Mobile Operations Disclosed: A Case Study
Mobile devices have simplified how users access web-based services. Smartphone owners have a constant connection to the internet in their pockets, and this connection is available to hundreds of millions of people that don’t have access to standard computers or home internet services. More apps, such as Instagram and TikTok, are being created on mobile first before being offered as a desktop version. Further, with the evolution of multi-factor authentication, even passwords and traditional 2FA methods will be a thing of the past. More platforms, like Telegram, will begin to move toward app prompts to authenticate accounts.
With this massive shift, it is critical for online researchers, OSINT operators, and law enforcement investigators to portray both a mobile and a desktop presence online. Doing so raises your authenticity and ensures that platforms will not block you from rich sources of information and content.
However, when operating online through a mobile device, you are still sharing a massive amount of personal information that you may or may not be aware of. Here, we’ve highlighted a real-world case that demonstrates mobile vulnerabilities when it comes to managing your attribution, as well as the importance of maintaining proper OPSEC.
Tracking Military Personnel
In 2016, defense contractor, PlanetRisk Inc., discovered that they could track U.S. military personnel through the data generated by their mobile apps. While creating a software prototype that would allow the national security community to track the movements of displaced peoples, the contractor was able to reveal the location of armed forces through their downloaded weather apps, games, dating services, and other applications.
While under development, PlanetRisk’s employees discovered the sensitive nature of the U.S. military mobile data of special-operations forces. The data revealed movement from military facilities in the U.S. via overseas countries to an abandoned cement factory in northern Syria. This factory, at the time, was in fact being used to assemble U.S. special ops and allied forces.
The ability to track armed forces is a major and potentially catastrophic security threat. This discovery exposes the greatest challenge faced by national security today: to protect mobile operations.
Access to innovative technology is clearly not limited to the U.S. national security community. Adversaries are effectively keeping pace with industry organizations in order to protect their interests and formulate their next move. What began as a creative and intelligent marketing philosophy to track buyer behaviors has morphed into an alarming opportunity for foreign and domestic adversaries to get their hands on our sensitive national security information.