(U//FOUO) U.S. Air Force Notice on Use of Social Networking Sites for Computer Network Exploitation

The following notice was published in the May issue of the Illinois Air National Guard 183rd Fighter Wing monthly newsletter Falcon View.  Despite the spelling mistake in the first paragraph, the notice is apparently authentic.

Notice to Airman 2013-080-001:

(U//FOUO) EXECUTIVE SUMMERY: Nation-state adversaries regularly use accounts on popular social networking sites to facilitate social engineering against DoD members. Information disclosed or discovered on social networking sites creates a significant operations security (OPSEC) concern and in the context of a wide spread collection effort could be by adversaries to form a classified picture.

(U//FOUO) MISSION IMPACT: Poor OPSEC practices or general disclosures of sensitive information can lead to kinetic adversary responses to U.S. forces’ actions, potentially leading to mission degradation or even loss of life. Additionally, malware introduced into AF networks via social network sites can degrade or disrupt operations.

(U//FOUO) DETAILS: The nature of social networking sites (SNS) which promote socialization and the sharing of information makes personnel more susceptible to exploitation. SNS applications give the common user an increased opportunity to release official information. In the past two years, there are several examples of adversaries using or attempting to use SNS for likely cyber espionage.

(U//FOUO) ACTIONS: All Air Force members must be aware that they are a potential target of cyber exploitation/espionage and take appropriate caution when using social networking sites. Do not accept contact requests from individuals who you do not personally know and trust. Additionally, hackers are known to spoof requests so that any request may appear to be from someone you know, so treat all requests with suspicion and vigilance. Only accept a request if there is a high level of certainty regarding the identity and authenticity of the requestor. Finally, be aware of the security settings on these websites and do not inadvertently release sensitive information to the public because of careless use.

Share this: