Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Exercise Tracking App Reveals Details of Military Sites

A map showing paths taken by users of an exercise tracking app reveals potentially sensitive information about American and allied military personnel in places including Afghanistan, Iraq and Syria.

A map showing paths taken by users of an exercise tracking app reveals potentially sensitive information about American and allied military personnel in places including Afghanistan, Iraq and Syria.

While some bases are well known to groups that want to attack them, the map also shows what appear to be routes taken by forces moving outside of bases — information that could be used in planning bombings or ambushes.

The map, made by Strava Labs, shows the movements of its app users around the world, indicating the intensity of travel along a given path — a “direct visualization of Strava’s global network of athletes,” it says.

Routes are highlighted over large parts of some countries, but in others, specific locations stand out.

The map of Iraq is largely dark, indicating limited use of the Strava app, but a series of well-known military bases where American and allied forces have been deployed as part of their war against the Islamic State (IS) group are highlighted in detail.

These include Taji north of Baghdad, Qayyarah south of Mosul and Al-Asad in Anbar Province.

Strava heatmap exposes military sites - credits: Tobias Schneider

Smaller sites also appear on the map in northern and western Iraq, indicating the presence of other, lesser-known installations.

Stretches of road are also highlighted, indicating that Strava users kept their devices on while traveling, potentially providing details about commonly-taken routes.

Advertisement. Scroll to continue reading.

In Afghanistan, Bagram Airfield north of Kabul is a hive of activity, as are several locations in the country’s south and west.

– Opting out an option –

Tobias Schneider, a security analyst who was among the group of people who highlighted the military bases shown on the map, noted that it shows military sites in Syria and Iraq as well as the Madama base used by French forces in Niger.

“In Syria, known Coalition (i.e. US) bases light up the night. Some light markers over known Russian positions, no notable coloring for Iranian bases,” Schneider wrote on Twitter.

US troops are deployed in support of local forces battling IS in Syria as well as Iraq, while Russian and Iranian units are backing President Bashar al-Assad’s Syria government in that country’s civil war.

“A lot of people are going to have to sit thru lectures come Monday morning,” Schneider wrote, referring to soldiers likely to be taken to task for inadvertently revealing sensitive information while trying to keep in shape.

“Bases are fixed & hard to conceal,” he wrote, so the “biggest potential threat is to tracking movement.”

The US Department of Defense said it is “reviewing” the situation.

“Recent data releases emphasize the need for situational awareness when members of the military share personal information,” Major Audricia Harris, a Pentagon spokeswoman, told AFP.

“DoD takes matters like these very seriously and is reviewing the situation to determine if any additional training or guidance is required, and if any additional policy must be developed to ensure the continued safety of DoD personnel at home and abroad,” Harris said.

The Pentagon “recommends limiting public profiles on the internet, including personal social media accounts,” she said.

The issue could have been fairly easily avoided. According to Strava, “athletes with the Metro/heatmap opt-out privacy setting have all data excluded” from the mapping project.

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Cyberwarfare

Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cybercrime

On the first anniversary of Russia’s invasion of Ukraine, cybersecurity companies summarize the cyber operations they have seen and their impact.