co-authored by Dr. Stephen Bryen, Chairman & CTO Ziklag Systems/FortressFone Technologies
You don't have to be brilliant to know that social media accounts are not private, even if you are told by their owners and operators that they are. Social sites, all of them, are easily hacked by outsiders, and even the companies that offer own them exploit them to make money. The monetization of privacy in the United States is highly advanced and represents a multibillion-dollar, unstoppable, business.
But people are starting to figure out that major danger is lurking.
For this reason, the French gendarmes and counter terrorism forces have been ordered to close any personal social media accounts they have and do so immediately.
You would have thought that America's Central Command, which focuses on the Middle East and plays a vital role in dealing with radical Islamic terrorism, would recognize social media risks and would have, long ago, taken security measures to protect sensitive information. But that did not happen. In fact, CENTCOM (as it is known) has been merrily running Twitter and YouTube sites without any care.
So now we know that ISIS hacked CENTCOM and published the names and addresses of top officials including four star generals, making the information generally available to any operational terror cells including some who may be embedded in the United States. U.S. Cyber Command is only the tip of the iceberg. ISIS could have got all the information and passed it to terror organizations without defacing the CENTCOM twitter account and other CENTCOM-sponsored sites. In this way, Central Command would not know that critical information about their top personnel was in the hands of a vicious Islamic terror organization. But ISIS wanted to get the propaganda value out of its hack, so they made a lot of noise. No one knows how long they have been mucking about in CENTCOM's operations.
The Pentagon says it was all a prank and is of no concern. With this mindset anyone hoping there was a chance that the Pentagon might try and fix a looming problem now knows better: they are the problem.
Is CENTCOM an exception? Hardly. Americans, despite countless articles pointing out obvious vulnerabilities in social networking and media sites, continue with their obsession to leak information that compromises personal and organizational security. It is a good bet that virtually every American military base, office, organization and unit is leaking away using Facebook, Twitter, LinkedIn, Pinterest and all the others. So too, are folks at Homeland Security, the State Department, FBI and on and on.
The truth is we do not know just how much sensitive information is in the hands of terrorists, but if we have learned anything watching al-Qaeda, ISIS, the Iranians, the Syrian Electronic Army and all their brethren is that they certainly know how to exploit social media and build powerful attack databases.
They have already used their computers and the lists they have generated and passed around on memory sticks to identify and kill their enemies in Iraq and Syria. It would be foolish to think they have confined themselves to the Middle East --indeed we know they have not.
In France the attacks on the Jewish community, for example, are not random. Names, addresses and other information was gathered by the terrorists from social media sources, especially Facebook. This exposed not only the targeted individuals, but also their families. Even the Charlie Hebdo attack was precisely targeted. The killers had the ID and photos of their victims well in advance.
For a long time the French government, trying to be politically correct in the French context, did almost nothing to protect its citizens from terrorists, especially its Jews.
Now, in the wake of Charlie Hebdo and Hyper Cacher, a Kosher supermarket in Paris, the French government has taken an about face (volte-face) and decided to try and protect synagogues and religious schools. To this end, the French government has assigned 10,000 soldiers. But soldiers can't protect someone in their home or walking down the street. In the last decade, Jews in France have been murdered, shot at, beaten up, raped and terrorized. How to protect exposed individuals, their families and friends?
The American situation is not much better. For years we have allowed terrorist organization free rein on the Internet, and have done little or nothing to stop them. The fact that ISIS can get away with launching cyber attacks tells you all you really need to know. Despite investing billions in so-called cyber security, and even creating a Pentagon unit ("Plan X") that is supposed to deal with the bad guys, everyone is still looking at their thumbs. US security policy is frozen, blindsided, hamstrung and inept. The Pentagon can't figure out which end us up, has not given direction to its millions of military and civilian employees, and has not engaged the enemy or tried to shut them down. Remember what happened in Boston.
Security comes down to protecting people, and if you can't do that your security system is faulty. A quick way to provide some modicum of protection is to purge social media of sensitive information that puts people directly at risk. The bigger job is to provide real aggressive leadership to take down the connections being exploited over the Internet by the Islamic terrorists. The Pentagon can do the job; they just need to be told to launch the effort.