The top brass is not in your DMs

By: Mike Gruss  

Source Link

U.S. Chairman of the Joint Chiefs of Staff Joseph Dunford speaks at the Halifax International Security Forum in Halifax on Saturday, Nov. 17, 2018. Dunford says it’s problematic that American tech companies don’t want to work with the Pentagon but are willing to engage with the Chinese market. (Darren Calabrese /The Canadian Press via AP)

Just before noon on June 28, the official Twitter account of the Pentagon’s Joint Staff, which is made up of the Department of Defense’s most senior leaders, posted an unusual message.

“We are seeing an increase in impersonator accounts for #GenDunford of late,” the tweet read. “Please note @thejointstaff & @SEAC_Troxell are the only official accounts for Joint Staff leadership.”

Later that evening, the Department of Defense’s official Twitter account retweeted the message and added, “There has been an uptick in impersonator accounts related to DoD senior leadership. Please note, official accounts will not request money or send you a [direct message.]”

Governments across the world, including the U.S. Department of Defense, are becoming increasingly concerned about fake social media accounts. Cybersecurity officials said enemies can use them as a way to create chaos, share disinformation and even spread classified or sensitive information.

Even a cursory look on Twitter shows at least six accounts purporting to be Dunford’s, including @DunfordOfficial.

Those information warfare tactics prompted the Pentagon’s tweet.

“The department has a long-standing, ongoing relationship with many social media platforms, including Facebook and Twitter,” Elissa Smith, a spokeswoman for the Department of Defense, said in an email to Fifth Domain July 18. “We work together with social media platforms to expedite government account issues and train DoD social media liaisons on best-practices.”

But governments everywhere are facing new risks from social media.

In late 2018, German politicians were the subject of a massive breach which was unveiled on Twitter one day at a time following an advent calendar approach. Officials there said the data was obtained through "wrongful use of log-in information for cloud services, email accounts or social networks.”

Otavio Freire, president and chief technical officer of SafeGuard Cyber, a Charlottesville-based security company that monitors and protects social media accounts, said governments and mid-level executives are increasingly becoming the targets of these kinds of attacks. As a way to avoid the spread of misinformation, SafeGuard Cyber and other companies can help score a user’s social media posting to ensure they match expected behavior and link to safe, or expected, sites. Those services are becoming more attractive to government agencies, he said.

Pentagon personnel have long made reporting imposter accounts a priority.

“For content creators and official accounts, the department has a successful regiment for reporting fraud,” Smith said. “Individual military users can submit incident/cases via the platform’s help center. If the issue persists, individual members can contact their local public affairs office who may bring the issue to military branch liaisons.”