Τελευταία Νέα
Διεθνή

Absolute fiasco for the US - They sent soldiers to the Middle East with turned-on mobile phones - Iran located them with ease

Absolute fiasco for the US - They sent soldiers to the Middle East with turned-on mobile phones - Iran located them with ease
Middle Eastern mobile networks faced repeated cyberattacks aimed at tracking the locations of US military personnel

A bombshell revelation exposes the supposed military and technological superiority of the US, bringing to light an unimaginable operational fiasco. According to classified telecommunications data, American soldiers and contractors deployed to the Middle East during the war with Iran were turned into walking "digital informants." Iran and its allies managed to hack regional mobile networks. By exploiting ridiculous vulnerabilities that American agencies had known about for a decade but ignored, they precisely tracked the positions of US forces even inside the hotels where they were staying.

Repeated cyberattacks

According to telecommunications data and sources cited by the Financial Times, Middle Eastern mobile networks faced repeated cyberattacks aimed at tracking the locations of US military personnel and contractors during the war with Iran. The prospect that adversaries were monitoring American forces has alarmed several US lawmakers, who warned that roaming systems and smartphone advertising technology have left the military exposed to attacks.

The malicious tracking attempts occurred during the build-up to the US-Israeli offensive against Iran in late February and continued through the early days of the war, when Tehran retaliated with missile and drone strikes against US forces and military facilities in the region. Data shared with the FT by the Mobile Surveillance Monitor research project shows that regional telecom networks blocked a wave of requests known as "SS7 pings". These pings were designed to pinpoint the location of specific phones roaming outside their home networks, suggesting a coordinated campaign according to two cybersecurity experts who analyzed the data. Officials in the Gulf suspected that Iran or its allies were exploiting roaming agreements with local carriers to track US personnel, a source familiar with the matter said.

They were monitored through... advertisements

Separately, a second source—a US official speaking on the condition of anonymity—stated they believe that Iran-linked actors abused commercially available advertising databases to track phones in Iraqi Kurdistan.

"Iran absolutely has the capability to obtain real-time location information, directly and continuously," said Gary Miller, a senior researcher at the Citizen Lab cybersecurity observatory, who reviewed the data. "I would be very surprised if Iran was not using SS7 or access to mobile networks in the region to track US users."

Strikes on hotels

Tehran and Iranian-backed militias struck several hotels in Iraq, Bahrain—home to the US Navy's Fifth Fleet—and elsewhere in the Gulf during the war, injuring US personnel in some instances. Experts noted that further investigation is required to attribute these specific attacks to digital tracking, which would be just one of several intelligence streams used for targeting—ranging from ground informants to hotel reviews and Facebook posts left by some service members during their deployments.Epitheseis.png

However, US Central Command (Centcom) informed Congress in April that it had "received multiple threat reports regarding the adversary's exploitation of commercial location data to target or track US personnel in the theater of operations." Ron Wyden, a Democratic senator from Oregon who has warned about both vulnerabilities, stated that this would mark the first time foreign adversaries used commercial location data to target US personnel in a war. "For years, I have been warning both Democratic and Republican administrations about the national security threat posed by foreign adversaries tracking the phones of US personnel," Wyden told the FT.

SS7 system vulnerabilities

Centcom stated that it "took unprecedented force protection measures, which we are not at liberty to discuss, to ensure our forces remain safe." A US official added that "any claim suggesting that data tracking played a significant role in the attacks... is far from the facts." SS7 requests exploit a vulnerability rooted in the early infrastructure of telephone networks, allowing a carrier and others with legitimate access to obtain an approximate location of devices. Iranian mobile operators have roaming agreements across the Gulf and the Middle East, giving them the technical capability to send SS7 pings across their borders.

Tehran has reportedly used this method in the past, according to Wyden, who cited a Department of Homeland Security presentation identifying Iran among the "primary countries" using SS7 to target "US subscribers". At least some of the blocked tracking attempts in the data can be linked to an Iranian mobile operator, creating a digital footprint that matches several others, according to Miller. "This appears to be very specific user targeting," he said. "They are targeting specific devices."

In several countries, the US dispersed its personnel to hotels and other less prominent facilities to protect them. In Bahrain, for example, a missile struck the Manama Crowne Plaza hotel, which had received multiple contracts to provide lodging, laundry, and other services to the Department of Defense, according to a government spending database.Capture_479.JPG
The Crowne Plaza hotel was attacked by Iran

A spokesperson for the government of Bahrain stated that the country's telecommunications infrastructure "remains resilient".

"All operators... are required to take steps to implement the necessary controls, including firewalls and other protective measures," the spokesperson said. "There are always attempts to breach network security globally."

The suspected tracking was not limited to this. In Iraqi Kurdistan, Iran is suspected of using commercially available software, designed for targeted advertising, to locate hotels hosting US government personnel and contractors, one of the sources familiar with the matter said. The abuse of advertising technology (ad tech) is well known in national security circles and has also been used by the US for surveillance. Advertising IDs assigned to smartphones by device manufacturers have made it possible for years to track a specific phone or group of devices.

Pat Harrigan, a Republican lawmaker from North Carolina on the House Armed Services Committee, stated he had not been briefed on specific cases where Iran used data tracking to target US troops, but expressed concern. He is proposing legislation to stop tech companies from selling the "digital footprint" of US government employees. "The capability and the threat... exist," Harrigan told the FT. "If it continues to be exploited, and indeed in the right way, it could be catastrophic."

A chronic security loophole

The US failed to close this loophole on military-issued phones, according to a 2024 review initiated by the Office of the Inspector General of the Department of Defense. The US intelligence community had been grappling with the problem for over a decade, said Michael Stokes, a former CIA officer and vice president of Virginia-based Veilant, which sells secure communication options. The problem, he said, is that digital tracking does not require hacking the phone itself: smartphones leak massive amounts of personal data—"digital exhaust"—that can be analyzed to determine location, contacts, and even step counts.

He also noted that government employees often avoided secure phones, which are sometimes built for specific missions or sensitive deployments, preferring their own smartphones—or carrying both—leaving digital trails behind. "This is a national security exposure created by the collision of unmanaged phones, commercial ad tech, location data, and, of course, operational necessity with field reality," Stokes said.

www.bankingnews.gr

Ρoή Ειδήσεων

Σχόλια αναγνωστών

Δείτε επίσης