Security Experts:

How Big is Your Digital Footprint Anyway?

Those of us at a certain age (ahem) grew up in a simpler time. Email was largely unheard of. There was no social media, no Facebook, Twitter or Instagram. There was no e-commerce, no Amazon, Alibaba or Taobao. No online banking. No online dating. Credit card transactions were processed manually. Local businesses accepted personal checks. 

In short, there really wasn’t any such thing as a “digital footprint,” where personal information resides virtually, in an electronic ether, potentially available for anyone to see. 

But over the last two decades, we’ve moved more and more of our lives into that realm. And almost as soon as we began, people attempted to gain inappropriate access to information of all kinds. 

Today we are still adjusting to this new reality. With each new service that comes online, we move more of our lives, more of ourselves, into the digital world. Our digital footprints roam farther and wider. 

And at this point,  there have been so many high-profile breaches that a person’s entire life could be laid out, triangulated and, ultimately, faked by someone with the wrong set of intentions. 

Let’s just say, hypothetically, you were affected by not one, but all of the following:

In 2006, a laptop was stolen from an analyst working for the Department of Veterans Affairs. Information potentially up for grabs included your name, your spouse’s name, social security numbers and a disability rating with medical information about an injury you suffered during your time in the service. Now someone could not only forge your financial identity, but they also know personally identifying medical information about you. 

Later that year, your first tried and true internet service provider, America Online, accidentally published your entire search history along with an anonymized user ID. The release came in the form of a searchable database, meaning that search histories could be correlated by user. 

Your inquiries about travel destinations, classes you were considering, local eateries, income tax laws and many other things could be used to present a pretty convincing picture of who you are and what you were doing at the time. If any of that information was compromising, it could have been used against you in a variety of ways. 

In 2010, your user account at Gawker.com was compromised, making available a long string of heated political comments you thought you were making anonymously. Now someone could have an accurate gauge of your opinions they could use to target you in phishing attacks or for political purposes. 

In 2014, your Gmail account was compromised and posted to a Russian Bitcoin forum. For a short period of time, anyone who wanted to could log into your account, read all of the email history stored there, send bogus emails in your name, or even change the password and lock you out long enough to sign up for new accounts, or to change other passwords for online retail accounts and gain control of those. 

Then in 2017, the major credit reporting bureau Equifax was breached. You were one of 143 million people whose entire credit and payment history was exposed. Now someone could have enough information about you to take out loans and conduct business in your name. 

And of course, most recently, social media giant Facebook was breached just this past September. After the intrusion was detected, it took Facebook 11 days to eliminate the threat. In the meantime, at least 50 million users were compromised, the hackers having full view and potentially control of their accounts. 

All of your vacations, locations and accomplishments could have been exposed. All of your friends, acquaintances and family members identified. Unseemly events from your past could be dug up, or even faked and planted there for others to see. As of now, Facebook is still trying to understand what the hackers were after. 

Each of these digital repositories contained information that was deeply personal. In an age when we’re seeing increased deception online, how could this information be used? How will the nature of fraud, blackmail and cybercrime evolve as a result of criminals possessing such detail about their targeted victims? How could this affect job searches, security clearances, or appointments to public office? Will we have to change our standards in some way for a new generation whose online personas have existed their entire lives? 

Time will tell. But there’s no denying our expanding digital footprints are changing the nature of both personal and organizational security. Monitoring and managing our online personas has become an essential task, like keeping track of our credit score. 

But at least for some of you of a certain age, there is a small sigh of relief—that kegstand you did in college never got posted online.   

view counter
Preston Hogue is Sr. Director of Security Marketing at F5 Networks and serves as a worldwide security evangelist for the company. Previously, he was a Security Product Manager at F5, specializing in network security Governance, Risk, and Compliance (GRC). He joined F5 in 2010 as a Security Architect and was responsible for designing F5’s current Information Security Management System. Preston has a proven track record building out Information Security Management Systems with Security Service Oriented Architectures (SSOA), enabling enhanced integration, automation, and simplified management. Before joining F5, he was Director of information Security at social media provider Demand Media where he built out the information security team. Preston’s career began 18 years ago when he served as a security analyst performing operational security (OPSEC) audits for the U.S. Air Force. He currently holds CISSP, CISA, CISM, and CRISC security and professional certifications.