126. Nowhere to Hide: Information Exploitation and Sanitization

[Editor’s Note:  In today’s post, Mad Scientist Laboratory explores how humankind’s recent exponential growth in interconnectivity will continue to affect warfare in the Future Operational Environment.  Using several contemporary use cases, we identify a number of vulnerabilities that have already been exploited by our adversaries.  The U.S. Army must learn how to sanitize its information signatures while simultaneously exploit those presented by our adversaries.  As previously stated on this site by COL Stefan J. Banach (USA-Ret.),  “Virtual Space is the decisive terrain and securing it is the decisive operation.]

Internet of Battle Things (IOBT) / Source: Alexander Kott, ARL

The timeless competition of finders vs. hiders is a key characteristic of the Future Operational Environment (FOE). Through the proliferation of sensors creating the Internet of Battlefield Things (IoBT), ubiquitous global communication, and pervasive personal electronic devices, the finders will be ascendant on the battlefield. They have more advantages and access than ever before – with the ability to make impactful non-kinetic action – and the hiders are creating bigger, enduring, and more conspicuous signatures. In the FOE, our ability to wade through the petabytes of raw sensor and communications data input to generate a Common Operating Picture and arrive at actionable courses of action will be significantly challenged. Will we be able to sanitize Blue Forces’ signatures to prevent our adversaries from detecting and exploiting similar information, while simultaneously seeing through Red Forces’ deception measures to strike decisively?

A recent example highlighting the inherent and unpredictable vulnerabilities presented by these emerging technologies is the incident involving personal fitness devices that track users via GPS. Many military personnel have used these devices to track personal performance while conducting physical fitness training.  The associated tracking information was transmitted back to fitness-tracking company Strava, where it was aggregated and then published as maps that were then made available to the public. Unfortunately, these maps contained articulate outlines of PT routes in and around military bases, the locations of which were not intended to be made public. This now publically available information inadvertently provided our adversaries with sensitive information that, in years past, would have required considerable time and other resources to acquire.

In response, the DoD issued a memorandum through Deputy Defense Secretary Patrick Shanahan effectively banning the use of geolocation capabilities in operational areas. While there was swift policy resolution in this case, albeit after-the-fact, there are a number of continuing and emergent threats presented by the information age that still need to be addressed.

In the previous example, the culprit was a smart watch or fitness tracking device that is a companion piece to the smart phone. Removing or prohibiting these devices is less detrimental to the overall morale, spirit, and will power of our Soldiers than removing their cell phones — their primary means of voice, data, and social media connectivity — oftentimes their sole link with their family back home. Adversaries have already employed tactics designed to exploit vulnerabilities arising from Soldier cellphone use. In the Ukraine, a popular Russian tactic is to send spoofed text messages to Ukrainian soldiers informing them that their support battalion has retreated, their bank account has been exhausted, or that they are simply surrounded and have been abandoned. Taking it one step further, they have even sent false messages to the families of soldiers informing them that their loved one was killed in action.

Russian 9a52-4 MLRS conducting a fire mission / Source: The National Interest

This sets off a chain of events where the family member will immediately call or text the soldier, followed by another spoofed message to the original phone. With a high number of messages to enough targets, an artillery strike is called in on the area where an excess of cellphone usage has been detected.

Similarly, a NATO red team was able to easily infiltrate their own forces through information gathered on social media sites – amassing locations, dates, and other data – to influence their Soldiers’ behavior.  Facebook and Instagram allowed them to track Soldiers, determine exact locations of exercises, and identify all members of a certain unit.

Hamas employed a similar tactic against Israeli Defense Force soldiers, using fake accounts to pose as attractive women in honey trap operations to access sensitive operational information.

Each of these examples illustrate recent, low-cost, and effective means of deception. Device exploitation, the over-sharing of sensitive data, and the challenge in determining information credibility will only increase as connected devices continue to both proliferate and transition from being portable and wearable to embeddable and implantable. The following questions must be addressed by the U.S. Army:

– How can we sanitize ourselves to mitigate these and other vulnerabilities from adversely affecting us operationally on future battlefields?

– How do we ensure that the information we are receiving and processing is legitimate and that we are not being spoofed?

– How are we preparing to exploit similar vulnerabilities in our adversaries?

Fictitious 1st Army Group patch. Commanded by then LTG George S. Patton, to deceive the Germans prior to the invasion of France

– Is this even possible in a hyper-connected and complex battlefield or are we destined to be on the wrong side of some future Operation Fortitude, where effective military deception helped ensure the success GEN Eisenhower’s Great Crusade to liberate Europe from the Nazis in World War II?

One final thought — geolocation information and high resolution remote sensing capabilities, which only a short decade and a half ago were limited to a handful of national intelligence services, have entered into a new, democratized era.  As recently demonstrated in three warzone use casesanyone (including non-spacefaring nations, non-state actors, and super-empowered individuals) can now access current and past imagery to generate high resolution, three dimensional views for geolocation, analysis, and (unfortunately) exploitation.  The convergence of this capability with the proliferation of personalized information signatures truly means that there is “Nowhere to Run, Nowhere to Hide.”  (Crank it up with Martha and the Vandellas!)

If you enjoyed this post, please also read the following blog posts addressing the weaponization of social media, the future of battlefield deception, and virtual warfare:

Leave a Reply

Your email address will not be published. Required fields are marked *