Wednesday, April 29, 2009

effective selective near real time mass communication?

today i saw the highway being shutdown along a route that some important person would presumably soon be traveling. i was able to observe some interesting operational details, and started pseudo-red-teaming the situation in my head looking for vulns.

i tweeted about the route, and that got me thinking about how much operational real-world security benefits from obscurity.

if someone was paying attention and could act upon the information i tweeted, it could present a significant security exposure. ZOMG!!!1! twitter is a terrorist tool!!! nono, that's not what I'm saying...

the amazonfail hashtagging phenomenon shows us something about it. If a grassroots group of people want to track a topic in near-real time, they can do it. soooo, loopin back to phy sec and operational security issues, hashtagging could be used to track a number of things which traditionally have been effective in-part due to obscurity, such as:


these are all candidates for multi-tagging with a #city hash to make them more useful.

i guess you could track celebrity locations in near-real time too:

#bradpitt #paparazzi
#clairedanes #stalker

orrrrr how about #flashmob #city.... or #hotclub #city.... or #riot #city... waitwaitwait...

anyway, the point (if there is one) is that no single person can make twitter give them this type of information, but if certain hashtags becomes popular grassroots phenomenons, they can significantly alter the effectiveness of traditional obscurity based physical security measures. even if #roadblock is never picked up, someone looking might be able to infer things using #traffic ;)

*update* - looks like i tweeted the route taken by the presidential motorcade...

No comments: