Operations security (OPSEC) is a term originating in U.S. military jargon, as a process that identifies critical information to determine if friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information. – Wikipedia
In less Jargony terms, it means that ‘one of the good guys’ looks for potential threats to their own operation by the actions/procedures within it, and attempt to close loopholes.
Here’s an example of a situation today that requires some more consideration:
Parody account attempts, for humor, and fun, to get an airline passenger upgraded. No bad intent noticeable. However, there are three OPSEC issues:
- The passenger publicly revealed his locator number, parody account screenshotted this and included it in his retweet.
- Passenger uses real name in Twitter handle.
- Passenger allows location services for his tweets.
The combination of the above reveals the following:
Locator, Name, Recent and Recurring Geographical Location.
From that, it is possible to access the reservation, view names and information of the passenger, and any friends/family members flying on that locator. They can also change seating assignments, or even cancel the flight.
What should you do and why should you care?
If you wanted to show some kindness, you could give the person a heads-up about their mistake. You could even link them to this post to explain more as Twitter has only 140 characters.
Delta informed me that they should be able to adjust the locator number if has been compromised. I would recommend DMing Delta Twitter team to do this, as Twitter teams are able to get a lot done. But if you don’t know how to DM and simply write public information (which started the issue) then you’d be creating a disaster. Here’s how to DM.
If you don’t want to inform the person (and there is some good OPSEC logic behind not getting involved in other people’s business) then the least you could do is NOT retweet/share/compound the mistake. Whether it is for humor or whatever reason, you are potentially causing real harm.
It’s time to be a little more thoughtful about our actions, consider their consequences, and build a stronger community.