An Australian student has drawn attention to the fact that publicly available satellite imagery via the sport social media app Strava could be potentially compromising for secret military bases in war zones like Syria and Iraq.
The US based company’s Global Heatmap depicts some 1 billion activities spanning 200,000 years and 5 percent of all land on earth, depicting where its global “network of athletes” have been going.
Australian National University student Nathan Ruser – who is majoring in international security and the Middle East – first flagged that it might pose an issue for the security of military organisations when he tweeted about it on Saturday.
US Defence Secretary James Mattis on Monday ordered a review of security protocols in response to the matter.
Strava released their global heatmap. 13 trillion GPS points from their users (turning off data sharing is an option). https://t.co/hA6jcxfBQI … It looks very pretty, but not amazing for Op-Sec. US Bases are clearly identifiable and mappable pic.twitter.com/rBgGnOzasq
— Nathan Ruser (@Nrg8000) January 27, 2018
“If soldiers use the app like normal people do, by turning it on tracking when they go to do exercise, it could be especially dangerous,” he wrote on Twitter.
Homing in on one line of light in what looks like a desert, Ruser said “this particular track looks like it logs a regular jogging route. I shouldn’t be able to establish any Pattern of life info from this far away.”
Ruser’s tweets went viral, sparking international news coverage. The Washington Post picked up the story and reported that the US military was looking into the issue.
“I wondered, does it show US soldiers [in Syria]?” he said as quoted by the newspaper. “It sort of lit up like a Christmas tree.”
The Daily Beast journalist Adam Rawnsley found “heavy jogging activity” taking place in Somalia nearby where there is thought to be a secret Central Intelligence Service (CIA) base.
https://twitter.com/arawnsley/status/957360808392093697
As people began to realise the implications of Strava’s Heatmap, other media outlets and analysts identified other locations thought to be US military outposts.
So… um, you could probably trivially scrape Strava and thus identify individual runners and routes. What I'm saying is, you could identify just who made those tracks in Rutba. #yikes pic.twitter.com/uzlTO4HvJL
— Paul D (@paulmd199@bsky.social (@Paulmd199) January 28, 2018
This is an issue:
People are already labeling locations as U.S. military installations seemingly based only heat-maps of @Strava users: https://t.co/97lfgWKaBK pic.twitter.com/dB2ON0TZ9u— Mr Ghostly (@Mr_Ghostly) January 29, 2018
From a friend, a former ranger > pic.twitter.com/iY9lSHzCyD
— Natasha Bertrand (@NatashaBertrand) January 28, 2018
“I’m surprised at how much mainstream attention the map has gotten,” Ruser told the Sydney Morning Herald on Monday. Strava has reportedly not responded to media requests for comment.
“I expected it to languish in wonk circles and open source circles until the US government quietly fixed the problem, but instead it seems to have blown up a lot more than I would have though,” said Ruser.
No security agencies had contacted him yet, he said. “I think that’s generally how they roll.”
The 20-year-old returns to university in a couple of weeks and told the SMH that he would be interested in working in the Australian intelligence community.
This story originally appeared on our sister website Asian Correspondent.