Used US Military Equipment are For Sale on eBay, Contains Sensitive Data of 2.632 People!
JAKARTA - German researchers can freely buy used military equipment that has been used by the United States (US) on eBay e-commerce. Surprisingly, the device still contained biometric data from known troops and terrorists.
However, a group of researchers called the Chaos Computer Club, led by Matthias Marx says sensitive data is downright boring, because of how easy it is to read, copy and analyze it.
He bought six of the devices on eBay, most of them for under $200. They were encouraged by a 2021 report from The Intercept that the Taliban had seized similar US military biometric devices.
Because of this, they wanted to see if these devices contained the identity data of people who were assisting the US Military, and of course, this could put them at risk.
The biometric data includes fingerprints, iris scans, pictures of people, and descriptions of 2.632 people. Everything is unencrypted and only protected by a default password.
According to a NYTimes report, the biometric data not only contains data on known troops and terrorists, it also contains people who may have worked with US forces in Afghanistan and other countries in the Middle East.
Many work with the US military and could become targets if the devices fall into the wrong hands.
Marx, however, stated that he didn't think the data was boring enough, although they were surprised at first to get this. He planned to delete the data after his group finished the research, they feared raising concerns about how closely the military was guarding this information.
"It's disturbing that (the US military) isn't even trying to protect the data. They don't care about the risks, or they ignore the risks," Marx said.
Such devices are known to be used to identify insurgents, verify local and third-country citizens accessing US bases and connecting people to events,
Cited from The Verge, Thursday, December 29, however, it is not surprising that they can be freely sold online, decommissioned military equipment often ends up in private hands.
SEE ALSO:
However, confusingly the data left behind was not known to anyone before the device was sold on eBay, which is technically a violation of the platform's policy against selling computers with personally identifiable information.
In response to this, the spokesman for the US Department of Defense Brigadier General Patrick S. Ryder simply requested that the device be sent back.
"Because we have not reviewed the information contained on the device, the department cannot confirm the authenticity of the alleged data or comment on it," said Ryder.
"The department requested that any device deemed to contain personally identifiable information be returned for further analysis."