[TheRecord] 1.9 million records from the FBI’s terrorist watchlist leaked online

A copy of the FBI’s terrorist watchlist was exposed online for three weeks between July 19 and August 9, 2021, a security researcher revealed today.

Known as the FBI Terrorist Screening Center (TSC), the database was created in 2003 as a response to the 9/11 terrorist attacks. Managed by the FBI, the database contains the names and personal details of individuals who are “known or reasonably suspected of being involved in terrorist activities.”

While the database is managed by the FBI, the agency also provides access to it to several other US government agencies, including the Department of State, Department of Defense, the Transportation Security Authority, the Customs and Border Protection, and even some international law enforcement partners.

While the database contains data on suspected terrorists, it is also better known in popular culture as the US No Fly List, being primarily used by US authorities and international airlines to allow entry into the US or travel within its territory.

Exposed server was taken down after three weeks

In a LinkedIn post today, Bob Diachenko, Cyber Threat Intelligence Director at security firm Security Discovery, said he discovered a copy of the TSC database on a Bahrainian IP address.

“The exposed Elasticsearch cluster contained 1.9 million records,” Diachenko said. “I do not know how much of the full TSC Watchlist it stored, but it seems plausible that the entire list was exposed.”

Information exposed in the leak included data points such as:

Full nameTSC watchlist IDCitizenshipGenderDate of birthPassport numberCountry of issuanceNo-fly indicator

Apparently, this is the TSC (Terrorist Screening Centre) dataset publicly exposed (tsc_id is the only clue), with 1.9M+ records. In any case, any thoughts as of where to responsibly report? pic.twitter.com/e31pSrHnoM

— Bob Diachenko (@MayhemDayOne) July 19, 2021

Diachenko said he notified the Department of Homeland Security on July 19, the day the database was indexed by search engines Censys and ZoomEye, and when he also found it.

The exposed server was taken down about three weeks later, on August 9, 2021. It’s not clear why it took so long, and I don’t know for sure whether any unauthorized parties accessed it.

Bob Diachenko, Cyber Threat Intelligence Director at security firm Security Discovery

Contacted by The Record earlier today, the FBI had no comment.

It is unclear if the exposed Elasticsearch server was managed by a US agency, one of its partners, or if this was an illegally obtained copy.

While the existence of the TSC database was kept secret for more than a decade, in recent years, the DHS began notifying US citizens when they were added to the TSC’s No Fly List.

Without knowing who is to blame for this leak, it is unclear if the FBI or DHS will have to notify US citizens that were added on the TSC No Fly List that their data was exposed online.

The post 1.9 million records from the FBI’s terrorist watchlist leaked online appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[TheRecord] ProtonMail forced to collect an activist’s IP address in police investigation

Switzerland-based email provider ProtonMail said it was forced to log the IP address of one of its customers after it received a legally binding order from the Swiss government that it couldn’t legally appeal or decline. The incident, which came to light over the weekend, has caused some unrest among the company’s users as ProtonMail […]

Read More

[ZDNet] Thousands of PS4s seized in Ukraine in illegal cryptocurrency mining sting

All posts, ZDNet

The cryptocurrency farm was hidden in an old warehouse. Source: Read More (Latest topics for ZDNet in Security)

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.