Exploiting military OpSec through open-source vulnerabilities

With the ease of use and connectivity provided by social media, there has become a growing tension between military users´ personal needs and military operational security. Like everyone, military members post seemingly trivial information and pictures on sites such as Facebook, Twitter, or LinkedIn; all of which can be used, augmented, and aggregated by an adversary to determine the utility and feasibility of possible intelligence targets. In this work, we investigate the current state of DoD policy regarding social media. We then designed an automated approach to determine the amount of openly available information provided by U.S. military members through social media; analyzed it through content analysis; then applied machine learning techniques to learn as much from the provided data as possible. We then ranked the vulnerability of each individual found by the data provided with a simple scoring system; classifying them as least vulnerable, vulnerable, highly vulnerable. In all, we discovered 1100+ potential intelligence targets; hypothesized about potential scenarios in which this publicly available information could have negative consequences; and recommend actions that could mitigate this vulnerability.