On 12 February, NATO’s Strategic Communication Centre in Riga published a collection of research papers „Responding to the Challenges of Cognitive Security“, which includes five analyzes of information security and social media affecting it, data collection, human profiling, technical intelligence processing, etc.
The first study, „ The current digital arena and its risks to serving military personnel“, focuses on the data left by people in social media environments, their use and their ability to influence defence processes. In the introductory section, the number and content of social media data and their use for predicting human behaviour, political preference, sexual orientation and the like are described on the basis of public practice (Cambridge Analytica).
The second part of the analysis describes an experiment on how such data was used for hostile purposes in a military exercise.
The NATO Center of Strategic Communication established a team of experts to gather as much information as possible from public sources about the participants in the exercise and using it to try to influence the exercise. The preparatory phase of the experiment lasted for four weeks, during which an action plan was prepared, the information environment was analyzed, social media accounts needed for data collection were created and messages for manipulating the participants of the exercise were developed.
The experiment was conducted in Facebook, Instagram and Twitter environments as well as establishing and using cover identities, entrapping websites, and social engineering. Data collection was introduced through social media friends, search engines and public databases.
The participants of the experiment were able to discover the identities of the participants of the exercise, the membership of their particular units, exact information about the active phase of the exercise and much more.
It turned out that when using media it was possible to gather a very detailed overview of the exercise as well as of the participants and to use methods of social engineering to increase the level of detail. It was apparent that among the members of the Defence Forces the information-sharing channel Instagram was popular, through which it was possible to obtain up-to-date information on the exercises. Facebook proved to be important in identifying relationships between people. The use of Twitter was low and failed to collect information.
Although social media channels closed many entrapment sites and cover accounts, gathering information was still successful. This was helped by a number of drawbacks in their own privacy settings, such as disclosing information of an employer to a third party by showing it in the profile or a function that suggests friends that you might know.
The analysis concludes with a number of suggestions for using social media as well as for improving the functionality of environments. However, the main emphasis in the conclusions was on monitoring the information environment and introducing countermeasures to limit the spread of exercise information.
Photo: U.S. Army Cadet Command (ROTC)/Flickr/CC