By Angela Hill
Would you believe me if I told you that your personal and business travel were likely monitored by nearly every foreign intelligence service in the world?
It has been nearly six years since I left the world of espionage. For six years of my over 12 years serving the Intelligence Community (IC), I hunted the bad guys. My job involved targeting intelligence information resources, conducting social media analysis, and analyzing massive amounts of data.
You may be asking yourself, “But why and what does any of this need for information have to do with my personal or business travel?” Your travel habits have everything to do with the secret, elusive world of intelligence.
You and your personal and business connections matter to nation-state foreign intelligence services. It’s who you know that may help a nation-state or bad guys catch the next target, recruit their next source, or discover an emerging technology.
Foreign Intelligence Services and HUMINT
Foreign intelligence services rely on various data methods to understand their targets but specialize in human intelligence collection, otherwise known as HUMINT. Have you ever watched Al Pacino as an instructor at the farm in the movie “The Recruit” or seen various actors play Tom Clancy’s analyst-turned-operative Jack Ryan? Both characters are involved in HUMINT operations.
The reality is foreign intelligence services rely heavily on human sources to verify data and identify targets. As a result, you or your organization may be subject to HUMINT targeting efforts by a foreign intelligence service.
Related link: 5 Important Cybersecurity Concerns for Business Managers
How Intelligence Services Collect Your Information
Whether you’re traveling for business or pleasure, you should prepare to protect your intellectual property information, relationships, and digital media. HUMINT personnel commonly use these methods to collect your data:
- HUMINT/social engineering strategies – You can be a target due to your existing relationships, business connections or family members. Sometimes, you might be targeted simply because you’re an American.
- Device exploitation – Spies and threat actors can hack into your personal and business devices (such as smartphones or laptops) and target conferences, events, and hotels to exploit those devices. If you’re unable to leave your electronic devices at home, be sure they are encrypted, use a virtual private network (VPN) and ensure other security controls are in place to protect your privacy.
- Interception – All of your electronic information can be intercepted from computers, telephones and other wireless devices. Be sure to encrypt all of your communications such as emails and phone calls.
- Geospatial tracking – Your electronic devices can be geospatially tracked, so turn off your location settings whenever possible. Information about your current location can be revealed by smartphones, fitness trackers and your postings on social media sites. For instance, cell phone towers can determine where you have gone; similarly, mobile devices and social media sites aren’t safe or truly private. Listening devices can even be switched on your laptop, tablet or smartphone when you think they are off, so remove the battery on those devices to ensure your cybersecurity when traveling.
- Malware installation – Malicious software can be installed into electronics device through a connection to a home server. If you use the same device for work, the malware can infect your employer’s servers and other equipment.
- Constant monitoring – Restaurants and other public places, business offices, hotel rooms, business centers, and phone centers are regularly monitored by HUMINT personnel. Remember that you cannot expect true privacy in these spaces and act accordingly to ensure your privacy.
Nine Tips for Maintaining Your Cybersecurity When You’re Traveling
Summer – one of the busiest travel seasons of the year – is approaching. If you are preparing to travel either domestically or internationally, here are some useful cybersecurity tips:
- Improve your security awareness – Educate yourself at work through security awareness training. The Office of the Director of National Intelligence (ODNI) website also offers excellent cybersecurity tips for travelers.
- Leave devices at home and get a “burner” device – If you can, leave your sensitive electronic devices at home. I know that really isn’t feasible for many of you, but it’s a strategy worth considering when you’re potentially under surveillance from a foreign intelligence service due to your affiliations and relationships. Remember, depending on where you are in the world and the lack of privacy expectations, it would be wise to bring a burner device. A burner device is a throw-away device managed by your IT provider that can be scrubbed upon your return from a personal or business trip.
- Encrypt your electronic devices – Use digital signature and encryption resources when possible. But at the same time, be aware that some countries may not let you travel with encrypted devices.
- Do not use “free” public Wi-Fi – Nothing in life is truly free. If an app or a service is free, it is likely that someone is benefiting from your use of it. Also, threat actors can use Wi-Fi to hack into your devices, so never assume that public Wi-Fi is a secure form of access. Do not use public Wi-Fi unless your device is encrypted, you have security controls in place and you use a VPN. Always remember that some foreign intelligence services have the authority to access public Wi-Fi.
- Create strong passwords – Increase the length of your password and use special characters or phrases to ensure greater security. The National Institute and Standards of Technology (NIST) recommends setting your maximum password length at 64 characters.
- Always keep electronic devices with you – Whenever possible, do not leave electronic devices in your hotel and don’t put them in your checked baggage. If your device is lost or stolen, report the loss to your IT department or the local U.S. embassy or consulate.
- Monitor country threat levels and travel alerts – Before your trip, check out the Department of State’s Worldwide Caution website. This site provides U.S. citizens with updates on various countries. Other resources include alerts and warnings from local embassies or consulates and the Department of State’s Smart Traveler Enrollment Program (STEP).
- Change your passwords – To be completely safe, change your passwords when you get back into the U.S. after a trip.
- Have your technology vetted by experts – Turn in your burner device or other electronic device to be checked after you have returned from a trip. Consider establishing a technology vetting program in your organization before allowing employees to travel for business.
Understanding the methods of human intelligence collection and practicing good cybersecurity techniques are proactive ways to protect your data from thieves and intelligence agents. Whether you’re traveling on business or for pleasure, it is still wise to be careful when it comes to your cybersecurity.