"They don't like it up them, Mr. Mainwaring !!"
A trio of transparency boffins have revealed personal details of 27,000 intelligence officers they say are working on surveillance programs. The resulting dump not only names the officers, but in some cases tells you where they live based on data sourced from LinkedIn profiles and other easy-to-access sources. M.C McGrath, …
".....knows how to use PUTTY....." Yes, but did you also note he didn't know the right case - it should be PuTTY, which suggests to me that - like a lot of the CVs I see - the author simply cut'n'pasted a list of interesting apps to boost his chances of being picked up by employment agency search engines. I get some CVs with the most ridiculous lists of skills imaginable, e.g., one that had simply cut'n'pasted the complete alphabetical list of programming languages from Wikipedia, including long extant languages!
"....long extinct languages." Well, I used to call old languages (and old systems) "extinct" but then I kept running into idiots that were still running business-critical applications with examples of them! Indeed, I had one fun trip to a retirement home in the run-up to Y2K to conduct a job interview of one of the few people in the UK still coherent enough to understand a banking system written in the original version of FORTRAN, one of those supposedly extinct languages. I had a bet with a guy from IBM at the time (who was searching through the IBM retiree database for COBOL programmers) that we'd be doing the same in 2038, only we'd be the ones in the retirement homes! So now I play safe and just suggest they are extant and should be made extinct (the old stuff and the management insisting they still be used).
This post has been deleted by its author
I came to the sad conclusion that I am getting old - not only because MC looks 14 to me too, but because he calls himself MC and therefore must be about 14. I was annoyed at how much effort it took me to get over myself (and his very minor lisp) and watch the presentation. I am glad I made the effort though, because that was thoroughly enjoyable.
There are an assortment of characters who hang around pubs in Herefordshire cadging drinks and relating stories about their time serving with 'them', something I expect irritates and amuses the actual SAS in no small measure. Has the project considered that some of these apparently sloppy spooks might be the NSA/GCHQ Walter Mitty equivalents?
to have all this data available for those who would surely use it for bad things.
I have to wonder if giving away all the names of project could land the poster in hot water with their bosses?
So what does the Mi5/MI6/GCHQ linkedIn map look like?
We'd all like to know wouldn't we readers?
Yes I do have a LinkedIn account. I only use it for checking CV's so it is now filled with rubbish but LinkedIn still knows that I once worked for [redacted] Bank and get updates on the people I used to work with.
The kind of work I do requires discretion, but I had to create a template reply to stop people from getting me to join their network on LinkedIn.
You can find my contact details on there (once removed from me, btw, but that's where you get to start), but I don't add anyone I work with to the profile. I found giving away that sort of data too dangerous, and now someone has proven me right. Sigh.
Social media & business related sites like LinkedIn are not the problem.. People are the problem. In "that" line of work you should be fully briefed in on SIGINT, OPSEC & EEFI . Potentially sensitive or codename information is posted by the users themselves. Unless they are running DIP or other counterintel strategies then their SyO should give them a thrashing.
And if you try discretely informing these online blabbers via a BEADWINDOW style pm or two, then they go freakin' postal on you and report it up the chain.
"McGrath says the irony of blundering spooks listing OPSEC as a skill is not lost on him."
Considering some of those listed appear to be disillusioned with the whole shebang you can't help but think some of those posting project names are doing so deliberately.
I was once asked in an interview why they couldn't find me on Facebook etc. and thought it was suspicious that I didn't have an account. Considering what I do for a living I explained that providing that much detail is asking for my personal equipment to be compromised and along with it potentially all their internal security designs. He got the point in the end but I was dismayed at having to point this simple fact out at all!
".....I was once asked in an interview why they couldn't find me on Facebook etc. and thought it was suspicious...." Oh, that's just HR drones for you, they assume everyone is as equally and blindly keen to throw all their personal data and secrets onto the Web as they are. I have worked with many that are amazed that I don't have a Faecesbook profile - "but you work in IT" they say, to which I reply "because I work in IT!"
Biting the hand that feeds IT © 1998–2020