital profiles.
One of the easiest things we can do when it comes to social media is use the available privacy settings to the fullest extent and know all online friends personally. Iran is just one country that has been known to use fake profiles (social engineering) on Facebook, LinkedIn, Twitter and other social media sites to target military and political leaders in order to gather login data and infect computers with malware (http://www.reuters.com/article/2014/05/29/iran-hackers-idUSL1N0OE2CU20140529).
Another recommended practice is to limit the use of location services as much as possible. Google tracks the location history of your smartphone constantly. It displays all this information on a nifty website with locations, dates and timestamps overlaid on Google Maps, and it is fairly accurate. If someone has your Google account login info and your phone number, they can see where you live, work, and anywhere you visit as long as you have your phone with you and your location services are switched on. The patterns of daily life are unavoidable but when you see it all on a map, over time it is easy to figure out where you live, where you work, who your friends and family are, and where you like to hang out. This information is stored indefinitely until you go and delete it. I looked at mine and saw over a year’s worth of location information stored, which was easily searchable. Just Google search “Google location history” and you can see your own. I found it kind of creepy but also enlightening. I now keep my location services off most of the time.
One more tip is to never use default passwords. Never! Many things such as webcams, home security systems, and even baby monitors have default passwords that are also publicly available online (like the customer service section of a particular products webpage). There are even websites that stream live footage from cameras with easily hacked default passwords or no passwords at all (http://www.washingtonpost.com/news/morning-mix/wp/2014/11/21/how-a-russian-web-site-peers-into-your-home-even-your-babys-room-by-hacking-webcams/). Military and government websites like AKO require strong passwords and you should meet the same requirements for your own social media and online bank accounts. Just be sure to never use the same password for different accounts. If someone gains access to one password, they can use it to access additional accounts if you aren’t careful.
It only takes a few pieces of information for an adversary to start connecting the dots. A full name and partial address is usually enough to yield results in a public records search. If you know an email address, username or phone number, sites like Spokeo.com can generate lots of information on a specific individual by searching white pages, public records, and social media. If you have kids, try a search using their full name, age, and the town they live in and see what results come back. If you get a lot of accurate hits from social media accounts or other sites, you might want to think more about access, privacy settings and shared information. The lesson learned is to be careful with your Personally Identifiable Information and don’t spread this sensitive information all over the internet for someone to use against you.
With the persistent threat from both state and non-state actors targeting service members online, we must all take a few simple steps to help safeguard our digital profiles. Failure to do so makes you a much easier target for bad actors and, unless your job already makes you a high-profile target, the bad guys prefer the easy targets. Being aware of this threat and taking these basic precautions will help you mitigate the chances of being targeted online. Today, terrorist groups are using social media to target service members and their families. Taking these basic precautions while online will help protect you and your loved ones from those who wish to do us harm.
One of the easiest things we can do when it comes to social media is use the available privacy settings to the fullest extent and know all online friends personally. Iran is just one country that has been known to use fake profiles (social engineering) on Facebook, LinkedIn, Twitter and other social media sites to target military and political leaders in order to gather login data and infect computers with malware (http://www.reuters.com/article/2014/05/29/iran-hackers-idUSL1N0OE2CU20140529).
Another recommended practice is to limit the use of location services as much as possible. Google tracks the location history of your smartphone constantly. It displays all this information on a nifty website with locations, dates and timestamps overlaid on Google Maps, and it is fairly accurate. If someone has your Google account login info and your phone number, they can see where you live, work, and anywhere you visit as long as you have your phone with you and your location services are switched on. The patterns of daily life are unavoidable but when you see it all on a map, over time it is easy to figure out where you live, where you work, who your friends and family are, and where you like to hang out. This information is stored indefinitely until you go and delete it. I looked at mine and saw over a year’s worth of location information stored, which was easily searchable. Just Google search “Google location history” and you can see your own. I found it kind of creepy but also enlightening. I now keep my location services off most of the time.
One more tip is to never use default passwords. Never! Many things such as webcams, home security systems, and even baby monitors have default passwords that are also publicly available online (like the customer service section of a particular products webpage). There are even websites that stream live footage from cameras with easily hacked default passwords or no passwords at all (http://www.washingtonpost.com/news/morning-mix/wp/2014/11/21/how-a-russian-web-site-peers-into-your-home-even-your-babys-room-by-hacking-webcams/). Military and government websites like AKO require strong passwords and you should meet the same requirements for your own social media and online bank accounts. Just be sure to never use the same password for different accounts. If someone gains access to one password, they can use it to access additional accounts if you aren’t careful.
It only takes a few pieces of information for an adversary to start connecting the dots. A full name and partial address is usually enough to yield results in a public records search. If you know an email address, username or phone number, sites like Spokeo.com can generate lots of information on a specific individual by searching white pages, public records, and social media. If you have kids, try a search using their full name, age, and the town they live in and see what results come back. If you get a lot of accurate hits from social media accounts or other sites, you might want to think more about access, privacy settings and shared information. The lesson learned is to be careful with your Personally Identifiable Information and don’t spread this sensitive information all over the internet for someone to use against you.
With the persistent threat from both state and non-state actors targeting service members online, we must all take a few simple steps to help safeguard our digital profiles. Failure to do so makes you a much easier target for bad actors and, unless your job already makes you a high-profile target, the bad guys prefer the easy targets. Being aware of this threat and taking these basic precautions will help you mitigate the chances of being targeted online. Today, terrorist groups are using social media to target service members and their families. Taking these basic precautions while online will help protect you and your loved ones from those who wish to do us harm.
Social Media
Security
Privacy
Command Post
Posted 10 y ago
Responses: 7
10
10
0
CPT (Join to see) Very timely post. Really appreciate you putting this out there for the community. As great as it may seem to turn on geo location inside apps, there is a very real risk in doing so these days. I also suggest double checking photos that are set to public by Facebook's default setting. A lot can be interpreted by just seeing an image posted with a date.
(10)
(0)
5
5
0
Good thing I have all location services deactivated for this reason. Good info to know.
(5)
(0)
CPT (Join to see)
SGT (Join to see), my location services are usually disabled most of the time as well. I'll turn them on every now and then just to make using something like Yelp or a weather app a bit easier, but I always turn them back off when I'm done.
(0)
(0)
5
5
0
Read This Next
Continue with Facebook 
Continue with Google