Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Government Advertising Privacy Security

How the Pentagon Learned To Use Targeted Ads To Find Its Targets (wired.com) 55

An anonymous reader quotes an excerpt from a Wired article: In 2019, a government contractor and technologist named Mike Yeagley began making the rounds in Washington, DC. He had a blunt warning for anyone in the country's national security establishment who would listen: The US government had a Grindr problem. A popular dating and hookup app, Grindr relied on the GPS capabilities of modern smartphones to connect potential partners in the same city, neighborhood, or even building. The app can show how far away a potential partner is in real time, down to the foot. But to Yeagley, Grindr was something else: one of the tens of thousands of carelessly designed mobile phone apps that leaked massive amounts of data into the opaque world of online advertisers. That data, Yeagley knew, was easily accessible by anyone with a little technical know-how. So Yeagley -- a technology consultant then in his late forties who had worked in and around government projects nearly his entire career -- made a PowerPoint presentation and went out to demonstrate precisely how that data was a serious national security risk.

As he would explain in a succession of bland government conference rooms, Yeagley was able to access the geolocation data on Grindr users through a hidden but ubiquitous entry point: the digital advertising exchanges that serve up the little digital banner ads along the top of Grindr and nearly every other ad-supported mobile app and website. This was possible because of the way online ad space is sold, through near-instantaneous auctions in a process called real-time bidding. Those auctions were rife with surveillance potential. You know that ad that seems to follow you around the internet? It's tracking you in more ways than one. In some cases, it's making your precise location available in near-real time to both advertisers and people like Mike Yeagley, who specialized in obtaining unique data sets for government agencies.

Working with Grindr data, Yeagley began drawing geofences -- creating virtual boundaries in geographical data sets -- around buildings belonging to government agencies that do national security work. That allowed Yeagley to see what phones were in certain buildings at certain times, and where they went afterwards. He was looking for phones belonging to Grindr users who spent their daytime hours at government office buildings. If the device spent most workdays at the Pentagon, the FBI headquarters, or the National Geospatial-Intelligence Agency building at Fort Belvoir, for example, there was a good chance its owner worked for one of those agencies. Then he started looking at the movement of those phones through the Grindr data. When they weren't at their offices, where did they go? A small number of them had lingered at highway rest stops in the DC area at the same time and in proximity to other Grindr users -- sometimes during the workday and sometimes while in transit between government facilities. For other Grindr users, he could infer where they lived, see where they traveled, even guess at whom they were dating.

Intelligence agencies have a long and unfortunate history of trying to root out LGBTQ Americans from their workforce, but this wasn't Yeagley's intent. He didn't want anyone to get in trouble. No disciplinary actions were taken against any employee of the federal government based on Yeagley's presentation. His aim was to show that buried in the seemingly innocuous technical data that comes off every cell phone in the world is a rich story -- one that people might prefer to keep quiet. Or at the very least, not broadcast to the whole world. And that each of these intelligence and national security agencies had employees who were recklessly, if obliviously, broadcasting intimate details of their lives to anyone who knew where to look. As Yeagley showed, all that information was available for sale, for cheap. And it wasn't just Grindr, but rather any app that had access to a user's precise location -- other dating apps, weather apps, games. Yeagley chose Grindr because it happened to generate a particularly rich set of data and its user base might be uniquely vulnerable.
The report goes into great detail about how intelligence and data analysis techniques, notably through a program called Locomotive developed by PlanetRisk, enabled the tracking of mobile devices associated with Russian President Vladimir Putin's entourage. By analyzing commercial adtech data, including precise geolocation information collected from mobile advertising bid requests, analysts were able to monitor the movements of phones that frequently accompanied Putin, indicating the locations and movements of his security personnel, aides, and support staff.

This capability underscored the surveillance potential of commercially available data, providing insights into the activities and security arrangements of high-profile individuals without directly compromising their personal devices.
This discussion has been archived. No new comments can be posted.

How the Pentagon Learned To Use Targeted Ads To Find Its Targets

Comments Filter:
  • by chas.williams ( 6256556 ) on Friday March 01, 2024 @08:10AM (#64281574)
    I can only imagine attempting to explain this to a security officer.
  • by CrazyCartwheels ( 10441448 ) on Friday March 01, 2024 @08:12AM (#64281578)
    From a security standpoint, cellphones, smartwatches, vehicles or any personal electronic devices should not be allowed anywhere on secure installations. (Housing areas? Okay, if the housing is securely separated from the rest of the installation.
    Pain in the patootie? Most definitely.
    • OK so now you're leaving your cell phone in your car int he parking lot of such a place, which can still be GPs located.
  • I don't own a cell phone; I don't even use a computer!
    • by gweihir ( 88907 )

      One has to wonder how you managed to post your comment then? Astral projection?

      • One has to wonder how you managed to post your comment then? Astral projection?

        New proprietary technology for which the Slashdot post was a teaser?

        • by hawk ( 1151 )

          >One has to wonder how you managed to post your comment then?

          Have you *seen* today's dishwashers?

          Let alone the washing machines.

          For crying out loud, there are now cooktops with internet connections.

      • One has to wonder how you managed to post your comment then? Astral projection?

        Either at work on his company's machine, using a friend's machine, or at a library.
      • by kackle ( 910159 )
        Since I said "use a computer", it was meant as a joke.
        • I think a few people didn't get the sarcasm.

          These days, how does one do anything without connecting to the big mainframe. Access to banks? Nope. Abe to buy things at a supermarket? Nope. Get a driving licence? Nope. Do school tests? Nope.

          • by kackle ( 910159 )
            I wasn't trying to be sarcastic; I was shooting for a "Funny" moderation. How am I posting here if I don't use computers? Etc.
            • I think we need a sarcasm HTML tag, if anything, to make screen readers do a better job. It also makes things more clear for slower or literal minded people.

              • by kackle ( 910159 )
                Sure, why don't you suggest that to the W3C and the UN while you're it at! /s (Hey! The tag works!)
    • In order to access the IRS or SSA you must go through a site called ID.me to verify your are who you say you are. While doing this you must respond to a text message sent to your cell phone. In order to troubleshoot my Xfinity account recently, I had to talk to the tech over a cell phone. To install my wifi boosters I had to use an app on a cell phone. I have very poor cell service so I usually only carry it for roadside emergencies. In order to use the auto-refill from my pharmacy I have to respond to a te
  • by Hasaf ( 3744357 ) on Friday March 01, 2024 @08:34AM (#64281626)
    I occasionally teach a class at a US Army base (that I am not going to name). I was bored one day and opened WeChat, a popular Chinese-language social media app. I then used its popular, "users near me," feature. I was surprised to find that many US Army soldiers were on and had their accounts set to discoverable. They were also, in Chinese, identifying themselves as Chinese.

    While it was not what I was there for, I pushed the information up their chain of command. It seems to have worked. At this point, when I visit that base, no one shows up when I search for users near me. Many times it is just a matter of making people aware of the security risks that some of these apps pose.
  • by ratbag ( 65209 ) on Friday March 01, 2024 @09:34AM (#64281754)

    Just me, or should a summary actually be a summary, with a link to a story we can read if we want, rather than a verbatim quote of pages of text?

    Wired articles are always so flowery, there's plenty of scope for cutting it down to a paragraph and letting us get on with our lives.

    From the not-that-important-but-it-bothered-me-enough-to-comment department.

    • For at least a decade now, TFS has almost always been the first paragraph or two of TFA with no original text by the submitter. Judging by your ID, you've been here longer than I have; haven't you noticed before?
      • by ratbag ( 65209 )

        This summary just seemed to go on for ages compared to other stories. As I said, not important.

  • by DarkRookie2 ( 5551422 ) on Friday March 01, 2024 @09:41AM (#64281776)
    If you have my GPS coor from the dating apps, do me a favor and bomb me please.
  • > Intelligence agencies have a long and unfortunate
    > history of trying to root out LGBTQ Americans from
    > their workforce, but this wasn't Yeagley's intent. He
    > didn't want anyone to get in trouble. No disciplinary
    > actions were taken against any employee of the
    > federal government based on Yeagley's
    > presentation.

    Yet.

    With the massive resurgence of anti-LGBT hate that's being stoked and propagated for political purposes these days, this scumbag just placed a lot of people at-risk; possib

    • from the first sentence of the summary, "In 2019, a government contractor and technologist named Mike Yeagley began making the rounds in Washington, DC." so, not a story of 'today' but an old story to begin with.
  • The 5 eyes opened up and were thrilled to have a new way to track and exploit people for their narferous deeds even if it their own people.
  • Anyone remember the story not too long ago where people were uploading their jogging info and you could see who was in the military by where they were jogging, especially in the Middle East.

  • I'm sure the "national security establishment" already knew about this and was already using it. Using targeted ads for this purpose is old news. [huffingtonpost.co.uk]. He just wasn't cleared for it.

    • As the old saw says: 'Never ascribe to malicious intent what is best explained as a cock up'. Yes, it would nice to believe that those clever people whom we assume to exist are surprised by this...

    • by PPH ( 736903 )

      Old news. Very old. Identifying members of your intelligence organization by performing a link analysis with other, known members is as old as the hills.

      When Dick Cheney outed Valerie Plame (a NOC [wikipedia.org] agent), numerous foreign intelligence agencies undoubtedly went through her telephone calling history (all available to anyone with a checkbook) to see who also called the same numbers. Calling in sick, for example, to your cover organization. That probably exposed dozens or maybe hundreds of other CIA agents. Pe

      • by HBI ( 10338492 )

        OPSEC is the term used to cover most of that. There are a lot of provisions that are more honored in the breach than the observance. You'll get told to remove badges entirely rather than concealing them by shoving them in a pocket or whatever. But then people lose badges...this is a simplistic example. The bottom line is that your associates at work are difficult to conceal under the best of circumstances. Noting down license plates heading on and off post is a pretty commonplace thing. Having someone

        • by PPH ( 736903 )

          The bottom line is that your associates at work are difficult to conceal under the best of circumstances.

          But we all work for the American Literary Historical Society. Until someone outs one of us as CIA, it's not important to maintain OPSEC.

          Noting down license plates heading on and off post is a pretty commonplace thing.

          Which is why most NOCs don't report to headquarters. They have a cover employer. And if that location's cover is blown and the enemy guns down everyone else in the office while I'm picking up our lunch order, they were all expendable anyway.

          • Most such situations are now resolved by Liam Neeson or Matt Damon driving stolen cars at high speed in reverse gear.
  • I was told by a person in ad tech that he couldn't use the data available to him to target any one specific person, making it specifically useless for stalking, and here you are telling me this? I sit here shocked that the person in ad tech was either clueless as to the actual capabilities of his employer or a liar.

  • ... that data was a serious ...

    When a app is installed in Android OS, it literally asks to track you 1) this time only (This option frequently not available), 2) when using this app, 3) all the time. People repeatedly and blithely click on "all the time". I get it, most people have the short-sighted idea that nothing bad can happen from the simple truth. (The same people then probably watch prime-time dramas where honest people are interrogated, belittled and blackmailed by the police.) But when your job involves hiding a lot of tru

The goal of Computer Science is to build something that will last at least until we've finished building it.

Working...