How US soldiers exposed the location of nuclear weapons using an app

We often forget that several military bases serving NATO and located in Europe contain nuclear weapons. If their presence, as well as their location, is considered secret, it has been a long time since leaks let you know where the bases are. This open secret has just been reinforced by a much more disturbing revelation. In addition to the exact location of the weapons, the complete memos of the detailed security protocols concerning these bases can be accessed by any Internet user. via simple keyword searches on the Web. The case has just been unveiled by the investigation site Bellingcat who became known by his revelations obtained by cross-checking on the destruction of the flight MH17 of Malaysian Airlines by a missile of Russian origin in eastern Ukraine.

To keep these nuclear weapons, the US military on site have developed the annoying habit of recording long safety protocols in the form of review sheets with consumer applications usually intended for students. Called Chegg, Quizlet, or even Carm, they therefore host files allowing you to consult the location of security cameras, the schedule of patrols, security codes to identify the level of gravity threat, as well as the unique identifiers required to enter ultra-secure areas.

And to complete the picture, the soldiers’ files also reveal the location of the precise storage of armaments. In order to get hold of these files, Bellingcat had to enter certain acronyms in Google’s search engine that revolve around nuclear weapons. Acronyms whose meaning can easily be found on Wikipedia, for example. Thus, “PAS” designates aircraft hangars, “WS3”, the weapon securing system. It was enough to add the name of a European military base to these acronyms to fall on the protocol sheets.

Safety protocol sheets visible to all since 2013

The author of the article Foeke Postma gives the example of the Dutch base of Volkel-Uden. His research led him to 70 files concerning this database on theapplication Chegg. Some had the exact location of nuclear missiles. Information that can be combined with a snapshot published in 2013 on Facebook where we can see American soldiers posing in front of a nuclear missile training. The content of each sheet was thus linked to other public publications and in particular photos published on the social networks by American soldiers stationed at six bases in Europe. Finally, with this method specific to the investigation site, all of the sensitive information and the precise location of the weapons could be identified.

And this is not new, since Bellingcat pointed out that some of these files have been available online since 2013. After the site took care to prevent l’Otan and the US military, those memos all seem to be gone. The defense ministries of several NATO countries hosting these bases (Belgium, Germany, Italy, Turkey, the Netherlands) were also contacted on this subject, but preferred to wait for their American ally to respond. A spokesperson for the US Air Force told Bellingcat that management was aware that staff were using this app on a wide variety of subjects. On the other hand, no recommendation has been published on their exploitation. What is clear is that the authors of these files did not take care to protect their indexing and their access while this option is available for each of the applications. The authorities are now investigating.

It did not take any more for the organizations combating the proliferation of nuclear weapons to step up and cry out at the blatant violation of security practices related to these weapons on the bases of l’Otan. It must be said that with such information, a well-organized team would have all the information to take control of these weapons. This mishap comes to recall that of the applications of fitness used by American soldiers for training, and which revealed both their geolocation, their routes and training schedules on American bases in a conflict zone.