By Justin Creech, Belvoir EagleMarch 14, 2013
The U.S. Army Intelligence and Security Command requires active-duty Soldiers, Department of the Army civilians and government contractors to follow the same operations security guidelines.
INSCOM employees are reminded to not upload risky photos onto social media sites or use personal information as answers to security questions on on-line banking sites.
"Protect information that could be used to steal your identity," said April Evans, INSCOM OPSEC coordinator. "Protect information like your social security number and your birthday, or any information that social engineers could use, such as your mother's maiden name, first car (use T0y0t@ instead of Toyota), or numbers that could be used as password, like a wedding anniversary date or child's birthday."
Social engineers can use seemingly innocent information against someone because it is knowledge that can be used to build a profile about that person or persons.
"It's publicly accessible information that causes problems; if a person gets your name and does a search for you, some of that information may be available," said Connie Moore, INSCOM OPSEC program manager. "It's pieces of information that can tell the big picture of who you are."
Operations security goes beyond protecting birthdays, social security numbers and wedding anniversaries. Soldiers and DA civilians need to be careful of the photos they put on social media sites, too.
Parents who put photos of their children on social media sites shouldn't add the child's name to the photo because it's more personal information a social engineer can obtain. Someone a person is friends with on social media should already know what your children's names are, according to Evans.
Soldiers, DA civilians and contractors also need to be aware of geotagging vulnerabilities when uploading photos onto social media sites.
Geotagging is the term used for latitude and longitude location information, saved within the photograph, when a photo is taken with a smart phone. According to Evans, people will upload photos they've taken with their cell phones directly to a social media site, without removing the location data embedded in the photograph.
Soldiers on deployment forget to do this with photos of the Exchange or in housing areas on the installation they are at, according to Evans.
"If you go on one of the photo sharing websites and type in Baghdad or Soldiers, it's going to pull up many of those photos, because those websites look for the location data tagged in the photos," said Evans. "Al-Qaeda has documents that tell them how to collect information; advises them to go on the internet; exploit social media, and look for information such as geotagged photos."
It's best to make yourself a hard target, make it as hard as possible for the enemy to find information on Soldiers, their units and operations, said Moore.
"Posting photos without removing the Meta data (geotagging data) is a vulnerability, because when you are in a war zone or a secure area and you post a picture online, all of a sudden the enemy can tell something about what you are doing based on that photo," said Moore. "Everyone that deploys needs to understand the vulnerability and use OPSEC protective measures."
The enemy may not use obtained information right away, but once they have it they can use it whenever they want to. That is a risk no Soldier, DA civilian or contractor should take, according to Moore.
"You don't know what they are planning in the future," said Moore. "If the data is publicly available, it's always out there for them to use. It prevents them from having to find the information by other means."