An official website of the United States government
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

Air Force information aggressor team targets Scott

  • Published
  • By Staff Sgt. Christie Putz
  • 375th Airlift Wing Public Affairs
SCOTT AIR FORCE BASE, Ill. --  In an increasingly digital age, it is possible to find most anything needed online. The World Wide Web is host to information on almost any topic imaginable and is reachable from anywhere in the world by simply logging on. 

It can be an invaluable resource. Unfortunately, its value also extends far beyond its intended viewers and has the potential of placing unwanted information into the hands of adversaries. 

An unannounced team from the 177th Information Warfare Aggressor and the 57th Information Aggressor Squadrons infiltrated Scott July 14-18 to test just how far this and other readily available information could take them if they wished to do harm. The results proved to be eye opening. 

"The visit shook up the base and made people take a serious look at how they were doing things," said Col. Al Hunt, 375th Airlift Wing commander. 

Posing as outsiders, the team used a variety of advanced tactics to gain access to the base and base information through tests of personnel's physical and information security. 

Open source intelligence, or the process of finding, selecting and acquiring information from publicly available sources and analyzing it to produce actionable intelligence, played a large role in the test. 

"Search engines can be our best friends," said Lt. Col. Chris Mills, part of the visiting team from the 177th IAS, "but they can also be our worst enemies." 

From a popular search engine, thousands of pages of seemingly innocent information were offered to the team by simply typing in 'Scott Air Force Base'. This publicly available information provided the team background on the base and ammunition for other types of exploitation. 

"Even information that appears completely innocuous could be an important piece of a larger puzzle to an adversary," said Colonel Mills. 

To raise awareness of these vulnerabilities, the team devoted the following week to sharing their findings with the base and offering suggestions on how to strengthen processes. 

Suggestions centered around one key concept: awareness. 

"I understand the need for people to put information out on the internet," said Colonel Mills. "However, people just need to be aware that the more information they put out there increases their risk of being targeted." 

He explained that once something is posted to the internet, even if only for a short period of time, it's there to stay. 

Many users' web browsers store a cache of their recently visited websites. In the same fashion, several search engines offer links to pages from their caches, allowing previously posted information to be accessed even if the information is no longer online.
Databases and other trusted or secure sites also have the potential of being hacked if only one vulnerability exists. Additionally, military servers save and store every single e-mail ever sent over their networks. 

"If you don't want it read, you probably shouldn't send it," Colonel Mills cautioned. 

Weblogs, or blogs, and social networking sites have become more and more popular over the recent years, as well as a source of contention for those trying to protect information commonly shared through them. 

Some frequently shared information that could be troublesome includes full names, personally identifying e-mail addresses, dates of birth, hometowns or addresses, names of loved ones and even personal photos. 

There have also been a few cases of people posting mission-related sensitive information. 

Currently, Air Force Instruction 35-101, Public Affairs policy and guidance, states: "... each Air Force member or employee is responsible for obtaining the necessary review and clearance, starting with Public Affairs, before releasing a proposed statement, text or imagery to the public. This includes digital products being loaded on an unrestricted Web site." 

The majority of the time, information uploaded to these sites is done so without ill intentions, said Colonel Mills. People just need to be aware that the information they post is available not only to their friends and family, but anyone with an internet connection. 

They also need to think about all the possible ways that information could be exploited and weigh the benefits with the possible repercussions. 

Nothing will stop the spread of some information, said Colonel Mills. But with good practices, users can minimize the possibility that the information they make available will aid the enemy in their fight. 

The visit also included a test of the base's physical security. For tips on how to minimize those risks, as well as some other information security tips, see 'Awareness is key to security'.