Social Media — Geotagging poses security risks

FORT BENNING, Ga. — “Is a badge on Foursquare worth your life?”
The ques­tion was posed by Brit­tany Brown, social media man­ag­er of the Online and Social Media Divi­sion at the Office of the Chief of Pub­lic Affairs. It may sound out­landish, but in the age of social geo­t­ag­ging, it can be a real­i­ty.

Pho­tos from smart­phones are geo­t­agged even when the user is unaware. Smart­phone users can adjust their pri­va­cy set­tings to lim­it who can view their geo­t­agged locations.

There are a num­ber of loca­tion-based social media appli­ca­tions and plat­forms, includ­ing Foursquare, Gowal­la, SCVNGR, Shop­kick, Loopt and Whrrl, cur­rent­ly on the mar­ket. They use GPS fea­tures, typ­i­cal­ly in the user’s phone, to pub­lish the person’s loca­tion and offer rewards in the form of dis­counts, badges or points to encour­age fre­quent check-ins. 

Secu­ri­ty risks for the military: 

A deployed ser­vice member’s sit­u­a­tion­al aware­ness includes the world of social media. If a Sol­dier uploads a pho­to tak­en on his or her smart­phone to Face­book, they could broad­cast the exact loca­tion of their unit, said Steve War­ren, deputy G2 for the Maneu­ver Cen­ter of Excel­lence, or MCoE. 

“Today, in pret­ty much every sin­gle smart­phone, there is built-in GPS,” War­ren said. “For every pic­ture you take with that phone, it will auto­mat­i­cal­ly embed the lat­i­tude and lon­gi­tude with­in the photograph.” 

Some­one with the right soft­ware and the wrong moti­va­tion could down­load the pho­to and extract the coor­di­nates from the metadata. 

War­ren cit­ed a real-world exam­ple from 2007. When a new fleet of heli­copters arrived with an avi­a­tion unit at a base in Iraq, some Sol­diers took pic­tures on the flight­line, he said. From the pho­tos that were uploaded to the Inter­net, the ene­my was able to deter­mine the exact loca­tion of the heli­copters inside the com­pound and con­duct a mor­tar attack, destroy­ing four of the AH-64 Apaches. 

Staff Sgt. Dale Sweet­nam, of the Online and Social Media Divi­sion, said geo­t­ag­ging is of par­tic­u­lar con­cern for deployed Sol­diers and those in tran­sit to a mission. 

“Ide­al­ly, Sol­diers should always be aware of the dan­gers asso­ci­at­ed with geo­t­ag­ging regard­less of where they are,” he explained. 

Gen­er­al haz­ards for fam­i­ly members: 

While espe­cial­ly rel­e­vant for those in the mil­i­tary, cau­tions about geo­t­ag­ging extend to any­one who uses that feature. 

Face­book is in the process of rolling out Time­line, a new lay­out that includes a map tab of all the loca­tions a user has tagged. 

“Time­line presents some unique secu­ri­ty chal­lenges for users who tag loca­tion to posts,” Sweet­nam said. 

“Some of those indi­vid­u­als have hun­dreds of ‘friends’ they may nev­er have actu­al­ly met in per­son, he explained. “By look­ing at someone’s map tab on Face­book, you can see every­where they’ve tagged a loca­tion. You can see the restau­rants they fre­quent, the gym they go to every­day, even the street they live on if they’re tag­ging pho­tos of their home. Hon­est­ly, it’s pret­ty scary how much an acquain­tance that becomes a Face­book ‘friend’ can find out about your rou­tines and habits if you’re always tag­ging loca­tion to your posts.” 

Most of the appli­ca­tions let peo­ple lim­it who can see their check-ins to friends or friends of friends. 

“A good rule of thumb when using loca­tion-based social net­work­ing appli­ca­tions is do not become friends with some­one if you haven’t met them in per­son,” Sweet­nam said. “Make sure you’re care­ful about who you let into your social media circle.” 

Even if there is noth­ing clas­si­fied about an individual’s loca­tion, a series of loca­tions post­ed online over the course of a month can cre­ate a pat­tern that crim­i­nals can use. 

“We live in a dif­fer­ent world now,” War­ren said. 

“If some­one were going to get a hold of your phone, they could fig­ure out a lot about who you are. It’s like a bea­con that’s always out there com­mu­ni­cat­ing with tow­ers and plot­ting your moves on a com­put­er some­where. Lit­er­al­ly, if you don’t turn off that fea­ture on your phone peo­ple are going to be able to recre­ate your whole day.” 

Ways to stay safe: 

“In oper­a­tions secu­ri­ty, we talk about the adver­sary,” said Kent Grosshans, MCoE OPSEC offi­cer. “The adver­sary could be a hack­er, could be ter­ror­ists, could be crim­i­nals; some­one who has an intent to cause harm. The adver­sary picks up on pieces of infor­ma­tion to put the whole puz­zle together.” 

Grosshans sug­gests dis­abling the geo­t­ag­ging fea­ture on your phone and check­ing your secu­ri­ty set­tings to see who you’re shar­ing check-ins with. 

“If your husband’s deployed and you go ahead and start post­ing all these pic­tures that are geo­t­agged, now not only does an indi­vid­ual know your husband’s deployed and he’s not at home, but they know where your house is,” he said. 

Ulti­mate­ly, it’s about weigh­ing the risks. 

“Do you real­ly want every­one to know the exact loca­tion of your home or your children’s school?” Sweet­nam said. “Before adding a loca­tion to a pho­to, Sol­diers real­ly need to step back and ask them­selves, ‘Who real­ly needs to know this loca­tion information?’ ” 

Grosshans said it’s as impor­tant to Sol­diers as to fam­i­ly members. 

“Be con­scious of what infor­ma­tion you’re putting out there,” he said. “Don’t share infor­ma­tion with strangers. Once it’s out there, it’s out there. There’s no pulling it back.” 

U.S. Army 

Face­book and/or on Twit­ter

Team GlobDef

Seit 2001 ist im Internet unterwegs, um mit eigenen Analysen, interessanten Kooperationen und umfassenden Informationen für einen spannenden Überblick der Weltlage zu sorgen. war dabei die erste deutschsprachige Internetseite, die mit dem Schwerpunkt Sicherheitspolitik außerhalb von Hochschulen oder Instituten aufgetreten ist.

Alle Beiträge ansehen von Team GlobDef →