
NATO Group Catfished Soldiers on Facebook to Discover Troop Movements - tomglynch
https://www.wired.com/story/nato-stratcom-catfished-soldiers-social-media/
======
duxup
>“We managed to find quite a lot of data on individual people, which would
include sensitive information,” Biteniece says. “Like a serviceman having a
wife and also being on dating apps.”

I wonder if you could play it the other way like a double agent.

Have a target do those things that you know the opposition is going to look
for. Have them jump on a dating app, have them wear a fit bit and visit some
sites of interest, and see how quickly someone contacts them / how / what they
eventually ask for / offer?

It seems logical to do that already, and to some extent easier to possibly
play the double agent role?

~~~
kartan
Occam's razor: No. That serviceman was looking for an affair. That's it. :)

------
thrower123
Another fun one is the case where FitBit data revealed military base locations
and patrol routes

[https://www.wired.com/story/strava-heat-map-military-
bases-f...](https://www.wired.com/story/strava-heat-map-military-bases-
fitness-trackers-privacy/)

~~~
duxup
Back in the early days of smartphones (back when it was just blackberries) I
worked for a company where we provided service (rarely, but it happened) to a
site where no electronics were allowed aside from what you needed to do the
job past the front gate... and even the you were told not to bring anything in
the car you couldn't afford to loose at the front gate. We were told to expect
to leave the site with nothing but you, your clothes, and the keys to your car
that they'd give back at the gate.

Any phone wasn't even returned if you parked at the front gate and left it
there (they searched all vehicles). It was also very clearly stated that you
do not try to hide anything if you accidentally brought your phone and to just
accept it was gone, it was considered very bad form to hide anything.

Anything you took in (laptop...) was carried by solders until you needed it,
and nothing electronic ever left the site.

It was extreme but to some extent.... the most sure fire security I ever saw.
I suspect it is the best policy for sensitive sites. Maybe not civilian
friendly, but then again who knows where we end up eventually.

Basically almost anything was considered a security risk... decades later
they're still right.

------
inflatableDodo
Reminds me of those three Chechen girls who catfished ISIS for $3000 on
facebook by promising to be brides if they sent travel money, then blocking
them after they did.

~~~
thrower123
Somebody should give them a medal. I suspect that this sort of thing is an
underutilized avenue of attack against terrorists and gangs. The surface area
of attack has grown exponentially since e.g. the kind of thing seen in The
Wire, and the general public is mostly ignorant of opsec.

~~~
inflatableDodo
Could we perhaps automate the process using machine learning to produce seed
capital for a new VC fund?

edit - Call it 'Fundamental'.

edit2 - our brand consultants rejected 'The Foundation' as too obvious and
thought 'Bottom Capital' wouldn't play well in the market.

~~~
stallmanite
“Bottom Capital” is brilliant

~~~
inflatableDodo
Thanks, is nice to have at least some positive feedback.

I suppose given my comment makes light of venture capital, machine learning,
crowdfunding, catfishing victims, ISIS and Al-Qaeda, I should have suspected
it might be unpopular with a fairly wide cross section of HN. ;)

------
virusduck
What is this "open source data?"

~~~
maxlybbert
In military/spy discussions, “open source” means “doesn’t require a spy to
collect” ( [https://en.wikipedia.org/wiki/Open-
source_intelligence](https://en.wikipedia.org/wiki/Open-source_intelligence)
).

------
chriselles
Russians SIGINT/Cyber folks have been using various techniques to locate and
identify Ukrainian forces using their personal devices in order to target them
with rocket and tube artillery with devastating effect.

------
emilfihlman
Trident Juncture and Tinder comes to mind

~~~
baud147258
I remember bellingcat covering the Trident Juncture exercise, they were able
to find a lot of deployment info by just looking into public posts.

~~~
emilfihlman
There are good greentexts on it (same story, told in different ways)
[https://i.ylilauta.org/41/2ec653ba.jpg](https://i.ylilauta.org/41/2ec653ba.jpg)
[https://i.ylilauta.org/c1/87a2bea0.jpg](https://i.ylilauta.org/c1/87a2bea0.jpg)

~~~
baud147258
I hadn't heard of that story, thank you for sharing those links.

~~~
emilfihlman
Haha my pleasure, military greentext stories are my weak point.

