Sophos Cloud Optix
In 2007, a fleet of US Army helicopters flew into a base in Iraq. Soldiers took pictures on the flight and then uploaded them to the internet.
Based on the automatic geotagging applied to photos by almost every smartphone on the market, the enemy determined the exact location of the helicopters inside the compound and launched a mortar attack that destroyed four AH-64 Apaches.
With geotagging growing ubiquitous, soldiers are being asked to ponder this question: “Is a badge on Foursquare worth your life?”
The question was posed by Brittany Brown, social media manager of the Online and Social Media Division at the Office of the Chief of Public Affairs, and included in a release put out last week to warn soldiers of the security risks of geotagging.
Beyond smartphones’ built-in photo geotagging, location-based social media applications and platforms are rife: Foursquare, Gowalla, SCVNGR, Shopkick, Loopt and Whrrl are examples of GPS-enabled technology that are typically found in phones and that publish users’ location in exchange for rewards such as discounts, badges or points to encourage frequent check-ins.
And Steve Warren, deputy G2 for the Maneuver Center of Excellence, or MCoE, pointed out that uploading smartphone pictures to Facebook is another example of how a service member can inadvertently broadcast the exact location of their unit.
As reported by the BBC, the British Army has banned the use of mobile phones in operational zones such as Afghanistan and cautions soldiers against taking pictures on smartphones under any circumstances.
But the US Army also warned against anyone using geotagging, not just soldiers, saying it really does expose anyone who uses it.
One example is Facebook’s new Timeline feature, which includes a map tab of all the locations a user has tagged. Such a wealth of information, freely available to anybody tagged as a “friend” on Facebook, basically represents a Dummies Guide to Stalking.
Here’s how the risks of Timeline were described by Staff Sgt. Dale Sweetnam, of the Online and Social Media Division:
Some [Facebook users] have hundreds of "friends" they may never have actually met in person. By looking at someone's map tab on Facebook, you can see everywhere they've tagged a location. You can see the restaurants they frequent, the gym they go to everyday, even the street they live on if they're tagging photos of their home. Honestly, it's pretty scary how much an acquaintance that becomes a Facebook "friend" can find out about your routines and habits if you're always tagging location to your posts.
Bear in mind that most geotagging-enabled applications allow users to limit who can see their check-ins to friends or friends of friends. That’s a security feature that’s wise to take advantage of.
Here are the Army’s rules of thumb for both enlisted personnel and for civilians when it comes to staying geo-safe:
- Don’t friend someone if you haven’t met them in person. “Make sure you’re careful about who you let into your social media circle,” Sweetnam said.
- Even if there’s nothing classified about an individual’s location, a series of locations posted online over the course of a month can create a pattern that criminals can use.
- Disable the geotagging feature on your phone.
- Check your security settings to see who you’re sharing check-ins with. MCoE OPSEC officer Kent Grosshans noted that if somebody knows that your spouse is deployed, for example, they’ll also know that 1) your spouse isn’t home and 2) where your house is.
As Officer Grosshans noted, the same applies to safety for children. Do you really want the entire world to know where your child goes to school?
His advice:
Be conscious of what information you're putting out there. Don't share information with strangers. Once it's out there, it's out there. There's no pulling it back.
Phone on map image, courtesy of Shutterstock
Sorry but this is a case of the Army blaming some private rather than seeing the risk of having hundreds of Third Country Nationals (TCNs) collecting intelligence on base. Cracking a phone is not a easy process and finding a single phone of one person is hard. Paying some random TCN for data about where the helicopters are parked is simple and easy. This isn't a security matter, it is the Army doing what it does best, not understanding what the problem is. Want to know where those helicopters were? They were in the same place as the last rotation of helicopters for the last four years were.
Giving the enemy military information is treason. If our troops are not smart enough to properly handle current technology then cell phones should be banned from active military personnel. I know that sounds draconian but when you join the military you voluntarily give up many rights you took for granted when you were not enlisted. Along with the 4 destroyed helicopters, how many troops were injured or killed in the mortar attack?
Yes, I am one of those stoneage people that do not use Facebook. Would not "touch it with a 100 foot pole." I also have an ordinary cell phone for talk only. My exposure with that is still more than I would like but at least it does not geo-tag. Most of the time I keep it off too, turning it on only when I want to make a call. Am I a little paranoid? Probably somewhat I must admit.
The problem is with people thinking that everything is "private".
Also people don't know what security is, majority of people who use technology
are still afraid to Google something and try to fix it themselves. They'll throw it to
the wayside and buy a new one if they can. We still act like personal computers
are a new thing, like if we press the wrong key at the wrong moment our computer
is going to blow up or something.
"As Officer Grosshans noted, the same applies to safety for children. Do you really want the entire world to know where your child goes to school? " Don't most children go to a school? I'm sure they are not secret locations, and are usually well signposted places!!!!
Easy answer is don't have 'false friends' on fb, only add those that you know and trust, and only share information with those you know and trust.
Excellent Advice Thank you Joanne , also my moms name , Thank you for this reminder !!!<3
Geotagging sounds like a cool idea, but to me the risks just aren’t worth it. Particularly if the info gets shared with people you don’t really know or haven’t met. In my mind, it’s kind of like walking down a dark alley in the middle if the night. Maybe most in most cases everything turns out fine, but that doesn’t make it a wise move.
I have been surprised to see how many people put their information on those Google maps without even thinking twice about it. I mean, I admit, I don't know everyone on my "friends list" do you ? People just feel much too safe for my taste.
Hope I don't get mortared because I put up some old Army photos from my home.
Wankers
And it only took about 5 years to figure this one out?
All your data are belong to me!!!
Revenge of the Furbies!
This is a ridiculous article. An a Marine with 10 years in the infantry this is impossible. The cell phone networks in Afghanistan/Iraq would not be able to support the data to upload photos. In addition there are no wireless networks near the flight line. Even if the uploaded them later on a base internet cafe the grids would be far from accurate.
Obviously no one here understands how indirect fire (mortars, artillery) works.
There are not enough cell phone towers in Afghanistan to give a grid location accurate enough to call a mortar strike. For those who have actually used geo-tagging it is the same as when you "check-in" at the McDonald's, but your map shows your pinpoint at the Starbuck's across the street because you have poor service.
Let's pretend that the enemy did get an accurate location off of Facebook etc. They would still have to convert the location to something useful like latitude/longitude or an MGRS grid coordinate. Then they would have to compute the distance, direction, and elevation of the target in relation to themselves. This requires skills that the enemy does not have. Particularly the Taliban in Afghanistan.
Finally I have to say that if the enemy wants to mortar us they're going to do it whether you use a cell phone or not. We live in large bases that stand out in the barren landscape. The enemy uses direct sight/direct alignment; he has to see his target. An enemy could observe our base, crawl down the backside of a hill, and then lob mortars at us. In the story above he probably saw the 4 helicopters land every day in the same spot.
We have ways to prevent this using force protection. Observation and security patrols. Drones etc. I'm going to keep uploading photos and keep my family updated while I can. I'll keep killing them until they stop coming. Maybe I'll geo-tag their grave site.
actually sean, you are wrong on a few things. 1)In Afghani, they may not have phone towers but it is not need for geotagging. geotagging uses satalite (gps)and not phone towers. Therefore, well…… there's your answer.
true…. and when you take a picture with geotagging those gps coordinates are embbeded in the file itself. And then with some free software readily available on the internet you can get that info and use it as you please…. whether to mortar or spy on your girlfriend.
“Here are the Army’s rules of thumb for both enlisted personnel and for civilians when it comes to staying geo-safe”
Excuse me . . . are there no officers and warrants in today’s military?
Or perhaps it’s embarrassing to admit that in today’s military, the enlisted force is as well educated, if not many times more so, that the officer force? Not to mention equally responsible, often more tech- educated?
Just wondering . . . if maybe the military is overlooking a source of many security issues.