OPSEC Strikes Against ISIL – It Could Hit You, Too

Intelligence typing

U.S. Army photo

A story earlier this month highlighted a US Air Force strike on an Islamic State in Iraq and Syria (ISIS) headquarters building, effectively destroying a piece of the command and control mechanism of ISIS.  The Air Force targeteers were able to identify the location based on a number of pieces of information provided via ISIS members on social networks.

According to Air Force Gen. Hawk Carlisle, head of Air Combat Command – the airmen of the 361st Intelligence, Surveillance and Reconnaissance Group (Hurlburt Field, Florida) recognized a comment…and turned that into an airstrike.

“It was a post on social media, to bombs on target in 22 hours,” Carlisle said.

The US Central Command on June 4, then posted a Tweet about the success:  ISIL learns the value of #opsec the hard way.

Open source information is harvestable information

While one could argue US Central Command should have kept the news of their success in-house, without the need to share with the Twitterverse, it has been shared and does serve up as an excellent case study for mirror analysis.

We should all remember, the US is not the only entity with the ability to harvest open source data. Information has value, whether provided officially or unofficially for sharing, social networks are available to all, and for some websites, the employees of the networks will be able to step over your personal privacy settings and view your content.

What can our adversaries harvest?

Indeed, many adversaries of the US are counting on members of the armed services and those supporting the armed forces to be very proud of their service, their work and their activities. So proud in fact, they will share details such as their Major Operational Specialty (MOS) or current deployment activity via social media.

A quick search on the “professional” social network, LinkedIn, using search terms associated with various MOS codes for each branch of the US armed forces produced the identities of hundreds of individuals who identify themselves with various MOS codes either presently, or in their prior service.  Similarly, a quick search of social networks for evidence of recent deployments shows a great many photos and comments including personal information and dates.

Think before you post

Individually, these pieces of information are no doubt viewed as benign. Collectively they fill the mosaic with individual pieces. When you post keep this in mind – you may be providing the missing piece to an adversary’s mosaic.

Christopher Burgess (@burgessct) is an author and speaker on the topic of security strategy. Christopher, served 30+ years within the Central Intelligence Agency. He lived and worked in South Asia, Southeast Asia, the Middle East, Central Europe, and Latin America. Upon his retirement, the CIA awarded him the Career Distinguished Intelligence Medal, the highest level of career recognition. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century” (Syngress, March 2008).

More in Intelligence