Updating your status? State-sponsored cyber spies want to know it too, researchers say


An Army civilian posts to Facebook on Joint Base Lewis-McChord (Photo credit: army.mil)

Your Facebook profile is a “treasure-trove” for state-sponsored hackers looking to gather intelligence about U.S. troop locations and organizational hierarchies, according to the cybersecurity firm Imperva.

A new report from the California-based firm says hackers can analyze connections between “friended” business partners and colleagues, to map out the hierarchy of different organization, reports Nextgov.

“The organizational structure can be used for corporate espionage, foreign-government and even military intelligence,” a draft reportedly states.

Rob Rachwald, Imperva’s security strategy director said individuals often post status updates that unwittingly reveal their geographic locations.

“Geolocation data is all together more valuable when cross-referencing it with the organizational structure,” he told Nextgov. “This can be very useful, say, to gain military intel on the location of the adversary’s military units. In fact, last year an [Israel Defense Forces] operation was cancelled following a soldier’s status update of the operation’s time and location,” the report states.

A Facebook spokesman said in response that the company has many technical systems in place to prevent “scraping,” or mining the site’s data, and to restrict Web search services from crawling through non-public information:

“We designed Facebook to provide a safer and more trusted online environment by offering users industry leading tools to control access to their information so they can choose what they share and with whom they share it. We encourage people exercise caution when connecting with others unknown to them online or otherwise.”

The Army’s Online and Social Media Division’s handbook for soldiers includes a list of safety measures. It also advises commanders to ensure designated social media managers  monitor their unit’s official presence carefully for sensitive information, Army Times has previously reported.

“America’s enemies scour blogs, forums, chat rooms and personal websites to piece together information that can harm the United States and its Soldiers,” the handbook warns. “Be cautious when accepting friend requests and interacting with people online.”

A section for Army-sanctioned family readiness groups advises leaders to steer clear of posting specific unit information and gossip. As an example, it suggests using vague language such as their soldier is, “‘operating in southern Afghanistan’ as opposed to ‘operating in the village of Hajano Kali in Arghandab district in southern Afghanistan.’”

[via Nextgov]

About Author


  1. MAJ Mike Anderson on

    There’s a difficult balance to maintain between our desire to live in a free society and protecting the information that may give our adversaries operational security information. It’s an old intelligence saying that it’s the little things that add up to make the larger picture and that’s exactly what happens when users put too much information out through social media. There are prudent measures that individuals should take to avoid exposing too much potential information but folks are too often unaware of the impact of the information they’ve just put out through social media. We tend not to think of the information we post as contributing to an adversary’s greater understanding of our organizations. But, the simple action of ‘friending’ someone has just added another link to a chart somewhere providing greater knowledge of associations and possibly identifying vulnerabilities. In addition to being Soldiers, we have our off duty lives as well and want to be able to make and maintain those social connections with people we’ve known before or met since joining the military. It seems easy to say that it’s common sense to not accept friend requests from people you don’t know or not to put out information on training events or deployment activities. But these are huge moments in our lives that we want to share with our friends and family through social media so that they’re kept up to date; the balance isn’t easy. The trick is to understand that while a member of the military the rules always apply, in or out of uniform, knowing the hard and fast rules of what can and can’t be posted and thinking about the impact of the information that’s about to be posted.

Leave A Reply