When German security researcher Matthias Marx found US military equipment for sale on eBay, it was previously used to identify wanted individuals and known terrorists during the war in Afghanistan. Marx gambled a bit and made a low bid of $68.
He offered $149.95, less than half the seller’s asking price, so I probably didn’t think I would win. But he won, and then came an even bigger surprise. The New York Times reportedWhen the device arrived with the memory card still in it, Marx unknowingly purchased the names, nationalities, photos, fingerprints and iris scans of 2,632 people whose biometric data was allegedly scanned by the US military. I was shocked when I realized what I was doing.
The device not only contains the personally identifiable information (PII) of persons believed to be suspicious, but also US military personnel, those who worked with the government in Afghanistan, and those temporarily detained at military checkpoints. It is said that the information of ordinary people was also stored. Most of the data are from residents of Afghanistan and Iraq.
All of this data was supposed to be destroyed onsite, but it appears that was not the case. The failure to wipe the device is consistent with the US military’s occasional failures over the past decade, putting those who assisted the US military and members of the US military at risk of being identified and targeted by the Taliban. The Times reported.
No one currently knows how many times the device has been traded since it was last used near Kandahar, Afghanistan in 2012.
Marx takes good care of his data and refuses to share his database with The Times electronically. We contacted one American and confirmed that the data likely belonged to him.
Brigadier General Patrick S. Ryder, a spokesman for the Department of Defense (DOD), told The Times that the data needed to be reviewed before confirming its authenticity.
“Because we have not verified the information contained on the device, the department is unable to confirm the veracity of the data in question or comment on it,” Ryder told The Times. We are requesting the return of the device, which we believe contains, for further analysis.”
Experts told The Times that this particular breach could have deadly consequences if the data were genuine. We are recommending that everyone be notified and that asylum be offered to anyone based in Afghanistan.
When Marx discovered the data, he said he contacted the Pentagon, but when the Pentagon allegedly failed to investigate or take action to protect those affected by the leak, Marx said Ars. “I was wary,” he said.
“We also thought the data would help us investigate how the device came online and figure out who else might be at risk,” Markus told Ars.
Marx told The Times that he found it “disturbing” that the military had failed to remove this highly sensitive data, claiming that “they didn’t even try to protect the data” and that “they “I didn’t care about the risks,” he said. Or they ignored the risk. ”
