Over Summer Break, One Student Exposed a Global Security Flaw

Nathan Ruser noticed that a fitness app revealed the locations of global military sites.

strava heat map
Strava heat map. (Wikipedia)

Nathan Ruser did not expect this type of reaction when he posted on Twitter over the weekend that a fitness app had revealed the locations of military sites in Syria and elsewhere.

But the news alarmed security experts, who said hostile entities could gather valuable intelligence from the Strava app’s global “heat map,” including the locations of secret bases and the movement of military personnel. The situation got so extreme that the Pentagon said it was reviewing it.

“Whoever thought that operational security could be wrecked by a Fitbit?” Mr. Ruser, 20, told The New York Times during an interview from Thailand, where he is spending part of the Australian summer break. Ruser studies international security at Australian National University in Canberra. He does not personally use Strava, but is an avid follower of the conflict in Syria, and he uses maps to put news stories in context. Before posting his findings on Twitter, he discussed them in a private Twitter chat.

“A lot of geo-location, a lot of reflection can be derived from what’s out there in open-source,” said John Blaxland, a professor of international security and intelligence studies at Australian National University who taught Mr. Ruser last year, to The Times. “Nathan’s clearly taken it to heart and gone out on his own.” Blaxland added Ruser did very well in his class.

The InsideHook Newsletter.

News, advice and insights for the most interesting person in the room.