1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Confidential terror watchlist exposed online

    From TechnologyDaily@1337:1/100 to All on Tue Aug 17 14:30:04 2021
    Confidential terror watchlist exposed online

    Date:
    Tue, 17 Aug 2021 13:05:54 +0000

    Description:
    Security researchers chanced upon a top secret database with sensitive
    details about millions of individuals.

    FULL STORY ======================================================================

    A misconfigured Elasticsearch cluster exposed sensitive personal details of two million individuals, included in what cybersecurity researchers believe
    to be a highly confidential database .

    Volodymyr Diachenko, Head of Security Research at Comparitech, was
    responsible for the discovery of the records, which appear to form the basis of a terror watch list. The database was left exposed online, without even password protection.

    The watchlist came from the Terrorist Screening Center, a multi-agency group administered by the FBI. The TSC maintains the country's no-fly list, which
    is a subset of the larger watchlist, claims Diachenko . TechRadar needs you!

    We're looking at how our readers use VPNs with streaming sites like Netflix
    so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

    Click here to start the survey in a new window << These are the best database software Heres our list of the best cloud databases on the market Also check our roundup of the best database design software

    Diachenko reported the find to the Department of Homeland Security (DHS), which thanked him for bringing it to its attention, but did not claim ownership of the exposed records. The data was accessible for a further three weeks, before the server it resided on was taken down. Abandoned data?

    Diachenkos team routinely scans the web for misconfigured and easily accessible databases that contain personal information. When they find one, they try to determine its ownership, and then contact the entity that owns
    the database to implement proper protections.

    In the case of this particular exposed Elasticsearch cluster, Diachenko
    claims it contained 1.9 million records with each record listing various personally identifiable information (PII) and other sensitive details, such
    as an individuals name, date of birth, citizenship, passport number, no-fly indicator and more.

    The exposed server was indexed by the Censys and ZoomEye search engines, and could have been accessed by anyone in the three weeks it was available
    online.

    The FBI did not immediately return TechRadar Pro's request for comment. These are the best data loss prevention services



    ======================================================================
    Link to news story: https://www.techradar.com/news/confidential-terror-watchlist-exposed-online/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)