Security Clearance Attorney Sean M. Bigley represents clients worldwide in security clearance denials and revocations. He is a former investigator for the U.S. Office of Personnel Management. For more information, please visit www.bigleylaw.com.
There is something about the internet that makes many of its users throw caution to the wind. Each year, countless unwitting victims are scammed out of money, duped into online relationships with non-existent persons, or “friended” by fake social media accounts. If you don’t believe me, I have a once in a lifetime business opportunity waiting for you in Nigeria. I just need your bank account and social security numbers.
I’ve written previously about the dangers this phenomenon presents for security clearance holders in the online dating world. But, as recent news has highlighted, the extent of the online threat for clearance holders is actually much broader.
In the wake of the OPM hack, the Office of the Director of National Intelligence (ODNI) has released several thought-provoking statistics about social media usage as a warning to those with clearances. The new campaign, dubbed “Don’t Be This Guy”, claims, for example, that 15% of social media users publicly share their birthdays and 17% post what high school they attended.
Birthdays and high schools may seem like relatively harmless bits of information, but ODNI explains in two slickly produced videos the extent to which that information can be turned against you by a foreign intelligence service. You can check out the videos here and here.
The implications are enormous for social engineering – the idea that spies can identify and cultivate promising intelligence leads by learning about their targets’ personal lives. As the CIA Director recently discovered, social engineering can also very effectively be used to guess email passwords or password reset “challenge questions.” That means the Director was likely one of the 29% of internet users ODNI says fail to use strong passwords.
Smarter Social Networking
To be clear, I’m not in any way suggesting that security clearance holders refrain completely from social media, I’m simply suggesting prudence. For example:
- Set your social media accounts to private and/or consider using an alias on social media
- Use difficult passwords – and challenge questions – that cannot be guessed by someone who knows you and employ a combination of letters, numbers, and symbols
- “Friend”, “Add”, or “Follow” only people who you know
- Keep any job or clearance-related information off your profiles
- Only respond to job recruiter inquiries from vetted sources – like ClearanceJobs.com
This advice isn’t rocket science, but the intelligence community is clearly concerned enough about the vulnerability to warrant a reminder. Don’t be that guy, indeed.
This article is intended as general information only and should not be construed as legal advice. Consult an attorney regarding your specific situation.