How Foreign Intelligence Services Use Social Media to Target Clearance Holders

Cybersecurity

Have you ever wondered what the Chinese are doing with the Office of Personnel Management (OPM) data they collected when they successfully breached and siphoned off more than 20 million files, complete with your SF86 and background investigation data?

Do you think, maybe, foreign adversaries of the United States might be sharing information among themselves? The question is rhetorical. They do.

Successful instances of intelligence operations utilizing information shared from one country’s service to another, to advance the interests of both, have existed since the first borders were drawn.

Just how much information has been compromised?

We’ve already discussed how foreign intelligence services may use breached data to create targeting dossiers on cleared individuals. Add to that instances where companies supporting the Department of Defense (DoD) inadvertently find nine years of cleared applicant’s resumes sitting on an non-secured AWS S3 storage server, placed there by a vendor during their collaboration.

Add to this the data available via the breaches of health insurers, the breaches of the credit monitoring services Equifax (100 million) and Experian (15 million), and the DeepRoot exposure of the personal data on 200 million U.S. voters.

Still breathing? It’s about to get worse. Buckle-up.

Your credit report is an integral part of your background investigation, as well as your public social media profiles.

Social networks are businesses (remember this). Access to most are free, and users by the millions exchange their personal information and daily posting, eschewing privacy in exchange for the benefit of the social connections.

Now you can’t do much about the breaches, beyond having the knowledge that someone else’s information security failure has placed your information at risk.  You can control what you share on social networks and which ones you use.

When it becomes personal

Perhaps more disturbing are the capabilities being demonstrated by these hostile intelligence services within the social networks themselves.

The Russian intelligence apparatus utilized their active measures capability to foment distrust within the U.S. election process. They used armies of trolls and semi-automated accounts to promote articles (some they authored, most authored by others) which served to place another straw upon the camel’s back. The Hamilton68 project charts these efforts on Twitter.

Couple this with the recent revelation that Russia spent millions of dollars on highly segmented Facebook ads and you get a flavor for their social network savvy.

What happens when you, the individual are the target?

A recent Newsweek article, “How Russia is using LinkedIn as a Tool of War Against Its US Enemies” carefully walks the reader through the successful use of trolls and false information to paint a highly decorated former CIA intelligence officer in a most unfavorable and repugnant light. How successful was the effort? The Russian effort, according to Newsweek,

“… veteran Kremlin-watcher Celestine Bohlen, now a columnist for the International New York Times, had called “breathtaking, even by Soviet standards.” A key feature of the online effort was trolling, the tactic of injecting inflammatory, off-topic commentary into discussion groups and threads with the goal of defaming critics, provoking fights and chasing away thoughtful adversaries.”

What happened to the defamed individuals?

In the Newsweek piece, two individuals who had information fabricated and then trolled widely found themselves expelled from LinkedIn after “numerous” complaints had been filed.  In other words, the Russian troll machine won, and the voices of critics of the Russian Federation were silenced within the LinkedIn community.

Now think about that for a minute and let that sink in.

With all the information available from the breaches in the hands of others, what type of profile do you think could be created about you? What if the ne’er-do-well intelligence service just inserted enough false material or allegations, and then replayed them across social networks? Or had information in a medical file or credit report used in a non-favorable manner?

You may not be assessed as a foreign intelligence recruit, but what if that isn’t their interest? What if their interest is simply to take you out of the equation? We see their success in manipulating the social network providers, whose naivete is used to the adversaries advantage. The possibility of your voice and work being neutralized is a reality.

Your SF86 ,for example, has a list of items which are self-declarations. Imagine seeing this information – be it smoking pot in college to a messy divorce – on a social network. You’re now in the public spotlight. The question, “do you still beat your spouse?,”  is apropos. Protest as you will at how ridiculous it may be,  the reader focuses and fixates on the word “still.”

What to do?

You should keep a catalog of breaches which affect you personally and what information may have been exposed. No need to try and sort out ‘did they get this or that.’ Operate from the assumption that everything in each compromised entity may be available to a foreign adversary.

As noted in a post on safer social networking for security clearance holders,

One way to find out what the internet is saying about you is to search for your name. Put your name in quotes (as well as nicknames and maiden names) and use the main search engines like Google, Yahoo! and Bing.

Make those searches persistent and when you find yourself in the crosshairs of a disinformation campaign, run, don’t walk to your Facility Security Officer (FSO) and cognizant security authority’s counterintelligence team and get them involved in ensuring the efforts to neutralize your good name and work are thwarted using national resources, and not just your own.

Christopher Burgess (@burgessct) is an author and speaker on the topic of security strategy. Christopher, served 30+ years within the Central Intelligence Agency. He lived and worked in South Asia, Southeast Asia, the Middle East, Central Europe, and Latin America. Upon his retirement, the CIA awarded him the Career Distinguished Intelligence Medal, the highest level of career recognition. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century” (Syngress, March 2008).

More in Cybersecurity