NATO’s Strategic Communications Centre of Excellence (StratCom) released a study into the use of bogus social media accounts to help identify vulnerabilities among military members. The findings aimed to provide a better understanding of the cyber risks troops face in day-to-day operations.
Researchers exploited Facebook, Instagram, Twitter, and other avenues of open source data to rack up useful information on military personnel. They used several techniques: honeypot pages, impersonation, social engineering, among other methods, to spot information for influence activities.
Throughout the study, researchers focused on answering the following key questions.
“What can we find out about a military exercise just from open source data? What can we find out about the participants from open source data? And, can we use all this data to influence the participants’ behaviors against their given orders?”
Using open source data, a lot of information can be identified, including social networking profiles and other websites, that may be used to influence military personnel, stated a contributor of the study, in a Wired report.
“We managed to find quite a lot of data on individual people, which would include sensitive information, like a serviceman having a wife and also being on dating apps.”
“We have seen some hybrid warfare tactics used against NATO troops in the eastern part of our Alliance, including disinformation, false allegations of criminal activity, and attempts to hack or intimidate our soldiers on social media,” a NATO official reportedly told CNN.
“It is important that NATO Allies continue to train their troops to be vigilant, including online. At the same time, we are strengthening our cyber defenses and taking all necessary measures to protect our networks.”
Upon the study’s conclusion, StratCom says it had infiltrated up to 150 military personnel, including the location of battalions and troop movements, according to Sputnik News.
“We’re talking professional soldiers that are supposed to be very prepared. Every person has a button. For somebody there’s a financial issue, for somebody it’s a very appealing date, for somebody it’s a family thing. It’s varied, but everybody has a button. The point is, what’s openly available online is sufficient to know what that is.”
“We did this to test social media companies’ statements that they’re doing a lot to investigate and protect against malicious activity. We need to put more pressure on social media to address these vulnerabilities that can be used for the detriment of national security for individuals and for society as a whole,” the lead author of the study concluded.
The study, “Responding to Cognitive Security Challenges,” was published by the NATO Strategic Communications Centre of Excellence in Riga, Latvia.