dutch ministry of defence / hnlms evertsen / bluetooth tracker

A Dutch frigate, HNLMS Evertsen, inadvertently revealed its position after receiving a mailed postcard with a hidden Bluetooth tracker. Journalist Just Vervaart followed official guidance for sending mail to deployed sailors and embedded a tracker, allowing the ship’s movements from Crete toward Cyprus to be monitored for about a day. The tracker was found during mail sorting within 24 hours and disabled; Dutch authorities have since banned electronic greeting cards that bypass x-ray screening. The episode highlights operational-security risks from inexpensive consumer trackers and follows other recent OPSEC lapses—like Strava disclosures and unauthorized Starlink use—that could expose naval movements and endanger fleets. Key players: Dutch Ministry of Defense, HNLMS Evertsen, journalist Omroep Gelderland.

A Dutch frigate, HNLMS Evertsen, unintentionally revealed its location after a journalist sent a postcard containing a hidden Bluetooth tracker following public instructions the Ministry of Defense had posted for family contact. The tracker allowed real-time tracking of the ship’s movements for about a day as it sailed from Crete toward Cyprus; it was found and disabled during mail sorting within 24 hours. The incident prompted the Dutch navy to ban electronic greeting cards that bypass x‑ray screening and highlights how cheap consumer trackers (e.g., AirTags and generic Bluetooth tags) can compromise naval operational security. The episode joins other recent OPSEC lapses, underscoring risks from personal devices and loose mail/supply procedures.

A Dutch frigate, HNLMS Evertsen, exposed its location after receiving a mailed postcard that hid a Bluetooth tracker; a journalist who followed Dutch Ministry of Defense mailing instructions tracked the ship’s movements for about a day. The tracker revealed the vessel sailing from Crete toward Cyprus before being discovered during onboard mail sorting and disabled within 24 hours. The incident prompted the Dutch navy to ban electronic greeting cards that bypass package X‑ray checks. The episode underscores how inexpensive consumer trackers (AirTags and generic Bluetooth tags) and lax mail/OPSEC practices can enable real‑time tracking of valuable naval assets, risking entire carrier strike groups.

A Dutch frigate, HNLMS Evertsen, inadvertently transmitted its location after receiving a mailed postcard with a hidden Bluetooth tracker. Journalist Just Vervaart followed government guidance for sending messages to sailors, slipped an inexpensive tracker into a card, and tracked the ship for about a day as it sailed from Crete toward Cyprus. The tracker was found and disabled within 24 hours during mail sorting, prompting Dutch authorities to ban electronic greeting cards on naval vessels. The incident highlights how consumer IoT trackers (AirTags and low-cost clones) and lax mail/x-ray procedures can undermine operational security, echoing past leaks from fitness apps and unauthorized satellite internet on warships.

A Bluetooth tracker hidden inside a mailed postcard revealed the location of the Dutch frigate HNLMS Evertsen for about 24 hours, researchers say. Security analysts discovered that a $5 consumer Bluetooth beacon, slipped aboard and passively broadcasting an identifier, was picked up by civilian devices and reporting tools, exposing the ship’s position while at sea. The incident highlights risks of inexpensive IoT trackers being used to surveil high-value military and commercial vessels, undermining operational security. Key players include the Dutch Navy, security researchers, and manufacturers of consumer Bluetooth trackers; the episode underscores the need for stricter screening, signal management, and policies around personal IoT devices near sensitive platforms.

Dutch broadcaster Omroep Gelderland reported that its journalists tracked the Dutch navy air-defense frigate HNLMS Evertsen by mailing a Bluetooth tracker hidden in a postcard to the ship. Reporter Just Vervaart used publicly posted Dutch Ministry of Defence instructions for sending mail to deployed personnel, turning open-source information into a practical operational security (opsec) test. The tracker transmitted for about 24 hours, showing the Evertsen departing Heraklion, Crete, sailing west along the coast, then turning east toward Cyprus before going offline near Cyprus. Dutch defence officials said the tracker was discovered during mail sorting and disabled. In response, the Ministry is changing mail policies, including banning greeting cards containing batteries and reviewing screening guidelines.