Strava data dump reveals more than secret military bases

Strava data dump reveals more than secret military bases
Comment: The sensitive information made public via Strava shows states are not keeping up with the security questions around technological advances, writes James Snell.
5 min read
29 Jan, 2018
The running routes neatly capture the outlines of bases, such as Bagram in Afghanistan [Strava]
At this very moment across the world, analysts, journalists, policymakers and ordinary people are freely identifying sensitive military sites. They are doing so from their own homes and offices, thanks to an unintended consequence of the proliferation of wearable fitness technology.

Numerous military bases across the Middle East and Africa have seemingly been compromised by the release of data by the online fitness tracking service Strava. A "social network for athletes", it has deployed what it calls a Global Heat Map, displaying information accumulated over two years detailing where people run and cycle across the world.

Unfortunately, this has exposed the details of numerous previously secret military bases in Syria, Iraq, and in the Sahel region. It also maps out French bases in Nigeria and American bases in Afghanistan. It has affected Turkish and Russian forces in Syria, too.

The Washington Post reports that this information has been available since November, but amusingly has only become the focus of global attention since it was picked up by a 20-year-old Australian student, Nathan Ruser. He notes that this development is "not amazing for Op-Sec [operations security]" as "US [b]ases are clearly identifiable and mappable".

Read more: Busting a move: Fitness app Strava 'reveals location' of US soldiers worldwide

This is a consequence of two very modern phenomena: The desire to track exercise, and the increasing predominance of technology which has the ability to chart movements, and otherwise keep tabs on its users.

In this case, soldiers had not turned off their wearable fitness wristbands, which they had, ironically, often been issued by higher-ups as part of a health campaign. As a consequence, global mapping software has now displayed the routes they run around bases in Bagram, al-Tanf, forward operating bases in Afghanistan, and so on.

The routes are captured effectively, with the outlines of bases neatly traced.

This is an obvious nightmare for governments seeking to keep the precise details of these sites unknown. Now they are not just known; they are the subject of international news coverage, and remain visible on global maps.

The content of these maps will be studied by foreign powers and by terror groups looking for an insight into how foreign bases are organised and laid out.

Every possible adversary has been handed a remarkable opportunity by this unforeseen development. It will make attacks on military bases simpler to plan and easier to mount. It will put lives in danger.

But more than that, the Strava situation also signals a huge change in the way technology allows anyone to access previously secret information.

In recent years open source analysis has been the domain of semi-skilled people. It has been used by amateurs to investigate the conditions of certain contemporary conflicts, for example the contentious downing of flight MH17 over Ukraine, where a rag-tag group of non-professional investigators affiliated with the citizen journalism site Bellingcat enormously undermined the Russian state's attempts to obfuscate what happened to the plane.

But that analysis was undertaken by obsessives, people with some uncommon skills. They had to know how to geolocate using the smallest scraps of scenery; they had to have the willingness to devote incredible amounts of time to combing through potentially relevant footage or photography.

In short, no matter the possibility such technology provided, it was never going to become easy and accessible for the average internet user.

Every possible adversary has been handed a remarkable opportunity by this unforeseen development

But in the case of Strava, this has changed, possibly irrevocably. To search Strava's database, all one has to do is mouse over the location of a suspected base, and turn on the heatmap, easily mapping its outline. It is simple to toggle between satellite maps, which allow users to scout out terrain, and featureless labelled expanses, which can easily be used to identify nearby settlements.

This has compromised many facilities of many nations and done so in a way almost anyone with an internet connection can access and interpret easily.

And this is not the only development in technology which worries states.

Drone technology - long considered a potential problem for governments - is increasingly employed by non-state groups to serve their ends. Drones can be used for propaganda and reconnaissance purposes, but also offensively, even to attack targets.

For example, this can be seen in the reported Syrian rebel attack on the Russian base at Hemeimem (which has also been compromised by Strava) using drones earlier this month. This is one part of a dense picture, which takes in the way Hayat Tahrir al-Sham (HTS, an al-Qaeda-linked insurgent group) and the Islamic State group use drones to film military actions and surveil territory.

All this means government outposts and bases, either secret or merely highly protected, are no longer hidden or out of reach.

And this could be a taste of things to come, which might change the state of secure or secret facilities in modern warfare.

Matt Tait, a security analyst, noting the heavy activity on Strava around sites of civilian national security interest, tweeted that this might be used to "dox" - meaning to expose the personal information such as names, addresses and pasts of individuals - entire intelligence agencies, putting civilian workers at risk.

Tait's tone was comic, but his suggestion is not entirely absurd.

Technology has created challenges and opportunities before.

States appear to have lost the initiative in responding to new developments, and keeping abreast of change

But at present, states appear to have lost the initiative in responding to new developments and keeping abreast of change. Instead, adversaries - including terrorist and insurgent groups - have taken that initiative.

States need to take more seriously the prospect of employees or servicemen and women using technology which could unintentionally give away important details. These details could include such vital information as the location of bases, the journeys made by government figures, and the names of people in secret government work.

Governments cannot allow lax security to let this information become publicly available. They must act to prevent this by more tightly restricting the technology government employees and agents can wear and use while in restricted locations, lest those locations become famous rather than covert, and those people in government employ end up in considerable and new danger.

James Snell is a writer whose work has appeared in numerous international publications including The TelegraphProspectNational ReviewNOW NewsMiddle East Eye and History Today.

Follow him on Twitter: @James_P_Snell

Opinions expressed in this article remain those of the author and do not necessarily represent those of The New Arab, its editorial board or staff.