Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
The Military Privacy

Fitness-Tracking App Reveals Locations of Secret Army Bases (theguardian.com) 118

Coisiche shared this story from the Guardian: Sensitive information about the location and staffing of military bases and spy outposts around the world has been revealed by a fitness tracking company. The details were released by Strava in a data visualisation map that shows all the activity tracked by users of its app, which allows people to record their exercise and share it with others. The map, released in November 2017, shows every single activity ever uploaded to Strava -- more than 3 trillion individual GPS data points, according to the company. The app can be used on various devices including smartphones and fitness trackers like Fitbit to see popular running routes in major cities, or spot individuals in more remote areas who have unusual exercise patterns.

However, over the weekend military analysts noticed that the map is also detailed enough that it potentially gives away extremely sensitive information about a subset of Strava users: military personnel on active service... In locations like Afghanistan, Djibouti and Syria, the users of Strava seem to be almost exclusively foreign military personnel, meaning that bases stand out brightly. In Helmand province, Afghanistan, for instance, the locations of forward operating bases can be clearly seen, glowing white against the black map.

One analyst analyst predicted that after this discovery, "A lot of people are going to have to sit through lectures come Monday morning."

Another military analyst told the Guardian "U.S bases are clearly identifiable" -- though he added that the map "looks very pretty."
This discussion has been archived. No new comments can be posted.

Fitness-Tracking App Reveals Locations of Secret Army Bases

Comments Filter:
  • by Anonymous Coward

    Welcome to the Internet Of Things!!!! Every issue of www.iotmagazine.com publishes at least 3 distinct major security holes.

    • by bigwheel ( 2238516 ) on Sunday January 28, 2018 @09:17PM (#56023825)

      This can be a problem for anyone -- if you allow it.

      If you leave from home for runs/rides, someone can easily see where you live, and learn the patterns of when you are won't be home. For that reason, even the freeware version of strava provides some privacy options:
      1) Allows to make your records private, or available only by request
      2) Provides a way to hide certain areas (such as start/stop location) from followers.
      3) Plus the normal stuff, such as hiding real name and not allowing followers.

      But then again, even a photo taken from your phone contains GPS information and timestamp if you don't specifically disable it.

  • by macraig ( 621737 ) <mark.a.craig@gmCOMMAail.com minus punct> on Sunday January 28, 2018 @07:45PM (#56023439)

    I have never before heard of analysts being tasked with analyzing other analysts. Thank you for making me aware of this new occupational opportunity.

    • by Anonymous Coward

      AKA an analrapist.

    • by TWX ( 665546 ) on Sunday January 28, 2018 @09:06PM (#56023785)

      I believe the industry term is meta-analysis. It actually makes sense that it exists, as there's far too much information for one analyst or one team to analyze, especially when it crosses disciplines. At some point analysis has to trust on the other of other analysis.

      It's probably in the interest of the higher-level analyst to be a natural skeptic though, since it's always a good idea to at least spot-check the work of others that one is reliant on.

    • https://labs.strava.com/heatmap/#14.11/127.41159/39.18004/hot/all

      Inside north korea, either starting or ending just off the shore of a port, then messing around the port a bit ;)

      • https://labs.strava.com/heatmap/#14.11/127.41159/39.18004/hot/all

        Inside north korea, either starting or ending just off the shore of a port, then messing around the port a bit ;)

        There are also a lot of tracks in and around Pyongyang. Maybe tourists, or spies, or maybe some North Koreans have Fitbits.

        • by AmiMoJo ( 196126 )

          The annual Pyongyang Marathon is in April. There are probably people training for that, or maybe for the Olympics. NK does import tech like Fitbits, mostly via China.

    • I have never before heard of analysts being tasked with analyzing other analysts. Thank you for making me aware of this new occupational opportunity.

      Thanks for making it clear that you are not an analyst analyst analyst. (There's another one for you if you weren't previously aware of the existence of analyst analysts.)

    • by EvilSS ( 557649 )
      It's analysts all the way down.... We're doomed.
    • Most companies call it "Human Resources".
  • And this is why... (Score:2, Informative)

    by Anonymous Coward

    And this is why letting some company track your data is a bad idea. This would probably have been avoided if this company didn't track their users and then publish the data.

    • by arth1 ( 260657 )

      And this is why letting some company track your data is a bad idea. This would probably have been avoided if this company didn't track their users and then publish the data.

      Don't blame the company. Whether to (a) use location data or not, or (b) sync with the Strava site or not are both voluntary.
      It's the goons that chose to do both that are to blame here. If they're too stupid to see the problem, why the hell are they cleared to work at secret facilities?

      • You can't test for every variable. And exploits abound. Sometimes you need a proof to explain the severity of a risk or choice.

        Its the old alcoholics anonymous argument. You can micromanage, spending enormous resources on never ending mitigation and remediation, or you can let a person or organization "hit rock bottom" and get a sense of the horror and self-correct.
    • by msauve ( 701917 )
      This is why the military shouldn't allow personal Internet connected electronics.
    • This would probably have been avoided if this company didn't track their users and then publish the data.

      Ya think?

    • That's kind of the whole point of Strava. One of the primary features is the ability to compete with others over designated segments. It allows you to see who has run that stretch of road or trail the fastest. Of course, users are free to omit themselves from this and hide their data. Whether that excludes them from anonymous heat maps is unclear.
  • by Harlequin80 ( 1671040 ) on Sunday January 28, 2018 @08:04PM (#56023531)

    Cause god knows spotting a military base with a shit load of military hardware in it and a dirty great big barbwire fence is impossible without these fitness apps.

    • by Anonymous Coward

      "Advice from an old tracker. You want to find someone? Use your eyes." - Mal Reynolds

    • by ragahast ( 879945 ) on Sunday January 28, 2018 @08:33PM (#56023667)
      Sure, but this shows where many of them are all at once, for free, with GPS coordinates. People run on the roads mostly, so it also gives a road map of the base. Go zoom in on some of those random hotspots in podunk Afghanistan, it's pretty weird.
      • No it doesn't. It shows an incomplete subset of some that are wearing a particular device. Assuming we had access to all the data in real time all we would know is how many watches there are. That could be 1 or it could be 50. You could potentially mix that with statistical analysis of other populations to estimate the deployment size but that is it.

      • by dwillden ( 521345 ) on Monday January 29, 2018 @04:32AM (#56025131) Homepage
        A road map that any local who wishes already has. These bases are not secret, they are not hidden, they use local nationals employees for many general labor services, Further on average there are not massive numbers all at one spot on any base's running routes. There will be more runners at sunrise and sunset as it's cooler but not to dark to safely see, but they don't usually group together.

        This is being blown out of proportion by people who don't understand what they are even talking about. Yes it is of some degree of concern, I would expect the devices to become restricted on smaller forward bases, but mostly this is not an issue. A local national working on base can generate the same information with his mark one eyeballs and he doesn't need a computer or internet access to do so.
      • This.

        And, as a taxpayer, former military grunt, and patriot, it's very disappointing that the government is being schooled after the fact.

    • by RightwingNutjob ( 1302813 ) on Sunday January 28, 2018 @08:34PM (#56023671)
      The problem isn't spotting the base, anyone with an internet connection can look at satellite photos. The problem is outlining the patrol and supply routes. Not just for military, I might add. If you're an aid worker in some third world hole and the only one in town using this fitness app, and you take the same route to work every day, so it's nice and bright on the map, then you just bought yourself an invitation to get targeted for robbery or or kidnapping.
      • anyone with an internet connection can look at satellite photos

        The world is a big place and looking at it 1sqkm at a time really is a barrier in itself. Thankfully we now have some exact co-ordinates to get us started.

    • Cause god knows spotting a military base with a shit load of military hardware in it and a dirty great big barbwire fence is impossible without these fitness apps.

      My thoughts exactly. Concerning Afghanistan at least (since it was mentioned), the locations of US bases are not exactly unknown. And updated Strava data is not readily available to the public at any time, is it? And elsewhere, any hostile force of serious concern can surely locate significant military facilities without this, right?

      I don't think hordes of US Humvees, support vehicles, and encampments are really that hard to identify as such in Africa, Central Asia, and the Middle East. Once you locate a

    • Every additional piece of information you can layer on to the intelligence that you already have builds a more complete understanding of the operations.

    • by mjwx ( 966435 )

      Cause god knows spotting a military base with a shit load of military hardware in it and a dirty great big barbwire fence is impossible without these fitness apps.

      Have you ever tried drawing a map from just what you have seen on ground level with no equipment beyond a pair of binoculars?

      Now there are detailed and accurate maps in public. Even worse, they may now know patrol routes and what parts of the base are not occupied at night.

      We aren't talking about sleepy bases in Wyoming either, these are for bases overseas that could easily be attacked. Seems the military has forgotten the wisdom of "loose lips sink ships". Uploading anything to anywhere in an active

  • Saw an article on how the military was stationing drones all over the country to spy on people. It just corresponded with all the various Army and Air Force bases. Where else to you think they keep drones when not deployed. They have to train somewhere.
  • Smart Phone app (Score:5, Insightful)

    by FeelGood314 ( 2516288 ) on Sunday January 28, 2018 @08:08PM (#56023553)
    If you are in a sensitive area and you have a smart phone turned on then you aren't smart enough to be allowed in a sensitive area. If we are near people who potentially want to kill me and you turn your fucking position broadcasting device on beside me, I will turn it off after I take it off of your recently deceased body.
    • Re:Smart Phone app (Score:4, Informative)

      by Nkwe ( 604125 ) on Sunday January 28, 2018 @08:13PM (#56023579)

      If you are in a sensitive area and you have a smart phone turned on then you aren't smart enough to be allowed in a sensitive area. If we are near people who potentially want to kill me and you turn your fucking position broadcasting device on beside me, I will turn it off after I take it off of your recently deceased body.

      True. I would amend the above to say "phone" instead of "smart phone" to be even more accurate. If the area is that sensitive, your probably don't want the cellular provider tracking you either. Even a non-smart cellular phone with no applications is giving up your location constantly.

    • by TWX ( 665546 )

      And I'm sure that the eighteen year old recruit two weeks out of AIT and four months out of basic has this weighing heavily on his mind when he's going overseas for the first time in his life, when five months ago he'd never even held a rifle before.

      • That's what the chain of command is for. The higher level people are supposed to inform the new guys what is and isn't allowed. For one thing, you can't have a phone in Basic. You can't even have an electric shaver in basic. Just keep this mindset going and everything will be fine. Let soldiers have phones kept in their home bases for use when they rotate back there.
    • Absolutely! I just started a new job doing 800-171 compliance, so I've been working on familiarizing myself with 800-53, DFARS 7012, and other various DoD requirements. Allowing one's self to be tracked at this level while in a restricted are by an external information system, especially one that then publishes this information, violates a long list of various protocols. People could potentially go to jail over this...
    • It is really the responsibility of the organization to lay down the rules, and see that they are enforced. Don't allow devices into the field that can compromise operations security. Have them checked in and held until the deployment is over. This article suggests to me that the military itself is unaware of the risks of these devices.

    • Re:Smart Phone app (Score:4, Insightful)

      by mapkinase ( 958129 ) on Monday January 29, 2018 @05:30AM (#56025311) Homepage Journal

      I wonder what the Napoleon army, or Genghis Khan army, or Alexander the Great army, or Hitler army did before invention of iPhone for their fitness.

      Finess apps is a fad for rich idiots. Army does not need apps, it already has the greatest app of all - Sergeants.

    • Some watches store the info and just upload when the phone is turned on, or function as phones themselves, so no smart devices period

  • Why? (Score:5, Interesting)

    by fluffernutter ( 1411889 ) on Sunday January 28, 2018 @08:10PM (#56023559)
    Why would anyone in a military base in a sensitive location be allowed to have an app that tracks your location? Why would they turn it on?
    • Re:Why? (Score:5, Informative)

      by Harlequin80 ( 1671040 ) on Sunday January 28, 2018 @08:26PM (#56023625)

      Because the location isn't sensitive. These bases aren't hidden, they are fortified forward operating positions.

      What is inside the base is sensitive, what information there is sensitive, what force composition is there is sensitive.

      • Re: (Score:3, Funny)

        Because the location isn't sensitive. These bases aren't hidden, they are fortified forward operating positions.

        Oh well there's no problem then.

        • Because the location isn't sensitive. These bases aren't hidden, they are fortified forward operating positions.

          What is inside the base is sensitive, what information there is sensitive, what force composition is there is sensitive.

          Oh well there's no problem then.

          The Russians know where these bases are, the Chinese know where these bases are, they both also know what force composition is there because they have satellites photographing these bases at regular intervals and in some cases probably ground assets sniffing around them as well, even the news media probably knows the location of many of these bases. The only people who didn't know the location of most of these bases is the general public and the vast majority of them don't care.

        • by TWX ( 665546 )

          If these numbers can be used to determine the number of personnel and where various facilities on-base are located then there is.

      • Re:Why? (Score:5, Interesting)

        by geekmux ( 1040042 ) on Sunday January 28, 2018 @09:11PM (#56023805)

        Because the location isn't sensitive. These bases aren't hidden, they are fortified forward operating positions.

        What is inside the base is sensitive, what information there is sensitive, what force composition is there is sensitive.

        Yes, which you can start to discern the sensitive information once you start getting more pieces of the puzzle. How many people work there, day/night movements, shift change times, supply routes, etc.

        Long ago, the military used to be concerned about these things we called Essential Elements of Friendly Information (EEFIs). Gather enough of them together, and you can start to figure out very sensitive or classified information. EEFI was later called "Critical Information". I guess now that includes "anonymized" data that comes from a fitness app. I sure as shit hope the innocence gets lost real quick around data mining like this.

        • Mod this guy up someone! There are far too many posters here opining that "but the Russians and Chinese know these bases are there anyway". Anything that discloses operational patterns direct or indirectly is a security risk.

          Normally intelligence outfits build up pictures of the entity of interest one piece at a time.

      • by dave562 ( 969951 )

        What about the patrol routes? The bases themselves show up fairly brightly as either white or yellow levels of activity. But right around the bases, you can see the lower intensity purple trails. I am guessing that those are the routes taken by the soldiers when they leave the FOB.

  • Are their troop concentrations now a matter of public knowledge as well? Do they simply not use these devices? Or do they have their own private infrastructure for this kind of thing, along with the sense not to let private companies have access to the data?

    I know hindsight is 20/20, but I'm sure people in the Pentagon get paid lots to anticipate and thwart this kind of dumpster fire. This looks REALLY bad on them - kinda like strapping on a pair of cleats and stepping on your own dick.

    • WaPo article says yes.
      Stupid spreads like wildfire. [washingtonpost.com]
    • by AHuxley ( 892839 )
      Re"Do they simply not use these devices?"
      If they need camera, they use approved camera and camera team. If they need radio, they use approved radio. Gym? Thats part of everyday.
      They know the NSA and GCHQ is trying to collect on them. So no extra kit. Private companies support Russian mil in approved way. Not with consumer devices that do not help security. A better esprit de corps that is professionally aware of the risks of NATO collect it all. i.e. always on mission rather than a shift is over a
      • The discipline in the Russian army is very low because it is an unpleasant place to be, runs on conscription and anyone with half a brain tries to dodge the draft. And as for consumer devices, during the short stint in Georgia Russian soldiers had to use their private mobile phones because their army communication equipment didn't work. Nowadays the use of smartphones in the Russian military is pretty much established and young men taking selfies with "their" hardware is, while not allowed, very widespread.

        • by AHuxley ( 892839 )
          Re "had to use their private mobile phones because their army communication equipment didn't work"
          What modern army would risk, allow, condone consumer communications methods that allowed their own troops to be discovered, tracked and totally collected on?
          A mil had had to face down collection for decades would not be totally unaware of such a risk to communications and any mission.

          The other side to that is the comfort and support in "reports" that another nations army has to use easy to track "private mo
  • What part of radio silence is hard? The radio or the silence?
  • A friend of my has a free app that soldiers find useful in their missions and was telling me how he would notice location requests coming from odd out of the way places and then would here about some military operation happening there.

    • by AHuxley ( 892839 )
      Wonder how many nations spies have tracked US contractors, experts and officers globally and made them an offer, became their friend?
      Are the data sets that descriptive as to sort the low ranks from the unhappy officers, contractors with money problems?
      Wonder if the US and UK had the smarts to create fake signals and see who went looking to be a base "friend" attracted by the data sets.
  • by BrookHarty ( 9119 ) on Sunday January 28, 2018 @08:50PM (#56023727) Journal

    Always reminds me of the Batman and Robin in the batcave. [pinimg.com]

    • Re: Comic (Score:3, Funny)

      by Brockmire ( 4931623 )
      Not clicking on gay porn, nice try.
    • by AmiMoJo ( 196126 )

      You think he'd just turn off the Bat-Wifi or install a Bat-Firewall. Or have his own custom Bat-Smartphone that looks suspiciously like an iPhone with plastic bat wings stuck on and the GPS disabled.

      Actually, I'm impressed that location services work in the Bat-Cave.

  • they'll be able to find us and take us out in an instant. We might as well be implanting chips to make the job easier for them :(

    Did anyone else see Elon Musk's video on the immediate dangers of A.I. and how just facial recognition coupled with tiny weaponized drones could allow for a very effective policy state? Fear-mongering or is time to call up Larry Niven's A.R.M.?*

    *The science fiction writer Larry Niven thought that certain technologies would become just so deadly and available to so many people th

  • Why don't users have the option to store everything on their computer? No cloud update.
    I'm still using an old Polar Heart rate monitor because it comes with a Windows program (Polar ProTrainer) to store and display all my workouts. I love the fact that my data isn't in the cloud. That is a HUGE selling point for me.

    • Re:Local storage (Score:4, Insightful)

      by careysub ( 976506 ) on Monday January 29, 2018 @01:00AM (#56024625)

      Ditto. In evaluating smart phone apps for diet and exercise I found that a majority of them require, as a first step to using the app, creating a personal account on a website/server. That automatically moved them to the reject pile.

  • I feel amazing between the contrast of the two parts of Korea. But there's indeed some tiny bright spots in the North one.
  • by GumphMaster ( 772693 ) on Sunday January 28, 2018 @10:06PM (#56024067)

    Perhaps now the information collected under loose "we can share it with anyone" agreements is of detriment to the State (when used by an enemy) something good will come of it. Mandatory, perhaps also with discretionary, geo-fencing of the data collection, or on-device-only options, for example. Not just Strava but all of these services. Unfortunately, this data works both ways: the "Good Guys" can use similar methods against "Bad Guys." Maybe our "Good Guys" feel that exploiting this data is more valuable than protecting their own troops/targets.

  • I would love to see the base commanders go Full Metal Jacket on the soldiers for being so dumb. Fucking meat heads.
    • > I would love to see the base commanders go Full Metal Jacket
      > on the soldiers for being so dumb. Fucking meat heads.

      No one will be punished... because it was the idiot higher-ups at the Pentagon who were handing out free FitBits to their soldiers. And no, Trump was not president in 2013.

      https://www.washingtonpost.com... [washingtonpost.com]

      > But the Pentagon has encouraged the use of Fitbits among
      > military personnel and in 2013 distributed 2,500 of them as
      > part of a pilot program to battle obesity.

      • Correct. This is a leadership and organization screw-up. It is on them to lay down the rules about what devices and activities go on in forward or combat zones, and to see that they are enforced.

    • I would love to see the base commanders go Full Metal Jacket on the soldiers for being so dumb. Fucking meat heads.

      How tall are you, private!?!

  • What, you're telling me that the Taliban doesn't already know where the US is active in Afghanistan? If they do (they do), then this ballyhoo is bollocks, at least in that example.

    From the summary, this doesn't look to be a real time map, so I doubt old Strava data is of any significant tactical concern. If I'm wrong, please explain, I'm not just trying to be contrarian.
  • One lousy cyclist [strava.com]?? How do those out-of-shape bums expect to chase down the escaping aliens?!?

    Seriously though, it looks like the heat map goes to the granularity of a single single user? I think the app lets you do that already, but it's more than a little creepy from the whole privacy angle. I'm not sure how I'd feel about my daily route sitting there on a map.

    • You know on MapMyRide, you can choose to not make the GPS for a specific route/ride public. Does Strava not offer this?

"I got everybody to pay up front...then I blew up their planet." "Now why didn't I think of that?" -- Post Bros. Comics

Working...