Note: This is the second of a two-part series on risks relating to geography. In this post, I'll discuss some of the risks that arise from the increasing ease by which geospatial information can be accessed.
We often take technology for granted, and we often overlook the risks associated with the unprecedented access we have to modern information. Sites like Wikimapia.org and Google Maps, and utilities like Google Earth put abilities that used to be the sole purview of advanced government intelligence agencies in the hands of the public - literally at our fingertips. Google even offers similar utilities for exploring the surface of Mars and the Moon.
This new access to information introduces a great deal of risk. These examples range from the absurd (Teenager's 60ft painting of penis on parents' roof spotted in space), to the fascinating (Satellite Photos Take You Inside Gadhafi’s Compound; Apple, Bing Maps Reveal Secret Sites), to the tragic (Jaycee Lee Dugard: did Phillip Garrido trail a Google Street View camera van?). At the tip of the spear, they can even violate operational security, as evidenced by the Internet's revelations about Iran's nuclear program (Hunting for Iran’s secret nuclear plant near Qum on Google Earth), or China's ballistic missile submarines (New Chinese Ballistic Missile Submarine Spotted, New Chinese SSBN Deploys to Hainan Island), or Syria's nuclear program (Photos Show Cleansing of Suspect Syrian Site) or even America's own submarine secrets (Oops, another top secret exposed). While many of these cases can be chalked up to oversights or inadequate precautions, they all underscore the same lesson: that whether it's national security or personal privacy at stake, we must approach these new capabilities with sober vigilance.
These mapping websites and utilities aren't the only way that this information can be compromised. I've pointed in an earlier post to a resource that Michael Yon posted about geotagging and other social media risks, particularly while deployed. Yon was able to demonstrate this a few weeks ago by using embedded geotags in military public affairs images to find where the photos had been taken.
Most folks don't have to worry so much about this in their day-to-day lives - unless, of course, they're raising the kind of kids who would paint a sixty foot penis on their roof in order to be spotted by Google Earth. Even so, we take this particular vein of easy information for granted at our own risk. Some of my past security work has led me to use some of these utilities to meet professional needs for information, and if I could use it for my methods, an aggressor could just as easily use it to collect their own information.
I encourage anyone reading this to have a look on Google Maps, Google Earth, or Wikimapia at places like their own home, their place of work, or other locations of importance. Use it as an exercise: what can you figure out from just looking at an open source aerial image? What information could someone with an adversarial motive figure out? From there, you can do everything in your power to employ the Five Step OPSEC Process. Identify the information available about the locations that matter to you, and then take whatever countermeasures are available to mitigate those risks.
No comments:
Post a Comment