Colin Mc Hugo

0 %
Colin Mc Hugo
Security Engineer Manager & CEO at Quantum Infinite Solutions Group Ltd.
  • Residence:
  • County:
  • Country:
Cyber Security Incident Response
Management & Architecture of Cyber Security Teams
Solutions & Coaching
  • Cyber Security Incident Response
  • Management & Architecture of Cyber Security Teams
  • Solutions
  • Training & Coaching

Nearly 2 million records from terrorist watchlist exposed online

August 18, 2021

The key listing was uncovered on-line for 3 weeks, permitting anybody to entry it with none sort of authentication

A terrorist watchlist containing nearly 2 million information sat uncovered and unsecured on the web for a interval of three weeks between July 19th and August 9th. The watchlist is claimed to come back from the Terrorist Screening Middle (TSC), a multi-agency middle managed by the Federal Bureau of Investigation (FBI).

The watchlist was found by safety researcher Bob Diachenko on July 19th, who reported it to the Division of Homeland Safety immediately. Whereas the DHS did acknowledge the incident and thanked the researcher for his work, it didn’t elaborate on it any additional, Diachenko wrote in a LinkedIn post that particulars his findings.

The TSC was created in 2003 within the aftermath of the September 11 assaults as a method for various governmental companies and departments to share info on suspected terrorists. The Center is responsible for the administration and operation of the Terrorist Screening Database (TSDB) and shares the data with homeland safety, legislation enforcement, and intelligence companies together with the Division of State (DOS), Division of Protection (DOD), Transportation Safety Administration (TSA), Customs and Border Safety (CBP), and in some instances choose worldwide companions as properly.

Diachenko admitted that he wasn’t positive whether or not the listing was accessed by any unauthorized events. The uncovered server was additionally listed by search engines like google and yahoo Censys and ZoomEye, which could recommend that the safety researcher wasn’t the one one who noticed the listing. “The uncovered Elasticsearch cluster contained 1.9 million information. I have no idea how a lot of the complete TSC Watchlist it saved, but it surely appears believable that all the listing was uncovered,” he added.

The uncovered information included a number of kinds of knowledge together with full names, TSC watchlist IDs, citizenship, gender, start dates, passport numbers, nation of issuance, and no-fly indicators. Diachenko additionally highlighted that the database was found on a Bahrain IP deal with quite than a US one.

The leakage of such delicate knowledge might spell potential issues for individuals whose info could have been a part of the listing, in accordance with Diachenko. “The terrorist watchlist is made up of people who find themselves suspected of terrorism, however who haven’t essentially been charged with any crime. Within the fallacious arms, this listing might be used to oppress, harass, or persecute individuals on the listing and their households. It might trigger any variety of private {and professional} issues for harmless individuals whose names are included within the listing,” he warned.

Posted in SecurityTags:
Write a comment