OPSEC & Social Media dd mmm yy Overall Classification of this Briefing is UNCLASSIFIED//FOUO FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH

OPSEC & Social Mediadd mmm yy

Overall Classification of this Briefing is UNCLASSIFIED//FOUO

FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET


Naval OPSEC Support Team (NOST)Navy Information Operations Command (NIOC)

(757) 417-7100 [email protected]

www.facebook.com/NavalOPSECwww.twitter.com/NavalOPSEC

www.slideshare.net/NavalOPSECwww.youtube.com/USNOPSEC

OPSEC


OPSEC is a process that identifies critical information, outlines potential threats, vulnerabilities, and risks and

develops counter measures to safeguard critical information

Operations Security


Critical Information

Names and photos of you, your family and co-workers

Usernames, passwords, network details

Job title, location, salary Home security systems, internet

service provider What kind of pets and how many

Position at work, certifications, physical limitations

Family routines Vacation and travel itineraries Social security number, credit

cards, banking information Hobbies, likes, dislikes, etc.

Information we must protect Information an adversary would need to do you harm


Threat

Threat: The capability of an adversary coupled with their intention to undertake actions against you or your family. Conventional Threats

• Military opponents • Foreign adversaries/countries

Unconventional Threats• Organized crime• Foreign terrorists• Home grown terrorism• Insiders (espionage)• Hackers, phishing scams• Thieves, stalkers, pedophiles


ISIS Threat

Army warns US military personnel on ISIS threat to family members

Real or Perceived….or does it matter?


Weakness the adversary/enemy can exploit to get critical information Vulnerabilities make you susceptible to intelligence/data collection. Poor security and sharing too much information are common, easily

exploited vulnerabilities. Blogs, posts, emails, phone calls and conversations in restaurants,

airports and other public places expose important information to potential adversaries and are a very common vulnerability.

Vulnerability


Lack of Awareness Data aggregation Unsecure communications Social engineering Trash Technology Internet/social networking Blogs Predictable actions & patterns

Common Vulnerabilities


Risk scenario:You are proud of your family.

Risk

So you prominently display personal information about

them on the back of your car for everyone to see. What is the possible risk associated

with displaying these indicators??


Countermeasures

Anything that effectively negates or reduces an adversary's ability to exploit vulnerabilities or collect & process critical information Hide/control indicators Protect personal information Change routines & routes Differ times you do activities

Countermeasures are intended to influence or manipulate an adversaries perception Take no action React too late Take the wrong action


Social Networking

Social Networking Sites (SNS) allow people to network, interact and collaborate to share information, data and ideas without

geographic boundaries.

http://www.google.com/imgres?imgurl=http://2.bp.blogspot.com/_bRTJ5MkQjhU/S7HWhm8IixI/AAAAAAAABHM/XWR_9egP0g0/s1600/265-blogger-logo.jpg&imgrefurl=http://tips-hindi.blogspot.com/&usg=__CS275VVPMdZabAMm0chr3Jbm1GU=&h=311&w=1024&sz=42&hl=en&start=5&um=1&itbs=1&tbnid=LdUqqduVjh9T9M:&tbnh=46&tbnw=150&prev=/images?q=blogspot+logo&um=1&hl=en&sa=X&tbs=isch:1

http://gonzogastro.files.wordpress.com/2010/01/twitter-1.jpg

http://www.google.com/imgres?imgurl=http://www.wickedc.nl/pippievents/images/stories/partyflock20logo.jpg&imgrefurl=http://www.wickedc.nl/pippievents/index.php?option=com_wrapper&view=wrapper&Itemid=2&usg=__zbw2igPaADdPOnmVwZm3a7XyPPs=&h=300&w=400&sz=37&hl=en&start=1&itbs=1&tbnid=4fHW4XJGSXINJM:&tbnh=93&tbnw=124&prev=/images?q=party+flock&hl=en&gbv=2&tbs=isch:1

http://www.google.com/imgres?imgurl=http://2.bp.blogspot.com/_zmoEeqomXD4/SkKJErxfSwI/AAAAAAAACc0/kzrzKHyF4Ms/s400/hi5-logo.jpg&imgrefurl=http://freevectorlogo.blogspot.com/2009/06/hi5-logo.html&usg=__7Vaqb10MWLSDbzk_9g9Z99oCVKw=&h=300&w=300&sz=11&hl=en&start=3&itbs=1&tbnid=w6_l_pralwMqiM:&tbnh=116&tbnw=116&prev=/images?q=hi5+logo&hl=en&sa=X&gbv=2&tbs=isch:1

http://mddailyrecord.com/generationjd/files/2009/11/myspace.gif

http://www.phisigmasigma.org/PHISIGMASIGMA/PHISIGMASIGMA/UploadedImages/linkedin-logo.jpg

http://www.google.com/imgres?imgurl=http://www.watblog.com/wp-content/uploads/2009/07/logo.jpg&imgrefurl=http://www.watblog.com/2009/07/13/%E2%80%98taggedcom%E2%80%99-to-be-sued-a-call-for-moral-standards-for-sns/&usg=__LETztWEvz8qqgtUPgTOhuWiPqCM=&h=150&w=200&sz=22&hl=en&start=1&itbs=1&tbnid=PR7SdNLVT0lz9M:&tbnh=78&tbnw=104&prev=/images?q=tagged.com+logo&hl=en&gbv=2&tbs=isch:1

http://www.google.com/imgres?imgurl=http://image2.mouthshut.com/images/imagesp/l/Fropper.com-925043644s.jpg&imgrefurl=http://www.mouthshut.com/product-reviews/Fropper.com-925043644.html&usg=__YAUluoKz_Jlvz9_R9o6MboBOETw=&h=150&w=150&sz=4&hl=en&start=9&um=1&itbs=1&tbnid=-lVy1sXmIJZs8M:&tbnh=96&tbnw=96&prev=/images?q=fropper.com&um=1&hl=en&gbv=2&tbs=isch:1

http://3.bp.blogspot.com/_2XSR74FrXuI/SRfiRSHQ8pI/AAAAAAAAAE4/ZkXzd0sX5bA/s400/utube-logo.jpg

http://technabob.com/blog/wp-content/uploads/2007/09/digg_casemod.jpg

http://www.google.com/imgres?imgurl=http://socentvc.files.wordpress.com/2009/11/xanga.jpg&imgrefurl=http://socentvc.wordpress.com/2009/11/&usg=__nfYoq3pHCvguwBExltkvLNlh_cA=&h=380&w=380&sz=42&hl=en&start=2&um=1&itbs=1&tbnid=tU1XFwTt-LYfAM:&tbnh=123&tbnw=123&prev=/images?q=xanga&um=1&hl=en&gbv=2&tbs=isch:1

http://www.google.com/imgres?imgurl=http://wapreview.com/images/orkut-logo.jpg&imgrefurl=http://wapreview.com/blog/?p=581&usg=__hVK_69XwlRo215TFGnSzQx6fpqg=&h=91&w=248&sz=8&hl=en&start=10&itbs=1&tbnid=MdPWvtwsBFE-EM:&tbnh=41&tbnw=111&prev=/images?q=orkut.co.in+logo&hl=en&gbv=2&tbs=isch:1

http://gladeliz.files.wordpress.com/2009/11/friendster-logo.jpg

http://www.google.com/imgres?imgurl=http://www.hobokennj.org/content/images/UStreamLogo.jpeg&imgrefurl=http://www.hobokennj.org/council/members/peter-cunningham/&usg=__Q9jq1Tf4wG-fExdpI_jcBJDAAjQ=&h=150&w=425&sz=24&hl=en&start=1&itbs=1&tbnid=yUCArKGoHAf1QM:&tbnh=44&tbnw=126&prev=/images?q=ustream+logo&hl=en&sa=X&gbv=2&tbs=isch:1

http://www.google.com/imgres?imgurl=http://en.widgadget.com/blog-en/wp-content/uploads/netvibes-logo.png&imgrefurl=http://en.widgadget.com/blog-en/the-close-relation-between-widgets-and-social-networks/&usg=__X1m57-O9PT1pQ0e4hecNJLdWk0Q=&h=291&w=235&sz=9&hl=en&start=2&itbs=1&tbnid=cNHDQZ4JuoeWHM:&tbnh=115&tbnw=93&prev=/images?q=netvibes+logo&hl=en&gbv=2&tbs=isch:1

http://t3chh3lp.com/storage/post-images/google-social.jpg

http://www.google.com/imgres?imgurl=http://4.bp.blogspot.com/_zmoEeqomXD4/SjftFPB6UTI/AAAAAAAACZE/gxQm5CcUp_k/s400/del.icio.us-logo.jpg&imgrefurl=http://freevectorlogo.blogspot.com/2009/06/delicious-logo.html&usg=__9jwUEEBW0DnNmNvz1XLFIQT7r0g=&h=300&w=300&sz=9&hl=en&start=1&itbs=1&tbnid=kzu3nyr_jJWDzM:&tbnh=116&tbnw=116&prev=/images?q=del.icio.us+logo&hl=en&gbv=2&tbs=isch:1

http://www.thestoreofinspiration.com/images/yahoo360logo.jpg

http://www.edwards.usask.ca/undergrad/Files/facebook_logo.jpg


Pro’s

For the Individual Entertaining Maintain Relationships Network Centralized Information Collaborate


Pro’s

For the military

Recruiting Public Relations Connect with AD, family

members & the public

Solicit ideas and feedback

Information Warfare

• “Counter Taliban tactics with speed, accuracy & transparency in our reporting.” USFOR-A


Con’s

Unsecure, unencrypted communications Unrestricted access No user/identity authentication Easy source of PII & CI Malicious code/virus’ Prime target for data aggregation Cybercriminals Potential to compromise certificates

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCPLPxuWA1McCFYjzgAodcb0B5g&url=http://www.pcmag.com/article2/0,2817,2410639,00.asp&ei=WKTkVfLDB4jngwTx-oawDg&psig=AFQjCNGjL7OxK8kxVLctqZkPBYF4tZU2oA&ust=1441134010043993


SNS and Your Clearance

The following is a security awareness statement signed by the Chief of Security, Pentagon Chief Information Officer, OSD Network

Directorate:

“Social sites risk security clearance. If you hold a security clearance or if you ever want to apply for one, be mindful of your postings and contacts online, particularly on social networking sites such as Facebook and Twitter. These sites pose risks to gaining and keeping a security clearance. Question 14 of the National Agency Questionnaire (SF-86) asks for names of your relatives and associates. The term associate is defined as any foreign national that you or your spouse are bound by affection, obligation, or close and continuing contact.


Do’s and Don’ts of Social Networking


“Do’s”

Do: Remember Computer SecurityDo not be an easy target for computer crimes

Hacking Theft Planted code vs. Antivirus software Firewalls Strong Passwords Permission Settings


“Do’s”

Do: Verify All Friend RequestsSocial engineering starts with a friend request

Bad people can get data from:Free people search enginesOther SNS’sYour posts/profileYour friends posts/profile

Do Not Trust Who You Cannot See


“Do’s”

Do: Utilize All Available Privacy Settings

Customize available settings to be as secure as possible

“Everyone” may be accessed by anyone with access to the internet

How many security settings are available on Facebook?

Over 120


“Do’s”

Do: Watch Your Friends SettingsSure your profile is secure, but what about

your 115 friends profile settings?


Be Discrete

Consider the information you make available What is your digital foot print? What are your friends & family putting out?

“Do’s”


“Do’s”

Do: Closely Monitor Your Children’s Web Use

Cyber-bullying Kidnapping “Sexting” “Sextortion” Stalking Pedophiles

500,000+ registered sex Offenders in the USA 95,000 registered sex offenders profiles on Social Media


“Do’s”

Do: Verify Links & Files Before ExecutingLinks and Downloads and Spam Oh My!

Phishing scams Malicious coding Viruses Scareware Spam

Verify before executing!


“Do’s”

Do: Be an Informed User of a SNS

How much personal information do you broadcast? Are you very careful about what details you post? Do you understand data aggregation issues? Are you willing to find and learn all the security settings and

keep up with them as they change?

Are you willing to accept the risk?

http://images.google.com/imgres?imgurl=http://www.servitokss.com/wp-content/uploads/2009/07/man_question_mark.jpg&imgrefurl=http://www.servitokss.com/question-marks/&usg=__OYXhgEceQbIE0NhqDgtdAxnhbus=&h=359&w=286&sz=11&hl=en&start=24&itbs=1&tbnid=RtcmX_DtJpu3_M:&tbnh=121&tbnw=96&prev=/images?q=question+mark&gbv=2&ndsp=20&hl=en&sa=N&start=20


“Do’s”

Do: Assume the Internet is FOREVER

There is no true delete on the internet WWW means World Wide Web Every Picture Every Post Every Detail


“Don’ts”

Don’t: Depend on SNS’s Security SettingsBut it’s set to private … right?

Hackers Incorrect or incomplete settings Sale of data Upgrades / site changes “Risks inherent in sharing information” “USE AT YOUR OWN RISK. We do not guarantee that only

authorized persons will view your information.”


“Don’ts”

Don’t: Discuss Details

Never post anything you would not tell directly to a bad guy

Never post private or personal information

Assume the information you sharewill be made public

If It Has To Be Protected, Protect It


Questions?

Contact the NOST for assistance or any of the following: Computer-based training FRG/Ombudsman support OPSEC & other tailored briefs Videos , posters, brochures & fliers OPSEC Reminder Cards Two-day Navy OPSEC Officer course General OPSEC support Other Resources Naval OPSEC Support Team

[email protected]


Naval OPSEC Support Team (NOST)Naval Information Operations Command (NIOC)

(757) 417-7100 [email protected]

www.facebook.com/NavalOPSECwww.twitter.com/NavalOPSEC

www.slideshare.net/NavalOPSECwww.youtube.com/USNOPSEC

OPSEC

Documents

OPSEC & Social Media dd mmm yy Overall Classification of this Briefing is UNCLASSIFIED//FOUO FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH