Cyber warriors: Nuix chief executive Eddie Sheehy with former Pentagon investigator Keith Lowry. Photo: Louie DouvisIslamic State posts Australian hit list after hackDefence staff should ‘erase their online lives’Insiders a ‘greater threat to security than cyber attacks’More public service news
Most public servants should quit Twitter and Facebook or at least minimise their use of social media, lest they become unwilling agents of terrorists or criminals, a top data investigator says.
Eddie Sheehy, the head of global forensic data firm Nuix, said this week’s release of an Islamic State “kill list” – apparently stolen from a credit card database – was an example of terrorists’ increasing reliance on cyber attacks for propaganda, funding and intelligence.
He advised Canberra public servants, most of whom are security vetted and have access to at least some classified information, to avoid posting any details of themselves online, as they could be blackmailed or seduced into aiding enemies.
Islamic State published personal details of more than 1400 people this week and urged its followers to kill them.
Most of the people named were linked to the US military, though the list included at least eight Australians, including ADF employees and their relatives, a Victorian MP and several public servants.
Mr Sheehy – whose staff include former Pentagon official Keith Lowry, who investigated the massive Wikileaks intelligence breaches involving Edward Snowden and Chelsea (then Bradley) Manning – said while the latest hack was “not that extensive”, the details stolen could prove “very important” to the terrorists.
“Look how much we’re talking about it, and the propaganda value of that [to IS],” he said.
“But also, once you start getting little bits of information, you can add them together to create a picture of an individual.
“Once you get their telephone number you can ring it and can probably get their geolocation. So you know where they are, you know when they’re at home and when they’re not.”
Mr Sheehy “totally agreed” with the advice of Melbourne IT academic and former army officer Mark Gregory, who said anyone connected with Australia’s military – be they enlisted personnel, Defence Department bureaucrats or contractors – should erase their online profiles.
After a university database at the Australian Defence Force Academy was hacked in 2012, exposing the identification details of about 10,000 students and 1900 staff, Dr Gregory called social media a “goldmine” for the nation’s enemies.
He recommended that “on the day [ADFA] cadets enlist, their entire electronic lives be erased”.
“They should have no Facebook accounts, no Google accounts, no iTunes accounts. They should not exist on digital networks until they retire from Defence.”
Surveys suggest a third to a half of all cyber-security breaches are aided by insiders, who are motivated by a wide range of factors.
Mr Sheehy said cyber terrorists and criminals were constantly searching for individuals inside the organisations they had targeted, whom they could either encourage or force to help them steal data.
Social media was an obvious means of finding the right victims.
“In the end, you’re creating a picture of yourself that can be used by anybody,” Mr Sheehy said of social network posts.
“You’re giving people information that they can use to your disadvantage.”
This story Administrator ready to work first appeared on Nanjing Night Net.