Commentary by Capt. Michael Noss
50th Space Wing OPSEC Program Manager
Pop quiz: how many believe browsing the internet is 100 percent safe and secure?
Certain sites, such as those hosted by banks and other financial institutions, have added multiple layers of security in order to maximize the safety of your transactions, but not every website has taken such precautions. Any time you visit one of these sites, your every move can potentially be tracked. The following example illustrates this point clearly.
Many of the greatest military leaders in history have themselves been students of history. Perhaps you’ve heard the axiom: “Those who ignore the mistakes of the past are doomed to repeat them.” For this reason, many notable generals have studied the past to better anticipate the future. They read extensively, and some leaders put together recommended reading lists for their troops to read also.
Let’s follow the progress of Major Smith as he seeks to find the books from General Doe’s reading list. The first place he’ll go is to an online book retailer, such as Amazon.com.
Major Smith logs into Amazon.com and uses the search engine to locate the first book on the General’s list. When Amazon.com displays the book in question, it also recommends other similar works that can be purchased at a discount along with the first book. Surprisingly, two of these books are also on the General’s list. When Major Smith clicks on one of these secondary links, additional reading suggestions are made on the list. With just a few keystrokes, Major Smith has located the entire list of books recommended by General Doe.
Has Amazon.com somehow received a copy of the General’s list? Maybe, but it’s more likely that other military personnel have made similar searches for these exact books. Their browsing and buying habits were tracked by the website, then catalogued for future use in case anybody else, such as Major Smith, came searching for the same texts. Amazon.com is looking to increase profits by making it easy for you to locate additional books you may not have thought of purchasing.
Not everybody monitoring your keystrokes has such benevolent intentions, however. Identity thieves are always on the lookout to get your bank account information, pin numbers, credit card numbers and more. But the threat isn’t limited to personal security. During a raid on an Al Qaeda compound, a training manual was confiscated which told how as much as 80 percent of the information needed to plan and coordinate a terrorist attack is obtained from open source materials.
Just what is open source? In life, you can be careful of who may be around to listen in on conversations, but over the internet you never know who might be “listening”. Maybe you have an online social gathering site, such as Facebook or MySpace, where you type in details of your work. Perhaps you’re a member of a discussion forum and like to brag about your knowledge of Air Force weapon systems. Hopefully you’re more OPSEC conscious than to openly discuss critical information, but have you ever made vacation plans for someplace, then went online to do research about the weather, restaurants, and local attractions? Have you ever researched another country, perhaps one where you’re going to deploy? Once a hacker has tagged your IP address, he can easily follow every new website you visit, know where you are going. Criminals can then make plans to visit your home while you’re away; terrorists may make plans to “welcome” you to their home.
This is OPSEC. Because we don’t have to dodge bullets every day, it is very easy to get lulled into a sense of complacency about the safety of our environment. But in this world of high speed internet connections, we face danger every single day from adversaries who could literally be on the other side of the planet. Don’t be an easy target; think before you post information to the internet, whether what you say reveals too much detail, about you or the mission. Think OPSEC!
Editor’s Note: “Eyes on OPSEC” is a series of articles which will examine a variety of situations commonly encountered in the workplace, how they constitute operational security vulnerabilities and what can be done to counter them. Copies of past articles can be obtained from your unit OPSEC representative.