Social media has become an increasingly important factor to consider for militaries when planning their cybersecurity strategies. It is often disregarded as a triviality that militaries need not concern themselves with, however, it can be a powerful tool for intelligence and infiltration. Social media often tracks users’ locations and profiles are frequently filled with material that could be used to indicate a user’s position. Profiles are often either public or very easily accessible, and knowingly or not can lead to major cybersecurity breaches.

The 2017 Strava incident

There have been some major examples of breaches that exemplify the dangers of careless attitudes to social media. One of the most well-known social media mishaps was reported in 2018, when soldiers deployed in a military base in Afghanistan were discovered uploading their exercise routes to the fitness app Strava. The app allows users to share and post their activity with their friends. In 2017, Strava released a heatmap that showed all activity that had ever been uploaded, worldwide, with more than three trillion individual data points. In remote locations in Afghanistan, Djibouti, and Syria, foreign military personnel made up the majority of Strava users, meaning that the bases in which soldiers exercised stood out brightly. The heatmaps were publicly available and revealed sensitive information about the location and staffing of the military bases and covert operations outposts.

The 2022 invasion of Ukraine

In the ongoing invasion of Ukraine, social media has been a key theme. As well as continued efforts to spread misinformation using social media, it has also been suggested that the technology is being used to gain military intel on soldiers’ positions and assets. This is a phenomenon occurring on both sides as many soldiers and civilians during the war have taken to using popular social media apps like TikTok to document the conflict. In March, Ukrainian authorities detained a Ukrainian man for sharing a video on TikTok of Ukrainian military vehicles parked near a shopping center in the Podolsky area of Kyiv in February. In the same month, this shopping center was destroyed by Russian shells, killing eight people. The Ukrainian Security Service has called upon citizens not to publish data on the Ukrainian Armed Forces or the results of enemy shelling but instead to pass on information concerning Russian troops.

LinkedIn is a common route of attack

In cybersecurity strategies, it is agreed that humans (often unknowingly) are the weakest link. This is why they are often the target portal for a cyberattack. In 2021, MI5 disclosed that in the previous five years, over 10,000 UK professionals (often with high-level security clearance) were targeted by hostile states through spear phishing or social engineering campaigns on LinkedIn. They warned that there were nearly half a million fake accounts, often posing as recruiters, attempting to manipulate people into sharing classified information.

In 2019, former CIA officer Kevin Mallory was sentenced by the US to 20 years in prison for sharing military secrets with Chinese intelligence after first being approached on LinkedIn. The Head of Trust & Safety on LinkedIn, Paul Rockwell, stated that fake accounts like these are detected and deactivated. In the first six months of 2019, 33.7 million fake accounts were removed. It is essential not only for militaries but also for all companies to take social media into account and realize its potential dangers. Every employee needs to be adequately trained and informed so that their social media presence does not compromise the cybersecurity of their organization.