The increasing use of social media has caused many disadvantages in operational security. Facebook and Linked-In are two tools I am familiar with using to research individuals and companies. While researching people or organizations, every bit of information can lead to more information online. Even if the target is security conscious, it is very likely an associate is less careful and open for exploitation. People can control certain outlets of information, but they cannot control them all. Speaking agendas, competitions, public records and employer websites are some of the few sources that can reveal detailed information about an individual without that person’s knowledge. Deep search engines have exploited this layer of data and have developed simple tools to search multiple sources with little previous information. Privacy is a thing of the past and the only thing protecting it today is indifference.
Stratfor provides a good overview of the situation here.
Stratfor provides a good overview of the situation here.
These indirect or “deep” sources aren’t really even necessary to find information on a target. People love to hand out their information. Like I observed in a previous post, it has become a reflex for individuals to post private information in public forums. We love to communicate our hobbies, favorite bars, accomplishments and goals. Think about the personal information that you can find about yourself with a simple Google search. For example, some of the students in this class have posted their intention to apply to the CSIS internship in their blog. Already, these students could gain the advantage of knowing their competition. The more technology is a part of our lives, the faster our information becomes digitally available. Overtime, this leads to an established online presence that can easily be exploited through simple measures.
I never completely understood why some people post the things they do on Facebook. Like Seinfeld says, “it is very important for people to feel like they are popular and well liked amongst a large group of people we don’t care for.” Many friends and associates have lamented at employers requiring them to hand over their Facebook. I remind them that this is just to expedite the research and a knowledgeable person would find out what they needed whether they cooperated or not. They should have been more careful with what they chose to put on Facebook in the first place. Working as a locksmith, we had a common saying that locks are designed to keep honest people out (or in). Privacy controls are like door locks. Just because you set that Facebook picture to private, doesn’t mean that someone can’t view it with a little effort. Once it is online, it is in a public sphere that many can easily access. Even if some information seems trivial, it may lead to more valuable information or provide insight when combined with other data.
A person’s network of associates is extremely valuable and often public information. The website Linked-In practically hands over a targets dossier, with detailed job descriptions and listing of associates. Similarly, it is easy to find current or past disgruntled employees of a specific company through sites listing employment history. Social Network Analysis is a method employed by intelligence agencies to identify both entities and the relationships between them. In the past this required some effort to obtain, but nowadays we have pretty much done most of the grunt work ourselves.
A person’s network of associates is extremely valuable and often public information. The website Linked-In practically hands over a targets dossier, with detailed job descriptions and listing of associates. Similarly, it is easy to find current or past disgruntled employees of a specific company through sites listing employment history. Social Network Analysis is a method employed by intelligence agencies to identify both entities and the relationships between them. In the past this required some effort to obtain, but nowadays we have pretty much done most of the grunt work ourselves.
No comments:
Post a Comment