MySpace, Facebook, more pose challenge

  • Published
  • By Nick DeCicco
  • 60th Air Mobility Wing Public Affairs
TRAVIS AFB, Calif. --  As even the need for the provisional Air Force Cyber Command demonstrates, the World Wide Web is a frontier which presents a fresh batch of security challenges. 

One difficulty is vulnerability through exposure -- social-engineering spots as well as sites featuring user-generated content can often reveal too much. 

MySpace, Facebook, YouTube, Flickr, Twitter and Livejournal are just a few of the sites which adversaries could scour for information. 

There are pros and cons for all of them. While MySpace or Facebook may help keep an Airman connected with his or her friends, it can also open that person up to myriad potential dangers, from identity theft to security risks. 

Capt. Daryl Myers, an operations security manager with 60th Air Mobility Wing Plans, said even a site created by spouses dedicated to showing love and support for their troops can have unintended consequences. 

"If you just use some common sense and go, 'Hey, you know, this is something that somebody who's not so nice could be some place at a certain time to do something,' perhaps you shouldn't be talking about it," he said. "Any of that kind of information, if you think about it, they could gather the means necessary to do something to make an impact. That's the kind of stuff you don't want to talk about." 

So where's the line? A good rule of thumb is not to put anything about oneself or family members as it relates to the Air Force, whether that's an Airman in uniform, a photo of a person on the job, or even blogging about tidbits of information including deployments. 

"Social engineering in the blogosphere is a huge, huge thing right now," said Cheryl Brown, OPSEC program manager and a reservist with the 349th AMW. "The adversary is very adept at going out in the blogosphere, building relationships with people out there and getting information." 

"But where some things can be innocent, others can be seeking you out for information."
Staff Sgt. Joshua Liebold, 60th Communications Squadron noncommissioned officer in charge of boundary protection, echoed these concerns. 

"If you're in the desert taking pictures of yourself posing next to the plane, that picture shows them what ordnance is on the plane, what type of plane, who that person is," he said. "It gives them probably a good view of the background of the plane, what kind of security's going on. It's a horrible, horrible security risk." 

"As far as people talking about themselves ... a foreign spy information gatherer could look at [your information] and say, 'OK, that might be something to look into. Let's be their friend on MySpace.' ... They mine you for information.' We don't want to ruin morale or anything, but it's for protection of information." 

Beyond large-scale concerns to the service, even posting one's age or pet's name on MySpace can open oneself to the risk of identity theft. 

"A lot of banking sites use that question, 'What's your favorite pet's name?' You have your favorite pet on MySpace as whatever, Lucy, whatever, and then you go in your bank, they can crack your password and they have access to your bank account," said Senior Airman Daniel Shopp, a boundary protection specialist with the 60th Communications Squadron. "You wouldn't want to put anything detrimental." 

When it comes to MySpace, Captain Myers said the easy answer is to make one's profile private. Sergeant Liebold suggested still putting as little information as necessary. 

"The only thing I have out there is my name -- not even my whole name," he said. "Nothing else. You don't want to put your age. You don't want to put where you live. You don't want to put anything that they could use." 

To curtail problems, Ms. Brown said Airmen arriving at Travis are briefed about what information they need to protect, as well as civilian employees. She added that the OPSEC message needs to be delivered to children at home, too, who are more more comfortable with the digital age of communication. 

She said that to people who say the OPSEC message is inconvenient, the point is to make one approach daily activities from a different perspective. 

"OPSEC really is a state of mind," she said. "It's just like when you leave home. You remember to lock the door. You know, you don't want to leave the door open. So with OPSEC, it's like I look at my e-mail, 'Is this something I really want to send unencrypted? Is this something I really want to talk about in the clear? Do I really wanna say this on my cell phone?' ... We really have to inculcate that into our thinking to understand what's going on with the way we do biz."