The U.S. Department of Defense has confirmed that foreign adversaries used commercially available location data to target and surveil American military personnel in operational theaters, including the Middle East. A newly disclosed U.S. Central Command letter said it had received multiple threat reports involving hostile actors exploiting data collected from phones and computers through the advertising and data-broker ecosystem. Lawmakers led by Senator Ron Wyden and Representative Pat Harrigan said the disclosures amount to the first public confirmation that purchased commercial geolocation data was used against U.S. troops in active war zones, and warned that the ad-tech industry now poses a national security threat.
The reports say Pentagon safeguards were insufficient: service members were allowed to use personal devices in operational areas, no policy required geolocation to be disabled in active war zones, and even government-issued devices did not fully block advertising-related tracking. Critics said the risk had been documented for years, citing contractor briefings dating back to 2016, demonstrations tracing personnel from U.S. bases to a covert site in Syria, and later studies showing brokers could easily sell sensitive data on service members. The Pentagon said it is moving to a new mobile device management system to better disable location services, but lawmakers warned that broader use of bring-your-own-device policies and weak regulation of data brokers continue to leave troops exposed.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
5 events from the most recent confirmed update back to the earliest known activity.
The Department of Defense said it was moving to a new mobile device management system intended to better disable location services and reduce advertising-related tracking exposure on government-issued devices.
Senator Ron Wyden, joined by Representative Pat Harrigan and other lawmakers, urged the Department of Defense to strengthen smartphone security after the Pentagon confirmed foreign adversaries had used commercially available geolocation data to target or surveil U.S. troops.
U.S. Central Command said in a newly disclosed letter that it had received multiple threat reports about adversaries exploiting commercial location data to target or surveil U.S. personnel in the Middle East and other operational theaters.
A 2023 Duke University study found it could readily purchase sensitive personal data on U.S. service members from data brokers, providing further evidence that military-related data was commercially accessible.
In 2016, a demonstration showed that commercially purchased phone location data could trace movements from Fort Bragg and MacDill Air Force Base to a covert forward operating base in northern Syria, illustrating the operational risk to U.S. forces.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
12 references tracked. Mallory keeps watching after this page renders.
cysecurity.news
Open sourcecysecurity.news
Open sourcecysecurity.news
Open sourcerisky.biz
Open sourcetechcrunch.com
Open sourcetheregister.com
Open sourcetechdirt.com
Open sourcewired.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.