Operational security (OPSEC) is not only for those going into harms way. OPSEC can be defined as protecting information that could be used against us. By utilizing smart OPSEC, you prevent and inhibit an enemy’s attack against you. Information that can be accessed freely, without violating any laws, is called open source. Open source intelligence is where we get most of our information. As a matter of fact, 90 percent of all intel comes via open sources. Examples include texts, blogs, videos, photographs, Tweets, social networking sites, newspapers…just about everything that is publicly accessible.
This article will open your eyes to the vulnerabilities faced everyday by mobile phone users. Hopefully you already know most of this information, but if not, take some notes to better protect yourself.
In August of 2010, Adam Savage, of “Myth Busters,” took a photo of his vehicle using his smartphone. He then posted the photo to his Twitter account including the phrase “off to work.”
Since the photo was taken by his smartphone, the image contained metadata revealing the exact geographical location the photo was taken. By simply taking and posting a photo, Savage revealed the exact location of his home, the vehicle he drives and the time he leaves for work.
Wired Magazine ran a cautionary tale in 2009:
“I ran a little experiment. On a sunny Saturday, I spotted a woman in Golden Gate Park taking a photo with a 3G iPhone. Because iPhones embed geodata into photos that users upload to Flickr or Picasa, iPhone shots can be automatically placed on a map. At home I searched the Flickr map, and score—a shot from today. I clicked through to the user’s photostream and determined it was the woman I had seen earlier. After adjusting the settings so that only her shots appeared on the map, I saw a cluster of images in one location. Clicking on them revealed photos of an apartment interior—a bedroom, a kitchen, a filthy living room. “Now I know where she lives.”
As the two stories above indicate, privacy and security aren’t what they used to be. With advancements in technology, enhanced GPS capabilities and smart phones with built-in GPS, managing privacy and security is a full-time job. We must always work to protect ourselves from security breaches, but with new technologies come new risks.
What is Geotagging?
Geotagging is the process of adding geographical identification to photographs, video, websites, and text messages. Geotags are automatically embedded in pictures taken with smart phones. Many people are unaware of the fact that the photos they take with their smart phones and load to the Internet have been geotagged. Photos posted to photo sharing sites like Flickr and Picasa can also be tagged with location, but it is not an automatic function. Photos have used geotagging for some time. Certain formats like the JPEG format allow for geographical information to be embedded within the image and then read by picture viewers. This shows the exact location where a picture was taken.
Most modern digital cameras do not automatically add geolocation metadata to pictures, but that is not always true. Camera owners should study their camera’s manual and understand how to turn off GPS functions. On photo sharing sites, people can tag a location on their photos, even if their camera does not have a GPS function. A simple search for “Afghanistan” on Flickr reveals thousands of location tagged photographs that have been uploaded.
Tagging photos with an exact location on the Internet allows random people to track an individual’s location and correlate it with other information. We deploy to areas all over the world. Some locations are public, others are classified.
DO NOT tag your uploaded photos with a location. Publishing photos of sensitive locations can be detrimental to mission success and your safety.
Location Based Social Networking
Examples of these sites include twitter, Facebook, Foursquare, Instagram to name a few. Location based social networking is quickly growing in popularity. A variety of applications are capitalizing on users’ desire to broadcast their geographic location.
Most location-based social networking applications focus on “checking in” at various locations to earn points, badges, discounts and other georelated awards.
The increased popularity of these applications is changing the way we as a digital culture view security and privacy on an individual level. These changes in perception are also creating OPSEC concerns.
Foursquare is a location-based social networking website for mobile devices. Users “check-in” at various places using a mobile website. They are then awarded points and sometimes “badges.” Users of Foursquare use the service to share their location with friends, meet new people and get coupons.
Users can also connect and publish their “check ins” to Facebook and Twitter. If someone is not a friend on Foursquare they can still track your whereabouts through Facebook.
Foursquare has over 4 million users. Foursquare currently has iPhone, Android, webOS, Windows Phone 7 and BlackBerry applications.
Facebook’s “Places” is similar to Foursquare in that it gives an individual’s location when the user posts information using a mobile application. This feature is available by using the Facebook application for iPhone, Touch, facebook.com and Android. This function is automatically active on all Facebook accounts until disabled.
Ensure Your Safety
Establishes patterns: these and other location-based social networking applications allow strangers to track your movements every day. If they watch someone long enough they will know exactly when and where to find that person on any given day.
Exposes places of duty and home: By tracking movements and aggregating information, strangers can determine where someone lives and works. Best advice, turn off the location services function.
One of the simplest ways to avoid displaying too much information is to disable the geotagging function on your smartphone.
Since most smartphones automatically display geographical information, it takes a little more effort on the user’s part to protect their privacy. It’s important that all users understand their specific systems and make efforts to turn off their phone’s geotagging function. Geotagging photos and using location-based social networking applications is growing in popularity, but in certain situations exposing your specific geographical location could cost you your life and the mission’s success. You should never tag photos with geographical locations when loading to photo sharing sites like Flickr and Picasa. Learn to use your equipment and how to disable the GPS function on your devices.
Aspects of this article credited to U.S. Army Slideshare
Referenced CIA Handout
Feature image courtesy of pandasecurity.com