You’ve Got Mail and It’s Tracking Your Warship

Dutch journalists have figured out an ingenious way of discovering the location of a warship by using a simple Bluetooth tracker, thus exposing a vulnerability in the military operation and forcing the armed forces to reconsider their protocols.

The location of warships deployed in missions is supposed to be a secret, one that navies all over the world try to keep at all costs. In a fully digital world, though, keeping such a secret is increasingly difficult.

While preparing for real attacks and cyberintrusions, militaries sometimes forget about simple tactics that are often extremely efficient.

Key Takeways

• A journalist tracked a Dutch warship using a cheap Bluetooth tracker hidden in unscanned mail.
• Publicly available contact details enabled the tracker to reach the vessel.
• The device exposed the ship’s location and route for hours, revealing a serious security gap.
• Simple, low-tech methods can bypass advanced military defenses if overlooked.
• Similar leaks have occurred before (e.g., Strava), highlighting a recurring operational risk.
• The Dutch military updated protocols, including banning battery-powered items in the mail.

 A fistful of Euros

The problem began when the Dutch Ministry of Defense posted detailed instructions online, including how to contact deployed soldiers and sailors, to help families send correspondence more easily. In itself, this seems like a harmless, worthwhile endeavor.

According to Dutch publication Omroep Gelderland, this was more than enough to pinpoint the exact location of the Evertsen frigate, a ship tasked to protect a French aircraft carrier from rocket attacks.

He just needed a simple Bluetooth tracker, which anyone can find online for just a few euros, and he sent it to the Evertsen.

"It's a trade-off between the private interests of service members who want to liaise with their families and national security. And with what's going on right now, you can expect national security to take precedence," said the publication.

Mail wasn’t considered dangerous

If you imagine that everything reaching the ship is scanned, you would be wrong. It turns out that regular mail wasn’t scanned, unlike other packages. The tracker was attached to a postcard and never went into an X-ray scanner.

The tracker revealed that the ship was anchored in the Cretan port of Heraklion. Soon after, the ship sailed and followed a route alongside the island.

It took almost a full day for the tracker to go offline, and the ship was almost near Cyprus. It’s unclear whether the ship reached the French aircraft carrier, but the fact that it was possible to follow it for so long revealed a serious security problem.

Ship location is a well-guarded secret

Ships are big targets, and their precise locations are extremely valuable information in a conflict. This is one of the reasons satellite images are made public with a delay—so it’s hard to use them to track military movements.

Even so, the most advanced security measures can’t protect the ships if their location is compromised by the most trivial methods. For example, the French aircraft carrier protected by the Evertsen frigate had its location compromised when a sailor ran on deck while using the Strava sports-tracking app.

The Dutch publication also said that the military adjusted protocols in response to this incident.

“For example, it is no longer permitted to send a greeting card with batteries to the Evertsen and Defense will further examine the guidelines for military mail.”