Dutch Navy Frigate's Location Exposed by Bluetooth Tracker Hidden in Postcard

Summary

The HNLMS Evertsen, a Dutch air-defense frigate part of a NATO carrier strike group in the Mediterranean, had its position inadvertently revealed after receiving a postcard containing a hidden Bluetooth tracker. Dutch journalist Just Vervaart demonstrated the security vulnerability by following instructions posted on the Dutch Ministry of Defense website that encouraged family and friends to mail postcards to the ship. Using an inexpensive off-the-shelf Bluetooth tracker, Vervaart was able to track the vessel's real-time location for approximately 24 hours as it sailed from Heraklion, Crete toward Cyprus.

Navy officials discovered and disabled the tracker within 24 hours during mail sorting procedures. The incident highlights a critical operational security (op-sec) gap: the Dutch authorities had not considered that electronic devices could be concealed in mail and used for surveillance. In response, the Dutch military has now banned electronic greeting cards from being brought aboard vessels, as packages were already subject to X-ray screening but cards were not. This incident is part of a troubling pattern of security breaches involving modern technology, including a French naval officer recently revealing a carrier's location via Strava and the USS Manchester's unauthorized Starlink terminal discovered in 2024.

• The incident prompted Dutch authorities to implement new screening procedures, banning electronic devices in mail sent to naval vessels