World

Can One Buy US Military Biometric Data on eBay? Media Report Says 'Yes'

The US military has already been rocked by a number of sensitive leaks. One computer enthusiast in Germany claims he may have discovered yet another.
Sputnik
Earlier this year, German hacker Matthias Marx bought a biometric capture device on eBay for $68 and found that its memory card still contained data. According to a New York Times report, it could be a secret US military database with biometrics belonging to Afghan residents. The device itself might be a SEEK II (Secure Electronic Enrollment Kit).
According to Marx, the memory card contained the names, nationalities, photographs, fingerprints, and iris scans of 2,632 people. After browsing the kit's metadata, Marx said it was last used in the summer of 2012 near Kandahar, Afghanistan as part of a Pentagon program aimed to find terrorists among local civilians. The device was still working, he added.
Marx noted that he had in no way published the data from the device online, as the aggregate could expose those who worked with US forces.
The US Defense Department has released a statement concerning the case and provided an address to which the device can be sent.

"Because we have not reviewed the information contained on the devices, the department is not able to confirm the authenticity of the alleged data or otherwise comment on it. The department requests that any devices thought to contain personally identifiable information be returned for further analysis."

Patrick S. Ryder
Brig. Gen., Defense Department’s press secretary
The manufacturer of the device, HID Global, commented on the matter: "The configuration, management, protection, storage and regularity of deletion of data is the responsibility of the organization using HID-manufactured devices."

Extent of Possible Incompetence

Marx and a small group of researchers at the Chaos Computer Club, a European hacker association, claimed that they had bought six devices on eBay that were allegedly related to biometric capturing. The team was determined to cheсk concerns about the Taliban's* possible access to such devices and data security.
Given that all that was needed to protect the data was to remove the memory card, Marx was amazed at the degree of ease of access there was to such sensitive information.

"It was disturbing that they didn’t even try to protect the data," Marx said, referring to the US military in an interview with American media. "They didn’t care about the risk, or they ignored the risk."

Stewart Baker, a Washington-based lawyer and former national security official, reportedly said: "It is a disaster for the people whose data is exposed. In the worst cases, the consequences could be fatal."
Ella Jakubowska, a policy adviser on biometric information at European Digital Rights, a privacy advocacy group, noted to American media that:

"It doesn’t matter that it’s from a decade ago. One of the key points that we’re always trying to raise about biometric data and why it’s so sensitive is because it can identify you forever."

She added that the military should warn all those whose data might have been compromised.

Cases of Information Leaks

Previously, the US military has already allowed serious leaks of sensitive information:
Nearly 400,000 secret American military files about the Iraq War were obtained by WikiLeaks in 2010;
Fitness tracking company Strava in 2017 released a map with every single activity ever uploaded to it. However, it also contained data related to US military bases, acording to Nathan Ruser, an analyst at the Institute for United Conflict Analysts;
Classified data on US nuclear weapons stockpiles hit the web via training apps where the US military stored information.
All of these cases suggest that the data reported by Matthias Marx may be true.
Discuss