Hack Brief: Hackers Stole a Border Agency Database of Traveler Photos

In its rush to gather biometric data from travelers in the US, Customs and Border Protection has apparently neglected basic safeguards to protect it. One of its subcontractors was recently breached, leaving photos of travelers and license plates in the hands of hackers.

The Washington Post first reported the incident, whose full scope remains unclear. But the hack has raised sharp questions about the agency’s already controversial push for biometrics. Facial recognition scans have become more routine at airports; CBP wants it in the top 20 US airports by 2021.

“The CBP program should be suspended pending an investigation,” says Jeramie Scott, senior counsel at the Electronic Privacy Information Center. “The agency simply should not collect this sensitive personal information if it cannot safeguard it.”

  • Are you frustrated that your expensive karoke player does not let you play.
  • Use these proven tactics to seduce the man of your dreams
  • All You Need To Get Started Is A Digital Camera and Internet Access
  • Discover why you NEVER need to do another exercise again to get the body you've always desired.
  • How to organize and preserve your entire photo collection in as little as 10 days.
  • Make an extra or full-time living from your photography.
  • Learn how to improve your photography in a few simple steps
  • Massive Muscle Building, Fat Loss, Conditioning Inferno Program Using Bodyweight Bars.
  • Find A Simple Millionaire 'Mind Hack' That Literally Forces You To Think Like A Millionaire.
  • Become A Positive Person... Full Of Confidence With More Self Esteem...
  • Learn how you can easily create mobile apps to generate passive income.
  • Download the latest official drivers for your PC fix driver problems and keep them updated.
  • Scans your computer for missing, corrupt, or outdated Windows Drivers.
  • Say Hello to Happiness, Satisfaction and Wisdom for All of Lifes Toughest Challenges
  • This Affiliate System Will Have You Raking In Massive Commissions From Affiliate Marketing.
  • Build a free viral email list on autopilot and make thousands of others do it for you.
  • Make between 700 and 1500 each month just by taking Awesome Photos
  • A Comprehensive Database Listing Thousands Of Live and Online Government Auctions By The State
  •  

    The hack

    CBP declined to name the breached subcontractor to the Post, but apparently sent the news outlet a Microsoft Word document titled “CBP Perceptics Public Statement.” The Word file strongly suggests that Tennessee-based Perceptics, which makes license plate readers and has a decades-long relationship with CBP, is the vendor in question.

    That makes even more sense when you consider that a hacker calling themselves “Boris Bullet-Dodger” dumped hundreds of gigabytes of data stolen from Perceptics on the dark web in May. It’s unclear if that breach, first reported by The Register, is the same as the one CBP copped to Monday. The former became public on May 23; CBP says it found out that its database had been compromised over a week later.

    “On May 31, 2019, CBP learned that a subcontractor, in violation of CBP policies and without CBP’s authorization or knowledge, had transferred copies of license plate images and traveler images collected by CBP to the subcontractor’s company network,” the agency said in a statement. “The subcontractor’s network was subsequently compromised by a malicious cyberattack. No CBP systems were compromised.”

    Perceptics did not respond to a request for comment. But regardless of which specific vendor the breach stems from, the upshot is the same.

    Who’s affected?

    CBP has given precious little information about how many people were impacted, a troubling lack of disclosure. It’s not even clear exactly what type of data—and whether it extends to biometrics beyond photos—the database contained. While CBP says "none of the image data has been identified on the Dark Web or internet,” the dump of hacked Perceptics data just a few short weeks ago doesn’t give much confidence that this breach is contained, or will stay that way.

    In short, the only people who know the full scope of this breach are CBP, an unnamed subcontractor, and whoever pulled off the hack.

    How serious is this?

    Without more clarity on the contents of the database in question, it’s hard to say for sure in terms of the impact on an individual level. Probably pretty bad, though! And on principle, it’s close to a worst-case scenario.

    That CBP itself wasn’t directly hacked doesn’t make the situation any better. In fact, it arguably makes things worse; the agency let a third party access incredibly sensitive data, and didn’t ensure that appropriate security measures were in place. That it treats an image database of private citizens with the same lack of care that it does a Microsoft Word doc should set off very loud alarm bells.

    “CBP requires that all contractors and service providers maintain appropriate data integrity and cybersecurity controls and follow all incident response notification and remediation procedures,” the agency said in its statement. “CBP takes its privacy and cybersecurity responsibilities very seriously and demands all contractors to do the same.” It’s a fine sentiment; the facts of the case belie it.

    The breach also comes at a time when facial recognition regulation has garnered bipartisan support, after years of going relatively unchecked in both the public and private sectors.

    “This incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agency’s data practices,” said Neema Singh Guliani, senior legislative counsel at the American Civil Liberties Union, in a statement. “The best way to avoid breaches of sensitive personal data is not to collect and retain such data in the first place.”

    It may be too late for the victims of this data breach, but it’s past time to help limit the damage before the next hack comes along.

  • Make an extra or full-time living from your photography.
  • Use these proven tactics to seduce the man of your dreams
  • How to organize and preserve your entire photo collection in as little as 10 days.
  • Are you frustrated that your expensive karoke player does not let you play.
  • Discover why you NEVER need to do another exercise again to get the body you've always desired.
  • All You Need To Get Started Is A Digital Camera and Internet Access
  • Autogenerate Hundreds of Articles In Just a Click - Try Now For Free
  • This page from the book will show you how to get your ex girlfriend back as fast as possible.
  • Learn how to improve your photography in a few simple steps
  • Getting Paid To Test Apps With AppCoiner Is As Simple As 1,2,3
  • Find A Simple Millionaire 'Mind Hack' That Literally Forces You To Think Like A Millionaire.
  • A complete step by step training program that will teach how to capture pro photos.
  • Put small animated peel image at the top corner right or left on webpage
  • Transform Your Exterior In One Weekend With Over 7250 Landscaping Ideas
  •  

    Original Article : HERE ; The Ultimate Survival Food: The Lost Ways

     

  • Use these proven tactics to seduce the man of your dreams
  • Discover why you NEVER need to do another exercise again to get the body you've always desired.
  • Are you frustrated that your expensive karoke player does not let you play.
  • How to organize and preserve your entire photo collection in as little as 10 days.
  • All You Need To Get Started Is A Digital Camera and Internet Access
  • Make an extra or full-time living from your photography.
  • Over 100 Pages, Beautiful Photos, Great Recipes.
  • A Truly Unique Extract Of The Greatest Methodologies For Keeping The Body And Mind Young And Agile.
  • Learn about the solar systems largest planet jupiter predict great red spot transit times
  • Massive Muscle Building, Fat Loss, Conditioning Inferno Program Using Bodyweight Bars.
  • Make Money Online With This Pre-Loaded Wordpress eBook Store.
  • Get a real-time detailed vehicle history report from our nationwide database.
  • Getting Paid To Test Apps With AppCoiner Is As Simple As 1,2,3
  • Quickly cure your acid reflux and enjoy permanent freedom from heartburn
  • Scans your computer for missing, corrupt, or outdated Windows Drivers.
  • Learn How To Attract the Man of Your Dreams And Receive A Marriage Proposal In Few Months
  • Turbo Site Builder Software Instantly Create Web Pages In Just A Few Clicks
  • Say Hello to Happiness, Satisfaction and Wisdom for All of Lifes Toughest Challenges
  • Packed full of the info you need for profitable horse racing
  •