Based upon what you have learned so far, find an OPSEC violation that has occurred and was written about in the media or on the internet. Write a 2 to 3 page paper about this issue. Start with a brief summary of the event, give the OPSEC violations and conclude with how to prevent this type of situation from happening again. You can include any training that you think is important.

For my research of an Operational Security (OPSEC) violation I have chosen to use everyone’s most coveted device; the cell phone. I have witnessed firsthand that it provides precise data that can be used to track someone and detail their movements at a scene. This information created a blueprint of a building, where evidence was collected and processed and then to the location off site where it is currently being stored with time stamps for each data point. The offender does not even know he created this map that he shared via HYPERLINK “http://www.google.com/latitude” Google Latitude with friends. This is only one of the many ways you share data from the phone that may put you and your comrades in harm’s way.

The site was to be secured, have limited access, and declared a no fly zone while the investigation was underway. This is normal operating procedure. From the site cell phones were used for operational coordination in conjunction with an encrypted radio system. As part of OPSEC, cell phones camera, recorder, data and GPS services were to be turned off. So how did this happen then? Simple the app was running on his personal phone that was in his pocket and he simply had forgotten that he was using it. Did it create a hazard, put us at risk, or expose our operation to the press? Not directly, since there was no incident, but indirectly it may have since several times there were reports on the news of the operations of the preceeding day that were not included in the official press releases.

Today’s phones use an Operating Systems (OS) that is basically a personal computer which links all of your information, social networking, and current location then stores it in multiple places. Today with cloud services offered by Google, Apple, and many other companies your information is readily accessible on multiple devices and updated globally. This is convenient but puts this information at risk of being accessed by others. For example, Apple accesses their devices twice a day without the users’ knowledge, uploading current location by default. From this information they have created a database similar to Google Street View. They did obtain permission from the end user by the following language which is within the contract from Apple that states ‘To provide location-based services on Apple products, Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services.’ [1] HYPERLINK “http://www.apple.com/privacy/” Apple’s privacy policy states that the company may disclose customer information “if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.”

How do we minimize the risks posed by having and using a modern phone with all of its apps and features? First are the simple things like lock the keypad so that it is not easily accessed and used if lost. Don’t store all of your personal data on the phone such as bank account numbers, passwords to access accounts on line, and change them often.

Geotagging and Location Tracking Services are great services for sharing up to the minute location, and letting people know where you have been. During a demonstration of how geotagging can be used to gain information on an individual, a person was observed using their phone to take photos and by noting the location, time of day, and type of phone, a third party was able to go back and find the photos on “Flickr” including some of the party’s residence inside and out. The third party stated and I quote “ HYPERLINK “http://www.wired.com/gadgets/wireless/magazine/17-02/lp_guineapig?currentPage=all” Now I know where she lives.” [2] It is the equivalent of adding a 10-digit grid coordinate to everything you post on the Internet.[3] To avoid exposing your personal location you should not check into geotagging sites while you are home, don’t add tags that state who and where you are, turn off the geotagging and GPS features in your phone.

Avoid using “Free” Wi-Fi networks. At O’Hare airport in Chicago there were found to be 20 wireless networks that were setup to collect user data in a HYPERLINK “http://charlotte.bbb.org/article/bbb-warns-hackers-set-up-fake-wi-fi-hotspots-in-airports-34411” 2008 study. [4] Hackers set up networks in public gathering places and collect the data by using an ad-hoc or peer-to-peer network that allows you to surf the web, and allows them to collect your personal data. To minimize the risk you should turn off file sharing, automatic wireless connections, and use a Virtual Private Network (VPN) connection whenever possible.

Bluetooth devices offer a potential hacker an easy way to add software to your phone. In public, if the Bluetooth is enabled and not restricted to your personal interfaces, it acts as a mini network and allow others to access it and add software such as “ HYPERLINK “http://features.techworld.com/security/1259/it-managers-battle-mobile-viruses/” CommWarrior” which slowly deletes the phones contacts, calendar and email, then transfers itself when you send an Email to phone. If you are not currently using a Bluetooth device, turn off the service, and in the settings ensure that it is only allowed to pair with your devices.

To protect yourself and minimize the data you share, especially if it is sensitive in nature, add software to the phone that uses an encryption service. The information is protected by requiring a key and if the phone is lost or stolen can be remotely wiped or if the pass code is entered wrong 3 consecutive times the phones software will wipe the data for you. Ensure that the phones software and applications are up-to-date. This month alone JAVA was hacked multiple times, leading to large amounts of data being gathered by a third party and the ability to change credentials from a low level to administrator of mobile devices running Java applications. Never answer unsolicited texts, Emails, call numbers, open links that arrive via unsolicited texts or Email. Only enter your passwords into the site or account that you have navigated to, never follow a link that was sent to you or found within a text, twitter tweet, or email.Tthis is known as phishing and is widely used to collect your personal data.

In conclusion treat your phone as a device that is constantly tracking, recording and monitoring your activities. From location to communications, it’s all tied to your phone. Even removing the battery does not always fully shut it down and actually may set a flag that causes you to be watched. The information we leave behind in data bits may be factual information but does not necessarily give a true representation of our lives. It is a great invention and lets you do so much more, but with that freedom there is a risk. So take proper precautions, for it is a wonderful tool if you treat it appropriately.

References:

Google Latitude lets you stay close with your friends from your phone, computer, or both

Retrieved February 20, 2013

HYPERLINK “http://www.google.com/latitude” http://www.google.com/latitude

1. Apple’s Privacy Policy and data processing

Retrieved February 20, 2013

HYPERLINK “http://www.apple.com/privacy/” http://www.apple.com/privacy/

2. Mathew Honan, I Am Here: One Man’s Experiment With the Location-Aware Lifestyle

Retrieved February 20, 2013

HYPERLINK “http://www.wired.com/gadgets/wireless/magazine/17-02/lp_guineapig?currentPage=all” http://www.wired.com/gadgets/wireless/magazine/17-02/lp_guineapig?currentPage=all

3. Army Geotagging Safety.pdf

Retrieved February 20, 2013

HYPERLINK “http://www.nv.ngb.army.mil/Army%20Geotagging%20Safety.pdf” http://www.nv.ngb.army.mil/Army%20Geotagging%20Safety.pdf

4. BBB Warns: Hackers Set Up Fake Wi-Fi Hotspots in Airports

Retrieved February 20, 2013

HYPERLINK “http://charlotte.bbb.org/article/bbb-warns-hackers-set-up-fake-wi-fi-hotspots-in-airports-34411” http://charlotte.bbb.org/article/bbb-warns-hackers-set-up-fake-wi-fi-hotspots-in-airports-34411

IT managers battle mobile viruses

Retrieved February 20, 2013

HYPERLINK “http://features.techworld.com/security/1259/it-managers-battle-mobile-viruses/” http://features.techworld.com/security/1259/it-managers-battle-mobile-viruses/

Advertisements