This is a scandal that has been brewing for years. THE American central command (USCENTCOM) officially admitted to having received “ multiple threat reports ” concerning exploitation of commercial data to track down American soldiers, particularly in the Middle East.
The culprit? The opaque ecosystem of data brokers (data brokers), these companies that collect, aggregate and resell personal information from our smartphones.
Simply using a weather app or free game may be enough to get your advertising identifier (Ad ID), and therefore your travels, are put on sale on a global market, without any control.
How can over-the-counter smartphone data target military personnel?
The tracking of soldiers is carried out through the purchase of location data legally sold by data brokers. This information, collected via the unique advertising identifiers of each smartphone, makes it possible to reconstruct the precise movements of an individual.
Adversary entities simply have to buy this data and cross-reference it to identify the “life patterns” of personnel on military bases or deployed.
The mechanism is disarmingly simple. Every phone, personal or military-issued, has this advertising identifier. Even when geolocation is turned off in settings, many apps continue to collect information.
An adversary can therefore buy a batch of data corresponding to a sensitive geographic area, such as a forward base, and observe the devices that are regularly there.
It then becomes possible to identify resting places, patrol routes and even family homes. A veritable gold mine for intelligence and direct targeting.
Why did the Pentagon ignore the warnings for 10 years?
The Pentagon was aware of this threat since at least 2016when government contractors demonstrated the ease with which phones could be tracked from the United States to a secret base in Syria.
The lack of concrete action for nearly a decade constitutes a major failure in counterintelligence and force protection. The sources cited by Wired reveal a series of warnings and reports, including studies funded by the military itself, all of which have been shelved.
Researchers have proven that they can buy detailed lists of service members with their addresses and health problems for pennies.
While the DoD invested billions in cutting-edge technology, it neglected the basics of cybersecurity the most basic, leaving a digital backdoor wide open.
What (late) measures are being taken to protect the troops?
Faced with pressure from several American elected officials, the Department of Defense began to react. The main measure is migration to a new mobile device management server (MDM) which would finally allow location services to be completely disabled on government-provided devices. An update which, however, arrives very late.
And the picture is far from perfect. At the same time, the American army is pushing for the adoption of a type policy Bring Your Own Device (BYOD), encouraging soldiers to use their personal phones for work.
A policy that seems totally contradictory with security efforts. The protection of American military therefore still relies largely on their individual ability to manage complex privacy settings, which the DoD’s own studies have found insufficient.
