Home / US / Army 504th Brigade app risks revealing secrets, soldiers say

Army 504th Brigade app risks revealing secrets, soldiers say

But the soldiers – many of whom have jobs in interrogation, human intelligence and counterintelligence – soon noticed that the app's terms of service said it could collect significant amounts of personal information and that the developer had a presence abroad.

caused a great concern that a hack could expose individuals and missions worldwide, soldiers in the unit said.

"We are doing top secret work," said a public officer, who, like others, spoke on the condition of anonymity for fear of retaliation through their chain of command. "If our personal information is posted to a foreign power, what can they get from our brigade?"

Intelligence soldiers specialize in seeping enemy communications and the groom to provide information about their enemies, such as their location and what weapons or capabilities they may have.

As they deploy, some soldiers grow out their hair and wear civilian clothes to hide their military roles and not reveal their work outside of close relatives, said another unofficial officer in 504th. [1

9659002] The app's permissions – which suggested that it could pull GPS location information, photos, contacts and even write about memory cards – frustrated soldiers who have taken extreme precautions they felt were glossed over by Trotter and other senior leaders.

"Just being in intelligence, we are trained to be extremely paranoid of everything," said the soldier. "This is serious operational security that is not taken into account."

The worst-case scenario, he said, was "our protection may be blasted. "While the app said the permissions could be disabled, the soldiers said there was a failure of confidence it was safe. Older leaders checked subordinate phones to make sure they had the app installed, soldiers said in the unit.

Adversarial governments and intelligence agencies price gaps for people who collect and handle classified information, says David Forscey, CEO of the Aspen Institute's Cybersecurity Group.

Sensitive information such as loan debt, drug use history or even a trail of adultery through dating apps is all information that can be used to blackmail soldiers or force them to disclose classified information, he said.

"One reason why drug addiction is an issue in background research is that the United States wants to see what people may need to compromise with you," Forscey said.

Although secrets collected from a soldier are not apparent now, they could be useful later if it is correlated with other data, Forscey said.

For example, he said, there is the belief that a massive Chinese hack of US security clearances may have been a pair of theft of medical information in the Anthem hack to find US officials with access to classified information that may also have large hospital bills – which makes them a prime target for exploitation.

And if a soldier leaves the military and enters the CIA or another agency, "it would be useful for China to know who they are and what they look like."

That's why US officials should balance the risk of revealing sensitive information with the potential gain, he said, which wasn't clear for an app that provides rudimentary updates, such as training changes or weather interruptions.

The app developer, Straxis LLC, is based in Tulsa but has a subsidiary in southern India. User data was not stored on foreign servers and third parties do not have access to data, says a company spokesman.

Questions about security audits under development, which user data collected and development costs were referred to the 504th Military Intelligence Brigade, which did not address them or make Trotter available.

Concern among service members circulated on Reddit and the Army WTF! moment Facebook page, a popular digital hangout for soldiers. Soldiers erased the app in revolt. Trotter called another formation Wednesday to address the controversy, urging who talked about the issue online, soldiers in the unit said.

The app was later taken from both the Apple App Store and the Google Play Store.

"We are convinced that appropriate security protocols exist to protect our soldiers' personally identifiable information," the unit said, calling the app an unclassified communication tool. Straxis, said the brigade, had developed similar apps for other units.

The app was removed for a "scheduled maintenance update" and will return to the app stores, the unit says, although it did not explain the time of removal immediately after the scream inside the unit.

On Wednesday, the brigade said the soldiers had no "formal obligation" to download the app.

A day later, the course reversed, conceding that the app was originally "mandatory". but after "further discussions and feedback" from unit soldiers, the brigade decided that it would only "strongly encourage" the use of the app.

The soldiers were also frustrated by the legal review of an order to install an app on personal smartphones. Trotter told the soldiers it was approved by army lawyers, they said, but it was unclear to soldiers if Trotter could mandate an app on their private devices.

A soldier said he was often away from his wife, and they sent intimate photos to each other. He could not be sure if they would land on a server monitored by his commander.

"I don't want anyone else to look at my wife [breasts]," he said.

Source link