US Air Force notice on military use of social media

US Air Force published a notice that includes a paragraph on the use of  social media platforms for computer network exploitation.

In the recent months I had the opportunity to conduct an interesting study on the use of Social Media in the Military Sector, large diffusion of media platforms makes them very attractive for governments and intelligence agencies. Social media platforms reveals enormous potentiality that could be exploited also in critical sectors such as military and defense.

Modern social media networks are actively used by every government, the US, China and Russia are the most active in this field, but also emerging cyber countries like Iran and North Korea demonstrates an increasing interest in the matter.

The principal usesof social media for government are

• Psychological Operations (PsyOps)
• OSInt
• Cyber espionage
• Offensive purposes

On May 10th the Illinois Air National Guard 183rd Fighter Wing published a notice in the monthly issue of a newsletter titled Falcon View. The notice, that seems to be authentic, dedicates a paragraph to the use of  social networking sites for computer network exploitation.

According the notice foreign governments regularly use social networks to conduct cyber attacks against DoD, attackers adopt social engineering techniques to gather sensitive information creating  “significant operations security (OPSEC) concern”.

The impact is serious, leak of knowledge of the cyber threats could cause mission degradation or even loss of life, but great concern is also reserved to the possibility of use of social network platforms to inoculate malware in US AF networks.

“The nature of social networking sites (SNS) which promote socialization and the sharing of information makes personnel more susceptible to exploitation” reports the notice.

The notice and with special recommendations to all Air Force members related to the use of social networks, informing on the risks related to cyber espionage conducted by state sponsored hackers:

“Finally, be aware of the security settings on these websites and do not inadvertently release sensitive information to the public because of careless use.”

Following the integral notice:

Notice to Airman 2013-080-001:

(U//FOUO) EXECUTIVE SUMMERY: Nation-state adversaries regularly use accounts on popular social networking sites to facilitate social engineering against DoD members. Information disclosed or discovered on social networking sites creates a significant operations security (OPSEC) concern and in the context of a wide spread collection effort could be by adversaries to form a classified picture.

(U//FOUO) MISSION IMPACT: Poor OPSEC practices or general disclosures of sensitive information can lead to kinetic adversary responses to U.S. forces’ actions, potentially leading to mission degradation or even loss of life. Additionally, malware introduced into AF networks via social network sites can degrade or disrupt operations.

(U//FOUO) DETAILS: The nature of social networking sites (SNS) which promote socialization and the sharing of information makes personnel more susceptible to exploitation. SNS applications give the common user an increased opportunity to release official information. In the past two years, there are several examples of adversaries using or attempting to use SNS for likely cyber espionage.

(U//FOUO) ACTIONS: All Air Force members must be aware that they are a potential target of cyber exploitation/espionage and take appropriate caution when using social networking sites. Do not accept contact requests from individuals who you do not personally know and trust. Additionally, hackers are known to spoof requests so that any request may appear to be from someone you know, so treat all requests with suspicion and vigilance. Only accept a request if there is a high level of certainty regarding the identity and authenticity of the requestor. Finally, be aware of the security settings on these websites and do not inadvertently release sensitive information to the public because of careless use.

Pierluigi Paganini

(Security Affairs – Cyber Security, Social Media, Defense)