A map of fitness tracker data may have just compromised top secret US military bases around the world

Strava

A map of activity in Djibouti, which has drawn comment from security analysts.

• An interactive heatmap from Strava appears to have exposed sensitive sites.
• Hackers or state actors could use the information to find bases.
• Chinese, Taiwanese, and other nations' bases were exposed too, but as the US has the biggest global presence, it stands the most to lose.

Over the weekend a company called Strava, a social network for athletes, updated an online heatmap which mapped out the routes of 1 billion workouts in 2017.

But in doing so, it seems to have expose secret US military in Turkey, Syria, and Yemen.

Strava drew on data from fitness trackers, like fitbits or smartphones, to track their workouts. But fitness tracker users skew western, young, and active. In countries like Niger, the heatmap highlights the activity of US soldiers on military bases keeping fit.

The result is potentially damning for the US military's operational security.

Strava

A bright spot of activity in Agadez, Niger, where the US has a drone base. There is almost no Strava data on the rest of the country.

Previously covert bases may have been exposed. More importantly, the useful parts of the base have been highlighted. The heatmap shows that military personnel commonly jog around the perimeter of bases, thereby printing an outline on the heatmap.

Additionally, some may have left the trackers on while going about normal business. Important supply routes and key daily routines have likely been picked up by the heatmap.

"In Syria, known coalition (ie US) bases light up the night," wrote military writer and analyst Tobias Schneider.

"Some light markers over known Russian positions, no notable colouring for Iranian bases … A lot of people are going to have to sit through lectures come Monday morning."

But the most dangerous element of the heatmap isn't the aggregated lines, it's the potential to determine which individual drew which line. Anyone who gains access to Strava's data, legally or otherwise, can then track that soldier's movement, Jeffrey Lewis points out at the Daily Beast. 

A user who visits one secret military base, say a missile base, and then visits another location, may indicate that there's another, previously secure, site of interest.

This data could inform both state and non-state actors as to where to attack in the case of war.

The US is not alone in being exposed - Chinese joggers in the South China Sea contributed data to the Strava map, as did workers on Taiwan's secret missile bases. But the US's larger presence around the globe means it had more to lose.

After the map came out, internet users in short order identified some of the most sensitive US military sites around the world.

Here Lewis believes a "highly secure office," possibly the director of national intelligence and the National Counterterrorism Center have been exposed.

Here he seems to think US troops are running around the US's nuclear weapons in Turkey.

Here a Twitter user cross-referencing other open-source analysis seems to think he's spotted a CIA "black site," or somewhere that unacknowledged covert work is taking place, in Djibouti.

But interestingly enough, the actual Pentagon, the headquarters of the Department of Defense, the biggest office building in the world, and the most well-known US military command center in the world, is dark.

Strava Heat Map

The Pentagon goes dark somehow.