An unknown individual used a retired Colorado state trooper’s identity to set up a fake Facebook account and friend both real cops and apparent ISIS sympathizers, officials revealed in a recent internal bulletin.
“[We assess] with high confidence that it was designed under false pretenses to gather information regarding law enforcement members,” said the bulletin from the Colorado Information Analysis Center, a division of the state’s Department of Public Safety.
Authorities said the account was created Oct. 12, and CIAC contacted the retired trooper the next day. He said he was unaware of the account.
Some of the individuals who accepted friend requests from the account were current law enforcement officers. Others “appear to be sympathizers of [ISIS],” said the bulletin. “Some individuals are possibly members with radical Islamic ideology and anti-Semitic beliefs who have gruesome pictures of beheadings and killings on this social media site.”
The bulletin showed some of the photos posted by the apparent jihadis, and warned police officers that terrorists might try to harvest their personal information via social media in order to launch an attack.
“International terrorist organizations and criminal domestic groups continue to violently target law enforcement and military members in the United States,” the bulletin said. “They seek to exploit their personal information on social media.”
CIAC reminded officers to be careful with their social media and with “whom they allow into their digital community. Please review the requester’s entire profile and avoid relying on mutual friends to assess the legitimacy of the requestor.”
Capt. J.P. Burt, director of CIAC, told NBC News that the incident was both instructive and disconcerting.
“Luckily, we caught it [the fake account] very early, but it’s scary,” said Burt, who thinks the intrusion was a sign of broader efforts to exploit “gaps and weaknesses” among law enforcement and the military.
Burt would not identify the victim, elaborate on who could be responsible or say whether the account was created in the U.S. But he said that amid rapid changes in technology, the intrusion served as a warning to everyone from cops to the public at large not to “take friend requests or e-mail at face value.”
“We as a society have to be responsible and not believe everything we see on the Internet,” Burt said. “You have to vet it.”
The FBI would not comment on the fake Facebook page, but a spokesperson said the page was the kind of threat the FBI usually investigates.
A senior U.S. intelligence official said “Facebook Phishing” is a tactic that had previously been employed by terror groups, but had not yet been used by ISIS.
Cybersecurity consultant Suzanne Vautrinot, a retired Air Force major general who formerly headed the service's Cyber Command, said she was familiar with this form of cyber spoofing from criminals, but not terror groups.
Vautrinot said the technique may proliferate. "It's a fact of life that it's difficult to find, but particularly difficult to prevent," she said. "Because it's so successful, it will be widely used. It doesn't take a lot of brain power."
On Friday, the Office of the Director of National Intelligence released video showing how enemies of the U.S. can use social media to gather intelligence on individuals and ultimately defense contractors and the intelligence community.
Earlier this month, federal prosecutors charged a hacker living in Malaysia with giving ISIS more than a thousand names of Americans, including diplomats and local government officials, for a kill list. Ardit Ferizi, originally from Kosovo, had culled the names from 100,000 identities stolen from the Phoenix server of an unnamed U.S. retailer.
