Comments on: Please Burglarize My House: Personal OPSEC and Social Broadcasting

By: Ginger

Ginger — Tue, 16 Jun 2009 22:20:53 +0000

For those of us deep in the OPSEC world, we know inherently not to post personal information on social media sites. Common sense and logic would prevail, one would think, to the average Joe internet user (uh, average Joe Manna…or average Joanne Ravie… user too?). As the old adage goes, one comment or statement alone may say or mean nothing, but when pieced together with other information from differing social sites one can come up with enough pieces of a puzzle to obtain personal information about a person. I agree with all that is mentioned in Mr. Manna’s comment, however, do have to disagree with the comment made that “The mainstream media is looking for any ways to marginalize or scare people in the world of transparency and personal broadcasting.” If articles such as the one presented here/other sites were not posted those with a false sense of safety/security may think posting certain info is harmless. Or worse, not think about what they post in the first place. I have a hard time understanding why people post 1) when they are out of town, 2) pictures of their kids and where they live, 3) venting about anything and nothing, and so on. Not to mention what may seem fun to post today (i.e., college kids posting sexy party videos/images) may not be such a good idea if a future employer uses social sites to screen the types of candidates for jobs at the company. It’s a great networking tool, marketing tool for business, communication and research tool, just be smart about what you post. That’s all this article is saying and meaning, not that one should not use social media.
Then there are the companies that thrive and survive on people utilizing social media, otherwise their business becomes non-existent. Even some encourage their employees to blog, Tweet, and connect as much as possible through social media. Some people spend all day in social media, it’s their life and their passion. Right? Even a VP at a certain company admits she does not post on social media sites enough, and that everyone should set time in a given day to do so. That is for your business to thrive or die. So with your company (above) and in your example, Joe, it’s about where you connect with your customers, social media and its mere existence is extremely important for your company to survive. We also know that you like burgers from social media (Zebulon, In-n-Out Burger animal style), and the car you were driven home in the hospital was a CDV. But for those other average Joe’s, they may not be ‘thinking OPSEC” and post very personal information about family, pictures of kids (which pedafiles love to see), and so on. Whether a person utilizes social media sites for business or fun, much can be obtained and pulled together like a puzzle to reveal info about a person. Just be smart about it, that’s all.

By: joelogon

joelogon — Wed, 10 Jun 2009 18:14:41 +0000

Thanks for the replies, folks.

Nik — as we've seen, offer people a keychain or a free pen and they'll give away almost any info.

Keith — Good observation; I companies (well, some of them) have been more aware of Opsec issues ever since the issue of industrial espionage started growing, post-Cold War.

Joe — Agree and disagree; it's like the difference between tape-trading and file-sharing — you can case so many more places over the Web, get better intelligence, and do it mostly anonymously, with little effort and zero risk. While this particular case I would guess is not related to social media, if I were a savvy burglar, these techniques would be on my list.

By: Joseph Manna

Joseph Manna — Tue, 09 Jun 2009 17:38:36 +0000

The mainstream media is looking for any ways to marginalize or scare people in the world of transparency and personal broadcasting. I believe everything is a calculated risk in the world of security. Even the best combinations of security are vulnerable because of one factor: humanity. More succinctly, social engineering.

A lot of the coverage has been revolving on the responsibility of social networks and the issues around privacy. In the world of journalism, snark pays the bills, and thus a great debate around the personal responsibility in maintaining safety comes up. Social media is more than marketing, more than broadcasting and more than risk. It's just communication.

What's one of the best ways to determine if a house is empty? Knock on it. Perhaps hold a box, and wear a pair of brown shorts and a brown jacket and people will assume you are delivering them a package. If someone answers, just say it was the wrong house and keep moving along. If no one answers, and after a number of repeated attempts, then you just scored the next place to burgle.

Now, is that simple social engineering "hack" being discussed? No. The media is so bent on scaring (and not wisely educating) their viewers away from the social medium, they lose the ability to remain objective and perhaps advocate for safety and tips for their audience.

That said, I do think twice before announcing when my fortress is insecure. I aim to be ambiguous and only share my GPS coordinates to trusted contacts (via Brightkite). Yahoo's Fire Eagle project was a great example of warning and advising users of privacy concerns in social media. To me, the project failed because the fear overpowered the benefits, but that's just conjecture at this point.

I think people are still cautious in social media. It's a good idea that failures happen and are reported [fairly] so people can manage their social media activities just like any other means of communication. Glad to see no one was hurt.

~Joe