[ExI] Researcher says a US terrorist watchlist was exposed online for three weeks

John Grigg possiblepaths2050 at gmail.com
Wed Aug 18 07:31:12 UTC 2021


"The FBI’s Terrorist Screening Center (TSC) may have exposed the records of
nearly 2 million individuals and left them accessible online for three
weeks. Security researcher Bob Diachenko says he discovered a terrorist
watchlist
<https://www.linkedin.com/pulse/americas-secret-terrorist-watchlist-exposed-web-report-diachenko/>
 on July 19th that included information like the name, date of birth and
passport number of those listed in the database. The cluster also included
“no-fly” indicators.

"According to Diachenko, the watchlist wasn’t password protected. Moreover,
it was quickly indexed by search engines like Censys and ZoomEye before the
Department of Homeland Security took the server offline on August 9th. It’s
unclear who may have accessed the data.I immediately reported it to
Department of Homeland Security officials, who acknowledged the incident
and thanked me for my work,” Diachenko said in a LinkedIn post spotted by
Bleeping Computer
<https://www.bleepingcomputer.com/news/security/secret-terrorist-watchlist-with-2-million-records-exposed-online/>.
“The DHS did not provide any further official comment, though.” We’ve
reached out to the Department of Homeland Security.

Among the watchlists the TSC maintains is America’s no-fly list. Federal
agencies like Transportation Security Administration (TSA) use the database
to identify known or suspected terrorists attempting to enter the country.
Suffice to say, the information included in the exposed watchlist was
highly sensitive.

A recent bipartisan Senate report recently warned of glaring cybersecurity
holes
<https://www.engadget.com/senate-homeland-security-committee-federal-cybersecurity-report-153405169.html>
at
several federal agencies, including the Department of Homeland Security. It
said many of the bodies it audited had failed to implement even basic
cybersecurity practices like multi-factor authentication and warned
national security information was open to theft as a result."

Shouldn't we at least try to make it hard on China and Russia? Ugh......

https://www.engadget.com/terrorist-screening-center-data-exposure-224352475.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.extropy.org/pipermail/extropy-chat/attachments/20210818/4a438c80/attachment.htm>


More information about the extropy-chat mailing list