>“We managed to find quite a lot of data on individual people, which would include sensitive information,” Biteniece says. “Like a serviceman having a wife and also being on dating apps.”
I wonder if you could play it the other way like a double agent.
Have a target do those things that you know the opposition is going to look for. Have them jump on a dating app, have them wear a fit bit and visit some sites of interest, and see how quickly someone contacts them / how / what they eventually ask for / offer?
It seems logical to do that already, and to some extent easier to possibly play the double agent role?
Back in the early days of smartphones (back when it was just blackberries) I worked for a company where we provided service (rarely, but it happened) to a site where no electronics were allowed aside from what you needed to do the job past the front gate... and even the you were told not to bring anything in the car you couldn't afford to loose at the front gate. We were told to expect to leave the site with nothing but you, your clothes, and the keys to your car that they'd give back at the gate.
Any phone wasn't even returned if you parked at the front gate and left it there (they searched all vehicles). It was also very clearly stated that you do not try to hide anything if you accidentally brought your phone and to just accept it was gone, it was considered very bad form to hide anything.
Anything you took in (laptop...) was carried by solders until you needed it, and nothing electronic ever left the site.
It was extreme but to some extent.... the most sure fire security I ever saw. I suspect it is the best policy for sensitive sites. Maybe not civilian friendly, but then again who knows where we end up eventually.
Basically almost anything was considered a security risk... decades later they're still right.
Reminds me of those three Chechen girls who catfished ISIS for $3000 on facebook by promising to be brides if they sent travel money, then blocking them after they did.
Sounds like they were just detained, not actually prosecuted.
Based on the context I suspect their "crime" was just as much being from the "wrong" part of Russia and the message being sent is "nobody from where you're from should be talking to ISIS, we don't care if you're undermining them" and they made them spend a night in a holding cell as a warning to everyone else.
Somebody should give them a medal. I suspect that this sort of thing is an underutilized avenue of attack against terrorists and gangs. The surface area of attack has grown exponentially since e.g. the kind of thing seen in The Wire, and the general public is mostly ignorant of opsec.
Thanks, is nice to have at least some positive feedback.
I suppose given my comment makes light of venture capital, machine learning, crowdfunding, catfishing victims, ISIS and Al-Qaeda, I should have suspected it might be unpopular with a fairly wide cross section of HN. ;)
Open Source is used here in the same sense as in "OSINT," Open Source intelligence, which is gathering publicly available data to infer information that your targets likely wouldn't volunteer directly.
I assume you are referring to this bit.
> The researchers discovered that you can find out a lot from open source data, including Facebook profiles and people-search websites
Russians SIGINT/Cyber folks have been using various techniques to locate and identify Ukrainian forces using their personal devices in order to target them with rocket and tube artillery with devastating effect.
I wonder if you could play it the other way like a double agent.
Have a target do those things that you know the opposition is going to look for. Have them jump on a dating app, have them wear a fit bit and visit some sites of interest, and see how quickly someone contacts them / how / what they eventually ask for / offer?
It seems logical to do that already, and to some extent easier to possibly play the double agent role?