Military Personnel Exposed By Unlikely Social Media App
An investigation by open-source intelligence analyst Foeke Postma at Bellingcat makes sobering reading. Postma tapped into beer-rating app Untappd to show how it can track people as they travel all over the world reviewing beers. This in itself may have privacy concerns for some people. But in the context of military personnel it could be much more serious.
By following the trail of breadcrumbs left by a user’s reviews, Postma could identify home addresses, where they are based and which countries or overseas bases they have visited. Triangulating with other social media reveals other accounts, posts, photos and videos. In this way a detailed picture of the user can be created.
This may still sound innocuous, but in the hands of a foreign military intelligence it could be very powerful. It allows some degree of tracking of a military’s activities, and, potentially, the unmasking of people working on classified projects. In extreme cases it could help to target individuals for recruitment as intelligence sources.
Untappd is not alone — almost all social media activity can be exploited in some way. In January 2018 analysts exposed how the fitness app Strava could be used to unmask military personnel. These included those working in sensitive locations such as bases in Afghanistan and Africa.
The Bellingcat article is only scratching the surface. The worrying truth is that the Information Age provides many more ways to build up a picture of your enemy than was possible just 30 years ago. Military planners cannot assume that their forces’ movements are not being tracked, wholesale.
It is not a magic bullet for intelligence gathering, however. A cautionary tale for budding OSINT analysts: there was once a keen young man who started to plot the deployment patterns of a Special Forces unit using careless business reviews. These were being written by its troops and those around them. After enjoying initial success tracking reviewers from base to base, it became a bigger project and took up many hours. The end product … many of the reviews being gathered appeared fake. This was only clear after large amounts of data had been gathered and accounts and locations cross-referenced. So tracking the locations of the reviews probably tells you more about which businesses buy fake reviews than the movements of any real person or unit. Whether the same is true of beer apps, hopefully less so.
Militaries around the world are aware of the problem, although it is not clear how much attention it is getting. Russia does take it seriously though. It has taken draconian steps to cut down on its military’s social media usage. This has been moderately successful. Maybe western militaries will begin to put in place similar restrictions on their forces? But this may be bad news for recruitment and retention in today’s connected world.