New Delhi: Concerned over the increased hacking of accounts on social media platforms like Facebook and WhatsApp, Indian Army wants its officers holding critical posts to deactivate their Facebook accounts and not to use the popular messaging application, WhatsApp, for any official communication.
The Army has cautioned officers holding sensitive posts in all headquarters, divisions and brigades that WhatsApp is a vulnerable platform and so should not be used for any official communication, it said in an advisory last month.
It said though WhatsApp is end-to-end encrypted, the encryption would cease to be effective if the mobile handset on which it is being used gets compromised.
WhatsApp was recently in the eye of a storm after it admitted that surveillance software called Pegasus — owned by an Israel-based NSO group — had been used to compromise sensitive data of some of its Indian users, including journalists and activists.
The advisory comes after the Army cyber group conducted an analysis of social media trends in which it has identified a new set of problems on the ways its personnel use the internet.
The advisory states that the popular social media platform Facebook has turned out to be a crucial source of collecting intelligence, which is why officers holding critical posts in the Army must consider deactivating their accounts.
Armed forces personnel and their families have been discouraged from posting their pictures in uniform or photographs that can give out details of sensitive locations on Facebook or other social media apps.
The Advisory said there have been numerous instances of loss of information through social media — which could well be inadvertent — despite multiple directives issued to Army personnel time and again on the threats and implications of using the online medium. A social media policy for the Army is already in place since 2016.
The advisory says talks of inimical agencies possessing sophisticated tools for monitoring and analysing data on social media to derive intelligence, underscoring that those holding critical appointments are especially at risk.
The advisory goes on to state that information on OSINT or open source intelligence on the internet can give away substantial information on important appointments held by Army officers.
It advises officers holding sensitive appointments to be aware of the information available about them on the internet and take steps to ensure that critical data about them is not given out inadvertently.
The advisory also states that Army personnel should be cautious in giving out personal and professional details while creating accounts on social media platforms. It further states that substantial information can be extracted just by analysing posts or comments on social media made by either army personnel or their families or friends.
It advises exercising restraint in posting comments, ensuring correct privacy settings and educating families and friends of those in the Army.
The advisory cautions Army personnel to not link their gmail accounts to multiple other applications that could compromise sensitive information on the email account.
Highlighting the susceptibility of smartphones to cyber attacks, the advisory states that social media and other applications should be avoided on smartphones and they should be used only for voice calls and SMS.
It states that email clients used for official communication should be strictly avoided on smartphones, as they are susceptible to phishing campaigns that can compromise the phone, leading to exploitation of calls and messages too.
The advisory warns Army personnel that the location services on a smartphone can give out vital details of movement and has hence asked to keep their location services switched off at all times particularly during visits to forward areas.