June 2, 2022:
Israel recently revealed that it had suffered another OPSEC (Operational Security) failure following an investigation into who leaked details of the Israeli war on Iranian maritime smuggling. That leak occurred before the attack on an Iranian smuggling operation was to take place and forced the mission to be called off. The leak came from one the 1,200 military personnel who knew about the operation. Only 450 of them had signed the confidentiality agreement that everyone with knowledge of these operations was required to sign. Those who sign the agreement have it explained to them that violation of the agreement is a criminal offense because leaks endanger the lives of Israelis. Western nations, especially Israel and the United States have long had problems with OPSEC failure. In Israel a lot of reserve soldiers are regularly called up for a few months of active duty and often have a hard time adapting to the OPSEC rules. This got a lot worse with the appearance of advanced cell phones (smart phones) in the last decade. The Israeli reservists on active duty carried their cell phones with them and made videos while on duty for the folks back home or to post on social media. Israeli security officials became aware of this when they found that Palestinian and other Islamic terror groups were using this to plan operations to develop anti-Israel propaganda. Israel let the reservists, and Israeli military personnel in general, know how serious this problem was and told the troops to leave the cellphones home or someplace where the geolocation features of the cell phones could not be used by enemy groups. Islamic terrorists in general have a worse problem with members using their cellphones in ways that reveal their location and operations. Many successful counter-terrorism operations are the result of exploiting poor cellphone OPSEC by the terrorists.
Most armed forces have this problem and some are more successful dealing with it than others. An example of this can currently be seen in Ukraine, where the Ukrainian have much better cell phone OPSEC than their Russian adversaries, which is one reason why the Russians have suffered much higher losses than the Ukrainians.
It’s not just cell phones. Over a decade ago a NSA (National Security Agency) employee conducting an unclassified briefing of NSA activities let slip that the NSA found a way to listen in to Islamic terrorist phone calls and halt attacks. The capability was top secret, but not after the NSA briefer screwed up.
In 2018 the U.S. Department of Defense banned all personnel in “operational areas” (usually overseas combat zones) from using commercial devices with geolocation capability (GPS). This included cell phones and PSMs (Physiological Status Monitors) like Fitbit. What triggered this was the discovery that a social network for athletes called Strava had developed software that enabled anyone to track users wearing a FitBit or other GPS enabled PSMs. Dedicated (often professional) athletes joined Strava to exchange PSM information and that led to Strava developing features that enabled user locations worldwide. Turns out that intelligence agencies had discovered Strava as well and reported that they could not only detect PSM users anywhere in the world but could often identify these users by name. Turned out that many intelligence and military personnel used their Fitbits while overseas, often on secret missions. From January to July 2018 the extent and implications of this became quite clear. The intel agencies quickly (and quietly) ordered their personnel overseas (and often at home as well) to stop using PSMs that made their data accessible to public networks, even ones that were not open to the public. These could be hacked. Now there is a market for “secure (encrypted) PSMs for military and intelligence personnel. Actually, work on that sort of thing has already been underway.
OPSEC will always be with us and those who are better at it tend to win.