The FBI's digital security guide for local police actually has good OPSEC advice

An FBI cybersecurity guide instructs local police officers on how to avoid surveillance and harassment online amid ongoing protests against police brutality throughout the U.S.

The Federal Bureau of Investigation instructions include a range of advisories for smaller police agencies, ranging from ways to avoid harassment on Facebook to the best ways to remove personal information from publicly available databases. The 354-page document, titled “Digital Exhaust Opt Out Guide,” was released publicly in June as part of the BlueLeaks data dump, a trove of law enforcement materials made public by transparency activists calling themselves Distributed Denial of Secrets.

Federal authorities have distributed the guidelines to local police fusion centers — the state-operated hubs where federal, state, local and other law enforcement agencies share threat information and training tools — amid protests over the death of George Floyd and other unarmed Black Americans at the hands of police.

A number of other advisories shared through the Minnesota Fusion Center, which oversees the area where a police officer used lethal force on George Floyd, warned law enforcement personnel to “reduce social media footprint and use an alias” online, according to previous reporting in The Intercept.

Distribution of the alerts coincided with reports that hackers had infiltrated police networks to steal data, and then publicized stolen personal information. One incident, in which members of the Anonymous hacking group claimed to distribute hacked data from the Minneapolis Police Department, proved to be unfounded.

The FBI’s Digital Exhaust Opt Out Guide appears to have been completed in October 2019, and compiles a broad range of security measures designed to “mitigate risk for Law Enforcement employees’ and their families as it pertains to protecting their personal information, which is vulnerable to exploitation.”

One section of the advisory warns law enforcement personnel to be wary of fake LinkedIn accounts that scammers or advanced hackers could use to sweep up their personal data. LinkedIn profiles with fake pictures, incomplete profiles, limited connections and suspicious work history, among other factors, could aim to view a target’s connections or contact an individual to ask more personal questions.

The FBI also advises police to remove pictures of their homes from internet real estate listing services, suppressing images from Google Street View and similar services, and scrubbing as much data as possible from social media platforms and for-profit data brokers, which charge customers to access individuals’ phone numbers, addresses and family connections.

“People search sites enable the public to search names and other personally identifiable information,” the guide says. “Returns from these searches include property addresses, points of contact, family members, aliases and more associated with the searched information with varying degrees of accuracy.”

Authors of the report also describe internet browsers and the online advertising economy as areas where users’ personal information is especially vulnerable.

One guide walks readers through ways to secure data in Google Chrome and Mozilla Firefox by using select add-on extensions, like “Ghostery.” Ghostery is an open-source privacy tool that blocks ads and web trackers that would follow users through the web. (In 2014, former U.S. National Security Agency contractor Edward Snowden recommended Ghostery as a data protection tool.)

It’s one of dozens of services the FBI recommends to local police to secure their identity and data online through the Opt Out Guide. Other sections urge law enforcement personnel to limit the number of Facebook friends and contacts who can access their account, disable facial recognition on the service and avoid using their full name.

“This is one of the fastest ways to get into someone’s life so you might as well make it harder for someone to find you if they get a hold of your personal information or use Facebook as a way to gauge your life[,] even in new social circles,” the guide says. “Unfortunately, as Facebook notes, some individuals use tactics such as impersonating a friend to gain access to personal information.”

The disclosure comes amid ongoing attention on BlueLeaks, the 269GB database of policing materials made public by Distributed Denial of Secrets. The group appears to have obtained the trove of files after hackers breached Netsential, a Texas web company that maintains websites for police agencies and fusion centers throughout the U.S.

Other disclosures have detailed how authorities in California tied a coronavirus-themed phishing attack to an accused hacker in Algeria, how the FBI investigated green energy activists, and how Amazon’s Ring doorbells aid police, among other revelations.

The Department of Homeland Security is investigating Distributed Denial of Secrets.

The FBI’s Digital Exhaust Opt Out Guide is available in full below.

TwitterFacebookLinkedInRedditGmail