Iran Used Ad Tracking To Hunt American Soldiers: Report


Boots of soldiers with geolocation icons | Illustration: Midjourney

The Iran war gives a whole new meaning to the phrase “targeted ads.” During the war, the U.S. military evacuated many of its bases, moving personnel to hotels and civilian office spaces. A new report in the Financial Times reveals the high-tech ways in which Iran followed them. In at least one place, Iraqi Kurdistan, the Iranian military is suspected of using ad tracking data to figure out which hotels were housing U.S. troops.

“Any government with a halfway decent cyber intelligence program is participating in these [ad data] exchanges, because it’s such an immensely valuable source of data,” Byron Tau, author of the book that revealed many of these practices, told Reason in 2024. At the time, it was known that the U.S. government used ad data to make an end run around the Fourth Amendment and track Americans without a warrant.

Now it seems that enemy governments have used it to hunt Americans. Iranian-backed militias attacked several hotels in Iraqi Kurdistan with drones, and Iranian forces directly bombed the Crowne Plaza in Bahrain, wounding two Pentagon employees. It’s not clear which of these attacks or other attacks on Americans were targeted based on ad data. 

Ad tracking is not the only signals intelligence technique Iran reportedly used. Much of the Financial Times report focused on the Signalling System No. 7 (SS7) for communications between countries, which allows telecom companies to find phones roaming outside their country. An Iranian phone company sent a series of SS7 “pings” to Arab countries, and Sen. Ron Wyden (D–Ore.) told the Times that Iran was known by the U.S. Department of Homeland Security to use this technique to find American phones.

And, of course, Iran could lean on less sophisticated spying methods, such as social media posts and old-school informants. People in several Middle Eastern countries told me that it was an open secret which hotels U.S. troops were being billeted in. Arab states and Israel have arrested scores of people for allegedly selling information to Iran.

For years before the war, mobile phones and other devices have been an infamous data security risk for U.S. troops. In 2017, the fitness tech company Strava released a global heatmap of user data, inadvertently revealing the location of military bases and even the specific routes that troops exercised on. (The Pentagon quickly banned fitness apps with geolocation in response.) In 2021, the investigative news outlet Bellingcat found U.S. nuclear personnel studying on public flashcard apps, and used the data to map U.S. nuclear weapons throughout Europe.

But other forms of data are more insidious because users share it unwittingly and unwillingly. Muslim Pro, a popular Islamic prayer clock with a virtual compass that points towards Mecca, was selling user data to a broker until 2020, when it was revealed that the broker was passing that data on to the U.S. military. Muslim Pro cut off the relationship immediately after finding out.

In other cases, user data leaks out in the process of selling ads. Apps sell targeted advertisements on real-time bidding (RTB) exchanges, a type of virtual auction house that displays users’ location and other attributes. For example, when I open a video about cameras, the RTB exchange sends out an offer for the attention of a 29-year-old American male in England who likes photography, along with other unique identifiers. Customers use software known as a demand-side platform to automatically bid on these offers.

Despite the fact that many RTB exchanges forbid using the auctions for non-advertising purposes, some data brokers do it anyway. Last year, the Federal Trade Commission (FTC) disciplined the company Mobilewalla for violating the terms of service on several RTB exchanges to scrape user data. Interestingly, the FTC settlement agreement includes a mysterious carveout for location data “collected outside the United States and used for National Security purposes conducted by federal agencies.”

In response to a separate customer lawsuit for failing to protect user data, Google agreed this year to create a new setting called RTB Control, which allows users to limit the data sent to ad auctions. This new feature is not just a boon to people who (irrationally) hate algorithms or (more rationally) fear government surveillance. As the recent war has shown, it may be a matter of national security, too.

The post Iran Used Ad Tracking To Hunt American Soldiers: Report appeared first on Reason.com.

from Latest – Reason.com https://ift.tt/YBdmUht
via IFTTT

Leave a Reply

Your email address will not be published. Required fields are marked *