[BreachExchange] Dow Jones' watchlist of 2.4 million high-risk individuals has leaked

Destry Winant destry at riskbasedsecurity.com
Fri Mar 1 17:40:24 EST 2019


A watchlist of risky individuals and corporate entities owned by Dow
Jones has been exposed, after a company with access to the database
left it on a server without a password.

Bob Diachenko, an independent security researcher, found the Amazon
Web Services-hosted Elasticsearch database exposing more than 2.4
million records of individuals or business entities.

The data, since secured, is the financial giant’s Watchlist database,
which companies use as part of their risk and compliance efforts.
Other financial companies, like Thomson Reuters, have their own
databases of high-risk clients, politically exposed persons and
terrorists — but have also been exposed over the years through
separate security lapses.

A 2010-dated brochure billed the Dow Jones Watchlist as allowing
customers to “easily and accurately identify high-risk clients with
detailed, up-to-date profiles” on any individual or company in the
database. At the time, the database had 650,000 entries, the brochure

That includes current and former politicians, individuals or companies
under sanctions or convicted of high-profile financial crimes such as
fraud, or anyone with links to terrorism. Many of those on the list
include “special interest persons,” according to the records in the
exposed database seen by TechCrunch.

Diachenko, who wrote up his findings, said the database was “indexed,
tagged and searchable.”

The data is all collected from public sources, such as news articles
and government filings. Many of the individual records were sourced
from Dow Jones’ Factiva news archive, which ingests data from many
news sources — including the Dow Jones-owned The Wall Street Journal.
But the very inclusion of a person or company’s name, or the reason
why a name exists in the database, is proprietary and closely guarded.

Many financial institutions and government agencies use the database
to approve or deny financing, or even in the shuttering of bank
accounts, the BBC previously reported. Others have reported that it
can take little or weak evidenceto land someone on the watchlists.

The records we saw vary wildly, but can include names, addresses,
cities and their location, whether they are deceased or not and, in
some cases, photographs. Diachenko also found dates of birth and
genders. Each profile had extensive notes collected from Factiva and
other sources.

One name found at random was Badruddin Haqqani, a commander in the
Haqqani guerilla insurgent network in Afghanistan affiliated with the
Taliban. In 2012, the U.S. Treasury imposed sanctions on Haqqani and
others for their involvement in financing terrorism. He was killed in
a U.S. drone strike in Pakistan months later.

The database record on Haqqani, who was categorized under “sanctions
list” and terror,” included (and condensed for clarity):

Killed in Pakistan's North Waziristan tribal area on 21-Aug-2012.


Eye Color Brown; Hair Color Brown; Individual's Primary Language
Pashto; Operational Commander of the Haqqani Network


Additional information from the narrative summary of reasons for
listing provided by the Sanctions Committee:

Badruddin Haqqani is the operational commander for the Haqqani
Network, a Taliban-affiliated group of militants that operates from
North Waziristan Agency in the Federally Administered Tribal Areas of
Pakistan. The Haqqani Network has been at the forefront of insurgent
activity in Afghanistan, responsible for many high-profile attacks.
The Haqqani Network's leadership consists of the three eldest sons of
its founder Jalaluddin Haqqani, who joined Mullah Mohammed Omar's
Taliban regime in the mid-1990s. Badruddin is the son of Jalaluddin
and brother to Nasiruddin Haqqani and Sirajuddin Haqqani, as well as
nephew of Khalil Ahmed Haqqani.

Badruddin helps lead Taliban associated insurgents and foreign
fighters in attacks against targets in south- eastern Afghanistan.
Badruddin sits on the Miram Shah shura of the Taliban, which has
authority over Haqqani Network activities.

Badruddin is also believed to be in charge of kidnappings for the
Haqqani Network. He has been responsible for the kidnapping of
numerous Afghans and foreign nationals in the Afghanistan-Pakistan
border region.


Other information: Operational commander of the Haqqani Network and
member of the Taliban shura in Miram Shah. Has helped lead attacks
against targets in southeastern Afghanistan. Son of Jalaluddin Haqqani
(TI.H.40.01.). Brother of Sirajuddin Jallaloudine Haqqani
(TI.H.144.07.) and Nasiruddin Haqqani (TI.H.146.10.). Nephew of Khalil
Ahmed Haqqani (TI.H.150.11.). Reportedly deceased in late August 2012.


Entities and individuals against whom there is evidence of involvement
in terrorism.

Dow Jones spokesperson Sophie Bent said: “This dataset is part of our
risk and compliance feed product, which is entirely derived from
publicly available sources.” The spokepserson said an “authorized
third party” was to blame for the exposure, but did not name the
alleged company or provide evidence for the claim.

We asked Dow Jones specific questions, such as who the source of the
data leak was and if the exposure would be reported to U.S. regulators
and European data protection authorities, but the company would not
comment on the record.

Two years ago, Dow Jones admitted a similar cloud storage
misconfigurationexposed the names and contact information of 2.2
million customers, including subscribers of The Wall Street Journal.
The company described the event as an “error.”

More information about the BreachExchange mailing list