April 10th, 2008 03:30 EST
USAF Officials urge caution on social networking Web sites
MAXWELL AIR FORCE BASE, Ala. -- Your location on a friend network, a photo on Facebook, a prayer for a deployed family member on a military-based blog -- all posted on the World Wide Web with the intent to bring comfort to loved ones and news to friends. This information may seem harmless, but when put together these puzzle pieces show a picture with more information than military members should share.
To demonstrate the amount of information available, Col. Andy Pears, director of Communications and Information for Air University, became a "completely fictional" staff sergeant on a social networking site designed for military members. The colonel said he had no trouble creating a profile and false identity.
With a few mouse clicks, Colonel Pears found combat and operations histories, pictures from inside deployed locations, descriptions and duties within that location and details about military members receiving medals. There was never an attempt to confirm military affiliation, he said.
"You look at this kid right here," the colonel said, pointing to a picture of a uniformed man posing against a concrete wall. "The enemy may already have his name and information about his family."
Great Britain's security service recently found hundreds of false accounts belonging to Al-Qaeda members on social networking sites, according to a briefing prepared by Colonel Pears' office. British service members were advised to remove personnel details from those social networking sites.
"This colonel could go in as a staff sergeant," Colonel Pears said. "Simple questions like 'I'm going to Camp Victory. Can you share your experience?' or 'I'm a retired chief. During my time in service, we followed these procedures. What is the policy now?' place people and missions at risk and create an operational security nightmare," he said.
Colonel Pears' deputy said it is understandable how people make the mistake of sharing too much online.
"What struck me is there was no malice intended," Marietta Magaw said. "It can seem so harmless, because people were trying to reach out and stay in touch."
The briefing provided other examples of risky information military members have posted on Web sites: full names; dates of birth; hometowns; names of family members, girlfriends or wives; locations of where they served; and photos posing with colleagues and weapons.
"Suppose an angry person, perhaps someone affected by the actions that earned an Airman a bronze star, sees the decorations on a site," Ms. Magaw said. "What is to stop the person from turning the Airman into a target?"
Colonel Pears advised against posting information protected by the Federal Privacy Act of 1974, which states information cannot be released without written consent of the individual, to include martial status, home address and phone number, date of birth, and social security number.
An additional danger of posting photos and information is identity theft, Ms. Magaw said.
For example, Military Times reported in January that a man copied photos of a Marine colonel on a social networking site. The man then used the photos to pose as the colonel on dating Web sites and eventually began requesting money from the women.
The U.S. Computer Emergency Readiness Team, comprised of the Department of Homeland Security and public and private sectors, provides advice to the general public about social networks.
"Although the features of social networking sites differ, they all allow you to provide information about yourself and offer some type of communication mechanism (forums, chat rooms, e-mail, instant messenger) that enables you to connect with other users," according to a 2006 report by Mindi McDowell, Carnegie Mellon University. "While the majority of people using these sites do not pose a threat, malicious people may be drawn to them because of the accessibility and amount of personal information available on them."
The organization's Web site offers tips for posting information online. One suggestion is to use caution in what you advertise. "Providing details about your hobbies, your job, your family and friends and your past may give attackers enough information to perform a successful social engineering attack," the Web site said. A final tip is remembering that information, once published on the Internet, cannot be removed.
Recently, Canadian and Australian officials urged soldiers and civilian workers to be mindful about what they post for the world to see. Canadian army Brig. Gen. Peter Atkinson said in a United Press International article that insurgents collect about 80 percent of their intelligence from blogs and photos posted on social networking sites like Facebook and YouTube.
Currently, Air Force Instruction 35-101, Public Affairs policy and guidance, states:
"... each Air Force member or employee is responsible for obtaining the necessary review and clearance, starting with Public Affairs, before releasing a proposed statement, text or imagery to the public. This includes digital products being loaded on an unrestricted Web site."
Ms. Magaw advised using common sense when posting personal information online. "There are a lot of people out there who want this information."
Ashley M. Wright
Air University Public Affairs