Vulnerabilities and Attempts to Collect Intel on U.S. Military Installations

Russia’s war in Ukraine. The creation of parallel institutions like the Shanghai Cooperation Organization (SCO) and the Belt and Road Initiative (BRI) led by the Chinese. Both are examples of the U.S.-led unipolar world transitioning to a multipolar world defined by great power competition. 

This shift in the international landscape raises security concerns as countries like Russia and China enter direct competition with the United States. This competition will not occur on a singular plane but most likely across multiple domains – economic, diplomatic, cyber, and technological – and undeniably affect the military. One example from a report by the Center for Strategic and International Studies notes that between 2000-2020, there were 160 reported cases of Chinese espionage against the United States and 1,000 cases of intellectual property theft. Within that, 85 percent were cases “involving Chinese agents trying to acquire U.S. military and commercial technologies.”   

This week, Overwatch analysts look at some historic vulnerabilities facing U.S. military installations, domestically and abroad, to understand how adversarial nations may be attempting to gather intelligence on the United States’ critical military infrastructure. One of the biggest challenges when researching historical or potentially existing vulnerabilities facing U.S. military installations is the lack of data released by the Department of Defense (DoD). This information is naturally protected for national security reasons. Publishing current or past vulnerabilities, or tactics used to exploit them, can inspire adversarial nations to exploit them. With that limitation in mind, analysts looked at publicly available and historical reporting on the topic. 

Base Comparison 

Domestically, the United States has roughly 450 to 500 military bases spanning all 50 states. When expanded to the U.S. military’s foreign footprint, the number increases to roughly 750 bases in approximately 80 countries. The map below highlights the position of these foreign bases. 

Adversarial nations comparably have less. Russia has approximately 20 overseas bases, and China is estimated to have one foreign military base in Djibouti. The map below shows the comparative presence of the U.S. military in comparison to Russia and China.  

Vulnerabilities Continue to be an Area of Concern 

While bases and installations are a source of power for the United States, they are a desirable target for adversarial nations. The U.S. has several historical sources of vulnerability, ranging from open-source information, data breaches, apps, technology developed by countries like China, business/land purchases by adversarial nations, and human intelligence collection techniques.  

Open-source vulnerabilities facing U.S. military installations vary from applications used by denizens of the base to satellite imagery and breached data. These sources provide adversarial nations with multiple ways to gather information about critical U.S. military infrastructure and service members. A simple search for sensitive U.S. military installations, such as Area 51, supplies aerial views and pictures from March and April 2022. Using ESRI’s Wayback machine, it is even possible to view the construction and internal operations of more recently constructed installations. 








Even more concerning was a 2018 incident involving the fitness app Strata. The app charted users’ exercises, supplying routes and patterns of life information that could be leveraged to target their users. Due to the apps prevalence among service members, there was concern about identifying military members abroad. A series of Twitter threads from this time used the app to quickly identify U.S. service members serving in sensitive areas, like bases in warzones such as Afghanistan, and even alleged CIA black sites.  








Since then, the app has seemingly fixed this problem. However, the historical data remains, and the possibility that future applications may reveal the same vulnerabilities is a definite possibility.  

Somewhat connected to vulnerabilities caused by application data is the threat of breached data released on the deep and dark web. A cursory search of email domains such as,,, and resulted in thousands of breached emails and associated passwords, many of which were linked to names of individuals whose online presence could be further developed. 

*Analysts did not include photos of this data, given its potentially sensitive nature. 

Engrained Tech Infrastructure 

The second vulnerability source is Chinese-owned tech infrastructure used by service members or near U.S. military installations. The placement of technology used to intercept communications near military bases is not new. In 2014, for example, the CEO of ESD America, a company specializing in highly secure cell phones, charted out several false cell phone towers near U.S. military installations. 

The best example of this vulnerability is the telecommunications company Huawei, which was banned in the U.S. in 2019. The company continues to be unsuccessful in lifting the ban even with the introduction of new technology. As early as 2018, the Pentagon banned the sale of Huawei phones on military bases. However, this did not stop the companys alleged attempts to spy on the U.S. military. Huawei partnered with multiple local network providers in the United States, placing communications infrastructure near critical U.S. military locations, including a U.S. nuclear arsenal. The map below shows examples of some networks using Huawei technology and their proximity to U.S. military infrastructure. 

Despite the bans and investigations, the problem persists. According to a July 2022 report by Politico, small telecoms networks, many of which are in rural areas near U.S. military infrastructure, remain in place due to the expense of removal and repair. This means many of these vulnerabilities are still active and will continue to pose a threat until the issue is fully addressed.  

The purchasing of businesses and farmland provides bases of operation and operational cover for potential intelligence operatives from adversarial nations. The acquisition of American farmland and western businesses by adversarial nations, like China, poses an economic threat. However, it also poses a potential threat to U.S. military infrastructure.  

For example, in 2022, a Chinese company, the Fufeng Group, purchased 300 acres of farmland 20 minutes from Grand Forks Air Force Base in North Dakota. The purpose of the purchase was allegedly to create a corn processing plant. However, its closeness to the base, which specializes in drone technology and housing a “new Space Networking Center,” has some concerned that the factory could be used to surveil drone and satellite transmissions. 

In addition to land purchases, investment in businesses utilized by U.S. citizens could allow espionage on service members who use the app. For example, according to the U.S. Department of Justice and Treasury Department, when the dating app Grindr was acquired by a Chinese investment firm Kunlun Tech, it posed such a risk. Though the app claims no data was ever released, the U.S. government demanded the Chinese company sell its stake in the application in 2020. The same story played out with TikTok, which was banned from government and military service members’ phones due to national security concerns.  

Despite best efforts, the pace of technological development and the economy generally means that more businesses tied to adversarial nations will gain access to service members and military installations physically and through the digital domain. Due to the time it takes to evaluate their threat and the number of apps that need to be assessed, it is likely that companies owned by adversarial nations may be able to exploit sensitive data related to U.S. military personnel.  

Human intelligence collection is one of the oldest forms of information gathering. The media tends to focus more on high-profile politicians and individuals who are seduced by female and male spies in operations called “honey pots.” This was the case with a Chinese spy associated with Representative Eric Swalwell, a House Select Committee on Intelligence member, or Russian spy Maria Butina, who was attached to multiple high-level Republican officials. But this is not always the case. The threat to a member of the U.S. military or someone with access to classified military information is genuine.  

In November of 2022, a former U.S. Army helicopter pilot and government contractor pled guilty to spying for China. He was recruited by a female intelligence officer with whom he began a relationship. However, not all these operations are sexual. In September, the U.S. charged former Army reservist Ji Chaoqun with spying for the Chinese. Chaoqun was recruited while studying engineering in Chicago and instructed to join the reserves in the hopes of getting U.S. citizenship and gaining access to classified information, according to reporting on the incident. While these more traditional cases highlight a concerning problem, perhaps even more alarming is the ease with which this can be done almost entirely digitally by utilizing social media to reach out to potential assets. This puts those that proudly display their position and status in the field of national security at risk. Even less sophisticated than the above examples have been attempts by alleged spies for China posing as diplomats or tourists to access U.S. military installations in 2019 and 2020. 

While exact figures on the number of successful or attempted recruitments of U.S. military personnel are not reported, the above stories prove that it is a tactic being actively used by U.S. competitors and focused on infrastructure and commercial businesses tied to the U.S. military. 

U.S. military installations in foreign countries also have vulnerabilities that adversarial nations can exploit. While the U.S. has more control and ability to surveil domestically, in foreign countries, U.S. forces depend upon host countries or partners to assist in maintaining security. For example, in 2021, it was announced that Japan would start taking a closer look at land purchases near U.S. military bases to diminish the ability of adversarial nations to collect intelligence on the United States. While we will not go into deep detail during this brief, four specific instances of attempts to gather intelligence regarding U.S. military installations in foreign countries help shed light on the threat. 

In 2021, eight individuals associated with the Russian mission to NATO in Brussels were expelled. It was discovered that these eight individuals were undeclared Russian Intelligence Officers. Then in 2022, Maria Rivera, AKA Olga Kolobova, was discovered to be a Russian spy living in Italy. Through social and organizational connections, she gained access to several NATO officials in Rome, including a member of the U.S. Navy. In April, following the release of data on Russian FSB agents by Ukrainian intelligence, it was discovered that two individuals posing as lieutenant colonels in the Russian Army had used their cover as observers of the Organization for Security and Cooperation in Europe (OSCE) to spy on U.S. military infrastructure in Latvia. Finally, in November 2022, the FBI, in partnership with Swedish State Security Forces, arrested two Russian spies living in the country for almost 30 years. The couple was believed to be in the country and were identified when it came to light that they were surveilling U.S. military assets.  

Operating critical defense infrastructure in a foreign country will never be 100 percent safe. Foreign defense systems suffer from many of the same vulnerabilities as domestic military installations highlighted above. However, awareness of past incidents helps highlight the importance of partnerships with host countries and the standard operating procedures of those hoping to exploit this vulnerability.  

Our Assessment 

Overwatch analysts assess that as competition between the United States and its near competitors increases, the desire to find vulnerabilities and collect intelligence on critical U.S. infrastructure will also elevate. These attempts will likely look to collect information using several, if not all, of the tactics outlined above. As a result, we will likely see the U.S. military and government take several actions to moderate this risk. We will also likely see more guidance released by the DoD regarding the use of apps, further government oversight in land and business purchases, increased vetting of foreign diplomats and members of the U.S. military, and increased coordination with countries hosting U.S. military bases. 

It will be imperative for individuals, especially those working in organizations and businesses tied to national security, to do their proper due diligence on companies and individuals they associate with and the apps they download on their phones. Proper open-source research techniques and literacy are not only good tools for offensive intelligence gathering, but they are also imperative for lowering the chance that an intelligence official from a hostile nation exploits an individual. 

Digital DNA Heating Up Cold Cases

overwatch cover image






In the United States, approximately 250,000 unsolved murders occur each year, according to the Uniform Crime Report. This is a clearance rate of about 50%, a drastic decrease from the 90% clearance rate for homicides in the 1960s. While this decrease is in some way due to criminal justice reform and more accurate reporting, it is undeniable that this decrease is also affected by the increasing murder rate we saw starting in 2020.  

Unsolved criminal investigations (homicides or abductions) that are no longer actively pursued because of lack of evidence are defined as cold cases. In other words, when an investigation goes idle, it is often assumed that the case is hopeless, impossible, and will never result in justice. Historically, this suggests that these violent offenders who have not been caught will continue committing crimes. Many of these violent crimes are still unsolved despite the full potential of deoxyribonucleic acid (DNA) evidence and national DNA databases. 

Beyond DNA evidence is the power of open-source intelligence (OSINT). With advancements in technology and social media engrained in today’s culture, it is rare for individuals not to have digital footprints – potential evidence for law enforcement. This raises the question: when DNA or other traditional forms of investigation fail, could a few quick online clicks help investigators keep a case from going cold? 

In this edition of Overwatch, analysts interviewed two individuals at the Criminal Investigations Division at the Hillsborough County Sheriff’s Office (HCSO) in Tampa, Florida to understand how digital footprints can aid law enforcement. Analysts also selected a cold case provided by the Hillsborough County’s Sheriff’s Office, an unsolved homicide, showing how OSINT could be applied to support an investigation. 

Interview with Hillsborough County Sheriff’s Office Criminal Investigations Division 

Overwatch: How often does a homicide or violent crime have a digital footprint? Has law enforcement increasingly turned to social media to find suspects of crimes?  

HCSO: We try to use social media searches in almost every homicide, except open and shut ones that are closed in 24-48 hours. However, we lack advanced tools, tips, and tricks of the trade to narrow down the information found online. We rely on free knowledge but using social media platforms in investigations today is extremely common, especially in shootings and gang violence, specifically in neighborhoods with turf wars. So, looking on social media has been helpful because people aren’t typically forthcoming.  

Overwatch: What are some of the challenges faced when it comes to pursuing a digital footprint of a potential suspect? For example, are search warrants needed? Are laws applicable in the digital space? 

HCSO: Privatized accounts are a huge issue. If you want information from private accounts, detectives need enough information to send a warrant to the social media company. The Sheriff’s Office here often gets Facebook and Instagram search warrants; however, the speed at which we receive the information back from the company is decided on a case-by-case basis. Sometimes it can be super slow, especially if it’s not a pressing matter.  

Overwatch: Can you tell me about a time when the Hillsborough County Sheriff’s Office was able to solve a cold case or homicide because of a victim or perpetrator’s strong digital footprint?  

HCSO: There was a case that we came to a dead end. However, our investigation found a couple that often made TikTok videos. We monitored their profiles, and while they didn’t make videos about the crime or anything like that, the lead came because they made a video in a vehicle that placed them in the suspect’s vehicle. So, their digital presence provided a clear lead which, coupled with other evidence, allowed the case to be solved. 

Tracks Left Behind 

In 2020, Hillsborough County had 37 homicides reported, with 27 solved or cleared. This was the highest rate of homicides in the last 10 years, according to the Federal Bureau of Investigation’s Crime Data Explorer 

In today’s world, the internet is entrenched in everyone’s daily life, increasing the opportunity to use the massive amounts of publicly available information to reopen cold cases. We have all heard of cases where a suspect’s or victim’s digital footprint pointed law enforcement in the right direction during an investigation, despite a lack of DNA evidence. Examples include a university student who was discovered dead after her last cell phone signals were found in a remote area with another person or a mass murderer who left cryptic messages on digital forums days before carrying out an attack. Like DNA left at a crime scene, the same can be said for online activity varying from malicious websites, social media posts, interactions, and connections – all of which leave digital data in their wake. 

Murder Case Gone Cold 

Overwatch analysts visited the Unsolved Homicide website run by the Hillsborough County Sheriff’s Office to find an unsolved homicide and apply advanced search OSINT techniques. Analysts selected the cold case of Ariel Pagan-Colon. They started discovery by focusing on online chatter, looking at the date of the murder, the scene of the crime, and the victim’s social media presence.  









The event occurred on July 13, 2019, when Ariel Pagan-Colon was “shot to death outside of a house party…” according to the Hillsborough County Sheriff’s Office Unsolved Homicides website. Analysts implemented advanced search queries to narrow down social posts related to the murder of Mr. Pagan-Colon.  

On July 13, 2019, Twitter user @jason_rohena posted about the victim’s death, insinuating that he was shot by one of his friends. The tweet was posted at 9:16 pm. A search on the Hillsborough County Sheriff’s Office “Calls for Service” website shows the location and date of Mr. Pagan-Colon’s incident. The service call was at 9:09 pm. This means that the Twitter user posted moments after the 911 call. Due to the speed of the post, it is possible that the user was at the crime scene and has more information about the suspects.  

A further look into the victim’s lifestyle and close associates revealed that his girlfriend was possibly at the location where the crime occurred. Moments before the deadly event, it appears that he was waiting outside the home where a party was occurring while his girlfriend was making her way outside to meet him, according to a Facebook post from the victim’s mother.  

The victims girlfriend was found on Facebook, and analysts were able to examine the information posted there about the victims passing. She wrote on Facebook, Not seeing your message has me broken, on December 31, 2019. It was not revealed what the message she received from the victim was. However, its possible that she received information minutes before his death that could add to the timeline of events or even insinuations about who the murderer could be. 

Analysts also found a social media post that denigrated the victim and alluded to a potential foe. This is not proof that the person who commented is accountable for Mr. Pagan-Colons death. Yet, the post may lead to a list of people who did not get along with the victim, despite the gap in time between it and the date the victim was killed. 

Our Assessment 

On television shows or movies, DNA, like fingerprints on a weapon or saliva on a discarded cigarette, are typically the evidence that solves cases. In reality, DNA is not always available in violent crimes, particularly homicides. However, many people do leave digital evidence. In the case of Mr. Pagan-Colon, his robust digital footprint can aid law enforcement in developing the case further based on discreet digital clues. 

In the case of Mr. Pagan-Colon, the victim was in his early 20s and often attended parties and clubs using social media to keep in touch with his old high school friends and family. A trail of photos and memorable moments from these events were often posted on social media by the victim. A timeline and biography of the person of interest can be found by following his digital footprint. It is possible that the details surrounding the house party where he was murdered can be found online. While we are unsure of the specifics of the crime, analysts can confidently state that the victim’s digital footprint supplied a clear picture of his lifestyle, social network, and activities in the days preceding his death.  

As the homicide rate rises, analysts assess that more crimes will become cold cases. More consideration of digital footprints in cold case homicide investigations is necessary, given this possible rise. Due to the budget constraints facing many police departments, the investment of open-source intelligence (OSINT) tools creates a financial barrier for many police departments. This makes it even more crucial that cost-effective resources and manual methods be spread to departments nationwide to surmount this artificial barrier. While traditional investigation methods such as DNA analysis will always be necessary, proper OSINT training and techniques can be a cost-effective resource to help deal with crimes that have gone cold.