Some problems I see in addition to CyberSecurity

How would terrorist organizations target and recruit talents they really need?

1. Look at Monster or Linkedin and see who listed themselves with Top Secret or TS/SCI clearance, or are in the Government Security Clearance / Top Secret Candidate groups
2. Start a staffing firm and pretend that it is a TS cleared facility, then start calling candidates with clearance, and ask for their SSN over the phone, telling them that they need SSN to verify security clearance through JPAS…. When they get the SSN’s, they will be able to learn a lot more about these “candidates” through the background check services like credit check, family tree, etc.
3. Start a cyber security penetration testing project with “unidentified targets” or “special ethical hacking exercise” and asking the newly hired security specialists to use all their knowledge to achieve the “goals” (whatever it might be).
4. For the people who did not get hired, launch a campaign on social networking sites to befriend with these individuals and gain their trusts, for “future projects”.

So, my 2 cents on mitigating scenarios like this:

1. Really marketing the Social Networking training from DISA (http://iase.disa.mil/eta/index.html) and hope people take this short training.
2. Let the cleared personnel know not to list clearance info, specific intelligence agencies or projects experience on the web
3. Change how clearance is verified by the security cleared facilities. It is becoming too common to have recruiters asking for SSN from cleared people so they can check on their JPAS… All the other industries are trying to stay away from SSN, so DSS should find an alternate way to verify.
4. Is there a way for the candidates to verify trust worthy or certified contractors or recruiting/staffing firms?

Thoughts?