How Iran Used Data Roaming, Ad Tech To Track US Military Personnel In Gulf

The malicious cyberattacks came in the build-up to the US-Israeli war against Iran that started late February and continued in the early days of the conflict

Advertisement
Read Time: 4 mins
he prospect of enemies stalking US personnel has alarmed American lawmakers
Quick Read
Summary is AI-generated, newsroom-reviewed
  • Iranian hackers exploited Middle Eastern telecom flaws to locate US personnel phones
  • SS7 pings were used to track phones roaming outside their home networks
  • Iran used mobile network access to target specific US military devices
Did our AI summary help?
Let us know.
Washington:

Iranian hackers have reportedly exploited the vulnerability of the outdated Middle Eastern telecom infrastructure to locate the phones of US personnel and contractors in the region. The Mobile Surveillance Monitor, a research initiative that studies mobile espionage, has detected that Middle Eastern telecom networks have been receiving a wave of requests seeking to pin down the locations of specific phones roaming outside their home networks. 

Gary Miller, a cybersecurity researcher who founded the nonprofit, told The New York Times that the data was indicative of a "coordinated attack campaign."

The malicious cyberattacks came in the build-up to the US-Israeli war against Iran that started late February and continued in the early days of the conflict, when Tehran retaliated with missile and drone strikes against US military installations around the region, according to a Financial Times report. 

Autonomy of Iranian Attacks

Tens of thousands of US military personnel are stationed across the Middle East, including in Bahrain, where, according to Miller, telecommunications networks were flooded with information requests called SS7 pings -- a silent query sent through the global telecommunication network to locate a target phone or confirm whether it is active and roaming. 

Advertisement

Officials in the Gulf believe Iran or its allies are exploiting roaming agreements with local phone providers to try to locate US personnel, the FT reported. 

"Iran absolutely has capabilities to get real-time, immediate, and continuous location information. It would surprise me very much if Iran were not using SS7, or mobile network access in the region, to track US users," said Miller.

He further noted that at least some of the blocked tracking attempts in the data can be linked to an Iranian mobile phone operator, creating a fingerprint that matches several others

Advertisement

"This appears to be very specific user targeting. They are targeting specific devices," Miller added.

Iran's Attacks On US Bases

Backed by its regional militias, Iran has attacked several hotels in Iraq, Bahrain-- base of the US Navy's Fifth Fleet -- and other areas in the Middle East during the war. On some occasions, US contractors and personnel have been injured in these attacks. 

Talking to the NYT, Nikita Shah, a cybersecurity researcher at the Centre for Strategic and International Studies, noted that Iran's use of phone network signals to locate targets points to the advancements in its cyberwarfare capabilities, posing a potential danger to US personnel stationed within striking distance of Iranian missiles.

"Iran has become quite creative in the last couple of years, and especially in this conflict. For me, this signals a step up in sophistication," Shah said. 

Lawmakers' Warning

Advertising IDs assigned to smartphones by the device manufacturer have made it possible for years to locate a specific phone or a cluster of devices, and the United States has abused ad tech for surveillance.

But the prospect of enemies stalking US personnel has alarmed American lawmakers back home, who have warned that smartphone ad tech has left the military vulnerable to attack. 

Advertisement

Ron Wyden, a Democratic senator from Oregon, noted that this attack would mark the first time US adversaries used commercial location data to target American personnel in war.

"For years I've warned both Democratic and Republican administrations about the national security threat posed by foreign adversaries tracking the phones of US personnel," Wyden told the FT.

He noted that Tehran has been reported to have used that method in the past, citing a presentation by the Department of Homeland Security that identified Iran as among the "primary countries" using SS7 to target "US subscribers."

Advertisement

Pat Harrigan, a Republican lawmaker from North Carolina, said he is proposing legislation to stop tech companies from selling the “digitalised footprint” of US government employees.

“The capability and the threat . . . exist. If it continues to be exploited, and it's exploited properly, it could be catastrophic,” Harrigan told the FT.

US Military's Defence

In April, US Central Command (CENTCOM) told Congress that it had "received multiple threat reports concerning adversary exploitation of commercial location data to target or surveil US personnel in theater."

However, CENTCOM said it "took unprecedented force-protection measures that we are unable to discuss in order to ensure that our forces remain safe." 

Furthermore, a US official told FT that "any claim suggesting data tracking played a significant role in attacks...is a departure from the facts."
 

Featured Video Of The Day
Caught in the Iran-US Conflict: The Untold Stories of Indian Seafarers
Topics mentioned in this article