Close to a A decade ago, the Pentagon was warned—by its own contractors, analysts, and intelligence agencies—that anyone with a credit card could buy a map of where US soldiers were. sleeping, working and storing nuclear weapons. Now the bill has come from the war zone.
A newly revealed letter shows warnings were not heeded: US Central Command now confirms it has received “numerous threat reports about the enemy’s exploitation of commercial location data to target or spy on US personnel in theater” – an official acknowledgment that the data proxy economy is being used to target US forces in the Middle East.
The goal was it was first reported by Reuterswhich received the Centcom letter. But the evidence amounts to a record that is longer and more sinister than one document suggests.
For a decade, US lawmakers have heard the same alarms about the dangers of commercially available location data that the Pentagon did—from the same intelligence assessments, from witnesses, from peers. Yet comprehensive privacy legislation has repeatedly stalled in Washington, and one narrow amendment that passed — a requirement that data shared with military contractors not be resold — left the broader industry untouched.
One of the earliest warnings came in 2016. At the compound of the Joint Special Operations Command at Fort Bragg, California, a government technologist briefing senior officials showed how commercial location data—bought, not hacked—could track phone calls from Fort Bragg and MacDill Air Force Base in Florida, the home bases of America’s most elite units, through Turkey, where they served in northern Syria. The same data was available to any broadcaster or foreign intelligence service.
Even as the Pentagon was warned that the location data market was putting its people at risk, parts of the department were eager to become its customers. Defense Intelligence Agency revealed to Congress in 2021 that it uses commercially purchased mobile phone location data—including Americans—without consent, taking the position that none is required. Months earlier, Motherboard reported that the US military was buying location data harvested from popular consumer applications.
In 2023, the Army paid for the threat to be clarified. Researchers at Duke University—working under funding from the United States Military Academy at West Point—ready to buy data on members of the US service as a foreign enemy can. They searched hundreds of data agency sites and found thousands of postings of military posting data, including datasets titled “Soldier Email List” and “Military Families Complex.”
Researchers began to buy. For as little as 12 cents per record, without review, they purchased names, home addresses, health status and financial information for active duty soldiers. Posing as a buyer operating through a Singapore-based domain, they also obtained the same type of geo-fenced data for Fort Bragg, Quantico and other installations. One broker offered to skip his identity check if they paid by wire.
A year later, WIRED has been found the same type of data flows through Google’s advertising platform. Working with data obtained by the Irish Council for Civil Liberties—whose investigator gained access to a U.S. agency’s audience list by stopping a bogus analytics company—WIRED identified marketing “segments” on Google’s Display & Video 360 that targeted U.S. government employees considered “decision makers” working “specifically” as well as licensees for national companies aiming to create national licenses. missiles, launch vehicles, and cryptographic systems that protect classified data.
An investigator for the Irish Council for Civil Liberties said he expected his cover story to be tested. “When I signed up, there were no questions,” he told WIRED at the time. “I could be anyone.”
