Hackers Prove The Insecurity Of Trump’s Border Security By Stealing Photos Of Travelers’ Faces (#GotBitcoin?)
Likely tens of thousands of photos of travelers’ faces and vehicle license plates are involved. Hackers Prove The Insecurity Of Trump’s Border Security By Stealing Photos Of Travelers’ Faces (#GotBitcoin?)
A federal subcontractor working for U.S. Customs and Border Protection suffered a malicious cyberattack that compromised likely tens of thousands of photos of travelers’ faces and their vehicles’ license plates, officials said.
The cyberattack prompted fresh criticism of how the government protects the reams of personal data it collects.
In a statement, a CBP spokesman said the agency had learned late last month that the subcontractor, in violation of security policies, had transferred copies of license-plate images and traveler images that had been collected by CBP to its own network.
“The subcontractor’s network was subsequently compromised by a malicious cyberattack,” the spokesman said. “No CBP systems were compromised.”
The identity of the subcontractor wasn’t provided. The spokesman said none of the image data had been found on the dark web or other parts of the internet. The dark web is a network of websites that use anonymity software.
The spokesman added that the agency had removed from service all equipment related to the breach and was monitoring contract work by the subcontractor.
Privacy advocates and some Democratic lawmakers quickly pounced on news of the loss of data to highlight longstanding concerns about the CBP program, which uses cameras at airports and land-border crossings to capture images of travelers and vehicles. Those images are collected and stored in part of an expanding facial-recognition program intended to track people who enter or leave the country.
“This breach comes just as CBP seeks to expand its massive face recognition apparatus and collection of sensitive information from travelers, including license plate information and social media identifiers,” said Neema Guliani, senior legislative counsel at the American Civil Liberties Union, which has long been critical of government efforts to amass personal biometric data. “This incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agency’s data practices.”
Initial findings indicated that fewer than 100,000 people had their images compromised, a CBP official familiar with the hack said. The stolen photos were of travelers in vehicles entering and leaving the U.S. via specific lanes at one border point of entry over a month-and-a-half period, the official said. No other identifying information or travel document images were compromised, the official added.
Federal law enforcement agencies are investigating the hack, the CBP official said.
CBP is a part of the Department of Homeland Security, which in addition to immigration enforcement plays a key role in protecting the government and the private sector from cyberattacks. The episode is just the latest in a series of hacks that have successfully breached contractors working for the federal government, a problem that senior U.S. cybersecurity officials have said continued to plague the Pentagon and civilian agencies.
The Wall Street Journal reported in March that an internal Navy review had found that the military branch’s contractors were being breached by China and others “with impunity” and that little was being done to address the problem. Hackers Prove The Insecurity, Hackers Prove The Insecurity