UPDATED 21:00 EST / DECEMBER 27 2022

SECURITY

US military hardware containing sensitive biometric data are being sold on eBay

German Researchers who were conducting a study on security managed to find an old U.S. military device on eBay containing the biometric data of 2,632 people, it was reported today.

According to the New York Times, which first reported the story, the researchers were taken aback when they discovered what they’d got for their $68. That was a SEEK II device, a biometric data collection system that the U.S. started using after the September 2001 attacks. The device is capable of storing photographs, recording thumbprints, and recording iris scans, all useful when you’re tracking suspected terrorists or identifying people who turn up at bases or crossing certain borders in Afghanistan and Iraq.

That’s exactly what the researchers found, seeing that the device had last been used in 2012 close to Kandahar, Afghanistan. What’s worrying is that the data still in the device was not encrypted and was only protected by a default password. Some of the information belonged to known terrorists, people of concern, and employees of the U.S. government. Some other data belonged to people who had just been stopped at the border.

“We were able to read, copy and analyze them without any difficulty,” said the researchers in a blog post. Elsewhere in the post, they referenced an article from 2007 that warned if such devices “end up in the wrong hands,” they can help the wrong people to create a “hit list.”

The researchers went on, saying getting to the “highly sensitive” data was so easy it was “downright boring.” They said they contacted the German authorities and told them that “used devices with highly sensitive data can easily be ordered on the Internet.” They added, “However, no one seems to care about the data leak.”

The German Bundeswehr (armed forces) at least acknowledged that they had received the information, but it seems nothing was done after that. The researchers waited a month and then returned to eBay and bought another similar device loaded with sensitive data. They called the fact they could do this “incomprehensible” and “unbelievable.” It goes without saying that anyone with such a device can look for U.S. names and either exploit that data somehow or at least track the person down.

The Times spoke with the U.S. Defense Department’s press secretary, Brig. Gen. Patrick S. Ryder, who said he couldn’t comment on the matter until U.S. analysts had seen the devices and authenticated them. “The department requests that any devices thought to contain personally identifiable information be returned for further analysis,” he said.

Photo: D2TEAMSim/YouTube

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU