Social networking info leaks

Posted on 2010-07-25 07:40

Just a short note to my military friends. Doubtless you'll be hearing about this soon enough anyway, but just in case you do not: Tom Ryan is due to present a talk at the upcoming Black Hat Conference in Las Vegas about the dangers of revealing too much information on social networking sites. According to reports on computerworld, FOXNews, and Armed with Science [dod.mil], Ryan ran an experiment to see how much sensitive information he could glean through social networking. He created the ficticious persona of "Robin Sage", a good-looking twenty-something, hacker grad from MIT who claimed to be an intern at Naval Network Command. In the month Ryan ran the experiment he was able to build a considerable number of social networking connections on Facebook, Twitter, and LinkedIn with active duty military personnel and officials and through these connections was able to glean military intelligence. The simplest and most obviously dangerous example of leaked information should be of immediate concern to military folks:

For example, one of Robin’s soldier friends posted a photo of his unit on surveillance duties at a mountain outpost in Afghanistan. That inadvertently exposed their location, because the photo contained GeoIP data from the camera.