1. If you don’t know the threat, you don’t know what information to protect.
2. If you don’t know what information to protect, you can’t know how to protect it.
3. If you aren’t protecting it, they’re taking it.
Consider this report from krypt3ia:
ISIS Hit List and Information Warfare
At least three times in the last five months, U.S. military members have been urged to limit their social media activity in response to worries that ISIS-linked terrorists could track them down, in the U.S. or abroad.
The latest warning came this week, when a group calling itself the Islamic State Hacking Division posted personal information of about 100 service members, which defense officials said had been collected from social media sites.
While this story is about the war on terror and the on-line antics of a small cadre of Da’esh followers, it is also a cautionary tale. The information that was leaked on-line was not in fact hacked, but instead all available through Google searches. This is an important fact in the story to clarify but also sets the stage for the second important insight, of how much of our personal data is on-line.
A simple Google ‘Dork’ can deliver a huge amount of OSINT on a target today and the use of that data to then re-post it on a page like pastebin and call for assassinations shows the power of the net. Basically, this story is the story of asymmetric warfare and how easily it can be carried out online. Now imagine that it is not in fact a terrorist organization doing this but a disgruntled employee or client of a company doing this.
Every individual should consider how much data they put online and where they are putting it. From cyber bullying to outright death threats, we make it easy to ‘dox’ ourselves with our Tweets, Facebook postings, and emails.