68 dollars for military secrets: German auctioned US terror data on Ebay

$68 for military secrets
German auctions US terror data on Ebay

During military operations in Afghanistan and Iraq, the American armed forces are building up a biometric database of friend and foe. But security doesn’t seem to be taken very seriously: Six of the biometric devices used ended up at the Chaos Computer Club via Ebay.

A German security researcher from the Chaos Computer Club (CCC) has successfully purchased several devices on Ebay, which are said to have contained complete data sets of suspected terrorists and wanted persons, but also local US military personnel. the “New York Times” reports that Afghans and Iraqis are the majority of individuals whose biometrics were collected during US military operations after September 11, 2001.

As the newspaper reports, was one of these biometric devices listed at auction on Ebay for $149.95. CCC researcher Matthias Marx won with a bid of only 68 US dollars. After the auction, the device was sent to him in Hamburg in August. He then discovered fingerprints, iris scans, faces and DNA from a total of 2,632 people on the memory card. According to the report, the device, dubbed SEEK II (Secure Electronic Enrollment Kit), was last deployed near the Afghan city of Kandahar in the summer of 2012.

According to the information, it is not possible to understand how the device ended up on Ebay a decade later after being used in Afghanistan. When asked by the New York Times, the US Department of Defense demanded that it be returned to the US authorities for further investigation.

“Ticking Time Bomb”

Again Chaos Computer Club (CCC) himself reports that he and Marx bought a total of six of these biometric devices on Ebay over a period of a year – most for less than US$200 each. Accordingly, some of them were simply forgotten in the country during NATO’s hasty withdrawal from Afghanistan in the summer of 2021. “Every biometric database is a ticking time bomb,” write the cyber security experts. “Since the Taliban captured the biometric devices, there has been concern that they could be used to identify former local workers.”

Greater computer knowledge is therefore not necessary for the use of the devices. “From a technical point of view, the investigations were downright boring,” says the CCC. “All data carriers were unencrypted. Only a well-documented standard password had to be entered to protect access. The database was also a standard database with standard data formats. It could be completely exported with little effort.”

Pentagon refers to the manufacturer

According to the CCC, the manufacturer of the devices, the Pentagon and the Bundeswehr, which is also said to have used them in Afghanistan to collect data from suspects and local staff, were informed of the security gaps – so far without any result: “We received a confirmation of receipt from the Bundeswehr that The US Department of Defense kindly referred us to the manufacturer, and the manufacturer did nothing,” the experts write. “Two and a half months after our notification, we were able to order another biometric device online.”

According to the “New York Times”, the devices similar to a Polaroid camera are still functional. Accordingly, CCC researcher Marx tested one of them on himself. He was then asked to connect it to a US military server for data transfer.

source site-34