Data/Cyber/Cloud Security, Privacy, Website Security, Data Encryption, Malware/Viruses, Open Source Intelligence, Cyber Defence, Data Breaches, Travel Reviews & Photos
MoD: "MoD helpline how may I help you?"
Foreign state: "I was wondering if you could help me?" MoD: "Yes?"
Foreign state: "We are doing some research and were wondering if you would email us a list of all employees in the army, air force and navy?"

The likely answer from the MoD would be a polite "Clear off". This may sound daft and, in reality, it would never happen. But such information could be obtained by a 'foreign state' by hacking into the servers of the MoD; it would not be easy and there is always the risk of being traced.

So why hack or use risky intelligence tactics when most of the data is out there already? The internet and social media, mainly Facebook and LinkedIn, are goldmines of information.

With the right skill set, time, patience and resources a lot of intelligence on the military, government, private individuals and businesses can be found through search engines and social media such as Twitter, Facebook and LinkedIn.

During the Cold War foreign intelligence agencies would use specialized, complex and illegal methods of gathering intelligence, mainly through undercover agents, radio bugs, phone taps and the use of bribes. Today such intelligence can be gathered legally online.

China has the largest, active, military personnel in the world, estimated at roughly 2.2 million. The United States has roughly 1.4 million personnel yet a defense budget of roughly five times that of China (US $549.1 and China $100 billion).

The United States may have 800,000 fewer troops but its equipment, training and technology is far superior to that of China. China’s technology may be less sophisticated but its primary function today appears to be cyber warfare and cyber espionage.

“It is quite surprising how much can be found out from Facebook: past boyfriends, religious beliefs, political affiliation and membership information … and this is without even being a friend!” - Graeme Batsman

Communist, ex-communist and authoritarian governments around the world are likely to have entire divisions dedicated to intelligence gathering. In the recent past, large-scale hacking attempts have been traced back to one city in China which also happens to have a large defense academy. It is highly likely that foreign states have teams sifting through search engines and social media hunting for details on staff names, ranks, training background, past and present operations.

Just go on LinkedIn, which has a better privacy and security record than most social media websites, and you will find groups for just about anything. One such example is a LinkedIn group called Royal Marines Network which, in seconds, provides information on 1300 serving and ex-serving Royal Marine Commandos.

From an individual's LinkedIn profile it's possible to find out where they studied, their rank, past operations, recommendations, photos and information about colleagues. All of this could be of use to a foreign intelligence agency to create statistics of personnel numbers and how many troops are stationed at home or, for example, at an outpost in Afghanistan.

Intelligence agencies are not the only worry. In the past, British-based and foreign terrorist cell networks have been closed down for plotting to kidnap soldiers or poison military bases. Terrorists could easily create a list of targets and then research the individuals to find out their place of residence through everyday websites such as BT Directory Enquires.

“On one occasion I tried to report a data leakage to a multi-national company and the switchboard was not very accommodating. So instead I went on to LinkedIn, ran a few advanced searches, and had the entire list of their IT security response department … and this for a company with a turnover of 10+ billion.” - Graeme Batsman

Individuals, companies and serving military personnel need to think twice before posting even the most insignificant details…. even the smallest detail could provide information that could be exploited within the company. Information posted about staff patterns and recently acquired IT equipment could well be enough for a remote hacker to seek out and exploit vulnerabilities within a company's network and then use social engineering to extract information.

Cyber warfare is here to stay and is likely to become the battlefield of the future. Why fly stealth bombers to take out Iranian nuclear power plants when a virus such as Stuxnet could do it for a fraction of the price? It is much more difficult to trace a virus or to hack into a system than it is to spot a couple of fighter jets overhead.