# Foreign Interest in Army.ca



## AirDet

Have any of you noticed that roughly half of the "guests" on this site are offshore? For instance this morning I noticed 196 users from Baidu, a Chinese access provider. I think we can understand that not all of those are just curious kids. If someone wanted to keep abreast of the potential of an army, tracking a site like this would be a great way to do that.

I've noticed the moderators have done a great job of making sure anything that compromises the CF and Canada is removed quickly. The problem is that once it's posted; it's in the public domain.

I encourage everyone (including myself) to ask a simple question before hitting the POST button. "Does anything in this post violate the site's rules or DND's security?"

We all play a part in information security.


----------



## Transporter

AirDet said:
			
		

> Have any of you noticed that roughly half of the "guests" on this site are offshore? For instance this morning I noticed 196 users from Baidu, a Chinese access provider. I think we can understand that not all of those are just curious kids. If someone wanted to keep abreast of the potential of an army, tracking a site like this would be a great way to do that.
> 
> I've noticed the moderators have done a great job of making sure anything that compromises the CF and Canada is removed quickly. The problem is that once it's posted; it's in the public domain.
> 
> I encourage everyone (including myself) to ask a simple question before hitting the POST button. "Does anything in this post violate the site's rules or DND's security?"
> 
> We all play a part in information security.


 A while back on another thread, I came across a few guys talking about security clearance requirements for specific trades/MOCs, etc. I chimed-in and offered my opinion that they probably shouldn't be talking about this stuff in an open internet forum. Of course they took offense and proceeded to scold me as the idiot I obviously was because nothing they were saying was technically "classified". I tried to explain that just because individual pieces of information weren't technically classified didn't mean that it was appropriate to discuss them in an open forum. You can paint a very accurate picture through the analysis and amalgamation of multiple individual pieces of otherwise unclassified, but sensitive, information. 

There are foreign entities monitoring these and other forums like it. It's a given today and everyone should be aware of this fact.


----------



## MARS

Killing with Keyboards


----------



## Transporter

MARS said:
			
		

> Killing with Keyboards


 Bingo. It is my firm belief that everyone in the CF should have to complete annual online training in this area.


----------



## MJP

Transporter said:
			
		

> Bingo. It is my firm belief that everyone in the CF should have to complete annual online training in this area.



F*** that.  Well I agree infosec, persec, and opsec are important, I loathe to see another useless DLN online mandatory course suck up more time.  Those mandatory courses are useless except for  putting a stat on someone's Powerpoint.


----------



## Journeyman

MJP said:
			
		

> F*** that.  Well I agree infosec, persec, and opsec are important, I loathe to see another useless DLN online mandatory course suck up more time.  Those mandatory courses are useless except for  putting a stat on someone's Powerpoint.


 :goodpost:


----------



## Transporter

MJP said:
			
		

> F*** that.  Well I agree infosec, persec, and opsec are important, I loathe to see another useless DLN online mandatory course suck up more time.  Those mandatory courses are useless except for  putting a stat on someone's Powerpoint.


 Whilst I agree that some of the online training courses we do today may be superfluous, few (if any) would be more important than this one, particularly in todays info age. If done properly, they are not useless (unless, of course, you simply don't give a f*** anyway).


----------



## MJP

Transporter said:
			
		

> Whilst I agree that some of the online training courses we do today may be superfluous, few (if any) would be more important than this one, particularly in todays info age. If done properly, they are not useless (unless, of course, you simply don't give a f*** anyway).



Yup important, you will get no argument from me.  I say people( and by people I mean leaders) just get a bit of intestinal fortitude and be leaders and lead when they see transgressions, rather than subletting that responsibility to an online crse.  I am using strong language not to attack you but the idea that more online crses will some how fix certain issues.


----------



## Transporter

MJP said:
			
		

> Yup important, you will get no argument from me.  I say people( and by people I mean leaders) just get a bit of intestinal fortitude and be leaders and lead when they see transgressions, rather than subletting that responsibility to an online crse.  I am using strong language not to attack you but the idea that more online crses will some how fix certain issues.


 This is one of those issues that IMHO we cannot beat people over the head with often enough. It can't be left to leaders to correct indiscretions when they see them because with the way technology is so omnipresent in our daily lives today, it's literally a 24/7/365 thing. It doesn't have to be an online course - pick your poison - but it has to be ingrained and reinforced. I don't like it either, but it is the reality of daily life nowadays.


----------



## DAA

MJP said:
			
		

> F*** that.  Well I agree infosec, persec, and opsec are important, I loathe to see another useless DLN online mandatory course suck up more time.  Those mandatory courses are useless except for  putting a stat on someone's Powerpoint.



There are two reasons by you are required to do the DLN online mandatory courses, (1)  to enable you to carry out your duties and act in a somewhat reasonable and responsible manner, and just as important  (2)  so that when you do cross the line and step on your lower appendage, someone can say "Charge em or commence Admin Measures!  They had the mandatory training and therefore, should have known better!"



			
				Transporter said:
			
		

> This is one of those issues that IMHO we cannot beat people over the head with often enough. It can't be left to leaders to correct indiscretions when they see them because with the way technology is so omnipresent in our daily lives today, it's literally a 24/7/365 thing. It doesn't have to be an online course - pick your poison - but it has to be ingrained and reinforced. I don't like it either, but it is the reality of daily life nowadays.



Too much training in any area outside of your "primary duties" on a repetitive basis, has the tendency to result in complacency.  The first time around should be sufficient and then reinforced every 3-5 years but when done annually, it just loses it's intended effect.  Besides, we can't babysit people 24 hrs a day.


----------



## Transporter

DAA said:
			
		

> There are two reasons by you are required to do the DLN online mandatory courses, (1)  to enable you to carry out your duties and act in a somewhat reasonable and responsible manner, and just as important  (2)  so that when you do cross the line and step on your lower appendage, someone can say "Charge em or commence Admin Measures!  They had the mandatory training and therefore, should have known better!"
> 
> Too much training in any area outside of your "primary duties" on a repetitive basis, has the tendency to result in complacency.  The first time around should be sufficient and then reinforced every 3-5 years but when done annually, it just loses it's intended effect.  Besides, we can't babysit people 24 hrs a day.


 Once annually can hardly be considered repetitive and every 3-5 years on this topic is insufficient. And I would argue that infosec is one of your primary duties; it is one of the underpinnings for everything else you do, regardless of trade or MOC.


----------



## George Wallace

One has to admit, the majority of CAF members are just as complacent now of Security as the General Public.


----------



## SupersonicMax

DAA said:
			
		

> There are two reasons by you are required to do the DLN online mandatory courses, (1)  to enable you to carry out your duties and act in a somewhat reasonable and responsible manner, and just as important  (2)  so that when you do cross the line and step on your lower appendage, someone can say "Charge em or commence Admin Measures!  They had the mandatory training and therefore, should have known better!"



I'd agree with you if the training actually trained you to do your duties and was relevant.  It is not.  I learned nothing applicable to my responsibilities as an aircraft captain by doing Contracting with Direct trade.  

There are many other ways to do such training without being a broad brush type training where everyone is considered the same.  Having 1 or 2 lessons during your specific training with refreshers yearly would have a far better effect than it has right now.

Doing those courses is as relevant to my duties as it would be for you to do my tactical training with a yearly written exam Taceval.


----------



## DAA

Transporter said:
			
		

> Once annually can hardly be considered repetitive and every 3-5 years on this topic is insufficient. And I would argue that infosec is one of your primary duties; it is one of the underpinnings for everything else you do, regardless of trade or MOC.



I don't disagree with your point about infosec being important, I am merely explaining what I have seen first hand when it comes to "annual" types of training, similar to this, which are delivered online.

Login, commence the training, go about your regular job while returning to your computer to tap on the spacebar every 1-2 minutes to advance to the next slide/scenario, print certificate, log out.  The alternate option is delivering the training in a classroom environment, in which case it is usually "good luck getting people to attend", mandatory training or not.


----------



## Transporter

DAA said:
			
		

> I don't disagree with your point about infosec being important, I am merely explaining what I have seen first hand when it comes to "annual" types of training, similar to this, which are delivered online.
> 
> Login, commence the training, go about your regular job while returning to your computer to tap on the spacebar every 1-2 minutes to advance to the next slide/scenario, print certificate, log out.  The alternate option is delivering the training in a classroom environment, in which case it is usually "good luck getting people to attend", mandatory training or not.


 I have completed mandated online training courses on a range of topics and many of them have been very good.  As with most things, quality of the package and method of delivery will dictate effectiveness. Sure, if you want to post a powerpoint slide deck and have folks flip through it at their leisure and then consider them trained once they've finished, of course that's a waste of time. But it doesn't have to be (nor should it be) like that. I've completed online training courses that have been interactive, with video and audio, that required confirmatory testing in specific areas before being allowed to continue to the next topic, etc. They have been far more involved, and effective, than viewing a powerpoint slide deck. And there was no way possible to hit the spacebar to advance through the material to print your certificate of completion.


----------



## Transporter

George Wallace said:
			
		

> One has to admit, the majority of CAF members are just as complacent now of Security as the General Public.


 I think I would tend to agree with that.


----------



## Mike Bobbitt

I think regardless of the actual or desired level of IT security awareness training, it's important to know that foreign parties are in fact trolling Army.ca and other public resources for information.

It's important we stick to public, non-sensitive information when posting here. As noted above, sometimes even "innocuous" information can help paint a broader picture or connect more sensitive dots for the bad guys.

The example I use is folks who post their workouts on Facebook. Anyone who has posted their run time, distance and calories burned has allowed their weight to be "reversed engineered". Most don't realize the implications and it's a good 'personal' example that resonates about how public data can easily be pieced together to obtain private info.


----------



## AirDet

MJP said:
			
		

> F*** that.  Well I agree infosec, persec, and opsec are important, I loathe to see another useless DLN online mandatory course suck up more time.  Those mandatory courses are useless except for  putting a stat on someone's Powerpoint.



Amen to that! I actually found myself doing that to others last year and had to give my own head a shake.

I just thought if we remind people to pay attention to these sorts of threats most people will comply. Those that don't get to deal with the moderators or their own C of C.


----------



## JesseWZ

George Wallace said:
			
		

> One has to admit, the majority of CAF members are just as complacent now of Security as the General Public.



Amen.


----------



## Tibbson

Transporter said:
			
		

> Once annually can hardly be considered repetitive and every 3-5 years on this topic is insufficient. And I would argue that infosec is one of your primary duties; it is one of the underpinnings for everything else you do, regardless of trade or MOC.



Really, all it will do is take an hour out of everyone's life but it won't change minds or practices.  As it is now my people need to do the online Defence Ethics course every year and its turned into a joke with everyone vying for the title of who got through it quickest.


----------



## AirDet

A few years ago one of our specialty sections was receiving test results from a contractor thru a MSN account. I almost lost my cookies when I found out. The guys had been doing it like that for so long they didn't realize what a risk it was.

To explain it to them I took an image off their computer and blew it up so we could see the pixels. Then I said, intelligence gathering is like this image. Each pixel is just one piece of information like the information they were not safeguarding. If someone gets enough of those pixels a picture starts forming. Zooming out they "got the picture".

Needless to say the account was shut immediately and a secure method was quickly established.

It's pretty easy to drop a "pixel" when we're chatting with fellow members.


----------



## Nemo888

They aren't here today unless they are real keeners. It's lunar new year and everyone is home with their family. But if you are stuck working 恭禧发财


----------



## Journeyman

Mike Bobbitt said:
			
		

> .....foreign parties are in fact trolling Army.ca ....


Our adversaries will presume that the CAF is the employer of choice for the indecisive, the illiterate, the self-entitled......and some who are medically unsuitable, but we should take them anyway. 

Not sure if this is our best deception plan.    :-\


----------



## Nemo888

One single department of the CPC employs 2 million public opinion analysts to monitor the web. It would be hard to find a place on the net where they don't have a presence. Back in the day it was fun to tease them that we lived in an actual communist country and tell them how much people here were paid on welfare or pensions and then throw in what was covered by our state health care. If I was in charge there I'm not sure I would want the troops seeing how much better it is here. The cleanest air, water and food in the world. Pensions, health care, low corruption(in comparison), a free press, decent wages, etc, etc.


----------



## George Wallace

Nemo888 said:
			
		

> One single department of the CPC employs 2 million public opinion analysts to monitor the web. It would be hard to find a place on the net where they don't have a presence. Back in the day it was fun to tease them that we lived in an actual communist country and tell them how much people here were paid on welfare or pensions and then throw in what was covered by our state health care. If I was in charge there I'm not sure I would want the troops seeing how much better it is here. The cleanest air, water and food in the world. Pensions, health care, low corruption(in comparison), a free press, decent wages, etc, etc.



Don't worry.  I am sure all those Chinese tourists and business people who visit here with their cameras and gps have a good grip on our fresh air, natural resources, freedom of the press, Health Care, Welfare, benefits for Refugees, etc.  I am sure any fears of them knowing these things were dispelled decades ago.


----------



## a_majoor

Culture counts for a lot. People can see exactly the same data and draw entirely different conclusions from it based on their "cultural" background and biases.

So while the masses of information about Canada and the "West" might make an impression on some or even many of the various on line monitors working for the Chinese government, military and intelligence services, the analysis is filtered and digested by people who are going to see it in a very particular way. This is equally true of Iranian, Russian or even French people monitoring Army.ca.

This is not to say that Infosec can be discounted, simply that what is coming out the other end might look rather strange to us.


----------



## jollyjacktar

Well, shyt.  We're famous...


----------



## guynumber7

You would be surprised how much people can learn from open source intel. We shouldnt give people more then they need.


----------



## SupersonicMax

Yet, Monitor Mass is on an unclass system.  Want to get the whole CAF readiness state?


----------



## AmmoTech90

SupersonicMax said:
			
		

> Yet, Monitor Mass is on an unclass system.  Want to get the whole CAF readiness state?



From what I've seen of MM that would be the greatest deception plan since Operation Fortitude.

I've said too much!


----------



## Nfld Sapper

AmmoTech90 said:
			
		

> From what I've seen of MM that would be the greatest deception plan since Operation Fortitude.
> 
> I've said too much!


----------



## Good2Golf

Journeyman said:
			
		

> Mike Bobbitt said:
> 
> 
> 
> 
> ...foreign parties are in fact trolling Army.ca...
> 
> 
> 
> 
> Our adversaries will presume that the CAF is the employer of choice for the indecisive, the illiterate, the self-entitled......and some who are medically unsuitable, but we should take them anyway.
> 
> Not sure if this is our best deception plan.    :-\
Click to expand...


Perhaps the PLA will undertake its own new boot procurement modelled on what it has learned on Army.ca?


----------



## TangoTwoBravo

An enemy who counts on Monitor Mass for our readiness is more foolish than us counting on Monitor Mass for the same.


----------



## SupersonicMax

Maybe now, but there is a definite push in that direction: from when people are on leave to which qualifications individuals have to their personal readiness. 

It is all available now, but not in a centralized place, like MM.

For the very same reasons, aircrews implemented Flight Pro on the Air Force Tactical Network.


----------



## TangoTwoBravo

My point is that checklists bear no relation to readiness.


----------



## Journeyman

You folks will bear the brunt when NDHQ's "Monitor Mass Rocks" guy comes back online ......   :nod:


----------



## SupersonicMax

I am not talking about checklists


----------



## Good2Golf

Journeyman said:
			
		

> You folks will bear the brunt when NDHQ's "Monitor Mass Rocks" guy comes back online ......   :nod:



Maybe he's a PLA operative trying to get people to post about all the features of Monitor Mass?


----------



## OldSolduer

Good2Golf said:
			
		

> Our adversaries will presume that the CAF is the employer of choice for the indecisive, the illiterate, the self-entitled......and some who are medically unsuitable, but we should take them anyway.
> 
> Not sure if this is our best deception plan.    :-\
> 
> 
> Perhaps the PLA will undertake its own new boot procurement modelled on what it has learned on Army.ca?




Well played sir.....


----------



## MarkOttawa

Excerpt from Sir Humphrey at _Thin Pinstriped Line_ (most of post is about Brits using OSINT including social media):



> The #Russians are coming!
> ...
> The final thought on this is that OSINT is a two way street and that the current and next generation of recruits in the military will perhaps have to learn the hard way that their Facebooks, Twitters, Snapchats and other social media represent a real security risk and intelligence bonanza. Having grown up in a world where social interaction is instantaneous, and sharing one message across a broad spectrum of friends is taken for granted, trying to explain to them that tweeting locations, or messaging about what they are doing on board a vessel can be a dangerous thing to do, is perhaps a very challenging task.  One only has to do a cursory look at most social media sites to find it possible to build a profile of what many Western military units are doing simply by following the Twitter and Facebook profiles. In the 1970s onwards, personal security was about having as anonymous a presence as possible on the streets. Today we need to ensure that our next generation of military personnel understand that this also must translate into as anonymous an online presence as possible when it comes to talking about what their work or unit is doing.
> 
> This is perhaps a major cultural challenge facing most Western militaries in trying to explain to a new generation of linked in individuals that careless talk can easily cost lives. Posting when you come alongside and are planning a run ashore, or linking photos of your child’s first day at school to your open account places a huge personal security risk on the individual and their family. The MOD has done an absolutely superb campaign highlighting the risks of too much information sharing online, but it may take some time for people to realise just how much they are giving away. The irony is that people who take their jobs so seriously, and are passionate about protection of classified material at work see nothing inherently wrong in talking online about their units activities or ships forthcoming programme.
> 
> The recent news from the Ukraine, where taped conversations between US officials were leaked highlights that the collection threat has not gone away, and that even very high level communications are open to interception. Perhaps more intriguingly, the fact that a foreign Government was willing to sacrifice the particular source, intentionally denying itself future collection from what was presumably a valuable source is very interesting and raises further questions. What is does show though is that the threat has not gone away, and that publicising locations, deployments, expected return dates and information like pictures onboard ship will help hostile powers build a much better picture of intentions, capabilities and help them take actions that may not be in our interests...
> http://thinpinstripedline.blogspot.ca/2014/02/the-russians-are-coming.html



Mark
Ottawa


----------



## TCBF

- Well, whoever is reading this, I just wish they would sell us some trucks...


----------



## DAA

TCBF said:
			
		

> - Well, whoever is reading this, I just wish they would sell us some trucks...



Bombardier already got rich, it's now someone elses turn.....      :rofl:


----------



## George Wallace

DAA said:
			
		

> Bombardier already got rich, it's now someone elses turn.....      :rofl:



White Trucks (Western Star) did as well.


----------



## medicineman

On a serious note, I well remember sitting in on a hot wash from a "Storming Bear" exercise with 2 (EW) Sqn from 1 CDHSR and what I heard was actually pretty spine tingling...they'd done psych profiling on some of the unit/sub-unit leadership based on electronic eavesdropping and were able to figure out the weak links based solely on listening in on people talking to each other, their choices of words and inflection in their voices.  Forget all the other stuff they found out because people weren't being brief, using veiled speech, etc on insecure radio and cell phone nets.  I'm sure if the exercise went on any longer, they'd have started in trying to do some Tom Foolery on the net using that information.

The spooks are out there, their's and ours...and all I have to say to them is "F&^K OFF!!"  :nod:

MM


----------



## George Wallace

What!  I had a free psych eval and no one let me know.  Damn!  I wonder how I faired?


----------



## medicineman

George Wallace said:
			
		

> What!  I had a free psych eval and no one let me know.  Damn!  I wonder how I faired?



Quite possibly...do you still use/need your tin foil hat?

 ;D

MM


----------



## Journeyman

medicineman said:
			
		

> What!  I had a free psych eval and no one let me know.  Damn!  I wonder how I faired?
> 
> 
> 
> Quite possibly...do you still use/need your tin foil hat?
Click to expand...

I'm glad you phrased those separately - Need?  yes.   Use?   :dunno:


----------



## OldSolduer

medicineman said:
			
		

> Quite possibly...do you still use/need your tin foil hat?
> 
> ;D
> 
> MM



If anyone needs one I got spares.......ya know.....for the apocalypse.


----------



## AirDet

George Wallace said:
			
		

> What!  I had a free psych eval and no one let me know.  Damn!  I wonder how I faired?



Well, if the boys in the fun white jackets didn't come get you; you must have passed.


----------



## AirDet

Jim Seggie said:
			
		

> If anyone needs one I got spares.......ya know.....for the apocalypse.



Wow! You guys can afford tin foil hats? Our budget has been slashed so deep we can't even afford to pay attention.


----------



## Fishbone Jones

AirDet said:
			
		

> Wow! You guys can afford tin foil hats? Our budget has been slashed so deep we can't even afford to pay attention.



Scavenged from cigarette packages in the smoking area.

And it takes a lot of tinfoil to cover some of these heads


----------



## medicineman

recceguy said:
			
		

> And it takes a lot of tinfoil to cover some of these heads



Hey!!!  I represent that remark  

LOL


----------



## TCBF

- I think members should continue to volunteer funds for this site, but 'Guests' should have to type in their gummint issued credit card number and pay through the nose.


----------

