Cyber security researcher Bob Diachenko has unearthed an unsecured ElasticSearch server containing nearly two million terrorist watchlist records, including "no-fly" list indicators, which were left exposed for a period of three weeks between July 19th and August 09th. Earlier this week, Diachenko posted a message and said, “On July 19, I discovered a terrorist watchlist containing 1.9 million records online without a password or any other authentication required to access it." The unprotected server had a Bahrain IP address but it remains unclear whether the server was owned by the US or any other country.Diachenko immediately reported his discovery to the US Department of Homeland Security, but the records weren't taken down until August 09. The leaked records contained passport details, full name, dates of birth, citizenship, gender, TSC watchlist, country of issuance, and no-fly indicator. “The watchlist came from the Terrorist Screening Center, a multi-agency group administered by the FBI, which maintains the country's no-fly list, a subset of the larger watchlist. A typical record in the list contains full name, citizenship, gender, date of birth, passport number, no-fly indicator, and more,” he informed. No-fly listThe exposed data belongs to the people who are suspected as terrorists but have not necessarily been charged with any crime. "If it falls in wrong hands, this list could be used to oppress, harass or persecute people mentioned on the list and their families. It could cause any number of personal and professional problems for innocent people whose names are included in the list," Diachenko said. Prior to 2015, the terrorist watchlist was completely confidential. Then the US government modified its policy and b ..
Support the originator by clicking the read the rest link below.
