Confirmed evidence of cyber-warfare using GPS history data
Clash Royale CLAN TAG#URR8PPP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;
up vote
103
down vote
favorite
In its recent policy, the US Department of Defense has prohibited the use of GPS-featured devices for its overseas personnel.
They explain it with a theory that commercial devices like smartphones or fitness trackers can store the geo-position (GPS) data along with the device owner's personal information on third-party servers, and this information can leak to the enemies, which, in turn, would âÂÂpotentially create unintended security consequences and increased risk to the joint force and mission.âÂÂ
Although it's a nice theory, I'd like to know whether this policy is just a theory or it has been based on some confirmed incidents of such use of cyber-warfare in an ongoing war.
Hence the question: Is there any confirmed evidence of actual use of cyber-warfare exploiting the vulnerable GPS data? If so, what are they?
I have initially asked this question on Politics.SE, but was suggested to ask it here instead.
cyber-warfare
 |Â
show 3 more comments
up vote
103
down vote
favorite
In its recent policy, the US Department of Defense has prohibited the use of GPS-featured devices for its overseas personnel.
They explain it with a theory that commercial devices like smartphones or fitness trackers can store the geo-position (GPS) data along with the device owner's personal information on third-party servers, and this information can leak to the enemies, which, in turn, would âÂÂpotentially create unintended security consequences and increased risk to the joint force and mission.âÂÂ
Although it's a nice theory, I'd like to know whether this policy is just a theory or it has been based on some confirmed incidents of such use of cyber-warfare in an ongoing war.
Hence the question: Is there any confirmed evidence of actual use of cyber-warfare exploiting the vulnerable GPS data? If so, what are they?
I have initially asked this question on Politics.SE, but was suggested to ask it here instead.
cyber-warfare
38
I would be hesitant to call this "exploiting GPS vulnerabilities".
â forest
Aug 8 at 0:56
13
Perhaps "leveraging vulnerable GPS data" would be better?
â gowenfawr
Aug 8 at 1:39
5
The Netherlands have recently forbidden the usage of certain apps by military personel for exactly this reason. Too easy to figure out where the units were located. While I can't say it has been used to target anyone yet, it's definitely a major concern for multiple countries so far.
â Mast
Aug 8 at 6:38
21
Have a read ;-) theguardian.com/world/2018/jan/28/⦠Shows the layout of some army bases (US in this article), as created by joggers.
â rkeet
Aug 8 at 7:02
27
It's not even GPS data. It's location data. The fact that in some cases it was provided by a GPS receiver is not really relevant to anything!
â Lightness Races in Orbit
Aug 8 at 10:53
 |Â
show 3 more comments
up vote
103
down vote
favorite
up vote
103
down vote
favorite
In its recent policy, the US Department of Defense has prohibited the use of GPS-featured devices for its overseas personnel.
They explain it with a theory that commercial devices like smartphones or fitness trackers can store the geo-position (GPS) data along with the device owner's personal information on third-party servers, and this information can leak to the enemies, which, in turn, would âÂÂpotentially create unintended security consequences and increased risk to the joint force and mission.âÂÂ
Although it's a nice theory, I'd like to know whether this policy is just a theory or it has been based on some confirmed incidents of such use of cyber-warfare in an ongoing war.
Hence the question: Is there any confirmed evidence of actual use of cyber-warfare exploiting the vulnerable GPS data? If so, what are they?
I have initially asked this question on Politics.SE, but was suggested to ask it here instead.
cyber-warfare
In its recent policy, the US Department of Defense has prohibited the use of GPS-featured devices for its overseas personnel.
They explain it with a theory that commercial devices like smartphones or fitness trackers can store the geo-position (GPS) data along with the device owner's personal information on third-party servers, and this information can leak to the enemies, which, in turn, would âÂÂpotentially create unintended security consequences and increased risk to the joint force and mission.âÂÂ
Although it's a nice theory, I'd like to know whether this policy is just a theory or it has been based on some confirmed incidents of such use of cyber-warfare in an ongoing war.
Hence the question: Is there any confirmed evidence of actual use of cyber-warfare exploiting the vulnerable GPS data? If so, what are they?
I have initially asked this question on Politics.SE, but was suggested to ask it here instead.
cyber-warfare
edited Aug 8 at 3:53
D.W.
81.8k17218479
81.8k17218479
asked Aug 7 at 23:52
bytebuster
7593716
7593716
38
I would be hesitant to call this "exploiting GPS vulnerabilities".
â forest
Aug 8 at 0:56
13
Perhaps "leveraging vulnerable GPS data" would be better?
â gowenfawr
Aug 8 at 1:39
5
The Netherlands have recently forbidden the usage of certain apps by military personel for exactly this reason. Too easy to figure out where the units were located. While I can't say it has been used to target anyone yet, it's definitely a major concern for multiple countries so far.
â Mast
Aug 8 at 6:38
21
Have a read ;-) theguardian.com/world/2018/jan/28/⦠Shows the layout of some army bases (US in this article), as created by joggers.
â rkeet
Aug 8 at 7:02
27
It's not even GPS data. It's location data. The fact that in some cases it was provided by a GPS receiver is not really relevant to anything!
â Lightness Races in Orbit
Aug 8 at 10:53
 |Â
show 3 more comments
38
I would be hesitant to call this "exploiting GPS vulnerabilities".
â forest
Aug 8 at 0:56
13
Perhaps "leveraging vulnerable GPS data" would be better?
â gowenfawr
Aug 8 at 1:39
5
The Netherlands have recently forbidden the usage of certain apps by military personel for exactly this reason. Too easy to figure out where the units were located. While I can't say it has been used to target anyone yet, it's definitely a major concern for multiple countries so far.
â Mast
Aug 8 at 6:38
21
Have a read ;-) theguardian.com/world/2018/jan/28/⦠Shows the layout of some army bases (US in this article), as created by joggers.
â rkeet
Aug 8 at 7:02
27
It's not even GPS data. It's location data. The fact that in some cases it was provided by a GPS receiver is not really relevant to anything!
â Lightness Races in Orbit
Aug 8 at 10:53
38
38
I would be hesitant to call this "exploiting GPS vulnerabilities".
â forest
Aug 8 at 0:56
I would be hesitant to call this "exploiting GPS vulnerabilities".
â forest
Aug 8 at 0:56
13
13
Perhaps "leveraging vulnerable GPS data" would be better?
â gowenfawr
Aug 8 at 1:39
Perhaps "leveraging vulnerable GPS data" would be better?
â gowenfawr
Aug 8 at 1:39
5
5
The Netherlands have recently forbidden the usage of certain apps by military personel for exactly this reason. Too easy to figure out where the units were located. While I can't say it has been used to target anyone yet, it's definitely a major concern for multiple countries so far.
â Mast
Aug 8 at 6:38
The Netherlands have recently forbidden the usage of certain apps by military personel for exactly this reason. Too easy to figure out where the units were located. While I can't say it has been used to target anyone yet, it's definitely a major concern for multiple countries so far.
â Mast
Aug 8 at 6:38
21
21
Have a read ;-) theguardian.com/world/2018/jan/28/⦠Shows the layout of some army bases (US in this article), as created by joggers.
â rkeet
Aug 8 at 7:02
Have a read ;-) theguardian.com/world/2018/jan/28/⦠Shows the layout of some army bases (US in this article), as created by joggers.
â rkeet
Aug 8 at 7:02
27
27
It's not even GPS data. It's location data. The fact that in some cases it was provided by a GPS receiver is not really relevant to anything!
â Lightness Races in Orbit
Aug 8 at 10:53
It's not even GPS data. It's location data. The fact that in some cases it was provided by a GPS receiver is not really relevant to anything!
â Lightness Races in Orbit
Aug 8 at 10:53
 |Â
show 3 more comments
5 Answers
5
active
oldest
votes
up vote
169
down vote
accepted
Confirmed cases? Yes, at least two. One is Strava, and the other is Polar.
When Strava updated its global heat map, it showed some areas in supposed desert areas full of activity. Who would go jogging, at night, on the desert? What about US soldiers?
An interactive map posted on the Internet that shows the whereabouts of people who use fitness devices such as Fitbit also reveals highly sensitive information about the locations and activities of soldiers at U.S. military bases, in what appears to be a major security oversight.
In war zones and deserts in countries such as Iraq and Syria, the heat map becomes almost entirely dark â except for scattered pinpricks of activity. Zooming in on those areas brings into focus the locations and outlines of known U.S. military bases, as well as of other unknown and potentially sensitive sites â presumably because American soldiers and other personnel are using fitness trackers as they move around.
Using fitness trackers will allow the enemy to detect the place, extrapolate the number of soldiers, the patrol patterns and path, and even identify the soldiers. If you can identify someone that lives somewhere in Montana, and suddenly spent 4 months on Pakistan, you can bet he is a soldier. And using the pace and heart rate, you can even say how fit the person is.
The Polar leak was even worse:
With two pairs of coordinates dropped over any sensitive government location or facility, it was possible to find the names of personnel who track their fitness activities dating as far back as 2014.
The reporters identified more than 6,400 users believed to be exercising at sensitive locations, including the NSA, the White House, MI6 in London, and the Guantanamo Bay detention center in Cuba, as well as personnel working on foreign military bases.
The Polar API allowed anyone to query any profile, public or private, without any rate limit. The user ID was pretty easy to predict, and 650k+ user profiles were downloaded, several GB of data. Just ask, and Polar would give all.
The post shows lots of sensitive places (nuclear facilities, military bases, NSA headquarters, Guantanamo Bay facilities, among others) and could identify the users on those places, and even their home addresses, Facebook pages and personal pictures.
You don't need to think too much to realize the damage that can be done with all that information.
98
I still consider these stories the absolute perfect example not only of how dangerous it is to share-by-default everything you do online and offline, but also how little thought people give to it in this increasingly connected age. It's really staggering.
â Lightness Races in Orbit
Aug 8 at 10:54
16
I still remember how angry I was when Facebook started urging children to report their locations and to identify who was with them.
â WGroleau
Aug 8 at 12:12
22
@MartinBonner you aren't expecting the Chinese military to post on their Twitter account something like "We used Polar Tracker data to discover home address from someone working at NSA, and hacked their home WiFi to infect their computers with exfiltrating malware". Right?
â ThoriumBR
Aug 8 at 16:28
11
@MartinBonner Personally, I think the working assumption/hypothesis should be that it has been used, but that you simply don't know about it.
â code_dredd
Aug 8 at 20:03
4
@ThoriumBR The API might be suspended, but that doesn't mean the data isn't available. If someone already downloaded it, they can make it available.
â mbomb007
Aug 9 at 15:07
 |Â
show 8 more comments
up vote
52
down vote
Yes, exploitation of location data in combat: FancyBear Tracking Ukrainian artillery units
In short, Ukrainian artillery units used malware-infused app to compute shooting solutions for their D-30 122mm towed howitzer. It has been found that these units suffered suspiciously high losses.
Quoting more from the Crowdstrike report (emphasis mine):
- From late 2014 and through 2016, FANCY BEAR X-Agent implant was covertly distributed on Ukrainian military forums within a legitimate Android application developed by Ukrainian artillery officer Yaroslav Sherstuk.
- The original application enabled artillery forces to more rapidly process targeting data for the Soviet-era D-30 Howitzer employed by Ukrainian artillery forces reducing targeting time from minutes to under 15 seconds. According to SherstukâÂÂs interviews with the press, over 9000 artillery personnel have been using the application in Ukrainian military.
- Successful deployment of the FANCY BEAR malware within this application may have facilitated reconnaissance against Ukrainian troops. The ability of this malware to retrieve communications and gross locational data from an infected device makes it an attractive way to identify the general location of Ukrainian artillery forces and engage them.
- Open source reporting indicates that Ukrainian artillery forces have lost over 50% of their weapons in the 2 years of conflict and over 80% of D-30 howitzers, the highest percentage of loss of any other artillery pieces in UkraineâÂÂs arsenal.
15
Yaroslav Sherstuk must be horrified! I can only imagine how it would feel to have a nice little creation meant to help my countrymen get subverted to kill them like this.
â Ruadhan2300
Aug 9 at 14:36
9
@Ruadhan2300 Damn. Code signing really does save lives.
â NReilingh
Aug 10 at 1:28
That's one horrifying example, thanks. I found an article showing a simpler tactic, see my answer
â bytebuster
Aug 10 at 18:39
6
Except the entire premise is based on grossly incorrect data; it's basically fake news. Read the update at the very top of the post: "...excluding the Naval Infantry battalion in the Crimea which was effectively captured wholesale, the Ukrainian Armed Forces lost between 15% and 20% of their pre-war DâÂÂ30 inventory in combat operations.â Even then, that's a worthless number unless we are given comparison to other forces.
â user71659
Aug 10 at 20:10
add a comment |Â
up vote
13
down vote
I've stumbled across this article. It assumes that the Russian army in Ukraine uses equipment capable of detecting the location of cellphones â not even necessarily GPS-enabled smartphones, just anything that uses standard cell operators (quite often compromised).
The Future Of Information Warfare Is Here â And The Russians Are Already Doing It
(highlight mine)
So reports Army Col. Liam Collins in the August issue of ARMY magazine. HereâÂÂs how it works:
âÂÂThe Russians are adept at identifying Ukrainian positions by their electrometric signatures,â writes Collins. One would expect that, but the thing that impressed me what came next.
âÂÂIn one tactic, [Ukrainian] soldiers receive texts telling them they are âÂÂsurrounded and abandoned.âÂÂ
Minutes later, their families receive a text stating, âÂÂYour son is killed in action,â which often prompts a call or text to the soldiers.
Minutes later, soldiers receive another message telling them to âÂÂretreat and live,âÂÂ
followed by an artillery strike to the location where a large group of cellphones was detected.âÂÂ
2
Short Message Type 0 has been used to that effect by police forces, so I am not surprised that it would be used in war.
â 0xC0000022L
Aug 11 at 20:19
add a comment |Â
up vote
10
down vote
A Russian soldier on duty posted pictures automatically tagged with GPS data that showed he was in Ukraine, back when Russia was denying having troops there.
https://www.businessinsider.com/russian-soldier-ukraine-2014-7
Not directly involving combat, but definitely something his country would prefer to avoid.
add a comment |Â
up vote
-3
down vote
In the early 2000's Hezbollah used several dark web sites in order to distribute media and propaganda. Intelligence agents discovered that most of the uploaded images/video still had embedded GPS meta-data, and used that to map out suspected terrorist hot spots.
The United States government declined to take action, citing the intel as "of questionable credibility". The Kremlin, however...
6
... did what, exactly?
â David Richerby
Aug 13 at 15:11
add a comment |Â
5 Answers
5
active
oldest
votes
5 Answers
5
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
169
down vote
accepted
Confirmed cases? Yes, at least two. One is Strava, and the other is Polar.
When Strava updated its global heat map, it showed some areas in supposed desert areas full of activity. Who would go jogging, at night, on the desert? What about US soldiers?
An interactive map posted on the Internet that shows the whereabouts of people who use fitness devices such as Fitbit also reveals highly sensitive information about the locations and activities of soldiers at U.S. military bases, in what appears to be a major security oversight.
In war zones and deserts in countries such as Iraq and Syria, the heat map becomes almost entirely dark â except for scattered pinpricks of activity. Zooming in on those areas brings into focus the locations and outlines of known U.S. military bases, as well as of other unknown and potentially sensitive sites â presumably because American soldiers and other personnel are using fitness trackers as they move around.
Using fitness trackers will allow the enemy to detect the place, extrapolate the number of soldiers, the patrol patterns and path, and even identify the soldiers. If you can identify someone that lives somewhere in Montana, and suddenly spent 4 months on Pakistan, you can bet he is a soldier. And using the pace and heart rate, you can even say how fit the person is.
The Polar leak was even worse:
With two pairs of coordinates dropped over any sensitive government location or facility, it was possible to find the names of personnel who track their fitness activities dating as far back as 2014.
The reporters identified more than 6,400 users believed to be exercising at sensitive locations, including the NSA, the White House, MI6 in London, and the Guantanamo Bay detention center in Cuba, as well as personnel working on foreign military bases.
The Polar API allowed anyone to query any profile, public or private, without any rate limit. The user ID was pretty easy to predict, and 650k+ user profiles were downloaded, several GB of data. Just ask, and Polar would give all.
The post shows lots of sensitive places (nuclear facilities, military bases, NSA headquarters, Guantanamo Bay facilities, among others) and could identify the users on those places, and even their home addresses, Facebook pages and personal pictures.
You don't need to think too much to realize the damage that can be done with all that information.
98
I still consider these stories the absolute perfect example not only of how dangerous it is to share-by-default everything you do online and offline, but also how little thought people give to it in this increasingly connected age. It's really staggering.
â Lightness Races in Orbit
Aug 8 at 10:54
16
I still remember how angry I was when Facebook started urging children to report their locations and to identify who was with them.
â WGroleau
Aug 8 at 12:12
22
@MartinBonner you aren't expecting the Chinese military to post on their Twitter account something like "We used Polar Tracker data to discover home address from someone working at NSA, and hacked their home WiFi to infect their computers with exfiltrating malware". Right?
â ThoriumBR
Aug 8 at 16:28
11
@MartinBonner Personally, I think the working assumption/hypothesis should be that it has been used, but that you simply don't know about it.
â code_dredd
Aug 8 at 20:03
4
@ThoriumBR The API might be suspended, but that doesn't mean the data isn't available. If someone already downloaded it, they can make it available.
â mbomb007
Aug 9 at 15:07
 |Â
show 8 more comments
up vote
169
down vote
accepted
Confirmed cases? Yes, at least two. One is Strava, and the other is Polar.
When Strava updated its global heat map, it showed some areas in supposed desert areas full of activity. Who would go jogging, at night, on the desert? What about US soldiers?
An interactive map posted on the Internet that shows the whereabouts of people who use fitness devices such as Fitbit also reveals highly sensitive information about the locations and activities of soldiers at U.S. military bases, in what appears to be a major security oversight.
In war zones and deserts in countries such as Iraq and Syria, the heat map becomes almost entirely dark â except for scattered pinpricks of activity. Zooming in on those areas brings into focus the locations and outlines of known U.S. military bases, as well as of other unknown and potentially sensitive sites â presumably because American soldiers and other personnel are using fitness trackers as they move around.
Using fitness trackers will allow the enemy to detect the place, extrapolate the number of soldiers, the patrol patterns and path, and even identify the soldiers. If you can identify someone that lives somewhere in Montana, and suddenly spent 4 months on Pakistan, you can bet he is a soldier. And using the pace and heart rate, you can even say how fit the person is.
The Polar leak was even worse:
With two pairs of coordinates dropped over any sensitive government location or facility, it was possible to find the names of personnel who track their fitness activities dating as far back as 2014.
The reporters identified more than 6,400 users believed to be exercising at sensitive locations, including the NSA, the White House, MI6 in London, and the Guantanamo Bay detention center in Cuba, as well as personnel working on foreign military bases.
The Polar API allowed anyone to query any profile, public or private, without any rate limit. The user ID was pretty easy to predict, and 650k+ user profiles were downloaded, several GB of data. Just ask, and Polar would give all.
The post shows lots of sensitive places (nuclear facilities, military bases, NSA headquarters, Guantanamo Bay facilities, among others) and could identify the users on those places, and even their home addresses, Facebook pages and personal pictures.
You don't need to think too much to realize the damage that can be done with all that information.
98
I still consider these stories the absolute perfect example not only of how dangerous it is to share-by-default everything you do online and offline, but also how little thought people give to it in this increasingly connected age. It's really staggering.
â Lightness Races in Orbit
Aug 8 at 10:54
16
I still remember how angry I was when Facebook started urging children to report their locations and to identify who was with them.
â WGroleau
Aug 8 at 12:12
22
@MartinBonner you aren't expecting the Chinese military to post on their Twitter account something like "We used Polar Tracker data to discover home address from someone working at NSA, and hacked their home WiFi to infect their computers with exfiltrating malware". Right?
â ThoriumBR
Aug 8 at 16:28
11
@MartinBonner Personally, I think the working assumption/hypothesis should be that it has been used, but that you simply don't know about it.
â code_dredd
Aug 8 at 20:03
4
@ThoriumBR The API might be suspended, but that doesn't mean the data isn't available. If someone already downloaded it, they can make it available.
â mbomb007
Aug 9 at 15:07
 |Â
show 8 more comments
up vote
169
down vote
accepted
up vote
169
down vote
accepted
Confirmed cases? Yes, at least two. One is Strava, and the other is Polar.
When Strava updated its global heat map, it showed some areas in supposed desert areas full of activity. Who would go jogging, at night, on the desert? What about US soldiers?
An interactive map posted on the Internet that shows the whereabouts of people who use fitness devices such as Fitbit also reveals highly sensitive information about the locations and activities of soldiers at U.S. military bases, in what appears to be a major security oversight.
In war zones and deserts in countries such as Iraq and Syria, the heat map becomes almost entirely dark â except for scattered pinpricks of activity. Zooming in on those areas brings into focus the locations and outlines of known U.S. military bases, as well as of other unknown and potentially sensitive sites â presumably because American soldiers and other personnel are using fitness trackers as they move around.
Using fitness trackers will allow the enemy to detect the place, extrapolate the number of soldiers, the patrol patterns and path, and even identify the soldiers. If you can identify someone that lives somewhere in Montana, and suddenly spent 4 months on Pakistan, you can bet he is a soldier. And using the pace and heart rate, you can even say how fit the person is.
The Polar leak was even worse:
With two pairs of coordinates dropped over any sensitive government location or facility, it was possible to find the names of personnel who track their fitness activities dating as far back as 2014.
The reporters identified more than 6,400 users believed to be exercising at sensitive locations, including the NSA, the White House, MI6 in London, and the Guantanamo Bay detention center in Cuba, as well as personnel working on foreign military bases.
The Polar API allowed anyone to query any profile, public or private, without any rate limit. The user ID was pretty easy to predict, and 650k+ user profiles were downloaded, several GB of data. Just ask, and Polar would give all.
The post shows lots of sensitive places (nuclear facilities, military bases, NSA headquarters, Guantanamo Bay facilities, among others) and could identify the users on those places, and even their home addresses, Facebook pages and personal pictures.
You don't need to think too much to realize the damage that can be done with all that information.
Confirmed cases? Yes, at least two. One is Strava, and the other is Polar.
When Strava updated its global heat map, it showed some areas in supposed desert areas full of activity. Who would go jogging, at night, on the desert? What about US soldiers?
An interactive map posted on the Internet that shows the whereabouts of people who use fitness devices such as Fitbit also reveals highly sensitive information about the locations and activities of soldiers at U.S. military bases, in what appears to be a major security oversight.
In war zones and deserts in countries such as Iraq and Syria, the heat map becomes almost entirely dark â except for scattered pinpricks of activity. Zooming in on those areas brings into focus the locations and outlines of known U.S. military bases, as well as of other unknown and potentially sensitive sites â presumably because American soldiers and other personnel are using fitness trackers as they move around.
Using fitness trackers will allow the enemy to detect the place, extrapolate the number of soldiers, the patrol patterns and path, and even identify the soldiers. If you can identify someone that lives somewhere in Montana, and suddenly spent 4 months on Pakistan, you can bet he is a soldier. And using the pace and heart rate, you can even say how fit the person is.
The Polar leak was even worse:
With two pairs of coordinates dropped over any sensitive government location or facility, it was possible to find the names of personnel who track their fitness activities dating as far back as 2014.
The reporters identified more than 6,400 users believed to be exercising at sensitive locations, including the NSA, the White House, MI6 in London, and the Guantanamo Bay detention center in Cuba, as well as personnel working on foreign military bases.
The Polar API allowed anyone to query any profile, public or private, without any rate limit. The user ID was pretty easy to predict, and 650k+ user profiles were downloaded, several GB of data. Just ask, and Polar would give all.
The post shows lots of sensitive places (nuclear facilities, military bases, NSA headquarters, Guantanamo Bay facilities, among others) and could identify the users on those places, and even their home addresses, Facebook pages and personal pictures.
You don't need to think too much to realize the damage that can be done with all that information.
edited Aug 8 at 14:20
psmears
83658
83658
answered Aug 8 at 0:46
ThoriumBR
15.1k33555
15.1k33555
98
I still consider these stories the absolute perfect example not only of how dangerous it is to share-by-default everything you do online and offline, but also how little thought people give to it in this increasingly connected age. It's really staggering.
â Lightness Races in Orbit
Aug 8 at 10:54
16
I still remember how angry I was when Facebook started urging children to report their locations and to identify who was with them.
â WGroleau
Aug 8 at 12:12
22
@MartinBonner you aren't expecting the Chinese military to post on their Twitter account something like "We used Polar Tracker data to discover home address from someone working at NSA, and hacked their home WiFi to infect their computers with exfiltrating malware". Right?
â ThoriumBR
Aug 8 at 16:28
11
@MartinBonner Personally, I think the working assumption/hypothesis should be that it has been used, but that you simply don't know about it.
â code_dredd
Aug 8 at 20:03
4
@ThoriumBR The API might be suspended, but that doesn't mean the data isn't available. If someone already downloaded it, they can make it available.
â mbomb007
Aug 9 at 15:07
 |Â
show 8 more comments
98
I still consider these stories the absolute perfect example not only of how dangerous it is to share-by-default everything you do online and offline, but also how little thought people give to it in this increasingly connected age. It's really staggering.
â Lightness Races in Orbit
Aug 8 at 10:54
16
I still remember how angry I was when Facebook started urging children to report their locations and to identify who was with them.
â WGroleau
Aug 8 at 12:12
22
@MartinBonner you aren't expecting the Chinese military to post on their Twitter account something like "We used Polar Tracker data to discover home address from someone working at NSA, and hacked their home WiFi to infect their computers with exfiltrating malware". Right?
â ThoriumBR
Aug 8 at 16:28
11
@MartinBonner Personally, I think the working assumption/hypothesis should be that it has been used, but that you simply don't know about it.
â code_dredd
Aug 8 at 20:03
4
@ThoriumBR The API might be suspended, but that doesn't mean the data isn't available. If someone already downloaded it, they can make it available.
â mbomb007
Aug 9 at 15:07
98
98
I still consider these stories the absolute perfect example not only of how dangerous it is to share-by-default everything you do online and offline, but also how little thought people give to it in this increasingly connected age. It's really staggering.
â Lightness Races in Orbit
Aug 8 at 10:54
I still consider these stories the absolute perfect example not only of how dangerous it is to share-by-default everything you do online and offline, but also how little thought people give to it in this increasingly connected age. It's really staggering.
â Lightness Races in Orbit
Aug 8 at 10:54
16
16
I still remember how angry I was when Facebook started urging children to report their locations and to identify who was with them.
â WGroleau
Aug 8 at 12:12
I still remember how angry I was when Facebook started urging children to report their locations and to identify who was with them.
â WGroleau
Aug 8 at 12:12
22
22
@MartinBonner you aren't expecting the Chinese military to post on their Twitter account something like "We used Polar Tracker data to discover home address from someone working at NSA, and hacked their home WiFi to infect their computers with exfiltrating malware". Right?
â ThoriumBR
Aug 8 at 16:28
@MartinBonner you aren't expecting the Chinese military to post on their Twitter account something like "We used Polar Tracker data to discover home address from someone working at NSA, and hacked their home WiFi to infect their computers with exfiltrating malware". Right?
â ThoriumBR
Aug 8 at 16:28
11
11
@MartinBonner Personally, I think the working assumption/hypothesis should be that it has been used, but that you simply don't know about it.
â code_dredd
Aug 8 at 20:03
@MartinBonner Personally, I think the working assumption/hypothesis should be that it has been used, but that you simply don't know about it.
â code_dredd
Aug 8 at 20:03
4
4
@ThoriumBR The API might be suspended, but that doesn't mean the data isn't available. If someone already downloaded it, they can make it available.
â mbomb007
Aug 9 at 15:07
@ThoriumBR The API might be suspended, but that doesn't mean the data isn't available. If someone already downloaded it, they can make it available.
â mbomb007
Aug 9 at 15:07
 |Â
show 8 more comments
up vote
52
down vote
Yes, exploitation of location data in combat: FancyBear Tracking Ukrainian artillery units
In short, Ukrainian artillery units used malware-infused app to compute shooting solutions for their D-30 122mm towed howitzer. It has been found that these units suffered suspiciously high losses.
Quoting more from the Crowdstrike report (emphasis mine):
- From late 2014 and through 2016, FANCY BEAR X-Agent implant was covertly distributed on Ukrainian military forums within a legitimate Android application developed by Ukrainian artillery officer Yaroslav Sherstuk.
- The original application enabled artillery forces to more rapidly process targeting data for the Soviet-era D-30 Howitzer employed by Ukrainian artillery forces reducing targeting time from minutes to under 15 seconds. According to SherstukâÂÂs interviews with the press, over 9000 artillery personnel have been using the application in Ukrainian military.
- Successful deployment of the FANCY BEAR malware within this application may have facilitated reconnaissance against Ukrainian troops. The ability of this malware to retrieve communications and gross locational data from an infected device makes it an attractive way to identify the general location of Ukrainian artillery forces and engage them.
- Open source reporting indicates that Ukrainian artillery forces have lost over 50% of their weapons in the 2 years of conflict and over 80% of D-30 howitzers, the highest percentage of loss of any other artillery pieces in UkraineâÂÂs arsenal.
15
Yaroslav Sherstuk must be horrified! I can only imagine how it would feel to have a nice little creation meant to help my countrymen get subverted to kill them like this.
â Ruadhan2300
Aug 9 at 14:36
9
@Ruadhan2300 Damn. Code signing really does save lives.
â NReilingh
Aug 10 at 1:28
That's one horrifying example, thanks. I found an article showing a simpler tactic, see my answer
â bytebuster
Aug 10 at 18:39
6
Except the entire premise is based on grossly incorrect data; it's basically fake news. Read the update at the very top of the post: "...excluding the Naval Infantry battalion in the Crimea which was effectively captured wholesale, the Ukrainian Armed Forces lost between 15% and 20% of their pre-war DâÂÂ30 inventory in combat operations.â Even then, that's a worthless number unless we are given comparison to other forces.
â user71659
Aug 10 at 20:10
add a comment |Â
up vote
52
down vote
Yes, exploitation of location data in combat: FancyBear Tracking Ukrainian artillery units
In short, Ukrainian artillery units used malware-infused app to compute shooting solutions for their D-30 122mm towed howitzer. It has been found that these units suffered suspiciously high losses.
Quoting more from the Crowdstrike report (emphasis mine):
- From late 2014 and through 2016, FANCY BEAR X-Agent implant was covertly distributed on Ukrainian military forums within a legitimate Android application developed by Ukrainian artillery officer Yaroslav Sherstuk.
- The original application enabled artillery forces to more rapidly process targeting data for the Soviet-era D-30 Howitzer employed by Ukrainian artillery forces reducing targeting time from minutes to under 15 seconds. According to SherstukâÂÂs interviews with the press, over 9000 artillery personnel have been using the application in Ukrainian military.
- Successful deployment of the FANCY BEAR malware within this application may have facilitated reconnaissance against Ukrainian troops. The ability of this malware to retrieve communications and gross locational data from an infected device makes it an attractive way to identify the general location of Ukrainian artillery forces and engage them.
- Open source reporting indicates that Ukrainian artillery forces have lost over 50% of their weapons in the 2 years of conflict and over 80% of D-30 howitzers, the highest percentage of loss of any other artillery pieces in UkraineâÂÂs arsenal.
15
Yaroslav Sherstuk must be horrified! I can only imagine how it would feel to have a nice little creation meant to help my countrymen get subverted to kill them like this.
â Ruadhan2300
Aug 9 at 14:36
9
@Ruadhan2300 Damn. Code signing really does save lives.
â NReilingh
Aug 10 at 1:28
That's one horrifying example, thanks. I found an article showing a simpler tactic, see my answer
â bytebuster
Aug 10 at 18:39
6
Except the entire premise is based on grossly incorrect data; it's basically fake news. Read the update at the very top of the post: "...excluding the Naval Infantry battalion in the Crimea which was effectively captured wholesale, the Ukrainian Armed Forces lost between 15% and 20% of their pre-war DâÂÂ30 inventory in combat operations.â Even then, that's a worthless number unless we are given comparison to other forces.
â user71659
Aug 10 at 20:10
add a comment |Â
up vote
52
down vote
up vote
52
down vote
Yes, exploitation of location data in combat: FancyBear Tracking Ukrainian artillery units
In short, Ukrainian artillery units used malware-infused app to compute shooting solutions for their D-30 122mm towed howitzer. It has been found that these units suffered suspiciously high losses.
Quoting more from the Crowdstrike report (emphasis mine):
- From late 2014 and through 2016, FANCY BEAR X-Agent implant was covertly distributed on Ukrainian military forums within a legitimate Android application developed by Ukrainian artillery officer Yaroslav Sherstuk.
- The original application enabled artillery forces to more rapidly process targeting data for the Soviet-era D-30 Howitzer employed by Ukrainian artillery forces reducing targeting time from minutes to under 15 seconds. According to SherstukâÂÂs interviews with the press, over 9000 artillery personnel have been using the application in Ukrainian military.
- Successful deployment of the FANCY BEAR malware within this application may have facilitated reconnaissance against Ukrainian troops. The ability of this malware to retrieve communications and gross locational data from an infected device makes it an attractive way to identify the general location of Ukrainian artillery forces and engage them.
- Open source reporting indicates that Ukrainian artillery forces have lost over 50% of their weapons in the 2 years of conflict and over 80% of D-30 howitzers, the highest percentage of loss of any other artillery pieces in UkraineâÂÂs arsenal.
Yes, exploitation of location data in combat: FancyBear Tracking Ukrainian artillery units
In short, Ukrainian artillery units used malware-infused app to compute shooting solutions for their D-30 122mm towed howitzer. It has been found that these units suffered suspiciously high losses.
Quoting more from the Crowdstrike report (emphasis mine):
- From late 2014 and through 2016, FANCY BEAR X-Agent implant was covertly distributed on Ukrainian military forums within a legitimate Android application developed by Ukrainian artillery officer Yaroslav Sherstuk.
- The original application enabled artillery forces to more rapidly process targeting data for the Soviet-era D-30 Howitzer employed by Ukrainian artillery forces reducing targeting time from minutes to under 15 seconds. According to SherstukâÂÂs interviews with the press, over 9000 artillery personnel have been using the application in Ukrainian military.
- Successful deployment of the FANCY BEAR malware within this application may have facilitated reconnaissance against Ukrainian troops. The ability of this malware to retrieve communications and gross locational data from an infected device makes it an attractive way to identify the general location of Ukrainian artillery forces and engage them.
- Open source reporting indicates that Ukrainian artillery forces have lost over 50% of their weapons in the 2 years of conflict and over 80% of D-30 howitzers, the highest percentage of loss of any other artillery pieces in UkraineâÂÂs arsenal.
edited Aug 9 at 12:12
Mike Pennington
16811
16811
answered Aug 9 at 8:53
Edheldil
83659
83659
15
Yaroslav Sherstuk must be horrified! I can only imagine how it would feel to have a nice little creation meant to help my countrymen get subverted to kill them like this.
â Ruadhan2300
Aug 9 at 14:36
9
@Ruadhan2300 Damn. Code signing really does save lives.
â NReilingh
Aug 10 at 1:28
That's one horrifying example, thanks. I found an article showing a simpler tactic, see my answer
â bytebuster
Aug 10 at 18:39
6
Except the entire premise is based on grossly incorrect data; it's basically fake news. Read the update at the very top of the post: "...excluding the Naval Infantry battalion in the Crimea which was effectively captured wholesale, the Ukrainian Armed Forces lost between 15% and 20% of their pre-war DâÂÂ30 inventory in combat operations.â Even then, that's a worthless number unless we are given comparison to other forces.
â user71659
Aug 10 at 20:10
add a comment |Â
15
Yaroslav Sherstuk must be horrified! I can only imagine how it would feel to have a nice little creation meant to help my countrymen get subverted to kill them like this.
â Ruadhan2300
Aug 9 at 14:36
9
@Ruadhan2300 Damn. Code signing really does save lives.
â NReilingh
Aug 10 at 1:28
That's one horrifying example, thanks. I found an article showing a simpler tactic, see my answer
â bytebuster
Aug 10 at 18:39
6
Except the entire premise is based on grossly incorrect data; it's basically fake news. Read the update at the very top of the post: "...excluding the Naval Infantry battalion in the Crimea which was effectively captured wholesale, the Ukrainian Armed Forces lost between 15% and 20% of their pre-war DâÂÂ30 inventory in combat operations.â Even then, that's a worthless number unless we are given comparison to other forces.
â user71659
Aug 10 at 20:10
15
15
Yaroslav Sherstuk must be horrified! I can only imagine how it would feel to have a nice little creation meant to help my countrymen get subverted to kill them like this.
â Ruadhan2300
Aug 9 at 14:36
Yaroslav Sherstuk must be horrified! I can only imagine how it would feel to have a nice little creation meant to help my countrymen get subverted to kill them like this.
â Ruadhan2300
Aug 9 at 14:36
9
9
@Ruadhan2300 Damn. Code signing really does save lives.
â NReilingh
Aug 10 at 1:28
@Ruadhan2300 Damn. Code signing really does save lives.
â NReilingh
Aug 10 at 1:28
That's one horrifying example, thanks. I found an article showing a simpler tactic, see my answer
â bytebuster
Aug 10 at 18:39
That's one horrifying example, thanks. I found an article showing a simpler tactic, see my answer
â bytebuster
Aug 10 at 18:39
6
6
Except the entire premise is based on grossly incorrect data; it's basically fake news. Read the update at the very top of the post: "...excluding the Naval Infantry battalion in the Crimea which was effectively captured wholesale, the Ukrainian Armed Forces lost between 15% and 20% of their pre-war DâÂÂ30 inventory in combat operations.â Even then, that's a worthless number unless we are given comparison to other forces.
â user71659
Aug 10 at 20:10
Except the entire premise is based on grossly incorrect data; it's basically fake news. Read the update at the very top of the post: "...excluding the Naval Infantry battalion in the Crimea which was effectively captured wholesale, the Ukrainian Armed Forces lost between 15% and 20% of their pre-war DâÂÂ30 inventory in combat operations.â Even then, that's a worthless number unless we are given comparison to other forces.
â user71659
Aug 10 at 20:10
add a comment |Â
up vote
13
down vote
I've stumbled across this article. It assumes that the Russian army in Ukraine uses equipment capable of detecting the location of cellphones â not even necessarily GPS-enabled smartphones, just anything that uses standard cell operators (quite often compromised).
The Future Of Information Warfare Is Here â And The Russians Are Already Doing It
(highlight mine)
So reports Army Col. Liam Collins in the August issue of ARMY magazine. HereâÂÂs how it works:
âÂÂThe Russians are adept at identifying Ukrainian positions by their electrometric signatures,â writes Collins. One would expect that, but the thing that impressed me what came next.
âÂÂIn one tactic, [Ukrainian] soldiers receive texts telling them they are âÂÂsurrounded and abandoned.âÂÂ
Minutes later, their families receive a text stating, âÂÂYour son is killed in action,â which often prompts a call or text to the soldiers.
Minutes later, soldiers receive another message telling them to âÂÂretreat and live,âÂÂ
followed by an artillery strike to the location where a large group of cellphones was detected.âÂÂ
2
Short Message Type 0 has been used to that effect by police forces, so I am not surprised that it would be used in war.
â 0xC0000022L
Aug 11 at 20:19
add a comment |Â
up vote
13
down vote
I've stumbled across this article. It assumes that the Russian army in Ukraine uses equipment capable of detecting the location of cellphones â not even necessarily GPS-enabled smartphones, just anything that uses standard cell operators (quite often compromised).
The Future Of Information Warfare Is Here â And The Russians Are Already Doing It
(highlight mine)
So reports Army Col. Liam Collins in the August issue of ARMY magazine. HereâÂÂs how it works:
âÂÂThe Russians are adept at identifying Ukrainian positions by their electrometric signatures,â writes Collins. One would expect that, but the thing that impressed me what came next.
âÂÂIn one tactic, [Ukrainian] soldiers receive texts telling them they are âÂÂsurrounded and abandoned.âÂÂ
Minutes later, their families receive a text stating, âÂÂYour son is killed in action,â which often prompts a call or text to the soldiers.
Minutes later, soldiers receive another message telling them to âÂÂretreat and live,âÂÂ
followed by an artillery strike to the location where a large group of cellphones was detected.âÂÂ
2
Short Message Type 0 has been used to that effect by police forces, so I am not surprised that it would be used in war.
â 0xC0000022L
Aug 11 at 20:19
add a comment |Â
up vote
13
down vote
up vote
13
down vote
I've stumbled across this article. It assumes that the Russian army in Ukraine uses equipment capable of detecting the location of cellphones â not even necessarily GPS-enabled smartphones, just anything that uses standard cell operators (quite often compromised).
The Future Of Information Warfare Is Here â And The Russians Are Already Doing It
(highlight mine)
So reports Army Col. Liam Collins in the August issue of ARMY magazine. HereâÂÂs how it works:
âÂÂThe Russians are adept at identifying Ukrainian positions by their electrometric signatures,â writes Collins. One would expect that, but the thing that impressed me what came next.
âÂÂIn one tactic, [Ukrainian] soldiers receive texts telling them they are âÂÂsurrounded and abandoned.âÂÂ
Minutes later, their families receive a text stating, âÂÂYour son is killed in action,â which often prompts a call or text to the soldiers.
Minutes later, soldiers receive another message telling them to âÂÂretreat and live,âÂÂ
followed by an artillery strike to the location where a large group of cellphones was detected.âÂÂ
I've stumbled across this article. It assumes that the Russian army in Ukraine uses equipment capable of detecting the location of cellphones â not even necessarily GPS-enabled smartphones, just anything that uses standard cell operators (quite often compromised).
The Future Of Information Warfare Is Here â And The Russians Are Already Doing It
(highlight mine)
So reports Army Col. Liam Collins in the August issue of ARMY magazine. HereâÂÂs how it works:
âÂÂThe Russians are adept at identifying Ukrainian positions by their electrometric signatures,â writes Collins. One would expect that, but the thing that impressed me what came next.
âÂÂIn one tactic, [Ukrainian] soldiers receive texts telling them they are âÂÂsurrounded and abandoned.âÂÂ
Minutes later, their families receive a text stating, âÂÂYour son is killed in action,â which often prompts a call or text to the soldiers.
Minutes later, soldiers receive another message telling them to âÂÂretreat and live,âÂÂ
followed by an artillery strike to the location where a large group of cellphones was detected.âÂÂ
edited Aug 10 at 19:07
answered Aug 10 at 18:33
bytebuster
7593716
7593716
2
Short Message Type 0 has been used to that effect by police forces, so I am not surprised that it would be used in war.
â 0xC0000022L
Aug 11 at 20:19
add a comment |Â
2
Short Message Type 0 has been used to that effect by police forces, so I am not surprised that it would be used in war.
â 0xC0000022L
Aug 11 at 20:19
2
2
Short Message Type 0 has been used to that effect by police forces, so I am not surprised that it would be used in war.
â 0xC0000022L
Aug 11 at 20:19
Short Message Type 0 has been used to that effect by police forces, so I am not surprised that it would be used in war.
â 0xC0000022L
Aug 11 at 20:19
add a comment |Â
up vote
10
down vote
A Russian soldier on duty posted pictures automatically tagged with GPS data that showed he was in Ukraine, back when Russia was denying having troops there.
https://www.businessinsider.com/russian-soldier-ukraine-2014-7
Not directly involving combat, but definitely something his country would prefer to avoid.
add a comment |Â
up vote
10
down vote
A Russian soldier on duty posted pictures automatically tagged with GPS data that showed he was in Ukraine, back when Russia was denying having troops there.
https://www.businessinsider.com/russian-soldier-ukraine-2014-7
Not directly involving combat, but definitely something his country would prefer to avoid.
add a comment |Â
up vote
10
down vote
up vote
10
down vote
A Russian soldier on duty posted pictures automatically tagged with GPS data that showed he was in Ukraine, back when Russia was denying having troops there.
https://www.businessinsider.com/russian-soldier-ukraine-2014-7
Not directly involving combat, but definitely something his country would prefer to avoid.
A Russian soldier on duty posted pictures automatically tagged with GPS data that showed he was in Ukraine, back when Russia was denying having troops there.
https://www.businessinsider.com/russian-soldier-ukraine-2014-7
Not directly involving combat, but definitely something his country would prefer to avoid.
answered Aug 10 at 19:05
Emilio M Bumachar
27318
27318
add a comment |Â
add a comment |Â
up vote
-3
down vote
In the early 2000's Hezbollah used several dark web sites in order to distribute media and propaganda. Intelligence agents discovered that most of the uploaded images/video still had embedded GPS meta-data, and used that to map out suspected terrorist hot spots.
The United States government declined to take action, citing the intel as "of questionable credibility". The Kremlin, however...
6
... did what, exactly?
â David Richerby
Aug 13 at 15:11
add a comment |Â
up vote
-3
down vote
In the early 2000's Hezbollah used several dark web sites in order to distribute media and propaganda. Intelligence agents discovered that most of the uploaded images/video still had embedded GPS meta-data, and used that to map out suspected terrorist hot spots.
The United States government declined to take action, citing the intel as "of questionable credibility". The Kremlin, however...
6
... did what, exactly?
â David Richerby
Aug 13 at 15:11
add a comment |Â
up vote
-3
down vote
up vote
-3
down vote
In the early 2000's Hezbollah used several dark web sites in order to distribute media and propaganda. Intelligence agents discovered that most of the uploaded images/video still had embedded GPS meta-data, and used that to map out suspected terrorist hot spots.
The United States government declined to take action, citing the intel as "of questionable credibility". The Kremlin, however...
In the early 2000's Hezbollah used several dark web sites in order to distribute media and propaganda. Intelligence agents discovered that most of the uploaded images/video still had embedded GPS meta-data, and used that to map out suspected terrorist hot spots.
The United States government declined to take action, citing the intel as "of questionable credibility". The Kremlin, however...
answered Aug 13 at 10:45
Anon
11
11
6
... did what, exactly?
â David Richerby
Aug 13 at 15:11
add a comment |Â
6
... did what, exactly?
â David Richerby
Aug 13 at 15:11
6
6
... did what, exactly?
â David Richerby
Aug 13 at 15:11
... did what, exactly?
â David Richerby
Aug 13 at 15:11
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f191152%2fconfirmed-evidence-of-cyber-warfare-using-gps-history-data%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
38
I would be hesitant to call this "exploiting GPS vulnerabilities".
â forest
Aug 8 at 0:56
13
Perhaps "leveraging vulnerable GPS data" would be better?
â gowenfawr
Aug 8 at 1:39
5
The Netherlands have recently forbidden the usage of certain apps by military personel for exactly this reason. Too easy to figure out where the units were located. While I can't say it has been used to target anyone yet, it's definitely a major concern for multiple countries so far.
â Mast
Aug 8 at 6:38
21
Have a read ;-) theguardian.com/world/2018/jan/28/⦠Shows the layout of some army bases (US in this article), as created by joggers.
â rkeet
Aug 8 at 7:02
27
It's not even GPS data. It's location data. The fact that in some cases it was provided by a GPS receiver is not really relevant to anything!
â Lightness Races in Orbit
Aug 8 at 10:53