Sensitive phone data leak reveals vulnerabilities at nuclear and defense sites
A significant security breach has exposed the phone coordinates of thousands of US intelligence and military personnel, raising serious concerns about national security. The leaked data, accessible to anyone with the means to analyze it, has made it possible to trace the movements of individuals, including at highly sensitive nuclear sites and classified military facilities.
An investigation uncovers alarming risks
A joint investigation by WIRED, Bayerischer Rundfunk (BR), and Netzpolitik.org revealed that the breach stems from digital advertising data collected by US-based companies. These companies, while operating legally, inadvertently created a system described as a “cost-effective and reliable method for tracking American military and intelligence personnel abroad.”
According to reports, the data allows for precise location tracking, including residential addresses, children’s schools, and restricted military zones such as reinforced aircraft shelters suspected of housing US nuclear weapons.
Traces found in highly classified areas
Signals from hundreds of devices were detected at sensitive sites, including US facilities in Germany. Locations included areas believed to be used for NSA surveillance, military training zones for Ukrainian troops during 2023, and air force bases supporting drone operations.
In one instance, a device linked to a presumed NSA employee emitted signals from a secure NSA monitoring structure known as the “Tin Can,” previously revealed by Edward Snowden’s disclosures. Another device transmitted data from a restricted weapons testing area used for tank maneuvers and live-fire drills.
Data mining raises questions about security
The breach extends beyond operational zones. Several devices emitting signals from Ramstein Air Base—a key hub for US operations—were later identified at off-base locations, including nearby brothels. One such location, named “SexWorld,” raised eyebrows about the personal activities of personnel and the potential risks of device misuse.
Scale of the breach
Data brokers such as Florida-based Datastream Group collected and sold vast amounts of location data. A sample dataset analyzed by BR and Netzpolitik.org contained over 3.6 billion geographical points gathered from 11 million mobile advertising IDs in Germany during a 59-day period from October to December 2023.
A WIRED inquiry found granular location data from 12,313 devices near at least 11 major military and intelligence sites. At Buchel Air Base, where up to 15 US nuclear warheads are allegedly stored in underground bunkers, data from 189 devices revealed 38,474 distinct location points.
Calls for regulation
US Senator Ron Wyden from Oregon criticized the unregulated data broker industry, calling it a direct threat to national security.
“The unregulated data broker industry poses a clear threat to national security,” Wyden said. “American data brokers are selling location details sourced from thousands of courageous military service members positioned in dangerous zones across the globe.”
He warned of dire consequences if the issue remains unaddressed. “Unless the administration and Congress act, these kinds of abuses will keep happening, and they’ll cost service members’ lives.”
Data brokers under scrutiny
Datastream Group’s website previously touted its capability to provide “internet advertising data coupled with hashed emails, cookies, and mobile location data.” The breach raises urgent questions about the ethics and oversight of such practices, with experts calling for immediate regulatory reforms to prevent further leaks of sensitive information.
This security lapse underscores the critical need to address vulnerabilities in data handling, as it not only compromises national security but also endangers the lives of those who serve in the military and intelligence communities.