News Search

Securing Social Media

Social Networking and OPSEC: Can they coexist in today's Air Force

Securing Social Media

PEASE AIR NATIONAL GUARD BASE, N.H. -- Over the past several months, there have been multiple news reports of threat actors using social media sites such as Facebook, Twitter, YouTube and more to target government or military personnel and their families. These threat actors are likely collecting all available information, such as names, addresses, photographs that are potentially embedded with Global Positioning System, or GPS, information, military units and organizations.

Posting information to social media sites without carefully considering the intended audience may have detrimental effects towards the individuals associated with the information posted, their families or the organizations.

The process called Geotagging is an automatic function of any smartphone that many people are unaware of. Geotagging adds geographical identification to photographs, video, websites and text messages. It is the equivalent of adding a 10-digit grid coordinates to everything you post on the internet.

Photos posted to photo sharing sites like Flickr, Picasa and Instagram can also be tagged with location, but may not be an automatic function. These sites allow people to tag a location on their photos, even if their camera does not have a GPS function or was turned off. A simple search for "Afghanistan" on Flick reveals thousands of location tagged photographs that have been uploaded.

Tagging photos with an exact location on the Internet allows random people to track an individual's location and correlate it with other information.

Military members deploy to areas all over the world some locations are public, others are classified. Members along with their loved ones should not tag their uploaded photos with a location. Publishing photos of classified locations can be detrimental to mission success, and such actions are in violation of the Uniform Code of Military Justice.

Below are tips to follow in order to avoid exposure of any sensitive or personal information.

For organizational social media sites:
· Consider the target audience of the site, and restrict access according to the target audience
· Validate all posts to social media are not shared publicly
· Set appropriate roles for social media site administrators

For personal social media accounts:
· Use a dedicated email address for social media sites - not associated with the same account used for banking or other sensitive information
· Create a strong, secure password. Where possible, use two-step verification such as Google 2-Step verification.
· Do not click on embedded hyperlinks within suspicious emails
· Do not open attachments within suspicious emails
· Do not post personal identifiable information publicly on social media sites
· Require login approvals when accessing social media accounts from unusual devices
· Log out after each session
· Change passwords on a regular basis
· Limit or don't allow tagging of pictures
· Limit the amount of personal information you post

The Internet makes it easy for people to misrepresent their identities and motives. Consider limiting the people who are allowed to contact you on these sites. If interacting with people you don't know, be cautious about the amount of information that you reveal, or agree to meet them in person.
USAF Comments Policy
If you wish to comment, use the text box below. AF reserves the right to modify this policy at any time.

This is a moderated forum. That means all comments will be reviewed before posting. In addition, we expect that participants will treat each other, as well as our agency and our employees, with respect. We will not post comments that contain abusive or vulgar language, spam, hate speech, personal attacks, violate EEO policy, are offensive to other or similar content. We will not post comments that are spam, are clearly "off topic", promote services or products, infringe copyright protected material, or contain any links that don't contribute to the discussion. Comments that make unsupported accusations will also not be posted. The AF and the AF alone will make a determination as to which comments will be posted. Any references to commercial entities, products, services, or other non-governmental organizations or individuals that remain on the site are provided solely for the information of individuals using this page. These references are not intended to reflect the opinion of the AF, DoD, the United States, or its officers or employees concerning the significance, priority, or importance to be given the referenced entity, product, service, or organization. Such references are not an official or personal endorsement of any product, person, or service, and may not be quoted or reproduced for the purpose of stating or implying AF endorsement or approval of any product, person, or service.

Any comments that report criminal activity including: suicidal behaviour or sexual assault will be reported to appropriate authorities including OSI. This forum is not:

  • This forum is not to be used to report criminal activity. If you have information for law enforcement, please contact OSI or your local police agency.
  • Do not submit unsolicited proposals, or other business ideas or inquiries to this forum. This site is not to be used for contracting or commercial business.
  • This forum may not be used for the submission of any claim, demand, informal or formal complaint, or any other form of legal and/or administrative notice or process, or for the exhaustion of any legal and/or administrative remedy.

AF does not guarantee or warrant that any information posted by individuals on this forum is correct, and disclaims any liability for any loss or damage resulting from reliance on any such information. AF may not be able to verify, does not warrant or guarantee, and assumes no liability for anything posted on this website by any other person. AF does not endorse, support or otherwise promote any private or commercial entity or the information, products or services contained on those websites that may be reached through links on our website.

Members of the media are asked to send questions to the public affairs through their normal channels and to refrain from submitting questions here as comments. Reporter questions will not be posted. We recognize that the Web is a 24/7 medium, and your comments are welcome at any time. However, given the need to manage federal resources, moderating and posting of comments will occur during regular business hours Monday through Friday. Comments submitted after hours or on weekends will be read and posted as early as possible; in most cases, this means the next business day.

For the benefit of robust discussion, we ask that comments remain "on-topic." This means that comments will be posted only as it relates to the topic that is being discussed within the blog post. The views expressed on the site by non-federal commentators do not necessarily reflect the official views of the AF or the Federal Government.

To protect your own privacy and the privacy of others, please do not include personally identifiable information, such as name, Social Security number, DoD ID number, OSI Case number, phone numbers or email addresses in the body of your comment. If you do voluntarily include personally identifiable information in your comment, such as your name, that comment may or may not be posted on the page. If your comment is posted, your name will not be redacted or removed. In no circumstances will comments be posted that contain Social Security numbers, DoD ID numbers, OSI case numbers, addresses, email address or phone numbers. The default for the posting of comments is "anonymous", but if you opt not to, any information, including your login name, may be displayed on our site.

Thank you for taking the time to read this comment policy. We encourage your participation in our discussion and look forward to an active exchange of ideas.