Inside Cyber Warfare - Jeffrey Carr [63]
Another risk category is disinformation. Twitter received a lot of coverage during the Mumbai terror attacks of November 2008 for its role in covering the events in real time. Part of what emerged was the potential for terrorists to use Twitter to propagate disinformation about their whereabouts—for example, to announce a new attack occurring at a wrong address—thus adding chaos and confusion to an already chaotic situation.
Finally, there is the phenomenon of online trust. If you work in a targeted industry, sooner or later you will be approached by someone who isn’t who he claims to be for the purpose of gaining and exploiting your trust to further his own nation’s intelligence mission.
The Cognitive Shield
This section contains an official study for the US Air Force (USAF) on the risks associated with their service members using social media, specifically MySpace. It was produced by the Air Force Research Laboratory and has been approved for public release and unlimited distribution.
The study involved 500 individuals across the spectrum of job responsibilities, rank, family members, and length of service, and was meant to reveal vulnerabilities in OPSEC due to posting habits on MySpace, with the intention of carrying over the lessons learned to all types of social media. OPSEC violations constitute real risks from adversaries during wartime.
Although this report was prepared for the USAF, the report authors encourage all the armed services to consider how the same issues would impact their own operations.
The report authors posed two questions for the basis of their research:
What type of information and how much information are USAF personnel making available in MySpace?
What are the characteristics of the Air Force personnel who post information, and are they different from the larger population of Air Force personnel?
The 500 study participants were collected by searching MySpace using the keyword USAF. MySpace was chosen because of existing reports of OPSEC violations occurring there. Study information was collected by an anonymous MySpace account.
Sample profiles included active duty, national reserve, guards, cadets, recruits, retired, and recently separated members.
Information was obtained through simple keyword searches, such as “USAF cadet,” “USAF officer,” “USAF linguist,” “USAF special tactics,” “USAF intelligence,” “USAF deployed,” “USAF intel,” and “USAF cop.”
The results showed that posting to social networking sites is not restricted to younger service members and spans a wide variety of career fields (Figure 6-1).
Figure 6-1. Percentage of USAF career fields represented in the study
Examples of OPSEC violations
Helicopter pilot currently in California, headed to Nellis AFB to work at the 66th Rescue Squadron
OPSEC concerns include sharing his new duty station, his new unit, the aircraft he’ll be piloting, and his status as a volunteer EMT and firefighter (which could provide an adversary with a means of approach).
F16 pilot and instructor currently stationed in California
OPSEC concerns include sharing his rank, his duty location, the type of aircraft he flies, the fact that he is an instructor, past squadrons, personal medical information, and family information.
TACPs and Security Forces
They share notes about deployments, units they deploy with, and information about training as well as where they work.
Posting pictures of themselves at deployed locations can provide the enemy with an opportunity to identify potential targets.
Intel students, officers, imagery analysts, crypto-linguists, and predator sensor operators
OPSEC concerns include that they self-identify as intelligence professionals, and mention bases, training locations, and job duties.
MySpace group site pages are another problem because they provide