Are you giving out too much information?: OPSEC and Internet security

  • Published
  • By Staff Sgt. Darrell Ramey
  • 354th Fighter Wing Operational Security Monitor
EIELSON AIR FORCE BASE, Alaska --  With the arrival of the internet and e-mail, communication and information gathering possibilities have expanded exponentially. 

Many people use the internet for a variety of reasons and while that is not a bad thing, if you are careless and place sensitive information on sites such as Myspace and Facebook, or give out information because of an e-mail scam you could be adding a piece to the puzzle of a larger picture... and that information could be used for the wrong reasons.  

The internet is a wealth of information and services can be accessed easily with the click of a mouse. Simultaneously, diligence in the security of information and understanding the risks involved while using the internet and its associated forms of media is a must.

Estimates show that there are over one billion internet users worldwide. When posting information on the internet or sending an e-mail, consider the target audience. Not all of the one billion users are going to be friendly - various people use the internet to engage in illegal purposes such as identity theft, scams, or even worse, use social engineering to exploit you or your family.

We must understand that computers are now a valuable weapon system that can be easily targeted by enemies who constantly use the internet to gather and disseminate intelligence.

"The Manchester Document", a captured Al Qaeda terrorist handbook which was confiscated in England in February 2000, states that "Using public source openly without resorting to illegal means, it is possible to gather at least 80% of information about the enemy."

Every person must also be aware of phishing attacks on the internet and through e-mail systems. Phishing is a criminal activity that uses social engineering in order to acquire sensitive or personal information such as passwords, social security numbers and other critical information.

Phishing e-mails usually appear to be from an official source and typically use false internet links or attachments to get users to reveal information or to gain direct access to the computer or associated networks. If you suspect you have received a phishing e-mail, do not open attachments or follow any links in the e-mail and report it immediately to your Client Support Administrator.

Everyone should apply OPSEC when using the internet or posting information to a web log, personal web pages, internet forums, chat rooms or using instant messengers. Remember that even though information may be unclassified, it can still be valuable to an enemy. 

Be sure not to divulge sensitive or critical information or any information that is protected by the Privacy Act of 1974. Even innocent information discussed on the internet can be pieced together to form a larger view of our capabilities or vulnerabilities.

The same diligence must be applied by members while deployed. The internet gives members a much easier way to communicate with friends and family while deployed, but also gives the enemy another intelligence gathering opportunity.

Some areas of information that members should not post or talk about on the internet include: military movements, activities, specific unit information or locations and any base security information. Specific work hours or guard duty hours, specific times or dates of future operations or movements should never be disclosed. Also, be sure to clear any photos taken of deployed locations through your public affairs personnel if you wish to post them on web pages or blogs.

Family members also play a key role in OPSEC and information on the internet. As family members, you may have access to sensitive information and it is critical that you are aware of the risks involved when posting information on the internet. You must strive not only to protect information about your Air Force family members, but also all members of your household.

Be sure you do not talk or post information about:
· Upcoming deployments or TDYs
· Specific details about the work your Air Force family member performs
· Details about your family member's deployed location or military activities they are involved in
· Personal information about your family including telephone numbers and address
· Social Security Numbers, credit card numbers or any other information that criminals could use to steal your identity.

Remember that when you put information on the internet via e-mails, blogs, or web pages - once it's out there, its public information and anyone with an internet connection can access it. Everyone needs to recognize the risks involved with internet use and practice good OPSEC accordingly.