Posted on June 26, 2019 at 4:47 PM
Hacking incidents around the world continue to expose personal and sensitive information to the public, often in large quantities. This was seen multiple times in the past few years, with the most recent example occurring less than a month ago. During this particular incident, the information gathered by the United States Customs and Border Protection, also known as CBP, was published onto the internet.
CBP subcontractor violates security protocols, then gets hacked
The CBP is the largest federal law enforcement agency at the Department of Homeland Security. As such, its security system is one of the best in the world. With that in mind, it would take a tremendous amount of skill and knowledge for hackers to breach their defenses.
With that in mind, many might be wondering how did the data get stolen? The truth is that it was not, at least not from the CBP. Instead, it was taken by one of the agency’s subcontractors, a firm that allegedly provided the technology used by the CBP, as well as other similar agencies in North America.
The unnamed subcontractor — believed to be Perceptics — decided to copy digital photos of nearly 100,000 travelers that passed through the US border. Not only their photos, but also the photos of their license plates, and other data. It is bad enough that the company did this without the CBP’s knowledge or permission to do anything like that. However, the situation became far worse when the firm got hacked after copying all of this sensitive information to its own network.
As mentioned, neither the government nor the CBP officials confirmed that Perceptics was the subcontractor in question. However, the company did report that it was hacked around the same time when it was reported that the CBP data was stolen, and many quickly connected the two.
However, things did not end there, and the hacked data is not only in the hands of the hackers anymore. Instead, it was dumped online for everyone to download freely, should they choose to do so. The data dump includes over 400GB of all kinds of content obtained by Perceptics, which was then stolen from the firm’s network. This includes various spreadsheets, databases, business plans, HR information, financial data, and even personal data.
The hack proves the lack of security
So far, the stolen data has been dumped and distributed via various torrent websites. Those who know where to look and how to download it have done so already. The identity of the hackers is not known at this point, as no single group or individual claimed responsibility at this time.
However, whoever did it clearly was not trying to download anything specific. They simply gathered as much as they could, and the dumped data includes it all, and even the music files were stolen from workers’ computers. Meanwhile, the CBP is still tightlipped about the whole incident, refusing to confirm or deny that Perceptics was the company that violated security protocols. The only thing that they did say was that one of the subcontractors violated privacy and security protocols listed in their contracts, but nothing else.
Meanwhile, the journalist, Emma Best, which is part of the team that has decided to share the breached data on the internet, stated that the team is making the files available for the public to view at their leisure. According to Best, the published information provides quite an intimate look at the mass surveillance of legal travel. In addition, it also contains local surveillance of secure facilities and turnpike. However, Best pointed out that the data also provides an important glimpse of how the people in charge of keeping this data safe are doing it, or more accurately — how they are not doing it.
The point that they are trying to make is that despite the fact that one party is careful when it comes to the security of the data — that does not necessarily mean that their partners are equally as responsible. Due to the government’s major oversight, all of this data is not public, and available to everyone with an internet connection.