An official website of the United States government
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

Providing the picture without ever knowing

  • Published
  • By Staff Sgt. Timothy Boyer
  • 380th Air Expeditionary Wing Public Affairs
SOUTHWEST ASIA --  A puzzle piece does not make up a complete picture until it is put together with the rest of the pieces. In this same way, an electronic device can provide an adversary the piece of information that could be what he needs to complete his picture.

Portable electronic devices, such as smartphones and tablets, should be kept out of workcenters to prevent the spread of sensitive information to adversaries.

"You could take one piece of the puzzle from someone who is measuring his calories on the flightline and transmitting the GPS track he walked all day when he shares his fitness plan with his online friends," said Capt. Scott Croskey, 380th Expeditionary Communications Squadron plans and programs flight commander. "Then you could go on Google Maps and see a recent picture of some of the aircraft that may be on the flightline and you could start putting it together. They could see from the Airman's path, how the planes are positioned, and the busiest parts of the flightline. So it's not always one piece of information, it's a bunch of small pieces put together that gives them to full picture."

There are several ways the enemy can use your PED to gather intelligence.

"They could install malicious software on your PED," Croskey explained. "If I'm the bad guy and I see a picture of you on your Facebook with your Air Force uniform on, I'd say, 'This guy is part of the U.S. government, I'm going to target him to gather information.' Then I might send you a link that you would innocently click. It might be a picture of something relevant, like the recent Boston bombings, and you might choose to click on that link to learn the most up-to-date info about the Boston bombings. What you don't know, however, is that in clicking that link you executed a program in the background that installed software on your cellphone. Now your cell phone is a tool for the adversary to collect data."

One might think that because there is not a signal or Wi-Fi at work, that there is no risk in having their PED with them.

"Some malware will cause your device to snap pictures without the user even knowing," Croskey said. "So let's say you take your phone to work, it snaps pictures randomly and then you go out to the Thirsty Camel and connect to the wireless network. In the background it's uploading all these photographs to an adversary's command-and-control server and deleting the photos from your phone so you never even know. Meanwhile, the photos are analyzed by the adversary's command-and-control server to produce a 3-D graphic of your workspace."

Not only could the situation provide the workspace imagery, if there were any classified documents in that workspace, the adversary could see them as well, Croskey explained.
PED technology is still relatively new and is advancing quickly, according to Croskey. The protections available for computers are not as advanced for PEDs, therefore it is easy for an adversary to infiltrate and compromise a PED.

"If the adversaries get the whole picture they could either use counter-operations against what we are doing or relay that information to someone else who could pose a threat to us," he said. "We, as an Air Force, try to support the folks on the ground as well as our pilots who are flying behind enemy lines. Any disclosure of sensitive information could have negative impacts of their missions. That's what we don't want to happen."