Dutch regional broadcaster Omroep Gelderland tracked the HNLMS Evertsen, a Dutch navy air-defense frigate, by mailing a €5 Bluetooth tracker hidden inside a postcard to the ship. The tracker remained active for about 24 hours, revealing the ship's route from Crete toward Cyprus. The exploit worked because the Dutch Ministry of Defence publicly posts mail instructions for sending packages to deployed troops, and envelopes — unlike packages — are not X-rayed. The tracker was eventually found during mail sorting and disabled. In response, the Ministry is banning greeting cards containing batteries and reviewing its mail policies. The incident highlights how publicly available information combined with cheap consumer technology can create serious operational security vulnerabilities, a lesson applicable beyond the military to enterprise security as well.
Table of contents
An opsec lesson for civvies, tooSort: