Emerging Technologies

This NATO experiment used fake Facebook accounts to trick soldiers into sharing sensitive information

German army soldiers in their infantry fighting vehicle, the "Marder", arrive for the NATO military drill in Adazi, Latvia, October 4, 2015. With signs growing of a thaw between Moscow and Western capitals after the Paris attacks, some of Russia's neighbours fear that European resolve to keep up economic sanctions and military pressure over the Ukraine crisis may be waning. Picture taken October 4, 2015. REUTERS/Ints Kalnins      TPX IMAGES OF THE DAY      - GF20000064888

Researchers found they could even use the data to make the soldiers disobey orders. Image: REUTERS/Ints Kalnins

Sean Fleming
Senior Writer, Forum Agenda

Anyone with a presence online leaves a digital footprint wherever they go – fragments of information about their personal lives, their occupation, their likes and dislikes. These pieces of data may seem fairly innocuous on their own, but when combined they build a detailed picture of the individual behind them. So detailed that it can be used for nefarious purposes, should it fall into the wrong hands.

The widely reported scandal involving the now-defunct Cambridge Analytica saw data from millions of people’s Facebook accounts accessed without explicit permission. It was a clear demonstration of the value and power of people’s data. Extrapolating Facebook likes and other public-domain affiliations and associations allows for precision-targeted political advertising campaigns. Targeted advertising is, of course, the lifeblood of many digital businesses. But now researchers working with NATO researchers have shown just how powerful such information could be in the wrong hands, and how inexpensive it is for malicious agents to use it.

In its report, Responding to Cognitive Security Challenges, the NATO Strategic Communications Centre of Excellence details an experiment it ran to trick serving members of the armed forces. While the authors won’t say which country’s armed forces, they are at least clear about what they were trying to achieve.

- Could they gather information about a planned NATO exercise?

- What information regarding individual service personnel could they acquire?

- Was it possible to directly influence people's actions and behaviour?

Setting the bait

The experiment involved setting up fake accounts on Facebook (also known as sock puppet accounts), designing pages to attract attention and lure people in, setting up closed/secret Facebook groups, and using targeted advertising. The premise was simple – the fake accounts, pages and groups all purported to be from, or affiliated to, members of the armed forces. This was part of the lure that got actual service personnel to accept friend requests, join groups, like pages and share information in conversation.

The practice of pretending to be someone else in order to fool someone online is known as catfishing. As a term used in this context, it came to prominence in the 2010 movie Catfish, a pseudo-documentary about the online relationship between a young man and a young woman. However, the woman’s account was a work of fiction; her mother was the person behind it, the profile photo belonged to a family friend. The whole thing had been a deception.

While most organizations have strict policies regarding security, the armed forces are steeped in it – from support staff to frontline troops and across all ranks. Even so, soldiers preparing for a NATO military exercise shared details about it with the people behind the false accounts, which demonstrates the ease with which malicious actors or state agents could obtain sensitive information. One of the chief tactics they used to draw unsuspecting people into their web of carefully constructed deliberate deception was targeted advertising, which cost just $60 to deploy across Facebook.

The NATO research team broadened their search for personal data by taking in other social media platforms and apps. Through this they were able to identify specific personnel who were married but also using online dating apps - information sensitive enough to be used against an individual as leverage, convincing them to share sensitive details or even – as was the case in the research project – abandon their posts while on duty.

Have you read?

The World Economic Forum’s most recent Global Risks Report details concerns regarding the ongoing threat of data fraud, cyber-attacks and other tech-based vulnerabilities. Around two-thirds of respondents to the 2019 survey said they “expect the risks associated with fake news and identity theft to increase” this year, while three-fifths said the same about loss of privacy.

In an increasingly connected world, cyber threats have far-reaching consequences. The Fourth Industrial Revolution relies on a greater level of connectedness and data sharing than ever seen before. But, as the NATO project has shown, even the most secure organizations are far from safe.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

Behavioural Sciences

Related topics:
Emerging TechnologiesResilience, Peace and SecurityIndustries in DepthJobs and the Future of Work
Share:
The Big Picture
Explore and monitor how Behavioural Sciences is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

5 ways to achieve effective cyber resilience

Filipe Beato and Jamie Saunders

November 21, 2024

Why AI is Southeast Asia's new engine for profitable growth

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum