OPSEC and Social Media
The greatest strength and weakness are one in the same, open source information. Open source data is great for collaborations, group projects, talking to buddies, and family. Open source data is a hackers’ personal identifiable information treasure trove. Social media giants’ engineers aka light grey hat hackers exploit the open source data for licit big profits via advertising. Open source data is also exploited by dark gray hats too for illicit big profits via fraud, identity theft, etc. In the 21st century, open source data causes heartache as well as brings pleasure to billions reconnecting with long lost buddies. This essay will explore the consequences of sharing private information in a public forum as it pertains to operational security (OPSEC).
OPSEC history
During the Vietnam War circa 1966, a new branch of security was established called OPSEC. The Joint Chiefs of Staff were baffled by the high rates of bombers being shot down without any apparent classified leaks because the Department of Defense (DoD) compartmentalized information. Operation “Purple Dragon” was then created to find out why the bombers were shot down. Operation Purple Dragon discovered that the open source flight plans were received daily by North Vietnamese tactical planners. The sensitive but unclassified (SBU) information fell into the enemy targeting operations and bomber fatalities were the result. The SBU became known as an OPSEC vulnerability and needed protection like the classified information. Thus, OPSEC was born.
In Colonel Wilson-Hughes book on military blunders and intelligence cover-ups, the Pearl Harbor and 9/11 tragedies were from the same, same, but different compartmentalized tree. Research revealed both tragedies could have been contained if there was interagency cooperation. The various intelligence agencies preferred keeping data collated without sharing. As of 2011, it was still the same from personal experience. However, the information warfare world also known as the special operations of the intelligence community was doing their best to install a more cohesive information sharing program.
OPSEC today
The DoD’s OPSEC program is directed by the dual red hatted National Security Agency (NSA) hacker master at the US Cyber Command (USCYBERCOM) formed in 2009. My now deceased mentor, Kenyon Nessel, was the DoD’s OPSEC program manager, super smart hacker! The OPSEC program manager ensures SBU information is provided on a need to know basis as with classified information. Flight plans, troop movements, sea escapes, etc, are all open source data the OPSEC managers must ensure are maintained in-house. The OPSEC program manager is also in charge of keeping policies and directives current.
Enter Social Media
Today, there are social media applications for just about anything creating more OPSEC headaches. For example, in the United Kingdom outside every military installation, there are tail number spotting enthusiasts. These groups record the tail numbers when the aircraft leave then return and record the data. Now, there are social media applications like Flightradar24 where tail number spotting enthusiasts can globally share the information. The North Vietnamese tactical planners would have loved social media applications like Flightradar24. What was once a small group of Swedish nerds recording military transit information can now be viewed by everyone with or without malicious intent. Social media flight-tracking applications add to the list of OPSEC challenges.
https://www.flightradar24.com/
In the 21st with the interconnected cyberspace, OPSEC has become more important than ever because of the sharing of private information on the Internet. For example, a buddy is a pararescue active duty member, and it is a dreadfully negative OPSEC blunder that friends know where he’s deployed and the day of return. Social media is the culprit. It is actually not public disclosure. However, social media applications like Strava of which he was a member, reveal classified military operations and locations. Social media applications have gone beyond OPSEC blunders into putting clandestine operations at risk as well.
The U.S. Army also started using the Fitbit social media application to encourage soldiers to share their exercising experience with their battle buddies. As one can imagine, the same detriment of the Strava social media application was revealed in the Fitbit application, troop movements and locations. Social media’s nicety of the global positioning system (GPS) turned out was a possible grave danger in the 21st century global information grid. The DoD should seriously reconsider its use of GPS location tracking applications in forward operating environments!
https://www.hackread.com/stravas-global-heat-map-reveals-locations-of-us-military-bases/
Another interesting social media application is called Haven. Haven acts like an electronic guard dog. When the owner is not home then the Haven application can be monitored remotely to determine any visitors. The problem with the Haven application or benefit to law enforcement is the sonar technology employed in the application. The sonar technology can tell any user covert or otherwise exactly where an individual is within the building that has the smartphone application. The application can also be installed surreptitiously without the user’s knowledge via Bluetooth or Wi-Fi. For example, Haven would be very handy for snipers. The sonar technology employed in the application is better than most of the unclassified technology currently in use today for neutralizing various targets. =)
https://www.wired.com/story/snowden-haven-app-turns-phone-into-home-security-system/
Facebook is the granddaddy of social media applications having arrived circa 2003. There were social media applications before the advent of Zuckerberg’s model, but Facebook has dominated the social media market. Facebook is a free social media application, and when a product and/or service is free then the consumer’s eyeballs are the profit. Social media makes money based on the number of eyeballs also known as mass marketing advertising revenue, and Facebook has over 1 billion consumers. That is loads of potential profit.
OPSEC managers originally considered Facebook a nightmare because Facebook is an open source data hidden gem containing sensitive but unclassified information. The DoD asked the question how can they contain the private information going public? The answer was the Internet, their baby, and social media made it impossible. Facebook reveals routines, birthdays, legal names, locations including latitudes and longitudes of every place one ever logged on, etc. Circa 2010, neural linguistic programming (NLP) started its guinea pig testing stage and what better beta platform than military personnel and Facebook. Recently, Cambridge Analytica exploited NLP to help the Russians elect a juvenile, retarded, billionaire in the Russians’ pocket. The NLP experiment is alive and working in the wild.
The military law enforcement also realized most military miscreants enjoy bragging about their criminal accomplishments, so social media provided a means of tracking idiot criminal behavior. Intelligence gathering became a cinch from the glory days of boots on the ground human intelligence (HUMINT) collection to social media where every idiot shares everything. And Facebook readily shares the data troves of information with the government. It was a win-win-win for corporate welfare, law enforcement, and intelligence collection.
Conclusion
Social media applications have been a boon and a red baron to OPSEC practices. The OPSEC program started as a reaction to sensitive but unclassified information during the Vietnam War. Social media has transformed data mining into a juggernaut capable of tracking flights to troop movements and locations making OPSEC a nightmare. The DoD realized social media can be used for mind manipulation and exploited such. The enemies also realized they could exploit the same, and the USA is now in the hands of a filthy rich monster. Social media is today’s YinYang, dark and light exploitations of open source information.
