Many efforts have been made to protect sensor networks against attacks, and standard mechanisms such as encryption are widely used to provide security services. However, the wireless transmission of a message itself may reveal to the adversary the origin of a sensed event, i.e., the source location of the message. Providing such position privacy in sensor networks is a challenging task. Traditional anonymity techniques are inappropriate for resource-constrained sensor networks, but an adversary may easily monitor the network communications. In this work, we focus on protecting source location privacy in the global attack model, where an adversary may have a global view of the communications in a sensor network and employ traffic analysis to locate the message sources. A flexible and effective countermeasure based on secure data aggregation is proposed to prevent the leakage of source location information. Both theoretical analysis and simulations are presented to validate the proposed scheme.