A new website that can best be described as a privacy and national security disaster is culling LinkedIn and Google to create a database of professionals with access to America’s secrets. The new website called the Transparency Toolkit boasts that it has collected the resumes – including profile photos and personal data, in some cases – for more than 27,000 individuals who have previously or currently worked on classified government projects.
The ultimate classified programs aggregator? LinkedIn
The source of all of this great information? Resume information posted to LinkedIn. How did they do it? Basic keyword searches for National Security Agency (NSA) programs like XKeyScore or Dishfire. While the effort started by using known NSA programs, they’ve actually uncovered new programs they hadn’t heard of, according to M.C. Grath, Transparency Toolkit founder. He spoke about the site during the re:publica conference in Berlin earlier this month.
A quick trip to ICWATCH displays a searchable database of intelligence community professionals. It includes names, photos, places of employment, and more. It’s clear the majority of the data is a direct pull from LinkedIn profiles. You can search the database by agency, program name, individual’s first and last name, and more.
Scared straight? You should be
It’s a frightening reminder that anything you post to a public facing site such as LinkedIn is public information – and may be pulled and reposted just about anywhere. The purpose of the ICWATCH database is transparency, but there’s no doubt it provides an excellent catalog for foreign intelligence officers and others looking for access to America’s secrets. Spear phishing attacks are the least of the worries for professionals who may have found their data accessible on the Transparency Toolkit database.
It goes without saying that you shouldn’t be posting the details about the government programs you’re a part of online. LinkedIn is a public website – that provides your personal details to anyone looking for access. If you’re a clearance holder, it’s a good idea to limit any information you share on a public facing site. If you’re looking for career networking opportunities and the opportunity to stay relevant in your industry, stick with a secure, password protected site such as ClearanceJobs.com. Your information is never shared with others, never searchable online, and only available to the U.S. based industry employers with vetted access.
What you should do with your LinkedIn profile:
1. Opt for a first name, last initial naming structure.
2. Use a separate email address just for LinkedIn. It has been hacked before – don’t open up your work email or even your primary personal email to spear phishing attacks. Set up an account that doesn’t include your name and use it for the site.
3. Don’t post your full resume. Use the site like a directory. It’s okay to have a profile there. It’s not okay to post your full resume there. If you’re a clearance holder, posting that you have your clearance on a public facing site opens yourself to risk. Ask yourself if it’s worth it. (Especially when you have a free alternative).