Defence staff should 'erase their online lives'
A Special Operations Task Group soldier prior to a mission with the Uruzgan Special Response Team. Photo: Corporal Chris Moore.
The entire defence workforce, including reservists and public servants, must erase all trace of themselves online to protect Australia against cyber warfare, an IT expert and former soldier says.
I worry every day about this problem: it's that serious.IT expert and former army officer Mark Gregory
RMIT University senior lecturer Mark Gregory, an engineer with extensive experience in network security, says Facebook, Twitter, Google and other social media are a goldmine that enemies will use against the military.
Australian Army soldiers on parade. Photo: Glenn Campbell
He also believes last month's attack on a University of NSW database at the Australian Defence Force Academy was a devastating blow for the next generation of military leaders.
Fairfax Media has revealed that a lone hacker stole the personal details of thousands of ADFA students and staff during a raid he carried out ''for fun''.
The man, who is known as Darwinare and is linked to hacking group Anonymous, posted online a mix of names, identification numbers, passwords and dates of birth of about 12,000 present and former ADFA students.
Among them were hundreds of senior military officers.
The University of NSW, which runs the academic courses at ADFA and owned the breached database, said it acted immediately to prevent further hacking.
However, it warned students and staff that some published details could be ''used for attempts at identity theft and again this requires additional vigilance''.
Yet while most of the leaked details seemed innocuous, Dr Gregory said the damage was severe and irreversible, as the information would help hackers obtain other data.
''These people will be the leaders of our military for the next 30 years.''
The more data that potential enemies had about our commanding officers, the more likely future cyber operations against the defence forces would be successful, he said.
''Every power builds up profiles of the people who lead other militaries. That's just the rules of war 101.''
Future conflict would be waged in cyberspace as much as by ''boots on the ground'', he said.
''Warfare is going to be about impersonating people and convincing others to carry out tasks based on false information.''
Dr Gregory recommended that ''on the day these cadets enlist, their entire electronic lives be erased''.
''They should have no Facebook accounts, no Google accounts, no iTunes accounts.
''They should not exist on digital networks until they retire from Defence.''
He said the strict rules should apply not only to ADFA recruits but all enlisted personnel, as well as reservists and Defence Department staff - more than 100,000 people.
''Defence needs a team whose sole job is to hunt this information down and delete it. I worry every day about this problem: it's that serious.''
However, a social media specialist has dismissed Dr Gregory's plan as ''ludicrous, impossible to carry out and potentially dangerous''.
Delib Australia managing director Craig Thomler, a former public servant who advises government on online engagement, said the proposal would also breach defence workers' democratic rights.
''This is an engineering solution applied to a human and social problem, and it won't work.''
He said social media had stretched beyond the strict control of individuals.
''Everyone has a presence online, whether you submit it or your friends and family do. A photo might be taken at work or at a picnic and someone tags the names of the people in it. You can't stop this.''
Mr Thomler said it was reasonable to restrict how some government staff engaged online, but not to the extent of preventing them from taking part in the society they serve.
He also said potential enemy powers would simply search for people who were not online, ''because they'd realise that the only people in the country without a social media presence are the ones they're interested in''.
''It's counterintuitive, but it's much easier to steal someone's identity if they're invisible on social media, because no one knows them.''
The Defence Department said the University of NSW informed it of last month's cyber attack on the day it was carried out.
A spokesperson said the university and the department were working together ''to ensure former military students and staff were made aware of the breach''.