Social Media use by security cleared professional creates obvious risks that are mostly well managed by the thousands of professionals who use it day in and day out. And we are thrilled that you do so. Twitter gives national security and international relations geeks unbelievable access to great minds and inside players across the globe. However, there are a number of not-so-obvious dangers lurking just out of sight to most people. They dutifully avoid releasing personally identifiable and classified information but their networks, communication style, and other subtle factors can paint a robust profile when viewed by a careful observer. I recently discussed this with former Mossad officer Michael Ross and it is our hope that this discussion will prompt many of you to look at your networks and communication patterns through a different lens.
John Little: There were online communities when you were active but I assume they weren’t pervasive enough to require much thought except in very specific cases. Now virtually everyone in the developed world, and many beyond, has a social presence online. Have you thought much about the impact that social media is having on intelligence? The upside from a mass collection / data mining perspective is pretty obvious but it is also presents intelligence professionals with a unique operating environment in its own right doesn’t it?
Michael Ross: Social media and the possibilities for open source intelligence collection have expanded exponentially with the advent of all the various social media platforms available online. It also opens up a whole world of operational cover and networking possibilities that in the past involved a lot of leg-work when I was in harness.
Social media has both strong offensive and defensive elements in its makeup. For a “poacher” like myself, I can mine a considerable amount of data on a potential target for recruitment (including vulnerabilities or avenues for exploitation) long before I even come into any contact with the target. For my “gamekeeper” colleagues in the counterintelligence realm, it offers a number of possibilities in determining potential for attack and what the “poachers” are targeting.
Social media and the internet are a double-edged sword also because they are open to abuse by outfits like Stratfor that sell jargon, open-source information, and fabrication as a finished intelligence product for corporate and government consumers. The other edge of the sword is that people like myself and others can access social media and set the record straight.
The most interesting aspect for me however, is that I can interface with someone in say, Beirut and find out in real time what’s happening in the southern suburbs of that city while I sit at my table Laphroaig at elbow. Now that’s social media.
John Little: Let’s talk about the threat this poses in places like the U.S. where social media is ubiquitous. You recently tweeted “Okay, I’m a “former” member of FIS (foreign intelligence service), but I could have a field day collecting without leaving the comfort of my rainswept Vancouver residence.” and this really resonated with me because the same techniques I use to build my network for Blogs of War are also open to exploitation by hostile forces. I love the fact that I can build networks of subject matter experts but I find it troubling that so many of them are obviously attempting to keep a low profile while unknowingly revealing so much about themselves. You can learn a lot about someone through their social networks (who they follow, who follows them, who they retweet, and chat with) even if they assume that their identity is obscured. Twitter is ripe for exploitation isn’t it?
Michael Ross: Obviously my statement about the ability to use social media and the internet as a collection tool was in large part due to what Joshua Foust aptly termed, “L’affaire Petraeus”. First of all I was struck by attempts in certain quarters on social media to render the issue “out of bounds” through moralizing pseudo concern for Petraeus’ apparently dissolving marriage. Social media is just that; all the pleasant and unpleasant characteristics of human interaction and to suddenly think it should be immune to gossip or a forum only for the high-minded and moral is both naive and absurd.
A really excellent example of using Twitter and Facebook to collect important information, was Avi Mayer of the Jewish Agency for Israel recently outing Greta Berlin, the founder of the Free Gaza Movement, for tweeting that Zionists were responsible for the Nazi Holocaust and then trying to erase her electronic footprints. This is but one example of how social media can be a powerful collection and dissemination tool and why it should never be under-estimated.
For a foreign intelligence service seeking specific HUMINT targets to exploit, social media offers a plethora of opportunities for collectors to initially spot and assess targets for recruitment and this is all done in a passive context without even initiating any direct contact with the target. Whether it’s acknowledged or not, collection activity through social media is a form of HUMINT. With little effort, I can obtain photos, addresses, occupations, telephone numbers, workplace addresses, friends, associations etc., etc. all from the comfort of home. I could probably identify in my twitter feed at least a score of people whom I believe to have some form of security clearance and/or access to classified information of high value. How I choose to develop that relationship (which I do not by the way!) for potential recruitment and handling is made easier by having had access to so much readily available information through the simple construct of social interaction. This is also very much a two way street; for counter-intelligence people (CI), this also provides them with information on what I as a collector am interested in targeting. I know on one occasion for certain that I was having my own tires kicked by a representative of a country that is semi-hostile to Israel and U.S. (and I have to say, the approach was far more subtle than I would have thought given the country in question).
What is your Twitter feed or Facebook page if not a network? In the old days of spying it used to take years to develop networks that can be cobbled together in a very short time. I returned to Twitter about three weeks to a month ago and I have approximately 700 people from all kinds of backgrounds following me; law-enforcement, special operations, intelligence, military, academia, private sector, journalism that I now have immediate access to on an almost 24/7 basis.
I’m on record as stating that the U.S. is too liberal in providing security clearances. 854,000 plus employees now hold top-secret security clearances, an example of the astonishing growth in the intelligence bureaucracy since 2001. In my liaison capacity with the CIA, a case officer from the Tel Aviv station appeared at a meeting with a contractor from Lockheed-Martin in tow. Seeing my look of astonishment, my CIA colleague explained that he had a top secret clearance. I replied to my colleague, “not with us he doesn’t” and cut the meeting short. This is the core of the problem; too many clearances, improper compartmentation, and too much reliance on self-regulation. Security, like an unprotected coastline, is subject to erosion.
John Little: So we know this is a mess because we both parse this information on a hourly basis as we’re building our networks of subject matter experts. I am always looking at new accounts with a critical eye because I’m looking to track the most knowledgeable people possible. Are they really a SEAL? Really former Mossad (no offense Michael)? Are they who they say they are or are they someone interesting despite their low profile? There are those who appropriately obscure every piece of personal identification but their lingo, quality of their feed, and network says volumes about their role or access. I track hundreds of low-profile accounts like that and they’re some of my best sources of information.
Not using your real name and photo is not enough. I can Google your Twitter ID and potentially track it back to other social networks or forums where you might have revealed even more personal information. And who you choose to follow can reveal much about you. Are the first few people people you followed family members? Fellow employees? Professional contacts? You may have kept your personal information under wraps but have they? Beyond that there’s the simple back and forth conversations, inside jokes, and retweets that may be incredibly revealing to a careful observer.
The techniques I describe here require no resources, special tools, or technical knowledge. We’re just scratching the surface but a hostile organization is likely using applications similar to Maltego (http://paterva.com/web6/) or much more powerful proprietary tools that can take this network mapping to a completely different level. Is there any hope that countries with enormous security and intelligence infrastructures will be able to get their hands around this problem or is it just a losing battle?
Michael Ross: It is a losing battle insomuch as people with security clearances or access to sensitive material are entrusted with self-regulation. Some of this demographic will be vigilant and careful not to make themselves vulnerable to attack and others will forget that the internet is a very unsafe environment for those wishing to keep secrets. Some of the people who follow me on Twitter are particularly careful to obscure their footprint; but then that only makes me curious as to why they are being so careful in the first place. If the object of social media is to engage in some form of interaction with other like-minded persons on the internet, then why go to all the trouble to “hide in plain sight”? You have no photo, profile or location, a locked account, no followers and you’re following several hundred or even thousand accounts of a national security bent. That in itself is interesting and raises antennae.
When I was in training and we were required to collect intelligence on a person, place or thing, the first place we always started with was open source material. My instructor likened it to trying to meet a girl you are really interested in. You don’t just walk up to someone you don’t know and start asking them personal questions. You ask around first. Is she single?; what’s she like?; who are her friends?; What do you have in common?; etc., etc. Likewise with a nuclear installation in Iran; you don’t just fly to Iran and start taking pictures outside the location because you’d soon find yourself in the fingernail factory for a few days followed by hanging from a crane shortly thereafter. You see what’s available through open sources first and that’s not just the nuclear site itself but cover points nearby that could facilitate a visit to the area and explain your presence to the environment without raising suspicion. It is also a superb device for building cover. There is so much collection that can be done before even considering getting on a plane. The real intelligence however, is not on the internet. For all it’s possibilities open source intelligence (OSINT) does not even scratch the surface of what is collected via the myriad of platforms available to a top tier intelligence service. What social media and the internet do provide however, are the means to spot, assess, and develop possibilities that will provide an opening or means for these collection platforms to do their work. As a HUMINT case officer, I still have to sit face-to-face with my potential source and convince the poor soul to betray his or her country or ideology (often at great risk to themselves) but getting to that person has potentially been made so much easier thanks to social media and the internet.
Follow us on Twitter (If you dare): @blogsofwar and @mrossletters
