U.S. soldiers stationed at various bases in Europe tasked with guarding the deployed nuclear weapons accidentally exposed data with sensitive information pertaining to the stock of nuclear weapons resting with the US military.
The soldiers used popular flashcard apps like Cramm, Chegg, and Quizlet, wherein they forgot to switch their profiles from public to private. Their user information was also easily visible, including their full names, as well as profile pictures similar to those on theirs LinkedIn profiles.
These apps were poorly protected with inefficient security, and lacked proper encryption, making them inadequate to commit sensitive data to memory.
The leaks could identify the exact number and location of the weapons within the bases, including whether the vaults they are stored in – are “hot” — with live weapons — or “cold.”
“By simply searching online for terms publicly known to be associated with nuclear weapons, Bellingcat was able to discover cards used by military personnel serving at all six European military bases reported to store nuclear devices,” wrote Foeke Postma, the author of the Bellingcat article.
The outcome was the encounter of numerous sets of flashcards revealing information about several bases around Europe, including in Germany, the Netherlands, and Turkey.
“How many WS3 vaults are there on IAB,” said the question side of one virtual flashcard.
“25,” it read on the answer side.
One set of 70 cards with the title “Study!” disclosed the number of live and non-live nuclear weapons at the Volkel Air Base in the Netherlands, which the Dutch government considers a secret.
Other sets revealed how soldiers are supposed to react to various levels of alarm, where security cameras are located on-site, and “duress words” that soldiers give over the phone to show that they had been, for example, taken hostage by attackers.
A thread by Foeke Postma, investigator and trainer at Bellingcat military.