Not password-protected
-
TuCa had a rant last night about how the country is being "run" by a bunch of buffoons. I watched and nodded as he ranted about the State Dept, DoD, etc.
And then I see this, which makes me think he's really right:
Secret terrorist watchlist with 2 million records exposed online
A secret terrorist watchlist with 1.9 million records, including classified "no-fly" records was exposed on the internet.
The list was left accessible on an Elasticsearch cluster that had no password on it.
Millions of people on no-fly and terror watchlists exposed
July this year, Security Discovery researcher Bob Diachenko came across a plethora of JSON records in an exposed Elasticsearch cluster that piqued his interest.
The 1.9 million-strong recordset contained sensitive information on people, including their names, country citizenship, gender, date of birth, passport details, and no-fly status.
The exposed server was indexed by search engines Censys and ZoomEye, indicating Diachenko may not have been the only person to come across the list:
exposed watchlist records
An excerpt from exposed watchlist records (Bob Diachenko)
The researcher told BleepingComputer that given the nature of the exposed fields (e.g. passport details and "no_fly_indicator") it appeared to be a no-fly or a similar terrorist watchlist.Additionally, the researcher noticed some elusive fields such as "tag," "nomination type," and "selectee indicator," that weren't immediately understood by him.
"That was the only valid guess given the nature of data plus there was a specific field named 'TSC_ID'," Diachenko told BleepingComputer, which hinted to him the source of the recordset could be the Terrorist Screening Center (TSC).
FBI's TSC is used by multiple federal agencies to manage and share consolidated information for counterterrorism purposes.
The agency maintains the classified watchlist called the Terrorist Screening Database, sometimes also referred to as the "no-fly list."
Such databases are regarded as highly sensitive in nature, considering the vital role they play in aiding national security and law enforcement tasks.
Terrorists or reasonable suspects who pose a national security risk are "nominated" for placement on the secret watchlist at the government's discretion.
-
TuCa had a rant last night about how the country is being "run" by a bunch of buffoons. I watched and nodded as he ranted about the State Dept, DoD, etc.
And then I see this, which makes me think he's really right:
Secret terrorist watchlist with 2 million records exposed online
A secret terrorist watchlist with 1.9 million records, including classified "no-fly" records was exposed on the internet.
The list was left accessible on an Elasticsearch cluster that had no password on it.
Millions of people on no-fly and terror watchlists exposed
July this year, Security Discovery researcher Bob Diachenko came across a plethora of JSON records in an exposed Elasticsearch cluster that piqued his interest.
The 1.9 million-strong recordset contained sensitive information on people, including their names, country citizenship, gender, date of birth, passport details, and no-fly status.
The exposed server was indexed by search engines Censys and ZoomEye, indicating Diachenko may not have been the only person to come across the list:
exposed watchlist records
An excerpt from exposed watchlist records (Bob Diachenko)
The researcher told BleepingComputer that given the nature of the exposed fields (e.g. passport details and "no_fly_indicator") it appeared to be a no-fly or a similar terrorist watchlist.Additionally, the researcher noticed some elusive fields such as "tag," "nomination type," and "selectee indicator," that weren't immediately understood by him.
"That was the only valid guess given the nature of data plus there was a specific field named 'TSC_ID'," Diachenko told BleepingComputer, which hinted to him the source of the recordset could be the Terrorist Screening Center (TSC).
FBI's TSC is used by multiple federal agencies to manage and share consolidated information for counterterrorism purposes.
The agency maintains the classified watchlist called the Terrorist Screening Database, sometimes also referred to as the "no-fly list."
Such databases are regarded as highly sensitive in nature, considering the vital role they play in aiding national security and law enforcement tasks.
Terrorists or reasonable suspects who pose a national security risk are "nominated" for placement on the secret watchlist at the government's discretion.
