U.S. Defense Secretary Jim Mattis has ordered a review of security protocols, officials say, after fitness tracking devices broadcast patterns of movement at military facilities around the world, including in war zones.
Nathan Russer, a student at the Australian National University in Canberra, drew attention to data when he wrote on Twitter about the images after stumbling upon GPS tracking company Strava's Global Heatmap. It can be viewed here.
"Once you look at Syria you can see a bunch of bright spots," Russer said.
His discovery prompted others to scour the heat map, turning up other possible locations of U.S. and other mostly Western personnel who typically use high-tech fitness devices, including elsewhere in the Middle East and in Africa.
Although many of the bases cited by Russer and others are well-known outposts that host U.S. and U.S.-backed personnel, there are clear risks that such tracking devices pose, potentially disclosing not just the broad locations where foreign troops operate but the routes they travel.
There is also the risk that Strava itself could become a target of nations trying to mine its data to discover identifiable information about who was wearing the devices.
Jim Lewis, a cyber expert at the Center for Strategic and International Studies, said fitness trackers were just one way that all mobile wireless technology can undermine operational security and give adversaries an edge.
"The Russians are pretty good at this and there are ways to combine the data from trackers with social media profiles," Lewis said.
"Social networks are the bane of operational security."
The Department of Defense said it encourages all defense personnel, wherever they are, to limit their public presence on the internet. That guidance is even more strict when troops operate in sensitive locations.
But officials said Mattis was aware of the issue and had ordered a review.
"DOD takes matters like these very seriously and is reviewing the situation to determine if any additional training or guidance is required," the Pentagon said in a statement, without directly confirming that U.S. troops had used the fitness trackers.
The Pentagon also said it was considering whether additional steps needed to be taken "to ensure the continued safety of DOD personnel at home and abroad."
Pentagon spokesman Colonel Robert Manning told reporters at a news briefing he did not know of any instances in which U.S. base security had been compromised as a result of the mapping.
Reporting by Phil Stewart; Editing by Frances Kerry and James Dalgleish.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.