June 26, 2019 at
Hacking incidents around the world continue to
expose personal and sensitive information to the public, often in large
quantities. This was seen multiple times in the past few years, with the most
recent example occurring less than a month ago. During this particular
incident, the information gathered by the United States Customs and Border
Protection, also known as CBP, was published onto the internet.
CBP subcontractor violates
security protocols, then gets hacked
The CBP is the largest federal law enforcement agency at the Department of Homeland Security. As such, its security system is one of the best in the world. With that in mind, it would take a tremendous amount of skill and knowledge for hackers to breach their defenses.
With that in mind, many might be wondering how
did the data get stolen? The truth is that it was not, at least not from the
CBP. Instead, it was taken by one of the agency’s subcontractors, a firm that
allegedly provided the technology used by the CBP, as well as other similar agencies
in North America.
The unnamed subcontractor — believed to be
Perceptics — decided to copy digital photos of nearly 100,000
travelers that passed through the US border. Not only their photos, but also
the photos of their license plates, and other data. It is bad enough that the
company did this without the CBP’s knowledge or permission to do anything like
that. However, the situation became far worse when the firm got hacked after
copying all of this sensitive information to its own network.
As mentioned, neither the government nor the
CBP officials confirmed that Perceptics was the subcontractor in question.
However, the company did report that it was hacked around the same time when it
was reported that the CBP data was stolen, and many quickly connected the two.
However, things did not end there, and the hacked data is not only in the hands of the hackers anymore. Instead, it was dumped online for everyone to download freely, should they choose to do so. The data dump includes over 400GB of all kinds of content obtained by Perceptics, which was then stolen from the firm’s network. This includes various spreadsheets, databases, business plans, HR information, financial data, and even personal data.
The hack proves the lack of
So far, the stolen data has been dumped and distributed via various torrent websites. Those who know where to look and how to download it have done so already. The identity of the hackers is not known at this point, as no single group or individual claimed responsibility at this time.
However, whoever did it clearly was not trying
to download anything specific. They simply gathered as much as they could, and
the dumped data includes it all, and even the music files were stolen from
workers’ computers. Meanwhile, the CBP is still tightlipped about the whole
incident, refusing to confirm or deny that Perceptics was the company that
violated security protocols. The only thing that they did say was that one of
the subcontractors violated privacy and security protocols listed in their
contracts, but nothing else.
Meanwhile, the journalist, Emma Best, which is part of the team that has decided to share the breached data on the internet, stated that the team is making the files available for the public to view at their leisure. According to Best, the published information provides quite an intimate look at the mass surveillance of legal travel. In addition, it also contains local surveillance of secure facilities and turnpike. However, Best pointed out that the data also provides an important glimpse of how the people in charge of keeping this data safe are doing it, or more accurately — how they are not doing it.
The point that they are trying to make is that despite the fact that one party is careful when it comes to the security of the data — that does not necessarily mean that their partners are equally as responsible. Due to the government’s major oversight, all of this data is not public, and available to everyone with an internet connection.