How a 20-year-old Australian student discovered U.S. military's secret sites

Twenty-year-old college student Nathan Ruser has an interest in the Syrian conflict and an affinity for maps.I...

Posted: Jan. 30, 2018 7:28 AM
Updated: Jan. 30, 2018 7:28 AM

Twenty-year-old college student Nathan Ruser has an interest in the Syrian conflict and an affinity for maps.

It's this combination that led him to discover the potential security risks posed by fitness app Strava.

On Friday night, the Australian came across a tweet of Strava's global heatmap, which was originally published in November 2017. Ruser noticed lit up in areas in regions of Syria and the Sahara, often not occupied by civilians, that indicated the presence of security forces working out near military bases and other sensitive locations.

His findings went viral over the weekend, exposing remote areas and conflict zones where military personnel and government officials are seemingly present. This sensitive information could be used to track the running routes and identify locations where personnel are deployed.

Strava, which allows users to share their running routes, tracks location data using GPS from Fitbit devices, smartphones, and other health tracking devices.

Ruser, who is studying international security and Middle Eastern studies at Australian National University, said he noticed the fitness activity "pretty much the second I scrolled over Syria."

"It is a bit surprising that it sort of sat there [for months]," Ruser said. "[The map] had that incredible amount of data that is quite sensitive."

Although Strava users can disable activity sharing, it appears those users did not.

The heatmap included a total of one billion global activity data points made public by Strava user's through September 2017. The company said it has tens of millions of users.

Ruser, who became interested in Syria's state of affairs in 2014 as a distraction from high school studies, initially hesitated about tweeting the findings. He even deleted his first tweet and later decided to repost it.

Related: US military reviewing security practices after fitness app reveals sensitive info

"If soldiers use the app like normal people do by turning it on tracking when they go to do exercise, it could be especially dangerous. This particular track looks like it logs a regular jogging route. I shouldn't be able to establish any Pattern of life info from this far away," read one of Ruser's tweets.

His tweets captured the attention of journalists.

"It got a lot more traction than I would have expected," said Ruser, who expected interest among data analysts, not mainstream media. "But I hoped that someone who has the power to address it could fix it in some way."

Ruser said he has not been contacted by Strava or military officials.

In a statement to CNN, Strava said the company is "committed to helping people better understand" its privacy settings.

"Our global heatmap represents an aggregated and anonymized view of over a billion activities uploaded to our platform. It excludes activities that have been marked as private and user-defined privacy zones," the statement said.

Article Comments

Mason City
Clear
41° wxIcon
Hi: 42° Lo: 27°
Feels Like: 32°
Albert Lea
Clear
39° wxIcon
Hi: 40° Lo: 27°
Feels Like: 32°
Austin
Clear
39° wxIcon
Hi: 40° Lo: 26°
Feels Like: 31°
Charles City
Clear
41° wxIcon
Hi: 42° Lo: 27°
Feels Like: 33°
Rochester
Clear
39° wxIcon
Hi: 40° Lo: 25°
Feels Like: 30°
Sunshine and breezy conditions linger Sunday with a warm up!
KIMT Radar
KIMT Eye in the sky

Latest Video

Image

Prep football highlights

Image

New building opportunity at an Osage school.

Image

Olmsted County Sheriff's Awards Ceremony.

Image

Spreading light during a dark time.

Image

Students Hosting Podcast

Image

Community Finally Getting a Grocery Store

Image

Free Furnace Program

Image

Costume store closing

Image

Cascade park improvements

Image

Birth control accessibility

Community Events