Sunday, February 23, 2025, 7:58PM |  40°
MENU Post-Gazette logo
Advertisement
A photo provided by Jan Mark shows Nathan Ruser, an Australian college student who discovered that the fitness app Strava had revealed the locations of military bases around the world.
2
What did this Australian university student do on his summer break? He exposed a global security flaw.
Jan Mark via The New York Times
What did this Australian university student do on his summer break? He exposed a global security flaw.

SYDNEY — When Nathan Ruser, an Australian university student, posted on Twitter over the weekend that a fitness app had revealed the locations of military sites in Syria and elsewhere, he did not expect much response.

But the news ricocheted across the internet, alarming security experts, who said hostile entities could glean valuable intelligence from the Strava app’s global “heat map,” including the locations of secret bases and the movements of military personnel. The Pentagon said it was reviewing the situation.

“Whoever thought that operational security could be wrecked by a Fitbit?” Ruser, 20, said in an interview from Thailand, where he is spending part of the Australian summer break.

Advertisement

Ruser, who studies international security at Australian National University in Canberra, is not a Strava user (“I sometimes go for walks but I’m not very fit,” he said). But he is an avid follower of the conflict in Syria, and he often uses maps to put news stories in context.

When he looked over Syria on Strava’s map — which is based on location data from millions of users, including military personnel, who share their exercise activity — the area “lit up with those U.S. bases,” he said.

Before publicly sharing his findings over the weekend, he discussed them in a private chat group on Twitter, made up of people interested in intelligence and security issues. “I know about two-thirds of what I know about the world from the group chats,” he said.

Danielle Cave, a senior analyst at the Australian Strategic Policy Institute, said that Twitter is playing an increasingly important role in open-source intelligence, the collection of sensitive information from publicly available sources. Researchers from think tanks, nongovernmental organizations and the corporate sector who are at the cutting edge of cybersecurity work gravitate to the platform to exchange information, she said.

Advertisement

“Twitter’s being used to piece it together like a jigsaw,” Cave said. “Usually I see them on top of a cyberrelated issue hours, if not days, before it ends up on the media.”

John Blaxland, a professor of international security and intelligence studies at Australian National University, taught Ruser last year.

“A lot of geolocation, a lot of reflection can be derived from what’s out there in open-source,” Blaxland said. “Nathan’s clearly taken it to heart and gone out on his own.” (Ruser did very well in his class, the professor added.)

Ruser, who is from Sydney, hopes to spend a semester abroad in Myanmar before graduating next year. He said he has written 7,000 words of an article about a pro-government militia in northern Myanmar, which he plans to send to Bellingcat, an open-source citizen journalism site, when it is finished.

He said he hoped the Australian intelligence community saw his Strava revelation as a positive contribution, helping the Australian government and others address their vulnerabilities. “I would definitely not like to be a Manning, or a Snowden, or an Assange,” he said.

(For its part, Australia’s military said Tuesday that Strava’s fitness tracking application did not breach security despite revelations that an interactive, online map using its data can show troop locations around the world.)

Like many 20-year-olds, he is not sure what he wants to do after graduation. But Cave and others agreed that his discovery would not hurt his career prospects.

“He’s obviously got some seriously great skills,” Cave said. “It would be crazy for groups in this space not to nab somebody like that.” In fact, she said, she was thinking of asking him if he’d be interested in an internship.

The Associated Press contributed.

Comments Disabled For This Story
Advertisement
The University of Pittsburgh's Cathedral of Learning
1
business
Amid funding uncertainty, Pitt pauses doctoral admissions
A new report advises retirees in 2025 to aim for just 3.7% when withdrawing from savings -- down from 4%. Over a 30-year retirement, that could mean the difference between financial security or outliving your cash in your 80s or 90s, financial experts say.
2
business
How much can retirees safely withdraw from their nest eggs? Financial experts weigh in.
Prospect Rutger McGroarty is right on track according to Penguins assistant general manager Jason Spezza.
3
sports
From The Point: When are the kids getting called up? Jason Spezza details the Penguins’ ‘thought-out’ plan
Pickers at Bonnie Brae Fruit Farms in Huntington Township, Adams County, harvest golden delicious apples on Sept. 10, 2024. President Donald Trump’s administration has frozen funding on several federal programs, including many that are under USDA and help farmers make their facilities more climate-friendly, protect against damage from wildlife, and help them employ more workers.
4
news
Pa. farmers feel funding pinch as federal freezes trigger labor and infrastructure instability
Carole Lee Fritsche Timblin
5
news
Carole Lee Fritsche Timblin, passionate educator and gift shop owner, dies at 89
A photo provided by Jan Mark shows Nathan Ruser, an Australian college student who discovered that the fitness app Strava had revealed the locations of military bases around the world. "Whoever thought that operational security could be wrecked by a Fitbit?" he said.  (Jan Mark via The New York Times)
In an image provided by Strava, routes of some activities recorded on the Strava fitness app in Berlin.  (Strava via The New York Times)
Jan Mark via The New York Times
Advertisement
LATEST news
Advertisement
TOP
Email a Story