According to a new report, U.S. soldiers stationed at several bases in Europe accidentally revealed confidential data connected to America's nuclear weapons arsenal while using inadequately secured flashcard apps to memorize those secrets.
The soldiers accidentally revealed “not just the bases” where the nukes were stored, but also “the exact shelters with ‘hot' vaults that likely contain nuclear weapons,” writes Foeke Postma, a researcher with the OSINT-focused investigative team Bellingcat, in what appears to be a mind-boggling mishandling of America's most sensitive national security information. They also gave a slew of other information, including secret codes, passwords, and security layouts in various locations.
According to Postma's investigation, the troops utilized common study apps like Chegg, Cram, and Quizlet to save highly classified data on European nuclear bases, then forgot to change the applications' settings from public to private.
Some of the same soldiers allegedly made their usernames public, which “included the full identities of the persons who established them,” and used the same images they had on their LinkedIn pages, making them easier to track down.
Postma believes that he was able to find a lot of this information by Googling official words and acronyms related to the US nuclear weapons development. When he did, he discovered a set of 70 public-facing flashcards titled "Study!" that disclosed details on the alleged nuclear inventory at Volkel Air Base in the Netherlands (a long-rumored locale of a U.S. nuke stockpile). Postma further alleges that subsequent open-source searches uncovered further flashcard caches, which revealed “details about vaults at all the other facilities in Europe that supposedly host nuclear weapons.”
"Some flashcards detailed the number of security cameras and their positions at various bases, information on sensors and radar systems, the unique identifiers of restricted area badges (RAB) for Incirlik, Volkel, and Aviano as well as secret duress words and the type of equipment carried by response forces protecting bases," Postma said.
"The scale to which soldiers have uploaded and inadvertently shared security details represents a massive operational security failure,” said Postma. “Due to the potential implications around public safety, Bellingcat contacted NATO, US European Command (EUCOM), the US Department of Defence (DoD), and the Dutch Ministry of Defence (MoD) four weeks in advance." The flashcards linked to these disclosures have been taken down since then, according to Postma.
