Bad OPSEC (Operations Security) exposed by Air War on ISIS?
“Loose Tweets Destroy Fleets” is the slogan (based on the U.S. Navy’s WWII slogan “Loose Lips Sink Ships”) that the U.S. Air Force Central Command used a couple of weeks ago for an article aimed at raising airmen awareness about the risk of sharing sensitive information on social media.
Indeed, the AFCENT article speaks directly to the threat posed by Islamic State supporters who, according to Stripes, on at least two occasions have acquired and posted online personal data of military personnel, urging sympathizers, “lone wolves,” to attack Americans in the States and overseas in retaliation for the air strikes.
The article highlights the importance of proper OPSEC to keep sensitive information away from the enemy and to prevent leakage of information that could put missions, resources and members at risk, “and be detrimental to national strategic and foreign policies.”
Interestingly, the article only focuses on the smart use of social media. Ok, however, there are other possible OPSEC violations that the U.S. Air Force (as well as many other air arms currently supporting Operation Inherent Resolve, in Iraq and Syria, or Enduring Freedom, in Afghanistan) should be concerned of.
In October 2014 we highlighted the risk of Internet-based flight tracking of aircraft flying war missions after we discovered that a U.S. plane possibly supporting ground troops in Afghanistan acting as an advanced communication relay can be regularly tracked as it circles over the Ghazni Province.
The only presence of the aircraft over a sensitive target could expose an imminent air strike, jeopardizing an entire operations.
Although such risk was already exposed during opening stages of the Libya Air War, when some of the aircraft involved in the air campaign forgot/failed to switch off their mode-S or ADS-B transponder, and were clearly trackable on FR.24 or PF.net and despite pilots all around the world know the above mentioned websites very well, transponders remain turned on during real operations making the aircraft clearly visible to anyone with a browser and an Internet connection.
During the last few months many readers have sent us screenshots they took on FR24.com or PF.net (that only collect ADS-B broadcast by aircraft in the clear) showing military planes belonging to different air forces over Iraq or Afghanistan: mainly tankers and some special operations planes.
We have informed the U.S. Air Force and other air forces that their planes could be tracked online, live, several times, but our Tweets (and those of our Tweeps who retweeted us) or emails have not had any effect as little has changed. Maybe they don’t consider their tankers’ racetrack position or the area of operations of an MC-12 ISR (Intelligence Surveillance Reconnaissance) aircraft a sensitive information…
Image credit: screenshots from Flightradar24.com
This happened last week actually. A plane that Circled over Southern Afghanistan for a few hours with GLEX as its callsign.
Some sort of Bombardier Executive Long Range Jet (I think) with a range of 7000 miles. I’ll look to see if I can find it again.
This one? https://theaviationist.com/2014/08/13/bacn-supports-air-strike-afghanistan/
The Very same. Just on a different track.
When and where exactly did you track the area of operations of an MC-12?
Have you ever considered that they may HAVE to have Mode S on due to international regulations? Tankers often have it on so they can be tracked by AWACS and incoming aircraft for refuelling. None of the aircraft involved here in your article are strike jets or SIGINT aircraft. Also, consider that internet websites are not the only way to track aircraft. If they show up there, they’ll also show up on third party full radars and surveillance equipment. I would think they wouldn’t leave this on if they believed it was compromising. Don’t make it so big, it’s not.
Any airplane can operate in a Due Regard mode with no IFF or transponder signature at all. That was standard procedure for all of our flights in the “sensitive area” with ZERO emissions.
Receiver aircraft do not use the tanker transponder to find the tanker. There are other secure on-board devices to provide this rendezvous information.
The point of this article is that using a laptop and the internet, ISIS commanders, a bunch of punk terrorists, have the operational equivalent of a full-up AWACS or ground-based radar detection system. If they see a gaggle of KC-135Rs (call sign “Quid” flight of 6) orbiting of the east coast of Cyprus, then they can infer an incoming strike package and go “underground”, rendering the strike irrelevant.
OPSEC means not compromising ANY information about the mission. FR24 shows that OPSEC isn’t working. Mr Cenciotti’s point is right on the money.
Actually some of those are SIGINT aircraft. Also, many aircraft have been taking measures to stop this sort of tracking as it’s been successful.
do not worry … it is not a real war with ISIS or the taliban for that matter. no enemy airforce and third rate combatants with no threat weapons. also ISIS boasts on social media like everyone else. the much more serious issue is that no strategy or tactic used since 2001 works. looks like a big fail without elite ground troops and the only ones are the kurdish peshmerga and ypk…