June 11, 2019 at
Online threats continue to endanger the
privacy and security of people around the world, with the most recent example
being a hack of a subcontractor working for the US Customs and Border
Protection. Customs revealed on Monday that the hack had exposed photos of
travelers, as well as their license plates.
The affected subcontractor
unofficially identified as Perceptics
So far, it is unknown which subcontractor had their network attacked. However, the federal agency did announce this just before the news of a Tennessee-headquartered company which provides stationary license plate readers to US borders being compromised.
The company in question was identified as
Perceptics by the UK computer security website, The Register. The site stated
that the hacker who compromised the firm alerted them, reporting the breach
himself back in late May. The company was contacted and asked to respond to
this, but their spokesperson has failed to reply as of yet.
According to the statement from a congressional staffer who asked to remain anonymous, the breach affected fewer than 100,000 people. Further, the Customs and Border Protection stated that there were no reports of the stolen data emerging anywhere on the internet, including the dark web.
The breach was reported by the
Meanwhile, The Register revealed that the
hacker contacted the website, as mentioned previously, providing a list of all
the files that they managed to extract from the hacked network. Further, The
Register also stated that the Perceptics’ spokesperson confirmed that they were
It is believed, based on the initial
information, that the hack was possible as a result of the contractor violating
mandatory privacy and security protocols. These protocols were specifically
outlined in their contract and had to be respected at all times.
Customs and Border Protection then added that
it discovered the hack on May 31st. The hack was allegedly also possible due to
the fact that the subcontractor decided to transfer the copies of images to the
network owned by its own company. The subcontractor, allegedly Perceptics, did
this without the agency’s permission, and the act violated established
Perceptics itself takes pride in the fact that
it is the sole provider of license plate readers for all land border ports in
the US, Canada, as well as some of the lanes in Mexico. The company’s license
plate readers are then used for passenger vehicle primary inspection lanes.
The company also claims to have secured
thousands of checkpoints on different borders, and that its products perform
over 200 million vehicle checks every year. Not only that, but the company’s
technology is also used for electronic toll collecting, and even in monitoring
License plate reading technology
needs to be regulated
Meanwhile, from a regulatory standpoint, there
appears to be a major lack of regulations when it comes to databases and
cameras used for license plate reading. The civil liberties groups, including
the EFF (Electronic Frontier Foundation), as well as ACLU, claim so, alarmed by
the fact. The groups also claim that this technology, while extremely practical
and useful, also holds potential to be misused. Some example of misuse might
include things such as location tracking, as well as surveillance.
The new development adds even more concern to the privacy and security issue around the world, and particularly in the US. Both online and offline, the lack of security is growing, and major hacking attacks tend to result in data thefts of hundreds of thousands, and even millions of people. 2018 saw major growth in these incidents, with data being stolen from major hotel chains, social media networks, and more.
Additionally, threats such as DDoS attacks continue to hit various targets, causing major disruptions, as well as thousands of dollars worth of damage. More often than not, these incidents are possible due to flawed and outdated security systems, or even failure to implement already existing patches and upgrades.
In the end, the fact remains that security,
which is of dire importance for the safety of information and sensitive data,
remains flawed. It does not receive nearly as much attention as it deserves,
which tends to lead to major security breaches and data theft, which is
something that needs to be addressed as soon as possible.