Mitigating the Threat to your Digital Profile

CPT Private RallyPoint Member — Mon, 19 Jan 2015 12:59:57 -0500

Like it or not, we all have a digital profile or “footprint” that we leave all over the internet and it can be used against us by all sorts of nefarious characters. It is important for service members in particular to pay close attention to their digital profiles. Both state and non-state characters have been known to target service members specifically in order to gather open-source intelligence or plan attacks. Fortunately, there are steps we can take to make this harder and help mitigate the various threats to our digital profiles.

One of the easiest things we can do when it comes to social media is use the available privacy settings to the fullest extent and know all online friends personally. Iran is just one country that has been known to use fake profiles (social engineering) on Facebook, LinkedIn, Twitter and other social media sites to target military and political leaders in order to gather login data and infect computers with malware (http://www.reuters.com/article/2014/05/29/iran-hackers-idUSL1N0OE2CU20140529).

Another recommended practice is to limit the use of location services as much as possible. Google tracks the location history of your smartphone constantly. It displays all this information on a nifty website with locations, dates and timestamps overlaid on Google Maps, and it is fairly accurate. If someone has your Google account login info and your phone number, they can see where you live, work, and anywhere you visit as long as you have your phone with you and your location services are switched on. The patterns of daily life are unavoidable but when you see it all on a map, over time it is easy to figure out where you live, where you work, who your friends and family are, and where you like to hang out. This information is stored indefinitely until you go and delete it. I looked at mine and saw over a year’s worth of location information stored, which was easily searchable. Just Google search “Google location history” and you can see your own. I found it kind of creepy but also enlightening. I now keep my location services off most of the time.

One more tip is to never use default passwords. Never! Many things such as webcams, home security systems, and even baby monitors have default passwords that are also publicly available online (like the customer service section of a particular products webpage). There are even websites that stream live footage from cameras with easily hacked default passwords or no passwords at all (http://www.washingtonpost.com/news/morning-mix/wp/2014/11/21/how-a-russian-web-site-peers-into-your-home-even-your-babys-room-by-hacking-webcams/). Military and government websites like AKO require strong passwords and you should meet the same requirements for your own social media and online bank accounts. Just be sure to never use the same password for different accounts. If someone gains access to one password, they can use it to access additional accounts if you aren’t careful.

It only takes a few pieces of information for an adversary to start connecting the dots. A full name and partial address is usually enough to yield results in a public records search. If you know an email address, username or phone number, sites like Spokeo.com can generate lots of information on a specific individual by searching white pages, public records, and social media. If you have kids, try a search using their full name, age, and the town they live in and see what results come back. If you get a lot of accurate hits from social media accounts or other sites, you might want to think more about access, privacy settings and shared information. The lesson learned is to be careful with your Personally Identifiable Information and don’t spread this sensitive information all over the internet for someone to use against you.

With the persistent threat from both state and non-state actors targeting service members online, we must all take a few simple steps to help safeguard our digital profiles. Failure to do so makes you a much easier target for bad actors and, unless your job already makes you a high-profile target, the bad guys prefer the easy targets. Being aware of this threat and taking these basic precautions will help you mitigate the chances of being targeted online. Today, terrorist groups are using social media to target service members and their families. Taking these basic precautions while online will help protect you and your loved ones from those who wish to do us harm.

Response by SPC(P) Jay Heenan made Jan 19 at 2015 2:39 PM

SPC(P) Jay Heenan — Mon, 19 Jan 2015 14:39:05 -0500

I wish we all would take this a little more serious...great post!

Response by Capt Brandon Charters made Jan 19 at 2015 4:32 PM

Capt Brandon Charters — Mon, 19 Jan 2015 16:32:44 -0500

CPT Private RallyPoint Member Very timely post. Really appreciate you putting this out there for the community. As great as it may seem to turn on geo location inside apps, there is a very real risk in doing so these days. I also suggest double checking photos that are set to public by Facebook's default setting. A lot can be interpreted by just seeing an image posted with a date.

Response by SGT Private RallyPoint Member made Jan 20 at 2015 7:07 PM

SGT Private RallyPoint Member — Tue, 20 Jan 2015 19:07:48 -0500

Good thing I have all location services deactivated for this reason. Good info to know.

Response by PV2 Daniel Shipley made Jan 28 at 2015 2:57 PM

PV2 Daniel Shipley — Wed, 28 Jan 2015 14:57:49 -0500

Think about this

Response by Capt Richard I P. made Mar 3 at 2016 9:02 PM

Capt Richard I P. — Thu, 03 Mar 2016 21:02:04 -0500

A better method of password creation than the outdated and mistaken DOD guidelines.
https://xkcd.com/936/

xkcd: Password Strength

Warning: this comic occasionally contains strong language (which may be unsuitable for children), unusual humor (which may be unsuitable for adults), and advanced mathematics (which may be unsuitable for liberal-arts majors).

Response by CSM Charles Hayden made Mar 7 at 2016 9:38 PM

CSM Charles Hayden — Mon, 07 Mar 2016 21:38:16 -0500

CPT Private RallyPoint Member Excellent! Please continue your efforts in this vein. "We" can never have enough information about keeping our information private. Thank you

Response by Gayane Badalian-Very MD. Ph.D made Mar 8 at 2016 5:18 AM

Gayane Badalian-Very MD. Ph.D — Tue, 08 Mar 2016 05:18:21 -0500

This is a valid point. spatially now a days where intelligence gathering is number one priority of many states...