The FBI has issued a new warning for police officers in the US to limit their public exposure on social media sites, citing the threat of hacktivists who may target them and their families.
As violent protests and looting unfolded in Baltimore on Monday, it seems likely that the FBI’s warning was in anticipation of a potential backlash against law enforcement due to protesters’ confrontations with police.
The FBI’s public service announcement advises officers to “turn on privacy settings” on all social media accounts, and remove any public images showing them in uniform where name tags or the names of their police department are visible.
Although the blanket warning, published 21 April by the agency’s Internet Crime Complaint Center (IC3), didn’t name a specific threat, it came a few days after an event that would precipitate the violence in Baltimore and rising anti-police sentiment there – the death of Freddy Grey, a 25-year-old black man who died of spinal cord injury on 19 April while he was in the custody of Baltimore police.
Yesterday, tensions in Baltimore turned into rioting after Grey’s funeral, and the city erupted in violence, leading Maryland Gov. Larry Hogan to declare a state of emergency and order in members of the National Guard and state police to assist in maintaining order.
The situation in Baltimore feels like a continuation of what happened last August in Ferguson, Missouri, where street conflicts between protesters and heavily armed police lasted for weeks after a white police officer shot and killed an unarmed 19-year-old black man named Michael Brown.
In its most recent warning, the FBI did not name the hacktivist collective Anonymous as the source of the threat – but a similar warning issued by the FBI last August pointed at Anonymous for inciting attacks against Missouri police.
Prior to police identifying the Ferguson officer involved in the shooting of Michael Brown, hackers using the Twitter account name @TheAnonMessage threatened to find the officer responsible and publicize his address and photo and troves of his personal information.
What happened next was a horrifying example of what can go wrong when hacktivists make such threats – Anonymous incorrectly named Bryan Willman, a police dispatcher who was not even a member of the Ferguson police force, as the shooter, posting his photo and other information taken from his Facebook account.
Willman received hundreds of death threats and stayed inside his home for six days, fearing for his life and the lives of his family members.
In an interview with The New Yorker, Willman explained that he had changed his first name on his Facebook account to “Scooby,” upon the advisement of the FBI for police officers to conceal their identities online as much as possible.
Anonymous members used public information to compile a list of names of Ferguson police officers, and began digging up their social media accounts.
Apparently, seeing Willman change his name to Scooby, Anonymous decided it was a sign of his guilt.
This kind of cyberattack, which could come in the form of publishing troves of personal information online, known as doxing, is an invitation to harass, threaten or commit violence against the victims.
In its newest warning to police officers, the FBI said “recent activity” indicated the threat of cyberattacks on police, public officials, and their families, including doxing:
Recent activity suggests family members of law enforcement personnel and public officials are also at risk for cyberattacks and doxing activity. Targeted information may include personally identifiable information and public information and pictures from social media websites.
Although hacktivists such as Anonymous don’t need sophisticated skills to carry out attacks, there are adequate defenses for protecting your social media accounts and computers from many of them.
Among the FBI’s recommendations are useful pieces of security advice for everyone, regardless of whether you think you might be a target:
- Be aware of the security and privacy settings on accounts such as your Facebook
- Routinely update computers, devices and software with the latest security fixes
- Use an anti-virus
- Pay close attention to links and attachments in email messages
- Add protection to your email, social media and online bank accounts using two-factor authentication
- Choose unique, strong passwords for each of your accounts and change your passwords regularly
Finally, remember that anything you post on social media such as photos and comments might be used against you – and once it’s online, you can’t take it back.