[BreachExchange] US terrorist watchlist found exposed on unsecured cloud storage

Sophia Kingsbury sophia.kingsbury at riskbasedsecurity.com
Tue Aug 17 11:46:17 EDT 2021


https://siliconangle.com/2021/08/16/us-terrorist-watchlist-found-exposed-unsecured-cloud-storage/

A terrorist watch list compiled by the U.S. government with 1.9 million
records has been found exposed online in the latest case of unsecured cloud
storage.

Detailed today by security researcher Bob Diachenko, the watch list was
discovered on an exposed Elasticsearch cluster on July 19. The list came
from the Terrorist Screening Center, a multi-agency group administered by
the Federal Bureau of Investigation. The TSC maintains the country’s no-fly
list, which is said to be a subset of the larger watchlist.

The watchlist typically includes full name, citizenship, gender, date of
birth, passport number and no-fly indicator. Other datasets included fields
such as tag, nomination type and selected indicator.

Diachenko immediately informed the Department of Homeland Security of his
discovery and the database was taken down three weeks later on Aug. 9. It’s
unknown why it took so long to be taken down or whether unauthorized
parties had accessed it.

The TSC no-fly list has been controversial in the past because it included
people who have not been charged with crimes. The list was found to violate
constitutional protections in 2014 and, more recently, alleged domestic
terrorists have been added to it.

Although all the data is not completely secret because people in the U.S.
have to be informed when they are added to it, the exposure still has
risks. Diachenko noted that in the wrong hands, the list could be used to
harass or persecute people on the list or their families, particularly when
innocent people are wrongly included on the list.

“Exposure of records through misconfiguration is a major issue whether we
are talking about public cloud misconfigurations or of any service exposed
to the internet,” Saumitra Das, chief technology officer and co-founder at
cloud-native AI security firm Blue Hexagon Inc., told SiliconANGLE.
“Organizations need to continuously monitor all resources deployed in their
enterprise to minimize risks of such exposure.”

“Elasticsearch clusters, S3 buckets, databases have all been left open by
organizations as well as their third-party suppliers and vendors that have
resulted in a data breach,” Das added. “Such records can be sold on the
dark web or used for further attacks, especially if credentials are
involved.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210817/326b3d4a/attachment.html>


More information about the BreachExchange mailing list