Cybersecurity researcher finds US terrorist watchlist records exposed online for 3 weeks
text_fields
New Delhi: Nearly two million terrorist watchlist records, including "no-fly" list indicators, were left exposed online last month, said cybersecurity researcher Bob Diachenko.
"On July 19, I discovered a terrorist watchlist containing 1.9 million records online without a password or any other authentication required to access it," Diachenko said in a LinkedIn post on Monday.
Apparently, the watchlist came from the Terrorist Screening Center, a multi-agency group administered by the FBI.
"The TSC maintains the country's no-fly list, which is a subset of the larger watchlist. A typical record in the list contains full name, citizenship, gender, date of birth, passport number, no-fly indicator, and more," he wrote.
The cybersecurity researcher had reported the matter to the Department of Homeland Security (DHS), which acknowledged the incident. However, the exposed server was taken down only about three weeks later, on August 9.
"The DHS did not provide any further official comment, though," Diachenko said.
The list was left accessible on an Elasticsearch cluster that had no password on it.
"If it falls in wrong hands, this list could be used to oppress, harass or persecute people mentioned on the list and their families. It could cause any number of personal and professional problems for innocent people whose names are included in the list," Diachenko said.
There have been several reports of US authorities recruiting informants in exchange for keeping their names off the no-fly list. Some past or present informants' identities could have been leaked.
The Terrorist Screening Center (TSC) was set up by the US Federal Bureau of Investigation (FBI) in 2003 to maintain the watchlist of suspected terrorists.Prior to 2015, the watchlist was completely secret. Then the US changed its policy and began privately informing people in the US who were added to the list, but people outside the country still often can't find out whether they're on the no-fly list until they try to board a plane.