Facebook Espionage: Why “What’s on Your Mind?” Isn’t Innocuous

“Information is the oxygen of the modern age. It seeps through the walls topped by barbed wire, it wafts across the electrified borders.” -Ronald Reagan

Social-networkFacebook, Twitter, Instagram, Foursquare, Pinterest, LinkedIn. The personal information available to the public about the general public is one thing, however, information available about those in national security positions—military personnel, government officials, other high-ranking persons with access, is a completely different situation and concern.

Twenty or thirty years ago building a comprehensive profile of someone of interest, their likes, age, name, address, contact information, was a job for Human Intelligence personnel  (HUMINT) and investigative experts. In an age when twenty-three of twenty-four major federal agencies are on Facebook (Marks, Nextgov) and nearly 700 million computer users and 250 million active smartphone Facebook users exist (howmanyarethere), public profiles become less social networking and more cyber espionage databanks.

State-Sponsored and Suspicious Security

Collating information mined from social networking sites is a profitable business for data brokers. Brokers create social communication databanks that paint a nuanced picture of a person’s personal and social profile to net coveted advertising dollars. In the same vein, state-sponsored spies and hackers can create virtual profiles of important figures with access, figures whose statuses, network of friends, pictures, and comments could supplement a standard intelligence or economic espionage dossier.

Facebook Statuses, Twitter updates, or any number of other seemingly innocuous musings, that relay either the timing, location, or the nature of a certain user are extremely revealing and continue to bear greater scrutiny by security and privacy experts. Often, devices with geo-location capabilities signal the area or city of a user on tagged posts or statuses. This operational security hole has become so prevalent that the US Army has released guides on how to protect against this sort of breach.

BlackhatThe operational security breaches are further intensified with Facebook’s “Timeline” option, where the actions of each user are organized down to the month that the action occurred. To this end, state-sponsored espionage efforts may result in clear pictures of organizational structures within businesses, associates of national security personnel, and ways to infiltrate or blackmail important users or networks.

The so-what point of the ability to develop profiles via social networks is layered within the context of other telling personal information that a state sponsored entity, general malefactor, or busy-body, may already know. For example, certain career or job fairs, require a stated level of security clearance to be out in the open, readily visible for those in attendance. Being able to connect a security clearance, regardless of the level, with other identifying personal information derived easily from social networks and network applications, from hobbies to network connections, to place of residence, puts that individual, their family and friends, their organization, contacts within that organization, and the entire affiliated mission at a level of risk. There is not a 100% probability of getting approached by hostile HUMINT operatives if the information is out, but this increases the possibility.

Security Not Applicable

The controversy surrounding Facebook’s privacy is not new, and Facebook has implemented numerous privacy measures to combat those weaknesses. However, the wave of for-pay and free applications that users send each other opens up new security holes for both Facebook users and their web of friends. These applications often ask for detailed information that would make for a telling personal profile of the user. Further, these applications not only ask for the requested users information, but also after allowed into that users network, are able to mine information from their friends’ profiles and friends of friends. While Facebook has many technical implementations in place to prevent direct information mining, these applications also allow a backdoor route for data gathering companies, like Google, to collect a user’s information.

Cyber Awareness

The dangers of social networking are ever-present for those who have information to secure. Social networking casts a large shadow and a wide net, one that can haunt irreparably, and now, has seemingly endless breaches: from the known fissures in smartphone security to third-party applications as hidden data-mines to the nature and location of statuses double-crossing their users.

Net security is being aware of what you put on the web. If you are the senior dispatcher for city waste management, you probably are not at a high risk of your data being hunted. However, if you are the calendar scheduler of the President of the United States, you are probably at a high risk of hostile HUMINT operatives attempting to get your information. The game is probability and possibility. We are all targets, the scope is different based on our jobs, actions, and risk.

*Disclaimer: The opinions expressed by the Lint Center Bloggers and those providing comments are theirs alone, and do not reflect the opinions of the Lint Center for National Security Studies, Inc. or any employee thereof. The Lint Center for National Security Studies, Inc. is not responsible for the accuracy of any of the information supplied by the Lint Center Bloggers.

About the Authors:

Brittany Minder received her BA in International Relations from Stanford University and she serves as the Lint Center’s Public & External Affairs Associate.

Tim Coleman serves as the Center’s Director of Communications.


  1. Marks, Joseph. “All major federal agencies now using Twitter and Youtube.”
  2. HowManyAreThere?
  3. image Source: http://upload.wikimedia.org/wikipedia/commons/a/ae/Social-network.png
  4. Image Source: Wikimedia, http://upload.wikimedia.org/wikipedia/commons/8/87/Blackhat.png