Genie out of the bottle? DOD bans GPS-enabled devices

Caecilius

LE
Kit Reviewer
Book Reviewer
#81
Let's put it another way. Would you be comfortable if hundreds of odd strangers with funny accents and wearing trench coats, dark glasses, and false moustaches were to follow you and others about the base all day, every day, taking notes about where you went and who you talked to, provided they promised not to touch anything while they were there?
For 99% of units, this really doesn't matter. The vast majority of the army aren't doing anything secret or special, so it just doesn't matter. You have TRIMBLE fitted cars so the government is doing half the tracking for you.


Case in point:

In Estonia, we had to take the sim cards out of our phones and keep them on aeroplane mode, with a VPN for the wifi, and when crashed out, at the armoury exchange phone for rifle.
Not on exercises mind, just crashout
This is massive overkill. eFP is a publicly stated deployment with known units deployed to a known area and conducting exercises in areas with a significant ethnic russian population. What on earth are the Russians/Chinese/Iranians/others meant to get from intercepting the personal comms of 1 Royal Welsh privates that they can't get from either asking locals or just looking on Facebook? I would also be intrigued to know where the VPN is hosted and how the MOD is controlling who else rents server space in that facility.

It was very amusing when a load of undeclared probable CIA and GRU sites showed up on Strava a few months ago, but almost every military deployment is in a known location so the rest of the information on there was basically useless to any real peer enemy.

Much of this debate reminds me of the MATTs security lessons that told soldiers not to put information on Facebook 'in case you get targeted by terrorists'. What actually happened in reality? Two blokes waited outside an army base and murdered the first bloke to come out with a camo rucksack and a H4H hoody.
 
Last edited:
#82
US are very Secret terminal happy to plan/discuss ops that certainly dont need that level of classification. As i mentioned earlier they dont realise that the Contractor who will deliver on the Op employs personnel who could never get that level of clearance, access to the IT infra and more or less rely on local internet/mobile comms to do business.
This is now being addressed by Contracts involving support of the US being US companies employing US citizens at the middle and senior in-country level who can get the clearance and IT. They still need those Third Country Nationals to do humping and dumping but even that is changing with contracts that 2017 had a Kenyan driving a crane on base being paid $4000 a year to 2018 and Uncle Joes Military Supply Company taking over the contract employing a "veteran" who now drives the same crane for $100,000 a year!
 
#83
For 99% of units, this really doesn't matter. The vast majority of the army aren't doing anything secret or special, so it just doesn't matter. You have TRIMBLE fitted cars so the government is doing half the tracking for you.


Case in point:



This is massive overkill. eFP is a publicly stated deployment with known units deployed to a known area and conducting exercises in areas with a significant ethnic russian population. What on earth are the Russians/Chinese/Iranians/others meant to get from intercepting the personal comms of 1 Royal Welsh privates that they can't get from either asking locals or just looking on Facebook. I would also be intrigued to know where the VPN is hosted and how the MOD is controlling who else rents server space in that facility.

It was very amusing when a load of undeclared probable CIA and GRU sites showed up on Strava a few months ago, but almost every military deployment is in a known location so the rest of the information on there was basically useless to any real peer enemy.

Much of this debate reminds me of the MATTs security lessons that told soldiers not to put information on Facebook 'in case you get targeted by terrorists'. What actually happened in reality? Two blokes waited outside an army base and murdered the first bloke to come out with a camo rucksack and a H4H hoody.
I am much more concerned about the 10 minute queue I have to get wait to get in the dockyard - no options, no escape route, sitting duck for IED (or more likely, bloke with a big knife)...


Sent from my iPad using Tapatalk
 

jrwlynch

LE
Book Reviewer
#85
I am much more concerned about the 10 minute queue I have to get wait to get in the dockyard - no options, no escape route, sitting duck for IED (or more likely, bloke with a big knife)...
I heard a story that after the kneejerk "tighten all security screening" at airports after the Shoe Bomber and the Underpants Bomber, various people were patting themselves on the back about how hard it would be to get anything dangerous through the check points. Shame about the queues but that's the price of safety, innit?

Until someone gently pointed to the huge press of people, packed into those zig-zag queue lanes, many of them carrying luggage that hadn't been screened or checked yet, and not yet scanned to see if they're wearing a Semtex-and-ball-bearing waistcoat. Good idea? Bad idea?
 
#86
I heard a story that after the kneejerk "tighten all security screening" at airports after the Shoe Bomber and the Underpants Bomber, various people were patting themselves on the back about how hard it would be to get anything dangerous through the check points. Shame about the queues but that's the price of safety, innit?

Until someone gently pointed to the huge press of people, packed into those zig-zag queue lanes, many of them carrying luggage that hadn't been screened or checked yet, and not yet scanned to see if they're wearing a Semtex-and-ball-bearing waistcoat. Good idea? Bad idea?
You’d be surprised of the technology in the area surrounding that queue, that you won’t see, look normal and will to an excellent job (assuming they have purchased it)
 
#87
#88
Haven’t the Russians in conflict is Georgia/Ukraine:
- hacked the cameras on enemy drones in order to figure out their launch locations (to subsequently stuck by Arty), suppose that is Cyber or ELINT

- looked at soldier’s social media and then they starts getting messages asking if their family are safe (or the soldier’s family receive messages asking is the soldier ok). PSYOPS
In Ukraine, the Ukrainian artillery bods produced a smartphone app to do various calculations for their artillery. They distributed it via various message boards to be loaded by their personnel.

"Someone" (the Russians being the obvious suspects) produced a modified version and distributed it the same way where it was picked up by the appropriate personnel and loaded into their phones. The modified version sent information which identified itself (I think it was the IMEA number) back to a server somewhere which collected a list of which phones had this app which was mainly of interest to Ukrainian artillery people. Once the phone was ID'd, it didn't matter if the hacked app was ever run again, the phone itself was now linked to a person of interest.

When those phones then showed up in the Donbas border region they were met with an artillery barrage. I believe it was reported that one formation of Ukrainians were pretty much wiped out this way. You can think of it as a cheap and simple example of signals intelligence providing targeting data.

This is an example of how it only takes one person to have poor persec skills when away from operational areas and to then switch on his phone at an inopportune time to compromise everyone else.
 
#89
(...) What on earth are the Russians/Chinese/Iranians/others meant to get from intercepting the personal comms of 1 Royal Welsh privates that they can't get from either asking locals
They get to do surveillance without the risk of having personnel on the ground where they can be picked up by security.

or just looking on Facebook?
And part of all of this is to find ways to stop people from posting crap on Facebook that they shouldn't.

(I would also be intrigued to know where the VPN is hosted and how the MOD is controlling who else rents server space in that facility.
You're thinking of a different type of VPN, the type used to get around geographic blocks on television. That is a very non-standard setup used for one specific application. It has no use in security applications.

Standard VPNs such as widely used in business would be co-located with the local network, and possibly integrated into the Wifi system itself. It is used to "tunnel" encrypted traffic from point to point for security applications.

(It was very amusing when a load of undeclared probable CIA and GRU sites showed up on Strava a few months ago, but almost every military deployment is in a known location so the rest of the information on there was basically useless to any real peer enemy.
See the above on doing surveillance remotely at much reduced risk. Figuring out all the routine patterns of movement and differentiating them from the non-routine ones can be very valuable information.
 

Caecilius

LE
Kit Reviewer
Book Reviewer
#90
They get to do surveillance without the risk of having personnel on the ground where they can be picked up by security.
Figuring out all the routine patterns of movement and differentiating them from the non-routine ones can be very valuable information.

Sure, but that's of pretty much zero use in Estonia and for the vast majority of british units. They simply aren't doing anything exciting that justifies us being worried about the Russians having a look at them. It's not like us trying to look at Zapad - there isn't any underlying nefarious activity for them to see.

Let them look if they want to. It's better than inconveniencing our blokes for no good reason.

Standard VPNs such as widely used in business would be co-located with the local network, and possibly integrated into the Wifi system itself. It is used to "tunnel" encrypted traffic from point to point for security applications.
From speaking to a mate who is out there at the moment, it sounded like the former type (AirVPN style) was in use to allow general internet access and WhatsApp comms but perhaps he had it wrong or I misunderstood.
 

Joshua Slocum

LE
Book Reviewer
#91
Speaking of cameras above prompted a memory. A few months ago, i visited a large MoD facility in my personal car. Drove up to the front gate, showed my pass etc, passed various signs about restricted photography etc. The car park was happily near my destination, but to get there had to drive across the camp, passed dining facilities, officers mess, sports centre etc. Not a problem really, but i had my dashcam on.
Once connected to my PC, the software will track my position on google maps, and could potentially show security measures to those watching in HD.
Maybe we should have a warning at the entrance etc, stating that dashcams should be turned off when entering MoD property (or is there a warning that i just havent seen?)
hopefully the dash cam in normal use will overwrite the data
 
#92
The issue isn't whether anyone knows where the bases are. They can find that on a map. The issue is the detailed signals intelligence which can be derived from analysing the tracking data.

Let's put it another way. Would you be comfortable if hundreds of odd strangers with funny accents and wearing trench coats, dark glasses, and false moustaches were to follow you and others about the base all day, every day, taking notes about where you went and who you talked to, provided they promised not to touch anything while they were there? If not, then why would automating the process make it any better?
Or just know when and where you turn around on your run, the one you day every day, so know where to be as you turn around and just drive up behind you and shoot you in the head?

Oh won’t happen to me.

Do we, have we forgotten the troubles? Never park nose in, always have a look for anything amiss?
 
#93
Sure, but that's of pretty much zero use in Estonia and for the vast majority of british units. They simply aren't doing anything exciting that justifies us being worried about the Russians having a look at them. It's not like us trying to look at Zapad - there isn't any underlying nefarious activity for them to see.

Let them look if they want to. It's better than inconveniencing our blokes for no good reason.
They probably aren't going to really need their CR2s or Warriors either, so I suppose they could have left those behind in England as well then.

From speaking to a mate who is out there at the moment, it sounded like the former type (AirVPN style) was in use to allow general internet access and WhatsApp comms but perhaps he had it wrong or I misunderstood.
I don't know the exact configuration, but the logical way of doing it would be to run a VPN from the base back to the UK and then allow general Internet access from an MoD UK Internet point of presence there. That way traffic on the Internet originating from UK forces in Estonia would be indistinguishable from traffic originating within the UK.

It also means that if you start sending love letter emails to vlad@kremlin.ru, they can be run through whatever normal filtering and monitoring programs they have set up centrally.
 
#94
And it turns out that "turning off" location tracking on your smart phone doesn't actually turn off location tracking and reporting.
Google tracks your movements, like it or not | CBC News
An Associated Press investigation found that many Google services on Android devices and iPhones store your location data even if you've used privacy settings that say they will prevent it from doing so.

Computer-science researchers at Princeton confirmed these findings at the AP's request.
This should be kept in mind when claiming that people just need to adjust their phone settings "properly". At least some settings of this sort appear to be just placebos.
 
#95
I don't know the exact configuration, but the logical way of doing it would be to run a VPN from the base back to the UK and then allow general Internet access from an MoD UK Internet point of presence there. That way traffic on the Internet originating from UK forces in Estonia would be indistinguishable from traffic originating within the UK.
Which is exactly why that's not the way it's done. We were told to get a commercial one, as running a vpn is clearly beyond the wit of the sigs.
Which of course is completely and absolutely unbreakable by anyone, and having everyone on the same vpn doesn't defeat the purpose of having one at all.
Edited to remove the name of the vpn in question, not sure it's public information..
 
Last edited:

Joshua Slocum

LE
Book Reviewer
#96
And it turns out that "turning off" location tracking on your smart phone doesn't actually turn off location tracking and reporting.
Google tracks your movements, like it or not | CBC News


This should be kept in mind when claiming that people just need to adjust their phone settings "properly". At least some settings of this sort appear to be just placebos.
glad I stuck with my 15 year old Nokia unsmart phone
 
Thread starter Similar threads Forum Replies Date
OKCHU Miscellaneous Jokes 0
OKCHU Miscellaneous Jokes 0
OKCHU Miscellaneous Jokes 0

Similar threads

Latest Threads

Top