Using Strava in Law Enforcement Investigations

Strava is social network used to track athletic activities with wearables that has been fallen into disrepute in the past, because its Global Heatmap featured the ability to pinpoint military bases and patrols as well as covert locations of intelligence services, based on the aggregated user information. Initally, zooming into the heatmap would also reveal the profiles of individual athletes. That isn’t exactly how you imagine OPSEC.

This sparked a huge outcry, and several nation’s militaries subsequently banned the use of activity trackers. Strava also reacted promptly, updating the heatmap and ensuring that they “respect your privacy and share your concerns about the security of information you may submit to Strava’s websites”.

However, even after the updates made, it is still possible to harvest sensitive information from the data published by Strava. Strava informs users via their website that if the Enhanced Privacy Mode is toggled on, “your activities are still visible in public locations like the Flyby, group activity features, and segment, public club, and challenge leaderboards”. The means that profiles of individual athletes can still be accessed through segment leaderboards.

Now how can we use this knowledge for law enforcement investigations?

Imagine the following situation: The body of an unidentified male was found on July 18th 2017 near a pond named “Amphibientümpel” in the Forstenrieder Park in Munich. Initial crime scene investigations come to the conclusion, that the victim was murdered on site. The autopsy reveals that the victim had deceased during the afternoon of July 16th 2017.

The Forstenrieder Park is favored among athletes. Dozens of runners, hikers and cyclists use the trail next to which the body was found on a daily basis. Maybe one of them had noticed something suspicious on the day of the crime?

strava1

Law enforcement investigators trained in OSINT check the Strava website to see if the aforementioned trail is classified as a segment. It is and on the day of the crime, two top times were added to the segment’s leaderboard. Via this leaderboard the investigators are able to access the profiles of these athletes, including the names of both and also pictures they have uploaded.

strava2

One of these athletes uses Enhanced Privacy Mode, hiding the athletic activities on his profile from users. To view these activities he must give consent to individual users and allow them to follow him.

The other athlete publicly provides access to all his data. After all, he is using Strava to compare himself with other athletes. The investigators go through his activities and notice that the run listed in the leaderboard started at 16:59 p.m. In conclusion, he was in the vicinity of the crime scene at the presumed time of death.

strava3

The athlete uses his real name in his profile, which makes it easy for the investigators to find him and contact him for further questioning. The athlete was unaware of the crime as of now. However, he did recall seeing a small truck parked in between trees near the pond that afternoon. According to his accounts, the truck belonged to a local crafts business. Although he had initially wondered as to why the vehicle was parked there, he hadn’t spent any thoughts on it after the run. This clue was vital to commence further investigations and eventually led to an arrest.

The quintessence of the story: OSINT should be integral part of all investigations. In our case, OSINT provided a witness and this witness’ accounts led to solving this violent crime. Nonetheless, this requires skilled investigators…

Sebastian Schramm / 31.08.2018

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s