The British SAS operators’ personal details were exposed online through the public available fitness application. In the internet world, it is hard to remain anonymous, but it is even worse if you have social accounts. Although they thought they were safe, elite SAS troopers have had their secret identities revealed on a fitness app used by 50 million people, the Sun reported.
The British SOF — widely considered to be among the best special forces unit globally – are entitled to lifelong anonymity due to the dangerous secret missions they undertake.
But, one sudden moment of negligence contributed to the public exposal of the SAS operators’ personal identities and details. Their names and personal details were uncovered on Strava — used by fitness fanatics worldwide.
It is also suggested that Russian military intelligence agents may have harvested their information, the Sun reported.
From investigative website Bellingcat, Nick Waters hoodwinked Strava into providing personal information on troops who run inside the SAS’s top-secret base in Hereford.
Identified within minutes
After inventing a fictitious run inside the camp, he used the app to identify 14 SAS troops — in just five minutes. He also claimed how the app gave him the Facebook profiles of those identified. Stunned by the revelation, he revealed the security failure to horrified senior officers at the Royal Military Academy Sandhurst.
“I made up my own training session and convinced Strava that I had run a certain distance in a certain time inside the base,” recalled the former army infantry officer.
“The app then started giving me the names and Facebook profiles of people who had actually run the same route. I started freaking out a bit because I knew this was the kind of information I probably shouldn’t have access to — so I turned it off.”
I started freaking out a bit because I knew this was the kind of information I probably shouldn’t have access to — so I turned it off – Nick Waters.
The Bellingcat website is best known for identifying the two key suspects in the Novichok poisoning of Sergei Skripal in Salisbury in 2018. Using his basic knowledge of computer programming, Waters was able to get around Strava’s security settings.
After breaking down the security wall, he was left stunned after seeing the soldiers’ profiles who had taken steps to ensure their run times on Strava remained anonymous. And after uploading three lines of code onto the app, he was able to invent a run and makeup time.
His laptop screen then filled with people’s names and faces — thought to be SAS operators— who run along the same route.
Waters concluded: “It shows how social media is a potent monitoring tool, and anyone can use it to access personal information.”
Following the shocking revelation, the Ministry of Defence said it took individuals’ online security “very seriously.”
And a Strava spokesperson said they take the safety and privacy of its users as their “highest priority.”
They affirmed: “We’ve long had a suite of privacy tools that give members control over what they share. In the last two years, we’ve improved these self-service features to make them even simpler and more transparent. We encourage members of the armed forces around the world who use Strava to follow the policies of their military branch.”
Just two years ago, SAS troops came under fire after posting pictures of themselves on Facebook.