U.S. soldiers are
revealing sensitive and dangerous information by jogging
A portion of the Strava Labs heat map from Kandahar Airfield in Afghanistan, made by tracking activities. (Screen shot)
BEIRUT — An interactive map posted on the Internet
that shows the whereabouts of people who use fitness devices such as Fitbit
also reveals highly sensitive information about the location and activities of
soldiers at U.S. military bases, in what appears to be a major security
oversight.
The Global Heat Map,
published by the GPS tracking company Strava, uses satellite information to map
the location and movements of subscribers to the company’s fitness service over
a two-year period, by illuminating areas of activity.
Strava says it has 27 million users around
the world, including people who own widely available fitness devices such as
Fitbit, Jawbone and Vitofit, as well as people who directly subscribe to its
mobile app. The map is not live — rather, it shows a pattern of accumulated
activity between 2015 and September 2017.
Most parts of the United States and Europe, where
millions of people use some type of fitness tracker, show up on the map as
blazes of light because there is so much activity.
In war zones and deserts in countries such as Iraq
and Syria, the heat map becomes almost entirely dark — except for scattered
pinpricks of activity. Zooming in on those areas brings into focus the
locations and outlines of known U.S. military bases, as well as of other
unknown and potentially sensitive sites — presumably because American soldiers
and other personnel are using fitness trackers as they move around.
Air Force Col. John Thomas, a spokesman for U.S.
Central Command, said Sunday that the U.S. military is looking into the
implications of the map.
The military did not respond to a question about
what the regulations are regarding use of fitness-tracking apps. But the
Pentagon has encouraged the use of Fitbits among military personnel and in 2013
distributed 2,500 of them as part of a pilot program to battle obesity.
The Global Heat Map was posted online in November
2017, but the information it contains was publicized Saturday only after a
20-year-old Australian student stumbled across it. Nathan
Ruser, who is studying international security and the Middle East,
found out about the map from a mapping blog and was inspired to look more
closely, he said, after a throwaway comment by his father, who observed that
the map offered a snapshot of “where rich white people are” in the world.
“I wondered, does it show U.S. soldiers?” Ruser
said, and he immediately zoomed in on Syria. “It sort of lit up like a
Christmas tree.”
He started tweeting about his discovery, and the
Internet also lit up as data analysts, military experts and former soldiers
began scouring the map for evidence of activity in their areas of
interest.
Andrew Rawnsley, a Daily Beast journalist, noticed
a lot of jogging activity on the beach near a suspected CIA base in Mogadishu,
Somalia.
Another Twitter user said he had located a Patriot
missile system site in Yemen.
Ben Taub, a journalist with the New Yorker, homed
in on the location of U.S. Special Operations bases in the
Sahel region of Africa.
The site does not identify app users and shows
many locations that may be connected to aid agencies, U.N. facilities and the
military bases of other nations — or any group whose personnel are likely to
use fitness trackers, said Tobias Schneider, an international security analyst
based in Germany. But it is not hard, he said, to map the activity to known, or
roughly known, U.S. military sites and then glean further information.
The location of most of the sites is public
knowledge — such as the vast Kandahar air base in Afghanistan. The Pentagon has
publicly acknowledged that U.S. Special Operations troops maintain a small
outpost at Tanf in the Syrian desert near the Iraqi border, which shows up on
the map as a neatly illuminated oblong, probably because U.S. soldiers wearing
Fitbits or similar devices either jog around or patrol the perimeter.
But the data also offers a mine of information to
anyone who wants to attack or ambush U.S. troops in or around the bases,
Schneider said, including patterns of activity inside the bases. Many people
wear their fitness trackers all day to measure their total step counts, and
soldiers appear to be no exception, meaning the maps reveal far more than just
their exercise habits.
Lines of activity extending out of bases and back
may indicate patrol routes. The map of Afghanistan appears as a spider web of
lines connecting bases, showing supply routes, as does northeast Syria, where
the United States maintains a network of mostly unpublicized bases.
Concentrations of light inside a base may indicate where troops live, eat or
work, suggesting possible targets for enemies.
At a site in northern Syria near a dam, where
analysts have suspected the U.S. military is building a base, the map shows a
small blob of activity accompanied by an intense line along the nearby dam,
suggesting that the personnel at the site jog regularly along the dam,
Schneider said.
“This is a clear security threat,” he said. “You
can see a pattern of life. You can see where a person who lives on a compound
runs down a street to exercise. In one of the U.S. bases at Tanf, you can see
people running round in circles.”
“Big OPSEC [operations security] and PERSEC
[personal security] fail,” tweeted Nick
Waters, a former British army officer who pinpointed the location of his former
base in Afghanistan using the map. “Patrol routes, isolated patrol bases, lots
of stuff that could be turned into actionable intelligence.”
By no means is all the activity discovered related
to U.S. forces, Schneider said. The perimeter of the main Russian base in
Syria, Hmeimim, is clearly visible — as are several routes out of the base that
are presumably taken by patrols, he said.
Other Russian bases also show up, but Iranians
either don’t use fitness trackers or prudently turn them off, he noted.
Strava apps and devices contain an option to turn
off the data transmission service, making it more the responsibility of the
user to ensure that security isn’t breached, Ruser said. “It seems like a big
oversight,” he said.
World News Email Alerts
Breaking news from around the world.
Sign up
Ingen kommentarer:
Legg inn en kommentar
Merk: Bare medlemmer av denne bloggen kan legge inn en kommentar.