In the world of the internet, it is hard to remain anonymous, but it is even worse if you have social accounts. Despite they thought they were safe, elite SAS soldiers have had their secret identities revealed on a fitness app used by 50 million people, the Sun reported.
The British SOF — widely considered to be among the best special forces unit in the world – are entitled to lifelong anonymity due to the dangerous secret missions they undertake.
But, one sudden moment of negligence contributed to the public exposal of the personal identities and details of the SAS operators. Their names and personal details were uncovered on Strava — used by fitness fanatics worldwide.
It is also suggested that their information may have been harvested by Russian military intelligence agents, the Sun reported.
Nick Waters, from investigative website Bellingcat, hoodwinked Strava into providing personal information on troops who run inside the SAS’s top-secret base in Hereford.
IDENTIFIED WITHIN MINUTES
After inventing a fictitious run inside the camp, he used the app to identify 14 SAS troops — in just five minutes. He also claimed how the app gave him the Facebook profiles of those identified.
Stunned by the revelation, he revealed the security failure to horrified senior officers at the Royal Military Academy Sandhurst.
“I made up my own training session and convinced Strava that I had run a certain distance in a certain time inside the base,” recalled the former army infantry officer.
“The app then started giving me the names and Facebook profiles of people who had actually run the same route.
“I started freaking out a bit because I knew this was the kind of information I probably shouldn’t have access to — so I turned it off.”
I started freaking out a bit because I knew this was the kind of information I probably shouldn’t have access to — so I turned it off – Nick Waters
The Bellingcat website is best known for identifying the two key suspects in the Novichok poisoning of Sergei Skripal in Salisbury in 2018. Using his basic knowledge of computer programming, Waters was able to get around Strava’s security settings.
After breaking down the security wall, he was left stunned after seeing the profiles of soldiers who had taken steps to ensure their run times on Strava remained anonymous.
And after uploading three lines of code onto the app, he was able to invent a run and makeup time.
His laptop screen then filled with names and faces of people — thought to be SAS operators— who run along the same route.
Waters concluded: “It shows how social media is an incredibly powerful monitoring tool and it can be used by anyone to access personal information.”
Following the shocking revelation, the Ministry of Defence said it took individuals’ online security “very seriously”.
And a Strava spokesperson said they take the safety and privacy of its users as their “highest priority”.
They affirmed: “We’ve long had a suite of privacy tools that give members control over what they share. In the last two years, we’ve improved these self-service features to make them even simpler and more transparent. We encourage members of the armed forces around the world who use Strava to follow the policies of their military branch.”
Just two years ago, SAS troops came under fire after posting pictures of themselves on Facebook.