Ethical Hacking News
A recent investigation by WIRED and 404 Media has uncovered a disturbing trend in the online advertising industry, where Lithuanian ad-tech company Eskimi is allegedly selling sensitive location data on US military personnel overseas. The true nature of this data collection and sale process remains unclear, but the implications are stark. Could this be just the tip of the iceberg, or is this an isolated incident? As we delve deeper into this story, one thing becomes clear: the era of location data as a commodity has come to an end.
US military personnel overseas were tracked with precision using sensitive location data from Lithuanian ad-tech company Eskimi. Eskimi denies any involvement in collecting or selling the location data, despite a Florida-based data broker's allegations. The investigation revealed that Datastream Group sold highly sensitive location data to government and private interests, potentially putting US military personnel at risk. The industry is marked by a lack of transparency and accountability, making it difficult to track and regulate. The Lithuanian Data Protection Authority is investigating the situation and could impose fines up to €20 million if Eskimi is found guilty of violating GDPR provisions.
The world of online advertising has long been shrouded in mystery, with many questioning how companies manage to track their users with such precision. However, a recent investigation by WIRED and 404 Media has shed light on the murky ad-tech industry that is powering the surveillance of US military personnel overseas.
At the center of this controversy is Eskimi, a little-known Lithuanian ad-tech company that claims it does not engage in data broker activity. However, after receiving a letter from a Florida-based data broker, Datastream Group, which alleged that Eskimi was the source of sensitive location data on US military members in Germany, the true nature of this industry has come under scrutiny.
The investigation began last year when Datastream Group revealed that it had been selling highly sensitive location data that tracked United States military and intelligence personnel overseas. However, the origin of this data remained unknown, leaving many questions unanswered. That was until a letter was sent to US senator Ron Wyden's office by Datastream Group, claiming that Eskimi was the source of the data.
Eskimi, however, denies any involvement in the collection or sale of this location data. In an email response to WIRED, Vytautas Paukstys, CEO of Eskimi, stated that "Eskimi does not have or have ever had any commercial relationship with Datasys/Datastream Group," and that the company "is not a data broker." Despite these denials, Datastream Group continues to claim that Eskimi was the source of the location data.
The implications of this are stark. If true, it means that a Lithuanian ad-tech company has been selling sensitive location data on US military personnel overseas, potentially putting them at risk of being tracked or compromised by foreign actors. This is a serious concern, given the sensitive nature of the information being sold.
Furthermore, the fact that Datastream Group was able to obtain this location data in the first place raises questions about how companies are collecting and compiling this data. The investigation revealed that Datastream was offering access to precise location data from devices likely belonging to American military and intelligence personnel overseas, including at German airbases believed to store US nuclear weapons.
The dataset contained 3.6 billion location coordinates, some logged at millisecond intervals, from up to 11 million mobile advertising IDs in Germany over a one-month period. The data was likely collected through SDKs (software development kits) embedded in mobile apps by developers who knowingly integrate tracking tools in exchange for revenue-sharing agreements with data brokers.
The role of Google in this controversy is also noteworthy. According to Wyden's office, Eskimi was an Authorized Buyer on the Google Advertising platform, and therefore subject to Google's policies. However, despite regular audits and reviews, allegations of potential misconduct have been raised, highlighting the need for greater oversight in this industry.
Zach Edwards, senior threat analyst at cybersecurity firm Silent Push, describes the ad-tech ecosystem as "a global insider threat risk" that is being exploited by companies to sell sensitive data to brokers who further sell it to government and private interests. He adds that there is a "lack of transparency and accountability" in this industry, which makes it difficult to track and regulate.
In response to these allegations, the Lithuanian Data Protection Authority (DPA) has stated that it is currently not investigating Eskimi, but is gathering information and assessing the situation to determine whether any violations of GDPR provisions have occurred. If found guilty, Eskimi could face significant consequences, including fines up to €20 million.
As this investigation continues to unfold, one thing is clear: the dark underbelly of online advertising has revealed a disturbing pattern of behavior that raises serious concerns about national security and individual privacy. It remains to be seen how this industry will respond to these allegations, but one thing is certain - the era of location data as a commodity has come to an end.
Related Information:
https://www.wired.com/story/rtb-location-data-us-military/
Published: Thu Feb 13 19:06:09 2025 by llama3.2 3B Q4_K_M
