Let’s rewind back to 2013 when code names for surveillance projects were revealed, including MARINA and MAINWAY, and the discovery of LinkedIn profiles of individuals in the IC listing these code names. Transparency Toolkit took advantage of this and automated the collection of LinkedIn profiles, collating them into a searchable, public database. And with that “ICWATCH” was born, a play on ICREACH, an alleged top-secret search engine created by the NSA post 9/11.
Why ICWatch is Bad News
This database is essentially a privacy and national security disaster. While the database is scraping already public information, it has never been packaged up so nicely in a list of professionals with access to the United States’ secrets. A dangerous kill list including profile photos and personal data for individuals who have previously or currently worked on classified government projects.
Summer of 2015
While most intelligence organizations have been known for their online caution, and there are many reasons for cleared workers to not post their full resumes on open-source platforms, there’s never been such widespread encouragement for all government employees to be wary of how they interact in public cyberspace. Earlier in the summer of 2015 (before China took the investigations of approximately 20 million clearance holders), ICWatch uploaded the resumes of 27,000 people with the purpose of ‘better understanding mass surveillance programs.’
Each year, ICWATCH Continues to Strike
In August 2016, LinkedIn sued 100 unnamed individuals who had scraped LinkedIn’s website, and named ICWATCH as a possible target. As of February 2017, the database tracked over 100,000 profiles from LinkedIn, Indeed, and other open-sources. Last we heard, the website had over 400,000 profiles listed.
This ‘watch the watchers’ type product is a national security issue in making our workforce a potential target for nefarious actors. But what are the implications for the individuals perusing this site?
Checking for Candidates on ICWatch Puts You at Risk
But what about the defense recruiter with good staffing intention? A quick google search query for an intelligence analyst with a TS/SCI will naturally bring up links to ICWATCH profiles. Staffing teams need to tread lightly. Viewing this site could potentially make your contractor a target to be exploited by the people exposing cleared personnel. You or your employees could be at risk.
Ben Ledford is a senior corporate manager at Eiden Systems Corporation (ESC), a veteran-owned small business and defense contractor that specializes in open-source tools and best-practices. According to Ledford, he’s “heard of many staffing teams visiting ICWATCH thinking it’s another risk-free and easy-to-access repository of prospective intelligence professionals seeking jobs. What they don’t realize,” says Ledford, “is that webmasters track all visits and can use the staffing team’s digital fingerprint to assemble the types of people and programs they are seeking, and the nature of the hiring company’s support for specific intelligence missions.”
You Can Be Traced
Walking through general internet processes will show evidence of that risk. For example, all internet communications require Internet Protocol (IP) addresses. If a website you visit couldn’t see your IP address, it would have no way to send you pages, images, or files. If you’re using a router, any web site you visit will see the router’s IP address so what can website administrators find out about you from that information? They are able to identify your internet service provider (ISP) and your approximate location. Whether you are working out of your home or your office, this can be problematic, making your company a defense contractor to watch or be exposed. “HR and staffing teams need to be reminded and educated on the safe places to use for resumes, “ says Ledford. “ICWatch is by no means a safe place for any company to seek candidates.”
Tread Carefully Online – You never know when you’re playing with Fire
Moral of the story is to use credible resume databases and practice good cyber hygiene. Use a Virtual Private Network (VPN), go incognito or private, and get to know any website before stepping foot through its door. Daring to play online in 2020 will immediately log and track your presence in several different ways. Sometimes this often can feel invasive and challenging to control but should also be a warning to anyone working in the cleared space.