- Researchers have used the beer app Untappd to follow the movements of military and intelligence personnel worldwide.
- Using app data, researchers have uncovered trips to sensitive places including Guantanamo Bay and Camp Peary, Virginia.
- Researchers have also discovered sensitive data that could be exploited, including photos of Department of Defense documents, debit card numbers, and military IDs.
A beer networking app with millions of followers inadvertently allowed security researchers to track military and intelligence personnel, including at a top secret CIA facility.
Researchers with the group Bellingcat discovered check-ins at places as diverse as the Pentagon, Germany, and Greenland. The researchers also discovered shared photos that included shots of government ID cards, documents, and military hardware. The data could be used to reconstruct travel and work habits of military and intelligence personnel, including precise locations.
The beer rating app Untappd has a big following in the U.S. and Europe, and is used by beer drinkers to discover new bars, breweries, and beers. Users rate beers, unlock badges, get directions to local events, and most importantly share that information with others. Untappd has 8 million users, including those in armed forces and intelligence agencies worldwide.
Unfortunately, according to researchers, users sometimes share too much information, and the app shares too much about them.
Researcher Foeke Postma documents how he was able to collect data from Untappd. Using data collected by the app, Postma was able to follow the movements of users military and intelligence personnel, typically through check-ins at bars or breweries near their workplaces—and even at a secret CIA base.
In one instance, Postma was able to track an individual working for U.S. intelligence all the way to Camp Peary, Virginia. Nicknamed “The Farm,” Camp Peary is a CIA facility used for field training and allegedly as a hub in the transport of suspected terrorists. The individual shared a photo of a beer that Postma was able to geolocate to a specific building at Camp Peary, pinpointing the exact location it was taken. Other individuals shared photos of beers that included pictures of government identification cards, the numbers on debit cards, and government documents that were best left out of the picture.
One of the most fascinating uses for Untappd data: using user check-ins to discover non-military locations they have in common. An intelligence agency could, for example, locate bars frequented by service members near military bases, discover the most popular beer there, and then send spies to ingratiate themselves with those personnel, ordering their favorite beer—and hopefully getting someone to spill secrets.
Like many social media sites, Untappd can serve as a collection point for internet researchers like Bellingcat or rival intelligence agencies seeking valuable information. Social networks collect more information than users are often aware of, and that data can be used by third parties.
You Might Also Like