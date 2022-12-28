



According to a New York Times report, old US military equipment sold on eBay contained what appears to be biometric data of troops, known terrorists and people who may have worked with US forces in Afghanistan and other countries in the world. Middle East. The devices were purchased by a group of hackers, who found fingerprints, iris scans, photos of people and descriptions, all unencrypted and protected by a well-documented default password. In a blog post, hackers described access to sensitive data as boring given how easy it is to read, copy and analyze.

Matthias Marx, who led the group’s efforts in finding the devices, doesn’t think the data itself is boring, calling it incredible that they were able to get their hands on it. Although he plans to delete the data once the club have completed their search, what they have already found raises concerns about how the military kept this information.

This is especially true given reports last year that the Taliban obtained biometric devices as the United States withdrew from Afghanistan. As several commentators have pointed out, data that may or may not remain on the devices could help identify individuals who assisted US forces. The United States has also built biometric databases of Iraqi citizens. Speaking to Wired in 2007, a US official said of the database: essentially what it becomes is a list of results if it gets into the wrong hands. (It should be noted that the devices would not necessarily allow someone to use the main Afghan population database unless they had access to additional equipment, according to The Intercept, a small comfort for those whose data was stored locally on the device.)

In total, members of the Chaos Computer Club bought six devices, which The Times says the military used a decade ago to collect biometric information at checkpoints and during patrols, screenings and investigations. other operations. Two of the devices, the Secure Electronic Enrollment Kits or SEEK II, had left information on their memory cards. According to the hackers, one of the devices contained 2,632 people’s names and highly sensitive biometric data which appeared to have been collected around 2012.

The device only cost them $68, according to the Times. The outlet also claims that the company that sold it on eBay after acquiring it at auction was unaware it contained sensitive data, according to one of the employees to whom He spoke. Another company would not say how it obtained the devices it sold to the club. In theory, the devices should have been destroyed after they ceased to be used.

It is not a surprise that they are available for sale online decommissioned military equipment often ends up in private hands. The baffling part is that the data was left behind on at least some of them and no one entered it before the devices were sold on eBay (which is technically a violation of the platforms policies against selling computers containing personally identifiable information). The response from the US and device vendors is also not reassuring; contacted by the Times, the Ministry of Defense has just requested that the device be returned by post. The Chaos Computer Club says it also contacted the DoD and was told to contact SEEK’s manufacturer, HID Global. Hackers say they haven’t received a response.

