Skip to main content
Geopolitics & DefenseNational Security

Foreign Adversaries Exploit Location Data to Track US Troops in War Zones

US military convoy in desert war zone with smartphone on ground near vehicle.
“Commercial location data can be used to identify where U.S. troops congregate and their pattern of life, which can be exploited by adversaries to target attacks such as missiles, drones, and roadside bombs, as well as for counterintelligence purposes,” reads the letter written to DOD Chief Information Officer Kirsten Davies.

Last week, United States Senator Ron Wyden, D‑Ore., and Representative Pat Harrigan, R‑N.C., released information confirming that foreign adversaries are exploiting commercial location data to track U.S. servicemembers in active war zones. The two lawmakers, joined by other members, delivered a formal letter to DOD Chief Information Officer Kirsten Davies pressing the Department of Defense to address the problem.

The core allegation addressed to DOD Chief Information Officer Kirsten Davies

The letter sent to Kirsten Davies frames the problem in direct terms: commercial location data sold by the digital advertising ecosystem can reveal where troops gather and how they move. The letter further asserts, “That foreign adversaries are still able to buy location data collected from the phones of U.S. personnel serving in military hotspots is a direct result of DoD leadership’s failure to prioritize this threat and implement commonsense cyber defenses recommended by federal cybersecurity experts.”

How commercial location data is being leveraged against servicemembers

The materials released last week say the mechanics are straightforward: commercial datasets derived from mobile devices can be purchased by foreign actors and used to reconstruct the “pattern of life” for units and individuals. The letter names specific consequences — the data can be “exploited by adversaries to target attacks such as missiles, drones, and roadside bombs,” and can be repurposed for counterintelligence operations.

DOD awareness since 2016 and the broader regulatory context

Reportedly, the DOD has been aware of this vulnerability since at least 2016. That long lead time is central to the letter’s critique: lawmakers argue that awareness without adequate mitigation constitutes a policy and leadership failure. The complaint is placed in the wider context of a commercial ecosystem that enables the practice — namely, a lucrative digital advertising model that allows personal location signals to be collected and monetized.

John Carberry, Xcape, Inc.: policy friction, technical burden, and a defensive prescription

John Carberry, Solution Sleuth at Xcape, Inc., summarized the structural problem in blunt terms: “While the security community has long anticipated this vulnerability, regulatory action remains paralyzed because the digital advertising ecosystem relies on a lucrative opt‑out model, and defense agencies themselves frequently purchase commercial data for intelligence gathering.” His statement frames the issue as a systemic policy tension: commercial incentives and some defense buying practices together sustain the market that makes troop tracking possible.

Carberry adds a consequential conclusion: “This systemic policy failure shifts the entire burden of protection onto immediate technical defense. To mitigate this exposure, security leaders must treat personal mobile devices as active tracking beacons.” That prescription reframes individual devices as operational risk points that, in his view, require active defensive controls.

What this means for the Department of Defense, defense intelligence purchasers, and servicemembers

  • For the Department of Defense: The letter explicitly asks DOD leadership — through Chief Information Officer Kirsten Davies — to prioritize the threat and implement the cyber defenses that federal cybersecurity experts have recommended. The record cited in the release notes DOD awareness dating back to 2016.
  • For defense intelligence purchasers: The release highlights a practical tension: defense agencies “frequently purchase commercial data for intelligence gathering,” a practice John Carberry calls part of the market dynamics that keep the data available to adversaries as well.
  • For servicemembers: The factual account in the letter is stark: location signals from phones of U.S. personnel in military hotspots have been sold and can be exploited to identify troop concentrations and movement patterns — information the letter says adversaries can use to plan missile, drone, and roadside‑bomb attacks, and for counterintelligence activities.

The facts released last week place a pointed challenge in front of DOD leadership. Reported awareness since at least 2016 and the letter’s explicit charge that leadership failed to prioritize the threat create a narrow, testable question: will the DOD CIO accept the lawmakers’ assessment and move to implement the “commonsense cyber defenses” the letter cites — or will the combination of commercial market dynamics and existing defense data‑purchasing practices continue to constrain regulatory and operational responses?

https://www.securitymagazine.com/articles/102332-us-troops-in-active-war-zones-tracked-with-commercial-location-data