What He Did on His Summer Break: Exposed a Global Security Flaw

Nathan Ruser, an Australian college student, discovered that a fitness app had revealed the locations of military bases around the world. “Whoever thought that operational security could be wrecked by a Fitbit?” he said.

SYDNEY, Australia — When Nathan Ruser, an Australian university student, posted on Twitter over the weekend that a fitness app had revealed the locations of military sites in Syria and elsewhere, he did not expect much response.

But the news ricocheted across the internet, alarming security experts, who said hostile entities could glean valuable intelligence from the Strava app’s global “heat map,” including the locations of secret bases and the movements of military personnel. The Pentagon said it was reviewing the situation.

“Whoever thought that operational security could be wrecked by a Fitbit?” Mr. Ruser, 20, said in an interview from Thailand, where he is spending part of the Australian summer break.

Mr. Ruser, who studies international security at Australian National University in Canberra, is not a Strava user (“I sometimes go for walks, but I’m not very fit,” he said). But he is an avid follower of the conflict in Syria, and he often uses maps to put news stories in context.

When he looked over Syria on Strava’s map — which is based on location data from millions of users, including military personnel, who share their exercise activity — the area “lit up with those U.S. bases,” he said.

Before publicly sharing his findings over the weekend, he discussed them in a private chat group on Twitter, made up of people interested in intelligence and security issues. “I know about two-thirds of what I know about the world from the group chats,” he said.



How Strava’s Heat Map Uncovers Military Bases

Strava's online exercise-tracking map unwittingly reveals remote military outposts — and even the identities of soldiers based there. The situation shows how data collection can lead to unintended consequences.

In a remote part of Afghanistan — a US military outpost. In the middle of Niger the outlines of an expanded base and airstrip. In Syria, exercise routines and possible patrolling routes on a base where American special forces trained. By design, these secretive locations are supposed to be difficult to spot. But a heat map posted online by Strava, a company that tracks people’s exercise routes, has inadvertently put these places on public display for all the world to see. Many of the military bases are already well known, like Bagram and Kandahar air fields in Afghanistan. And the material we’re revealing here doesn’t go beyond anything that isn’t already available on the open web. But Strava’s platform has drawn attention in a new way to the activity of military personnel in far flung outposts and has laid bare some loopholes in the security of military bases. How did this happen? Strava is an app and social network that connects with devices like Fitbit and is used to log workouts. It’s popular with U.S. soldiers and others stationed abroad and the Pentagon has distributed several thousand of them to its personnel. They use it to track their exercise routines and everyday activities like walks or patrols. But it also tracks users’ locations, and in November 2017 the company updated a map showing over 1 billion activities and 3 trillion GPS points. Twenty-year-old international security student Nathan Ruser was the first to point out how Strava’s map could compromise operational security. The map alone doesn’t show the complete picture and its satellite images are outdated, but it does tell you where to look. So by combining it with recent satellite imagery and other reporting, we get a clearer sense of what’s happening on the ground. Take this new U.S. Air Force Base in Sarrin, Syria. The map shows workouts are walking routes — activities that provide a clear blueprint of the base and by tracing the lines, we can follow soldiers to a newly set up helicopter pad. Here’s what else we found. A new compound at a French military site in Mali, Strava highlighted the camp in the first place and no other mapping platforms had marked the site. These U.S. forward operating bases in Afghanistan. The location of a U.S. drone base under construction in Agadez, Niger, and various military facilities in Djibouti, where the U.S. is fighting extremist groups in the Horn of Africa. And there are some mysterious sites that we can’t yet identify. An area in the middle of the Nigerian desert. Two remote locations surrounded by sand barriers in Yemen And here’s an unusual activity in the desert in Mauritania that led us to a suspected military site, including an extended airstrip nearby. Strava also allows users to share photos and workout routes. It’s basically Facebook for athletes. This allows everyone with an account to see who is working out where. For example, the “King of the Camp” run at a U.S. military base in Iraq, or the “Embassy River Wall Segment” in Baghdad’s green zone, or the perimeter base run where more than 15 individuals stationed at a U.S. military base challenge themselves. We found photos posted by users from inside military bases and the online profiles of several U.S. service members stationed at one base near Mosul in Iraq. A Pentagon spokeswoman said that this data release emphasized the need for personnel to have situational awareness. And it’s assessing if any additional training or guidance is required. There are some areas where people presumably are not allowed to bring their cellphones. User activity at C.I.A. and N.S.A. headquarters, for instance, can be seen around the perimeters, but not beyond certain points inside the structure. But out in the remote corners of the world where the U.S. military is operating, there’s plenty to see.

Video player loading
Strava's online exercise-tracking map unwittingly reveals remote military outposts — and even the identities of soldiers based there. The situation shows how data collection can lead to unintended consequences.

Danielle Cave, a senior analyst at the Australian Strategic Policy Institute, said that Twitter is playing an increasingly important role in open-source intelligence, the collection of sensitive information from publicly available sources. Researchers from think tanks, nongovernmental organizations and the corporate sector who are at the cutting edge of cybersecurity work gravitate to the platform to exchange information, she said.

“Twitter’s being used to piece it together like a jigsaw,” Ms. Cave said. “Usually I see them on top of a cyberrelated issue hours, if not days, before it ends up on the media.”

John Blaxland, a professor of international security and intelligence studies at Australian National University, taught Mr. Ruser last year.

“A lot of geo-location, a lot of reflection can be derived from what’s out there in open-source,” Professor Blaxland said. “Nathan’s clearly taken it to heart and gone out on his own.” (Mr. Ruser did very well in his class, the professor added.)

Mr. Ruser, who is from Sydney, hopes to spend a semester abroad in Myanmar before graduating next year. He said he has written 7,000 words of an article about a pro-government militia in northern Myanmar, which he plans to send to Bellingcat, an open-source citizen journalism site, when it’s finished.

He said he hoped the Australian intelligence community saw his Strava revelation as a positive contribution, helping the Australian government and others address their vulnerabilities. “I would definitely not like to be a Manning, or a Snowden, or an Assange,” he said.

Like many 20-year-olds, he is not sure what he wants to do after graduation. But Ms. Cave and others agreed that his discovery would not hurt his career prospects.

“He’s obviously got some seriously great skills,” Ms. Cave said. “It would be crazy for groups in this space not to nab somebody like that.” In fact, she said, she was thinking of asking him if he would be interested in an internship.

In Other News

fake money

Keywords clouds text link http://alonhatro.com

Dịch vụ seo, Dịch vụ seo nhanh , Thiết kế website ,  máy sấy   thịt bò mỹ  thành lập doanh nghiệp
Visunhomegương trang trí  nội thất  cửa kính cường lực  Vinhomes Grand Park  lắp camera Song Phát thiết kế nhà thegioinhaxuong.net/

Our PBN System:  thiết kế nhà xưởng thiết kế nội thất thiết kế nhà tem chống giả https://thegioiapple.net/

aviatorsgame.com ban nhạcconfirmationbiased.com 
mariankihogo.com  ốp lưngGiường ngủ triệu gia  Ku bet ku casino

https://maysayhaitan.com/  https://dovevn.com/ buy fake money https://sgnexpress.vn/ máy sấy buồn sấy lạnh

mặt nạ  mặt nạ ngủ  Mặt nạ môi mặt nạ bùn mặt nạ kem mặt nạ bột mặt nạ tẩy tế bào chết  mặt nạ đất sét mặt nạ giấy mặt nạ dưỡng mặt nạ đắp mặt  mặt nạ trị mụn
mặt nạ tế bào gốc mặt nạ trị nám tem chống giả

https://galaxymedia.vn/  công ty tổ chức sự kiện tổ chức sự kiện
Ku bet ku casino
Sâm tươi hàn quốc trần thạch cao trần thạch cao đẹp

suất ăn công nghiệpcung cấp suất ăn công nghiệp


© 2020 US News. All Rights Reserved.