Inspired by the Facebook-Cambridge Analytica scandal, North Atlantic Treaty Organization (NATO) researchers decided to conduct a social engineering experiment on its own troops. Consequently, When NATO troops saw Facebook suggestions for Allied service members groups, most thought nothing of it. They certainly didn’t think that NATO’s Strategic Communications Center of Excellence (StratCom) was catfishing them to prove a point about privacy.
In a sneaky strategic move, military researchers designed an experiment to interact with service members undercover. They wanted to know how easy it was to uncover sensitive information.
The researchers lured soldiers onto fake Fakebook military support group pages and began communicating with them through the social media platform. Soon, the NATO-backed team was able to uncover everything from the service members’ identities to troop movement patterns.
The experiment serves as a reminder to military members and civilians to think twice before sharing information online with strangers.
To recruit soldiers to their fake pages, the researchers used targeted Facebook ads that promoted the closed groups. Once researchers made contact, they asked NATO questions about their battalions and their assignments. Researchers conversed with them over Facebook for more than two weeks.
Using this information, researchers were also able to find sensitive personal information. For example, the group learned that a married service member was also an active dating app user.
The NATO StratCom created five fake pages. Facebook shut down one page within minutes. The social networking platform closed down two more pages two weeks after they were flagged by users. Disturbingly, Facebook admins never took down two other pages.
The StratCom experiment highlights just how easy it is for a group to create misinformation campaigns or target specific users on the platform. NATO has urged Facebook to more closely monitor these fake accounts and be swifter in shutting them down.
Data in the Wrong Hands
In the wrong hands, personal information collected from the fake Facebook pages could be used maliciously for blackmail or worse. By the end of the experiment, NATO researchers identified 150 soldiers, located the positions of several classified battalions, and tracked troop movements. The group even compelled service members to leave their positions against orders.
“Every person has a button. For somebody there’s a financial issue, for somebody it’s a very appealing date, for somebody it’s a family thing,” says Janis Janis Sarts, director of NATO Stratcom. “The point is, what’s openly available online is sufficient to know what that is.”
Open Source or Open Window?
The saying that anything you put on the internet is out there for everyone to see is true. Open source data includes everything from Facebook profiles to people-search websites. NATO researchers proved with their experiment that even highly trained soldiers are vulnerable to manipulation with their own user data.
The researchers noted that the entire experiment cost just $60. Should a malicious user want to manipulate online users, this isn’t a bad price to pay.
“We’re talking professional soldiers that are supposed to be very prepared,” said Sarts. “If you compare that to an ordinary citizen…it would be so much easier.”
For the military, this experiment was a drill to point out the privacy flaws that social media poses. However, for everyone else, the NATO group hopes that it serves as a concrete example of how blurry the lines of privacy are. Moreover, why social media users should also be more aware of what data they are sharing online.
“We need to put more pressure on social media,” StratCom researcher Sebastian Bay says, “to address these vulnerabilities that can be used for the detriment of national security for individuals and for society as a whole.”