German experts were able to acquire several American military devices for collecting biometric data.
And extremely sensitive information concerning American soldiers as well as Iraqi or Afghan collaborators was present in these machines, bought for next to nothing.
$68 for data from 2,632 people
At the origin of this discovery, the German organization of hackers Chaos Computer Club. The latter, made aware that the Taliban had acquired several biometric data collection devices, wanted to know the kind of sensitive data stored in these instruments.
She was thus able to buy on eBay, 6 of these devices used during the wars of Iraq and Afghanistan, for less than 200 dollars on average. And the findings were amazing. On one of them, obtained for 68 dollars, security researcher Matthias Marx was able to access the information of 2,632 people including name, nationality, photograph, fingerprints and iris scan.
Most of the individuals identified were according to the New York Times terrorists or wanted persons. But the profile of local citizens who have worked with the United States was also available in the device. Putting them de facto in danger.
American soldiers also present
And if these devices were first intended to verify the identity of locals and foreigners entering American military bases, and to identify insurgents, the biometric data of American soldiers also remained in the machine.
The analysts have indeed found the data of several members of the US army within a second machine. One of them was even able to be contacted by journalists from the New York Times. And he was able to confirm that the data was probably his own, and that it must have been collected during his time as an intelligence specialist in the Navy. According to him, his data and those of his colleagues would have been recorded during a military training program.
According to the Defense Logistics Agency, these systems should never have been freely sold. Worse, as Thierry Marx points out, sensitive information being present in a memory card, it would have sufficed to detach it and then destroy it to erase the information. Steward Baker, a former national security official interviewed by the American newspaper, said he was worried by this discovery: ” it’s a disaster for the people whose data has been exposed. In the worst case, the consequences can be fatal “.
Source : The New York Times, In Widget
3