Skip to content
Naked Security Naked Security

Police accidentally tweet bookmarks that reveal surveilled groups

The Massachusetts State Police (MSP) accidentally spilled some of its opsec onto Twitter last week, uploading a screenshot that revealed browser bookmarks.

The Massachusetts State Police (MSP) accidentally spilled some of its opsec onto Twitter on Tuesday night, uploading a screenshot that revealed browser bookmarks which included links to a collection of Boston’s left-wing organizations that the staties are keeping an eye on.


The tweeted screenshot showed that the MSP bookmarked activist groups, including MAAPB (Mass Action Against Police Brutality), COMBAT (the Coalition to Organize and Mobilize Boston Against Trump), and Resistance Calendar.
On Wednesday, MSP put out a statement about the bookmarks, saying that police have…

…a responsibility to know about all large public gatherings of any type and by any group, regardless of their purpose and position, for public safety reasons. We do not collect information about—nor, frankly, do we care about—any group’s beliefs or opinions.

In this case, as the Twitter responses show, the leak has riled people who are distrustful of police surveillance and its purportedly unbiased nature. But the leaked bookmarks would have been embarrassing no matter what they showed.
It’s embarrassing for the simple fact that it’s sloppy data handling, and it led to exposure of information that clearly wasn’t meant to be publicly shared: otherwise, one imagines, the MSP wouldn’t have felt the need to delete the revealing tweet.


Of course, the MSP is far from the only organization that’s let slip data not necessarily meant for public consumption.
The most recent example came in January, when, during a false alarm about an incoming ballistic missile, an Associated Press photo taken within headquarters at the Hawaii Emergency Management Agency (HI-EMA) showed a yellow sticky note, bearing a password and stuck to a computer screen – plain to see for one and all, including, obviously, a press photographer who’d go on to disseminate it worldwide.
Then too, there was Luiz Dorea, head of security at the 2014 World Cup. There was a lovely photo taken of Dorea in the state-of-the-art security center for the games, with its giant video wall and staff hard at work, and the Wi-Fi SSID and password showing up loud and proud on the big screen behind him… Right underneath the secret internal email address used to communicate with a Brazilian government agency.

This is the kind of thing that you need royalty to weigh in on, clearly. Specifically, Prince William. He should know: He has experience with credentials posted in the background. It happened when he was a search and rescue helicopter pilot for the Royal Air Force (RAF) and journalists did a “day in the life of” in 2012.

If the prince is busy, maybe we could send over Owen Smith, the UK Labour Party politician. He might have some good advice: in September 2016, login details for his campaign’s phone bank were tweeted out to thousands with yet another “helloooooooo, what’s that in the background?” photo.

The lesson here is drop-dead simple when it comes to passwords: Don’t write down passwords in public places. Don’t put them on sticky notes. Don’t write them on white boards.
Swap “password” for “any information showing up on your desktop that you don’t want the entire Twitter universe to see”, and you can guess what the lesson in this case is: crop that screen grab before you drop it.


4 Comments

They’re all dopes, it can’t happen to me. What’s even more disheartening is the fact that the people that are in charge of security are so inherently stupid. As I always say, “the cream Rises to the top, but then eventually curdles”. Do I write down my passwords, of course. However, I have made my own code so that I, and only I, know what the code means. So I could leave a post-it for the internet to see and no one would know what it meant. And I’m just a dopy retired ironworker. How these people come into positions of power I’ll never know! Sad sad sad…

I see humor in this. That Left Wing people would be upset with police monitoring them. Since it is a left wing agenda to have government in control of the population.

The Feds may claim that they are unbiased, so someone should demonstrate the truth of this by looking at this map and determining all the places and organisations/groups shown dotted. This would show if there’s any bias in the police – I’m quite prepared to believe that there is.

The dotted items, as stated in the story, are not the story. The story is about the favorites bar at the top of the browser window.

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?