RescueRanger
PDF THINK TANK: CONSULTANT
- Joined
- Sep 20, 2008
- Messages
- 16,370
- Reaction score
- 244
- Country
- Location
Okay guys I am leaving this as an advisory and warning. I have always warned posters not to share pictures, videos etc showing ranks, names, locations, posting, easily identifiable geographic landmarks of operational security personnel. But more and more I have been seeing selfie style photo's being posted on PDF where this fundamental rule is flouted.
I appreciate that some here may be serving military or have family/friends in the military they are proud of and want to share their details such as photo's in action etc, but please I would like to ask you to calm down and approach with caution.
This is a long post so if you don't value the safety and security of our armed forces and internal security establishment then feel free to skip it, however if you are risk-averse and want to know how to limit threats to operational and personal security then feel free to read on.
Prior to the mushrooming of social media and the selfie generation terrorists as part of the their planning and prep stage had to heavily rely on human intelligence, this normally included great exposure and the high likelihood of getting caught or being fed misinformation.
As technology has evolved so has the the TTP: Tactics, Techniques and procedures that terrorists deploy and use to obtain information about potential sources of information and remember that the weakest link in all security systems is always the human element.
It has been seen previously that elements internally and externally hostile to the safety and security of Pakistan are actively targeting serving and former members of the Pakistan armed forces and security establishment, the case of Gen (R) Alvi and Col (R) Habib Zahir are good case studies to read in your own time, although in the case of the late Gen. (R) Alvi most of the matters behind his death cannot be disclosed on a public forum anyway.
Okay so lets get to the basis, terrorists, external agencies, criminals, hackers, media and basically anyway can use open information to try and find information about their target or person of interest. This is called OSINT:
What is OSINT:
Open Source Intelligence(OSINT) refers to a collection of data from public sources to be used in an intelligence context, and this type of information is often missed by link crawling search engines such as Google. Also, as per the U.S. DoD, OSINT is “produced from publicly available information that is collected, exploited, and disseminated in a timely manner to an appropriate audience for addressing a specific intelligence requirement.”
OSINT information can and has compromised operations and risked the lives of many soldiers and innocent people throughout history, remember the saying "LOOSE LIPS SINK SHIPS".
Examples of OSINT terrorists and hostile elements may use:
(Serving Major's Linked In profile, advertises his history and courses including his current station when he did his Intelligence and Security course and previous command, all available for free just by going on LinkedIn).
Another example of a ex Pakistani army officer offering his skills at an International PSC website. Sanitized for obvious reasons!
What is OPSEC:
Today, keeping information safeguarded is known as OPSEC or Operational Security. This is an incredibly important task for military members, military families and friends. We never know who may be listening or trying to gain information about our military. For this reason, it is always important to make sure that information doesn’t fall into the wrong hands.
First and foremost, those who serve in the military should not be sharing sensitive information with others who are not in the military. It is important to realize that this may even include sharing pictures online. A seemingly innocent picture can actually provide a lot of information to the enemy including weapons systems and location.
Rank, Name, Corps/Unit insignia... Criminal Elements are always looking to find ways to bypass security, the Pakistani Army has tremendous respect in the eyes of the public and people will use this.
Acceptable photographs:
Terrorists and criminals such as ISIS have shown capability to use advanced OSINT tools such as SHODAN to obtain a full digital footprint of their target(s).
Example:
Say hello to Mr. Masood Shah AKA Lt. General Shah, a criminal land grabber who used to wear full military uniform and use a fake staff car to help land grabbers in Karachi.
If those in the military do not share information with family members or friends, it is much less likely that they will slip up and say something that could put the military member or his unit in danger. He should always be aware of what he is saying when he is sharing information about his day. This is particularly true when he is away training or when he is deployed on operations.
OPSEC generally covers several different scenarios that should never be discussed with those who are not on a need-to-know basis. This includes:
Please say a prayer for my brother's unit xxx. They are leaving tomorrow night to go on a mission in Dir. This is entirely too much information and puts the mission as well as his unit at risk.
PERSEC
And that brings us to PERSEC or Personal Security. This is protecting your personal information. While the military is not as strict on PERSEC as they are on OPSEC, it is still an important aspect of security.
PERSEC focuses on protecting information such as rank, your home address and information about your family. Generally, it is basic common sense that reminds you not to advertise that you are living alone or otherwise giving out personal information to others who you may not know.
Social Media Security tips:
Please help our security services by remembering OPSEC and PERSEC, sanatize things you post on the internet such as photo's and videos (this applies to content that has not been officially shared i.e. you or your family member took a photo or made a video), avoid talking about sensitive subjects in great detail, especially online and finally!
@waz @Horus @WebMaster @Jango @Major Sam
I appreciate that some here may be serving military or have family/friends in the military they are proud of and want to share their details such as photo's in action etc, but please I would like to ask you to calm down and approach with caution.
This is a long post so if you don't value the safety and security of our armed forces and internal security establishment then feel free to skip it, however if you are risk-averse and want to know how to limit threats to operational and personal security then feel free to read on.
Prior to the mushrooming of social media and the selfie generation terrorists as part of the their planning and prep stage had to heavily rely on human intelligence, this normally included great exposure and the high likelihood of getting caught or being fed misinformation.
As technology has evolved so has the the TTP: Tactics, Techniques and procedures that terrorists deploy and use to obtain information about potential sources of information and remember that the weakest link in all security systems is always the human element.
It has been seen previously that elements internally and externally hostile to the safety and security of Pakistan are actively targeting serving and former members of the Pakistan armed forces and security establishment, the case of Gen (R) Alvi and Col (R) Habib Zahir are good case studies to read in your own time, although in the case of the late Gen. (R) Alvi most of the matters behind his death cannot be disclosed on a public forum anyway.
Okay so lets get to the basis, terrorists, external agencies, criminals, hackers, media and basically anyway can use open information to try and find information about their target or person of interest. This is called OSINT:
What is OSINT:
Open Source Intelligence(OSINT) refers to a collection of data from public sources to be used in an intelligence context, and this type of information is often missed by link crawling search engines such as Google. Also, as per the U.S. DoD, OSINT is “produced from publicly available information that is collected, exploited, and disseminated in a timely manner to an appropriate audience for addressing a specific intelligence requirement.”
OSINT information can and has compromised operations and risked the lives of many soldiers and innocent people throughout history, remember the saying "LOOSE LIPS SINK SHIPS".
Examples of OSINT terrorists and hostile elements may use:
(Serving Major's Linked In profile, advertises his history and courses including his current station when he did his Intelligence and Security course and previous command, all available for free just by going on LinkedIn).
Another example of a ex Pakistani army officer offering his skills at an International PSC website. Sanitized for obvious reasons!
What is OPSEC:
Today, keeping information safeguarded is known as OPSEC or Operational Security. This is an incredibly important task for military members, military families and friends. We never know who may be listening or trying to gain information about our military. For this reason, it is always important to make sure that information doesn’t fall into the wrong hands.
First and foremost, those who serve in the military should not be sharing sensitive information with others who are not in the military. It is important to realize that this may even include sharing pictures online. A seemingly innocent picture can actually provide a lot of information to the enemy including weapons systems and location.
Rank, Name, Corps/Unit insignia... Criminal Elements are always looking to find ways to bypass security, the Pakistani Army has tremendous respect in the eyes of the public and people will use this.
Acceptable photographs:
Terrorists and criminals such as ISIS have shown capability to use advanced OSINT tools such as SHODAN to obtain a full digital footprint of their target(s).
Example:
Say hello to Mr. Masood Shah AKA Lt. General Shah, a criminal land grabber who used to wear full military uniform and use a fake staff car to help land grabbers in Karachi.
If those in the military do not share information with family members or friends, it is much less likely that they will slip up and say something that could put the military member or his unit in danger. He should always be aware of what he is saying when he is sharing information about his day. This is particularly true when he is away training or when he is deployed on operations.
OPSEC generally covers several different scenarios that should never be discussed with those who are not on a need-to-know basis. This includes:
- Deployment dates. This includes when troops are deploying on operations and when they are redeploying back home. In addition to leaving and returning from the deployment as a whole, this also includes when soldiers leave and return.
- Training. Information on where, how and why they train should not be shared. Information that appears benign to us may be just what the enemy needs.
- Numbers, equipment or other security information. Information about the number who are involved, the type of equipment or weapons systems they use or other sensitive information should never be shared.
- Troop movements. In addition to not sharing deployment dates, when they are on operation, it should also not be shared when they are leaving for a mission or changing locations.
Please say a prayer for my brother's unit xxx. They are leaving tomorrow night to go on a mission in Dir. This is entirely too much information and puts the mission as well as his unit at risk.
PERSEC
And that brings us to PERSEC or Personal Security. This is protecting your personal information. While the military is not as strict on PERSEC as they are on OPSEC, it is still an important aspect of security.
PERSEC focuses on protecting information such as rank, your home address and information about your family. Generally, it is basic common sense that reminds you not to advertise that you are living alone or otherwise giving out personal information to others who you may not know.
Social Media Security tips:
- Understand the privacy settings
- Delete passwords and search history
- Enable two step verification
- Don't add strangers
- Avoid checking in at a place event on Facebook
- Don't post full profile pictures
- If you are serving 'GOOGLE YOURSELF' see how large or small your digital footprint is and adjust accordingly.
Please help our security services by remembering OPSEC and PERSEC, sanatize things you post on the internet such as photo's and videos (this applies to content that has not been officially shared i.e. you or your family member took a photo or made a video), avoid talking about sensitive subjects in great detail, especially online and finally!
@waz @Horus @WebMaster @Jango @Major Sam
Last edited:
