It is, understandably, a tough job looking after secret nukes in a foreign country that doesn’t necessarily want them there. After all, if you or I forget the entry code to an office at work, the worst that can happen is we might miss out on lunch; a soldier who forgets any part of the long and detailed security protocols surrounding nuclear weapons might accidentally cause an international emergency.
That’s why many soldiers stationed on US military bases in Europe have turned to flashcard learning apps to help them memorize these protocols – and, as a new investigation from Bellingcat has revealed, how they have been accidentally leaking highly sensitive information regarding the US’s nuclear arsenal online for nearly a decade.
Flashcard apps work like, well, flashcards: you have a question or prompt on one side of the virtual “card”, and the answer on the other. They’re a useful tool for exam revision or learning a language. The problem (or at least the problem if you’re trying to study something highly classified) is that any flashcard uploaded onto these apps becomes available publicly. In fact, as Bellingcat explains, discovering the locations of US nuclear weaponry was as easy as Googling the names of likely air bases together with words like “vault”, “PAS” [protective aircraft shelter], or “WS3” [Weapons Storage and Security System].
Now, the locations of these nuclear weapons being leaked isn’t such a big deal – it ought to be, but they were already accidentally leaked two years ago. But the soldiers using these apps revealed much more than just which airbases store nukes somewhere on site: various flashcards found by Bellingcat include details such as precisely which vaults contain nuclear weapons, secret code words that signal when a guard is in trouble, and even things like how often the vaults are patrolled and the number and positions of security cameras around the base. Some even contained detailed descriptions of the badges needed to access restricted areas.
The findings show a “flagrant breach” in US nuclear security practices, Dr Jeffrey Lewis, Director of the East Asia Nonproliferation Program at the James Martin Center for Nonproliferation Studies, told Bellingcat.
“This is yet one more warning that these weapons are not secure.”
A spokesperson for the US Air Force (USAF) confirmed that they were aware of soldiers’ use of flashcard apps, but admitted that they didn’t know of any official assessment on the use of such online aids.
“As a matter of policy, we continuously review and assess our security protocols to ensure the protection of sensitive information and operations,” they told Bellingcat.
While it’s not known if the various passcodes and protocols have been updated since the reveal, the USAF has confirmed it is currently investigating the suitability of flashcard apps – and the flashcard sets found by Bellingcat have all been taken offline since NATO and the USAF were alerted to their existence.