WASHINGTON – An interactive map posted on the Internet that shows thewhereabouts of people who use fitness devices such as Fitbit also revealshighly sensitive information about the location and activities of soldiersat US military bases, in what appears to be a major security oversight.
The Global Heat Map, published by the GPS tracking company Starva, usessatellite information to map the location and movements of subscribers tothe company’s fitness service over a two-year period, by illuminating areasof activity.
Strava says it has 27 million users around the world, including people whoown widely available fitness devices such as Fitbit, Jawbonelink> and Vitofitlink>, as well as people who directlysubscribe to its mobile phone application. The map is not live – rather itshows a pattern of accumulated activity between 2015 and September lastyear.
Photo Credit: Screenshot from link
Most parts of the United States and Europe, where millions of people usesome form of fitness tracker, show up on the map as a blaze of light,because there is so much activity.
In war zones and deserts such as Iraq and Syria, the heatmap becomes almostentirely dark – except for a few scattered pinpricks of activity. Zoomingin on those brings into focus the locations and outlines of knownUS military bases, as well as of other unknown and potentially sensitivesites – presumably because US soldiers and other personnel are usingfitness trackers as they move around.
Air Force Col. John Thomas, a spokesman for US Central Command, said Sundaythe US military is looking into the implications of the map.
The US military did not respond to a question about what the regulationsare regarding use of fitness tracking apps. But the Pentagon has encouragedthe use of Fitbits among military personnel and in 2013 distributed 2,500of them as part of a pilot program to battle obesity.
The Global Heat Map was posted online in November 2017, but the informationit contains was only publicised on Saturday after a 20-year-old Australianstudent stumbled across it. Nathan Ruser, who is studying internationalsecurity and the Middle East, found out about the map’s existence from amapping blog and was inspired to look more closely, he said, after athrowaway comment by his father, who observed that the map offered asnapshot of “where rich white people are” in the world.
“I wondered, does it show US soldiers?” he said, and immediately zoomed inon Syria. “It sort of lit up like a Christmas tree.”
He started tweeting about his discovery, and the Internet also lit up, asdata analysts, military experts and former soldiers began scouring the mapfor evidence of activity in their areas of interest.
Andrew Rawnsley, a Daily Beast journalist, noticed a lot of joggingactivity on the beach near a suspected CIA base in Mogadishu.
Another Twitter user said he’d located a Patriot site in Yemen.
Ben Taub, a journalist with the New Yorker, homed in on the location ofUS special operations bases in the Sahel.
The site does not identify the users of the app and shows many locationsthat may belong to aid agencies, United Nations facilities and the militarybases of other nations – or anyone whose personnel is likely to use fitnesstrackers, said Tobias Schneider, an international security analyst based inGermany. But it is not hard, he said, to map the activity to known, orroughly known, US military sites, and then glean further information.
The location of most of the sites is already public knowledge – such as thevast Kandahar airbase in Afghanistan. The Pentagon has publiclyacknowledged that US special operations troops maintain a small outpost atTanf in the Syrian desert near the Iraqi border, which shows up on the mapas a neatly illuminated oblong, probably because US soldiers wearingFitbits or similar devices either jog or patrol around the perimeter.
But the data also offers a mine of information to anyone who wanted toattack or ambush US troops in or around the bases, said Schneider,including patterns of activity inside the bases. Lines of activityextending out of bases and back may indicate the routes of patrols. The mapof Afghanistan appears as a spiderweb of lines connecting bases, showingsupply routes, as does northeast Syria, where the United States maintains anetwork of mostly unpublicised bases. Concentrations of light inside a basemay indicate where concentrations of troops live, eat or work, suggestingpossible targets for enemies who wished to target the base.
At a site in northern Syria near a dam, where analysts have suspected theUS military is building a base, the map shows a small blob of activityaccompanied by an intense line along the nearby dam, suggesting thepersonnel at the site jog regularly along the dam, Schneider said.
“This is a clear security threat,” he said. “You can see a pattern of life.You can see where a person who lives on a compound runs down a street toexercise. In one of the US bases at Tanf you can see people running roundin circles.”
“Big opsec and persec fail,” tweeted Nick Waters, a former British armyofficer who pinpointed the location of his former base in Afghanistan usingthe map. “Patrol routes, isolated patrol bases, lots of stuff that could beturned into actionable intelligence.”
By no means all of the activity discovered is US activity, said Schneider.The perimeter of the main Russian base in Syria, Hmeimim, is clearlyvisible – as are several routes out of the base that are presumably takenby patrols, he said.
Other Russian bases also show up, but Iranians either don’t use fitnesstrackers or prudently turn them off, he noted.
Strava apps and devices contain an option to turn off the data transmissionservice, making it more the responsibility of the user to ensure thatsecurity isn’t breached, said Ruser. “It seems like a big oversight,” hesaid.
The US military did not respond to a question about what the regulationsare regarding use of fitness tracking apps. But the Pentagon has encouragedthe use of Fitbits among military personnel and in 2013 distributed 2,500of them as part of a pilot program to battle obesity.
Strava did not respond to a request for comment. – Washington Post