Home » Technology » Internet » Hackers Selling US Military Biometric And Iris Scan Data

Hackers Selling US Military Biometric And Iris Scan Data

Apple ID

In the war on terror and also in military operations, the USA uses a lot of high-tech. This equipment has almost always stored sensitive data, but the US Army does not always seem to handle this carefully – as is now the case with a SEEK II case.

SEEK II is short for Secure Electronic Enrollment Kit, and according to the New York Times (NYT), it’s a shoebox-sized device used to capture biometric data like fingerprints and iris scans. The data is also stored there and apparently, several such suitcases ended up in the “wrong” hands.

According to the NYT, Matthias Marx, security researcher and member of the Chaos Computer Club (CCC), managed to discover such a device on eBay. On the one hand, it was astonishing that the suitcase was offered for only $150 and Marx managed to get it for just $68.

On the other hand, it was remarkable that SEEK II actually arrived in Hamburg last August and contained even more than promised. As the NYT now writes, Marx found names, nationalities, photos, fingerprints, and iris scans of 2,632 people on the device’s memory card, most of them from Afghanistan and Iraq.

Sensitive unencrypted data

Many of the names on file were terrorists and others wanted individuals, while others were individuals the US had worked with and those identified during random checks. However, the data was already somewhat out of date, as the device in question was last used in mid-2012.

Still, there is a risk that it could be used to unmask allies in the counter-terrorist fight. According to the daily, Marx did not want to send the data either but showed them to a reporter in Germany. It is not the first such device that the CCC has bought via eBay, but the sixth. You never paid more than $200. This of course raises the question of how such devices could and can find their way to eBay.

The CCC experts were also able to find something really shocking because the data was stored completely unencrypted on SEEK II. In the case of the device with the 2632 records, it was officially purchased from a dealer in Texas at an auction of decommissioned Army hardware. Apparently, the US military did not delete the data before the sale. In any case, the CCC hackers have promised to destroy the data after analyzing the devices.