Already last year, 184,000 images from a biometric pilot program are said to have been processed by a service provider of the Department of Homeland Security (DHS) and ended up in Darknet.
The images from the pilot program for automated facial recognition were stolen last year from a contractor of the customs and border protection agency Names Customs and Border Protection (CBP). The data was then partially released on Darknet by a cyber extortionist.
Department of Homeland Security report
The attack and the theft of the data has now been confirmed in a report by the Inspector General of the Department of Homeland Security, Joseph Cuffari. The data is said to have been scans of license plates and pictures of travelers’ faces.
According to the CBP investigation, 184,000 images were stolen from the Percepties service provider. At least 19 of them are said to have been subsequently found in digital underground forums. This was apparently made possible by an unencrypted storage device that was not properly protected. In the report by Joseph Cuffari, there is an image from an external hard drive that was supposedly unencrypted. This hard drive was said to contain sensitive personal data.
Cuffari said: “This incident could damage public confidence in the government’s ability to protect biometric data.
This could have devastating consequences. It is possible that travelers will refuse to allow the Department of Homeland Security to capture their fingerprints and faces at U.S. borders and then use them.
The hacker attack and the resulting threat of public image damage could promote a delicate situation with regard to illegal entry, as it would endanger the Department of Homeland Security’s biometric program.
According to Cuffari’s report, the DHS biometric database is said to contain records of more than 250 million people. This allows more than 300,000 comparisons per day. This is the largest biometric data store in the US government. The Department of Justice and the Department of Defense also have access to the database.
The European Union is also building its own biometrics super database, following the example of the US government. The EU database is to contain over 400 million persons from third countries. Fingerprints and digital facial images will be kept in the database for automated recognition.
Attack already in 2019
This hacker attack was already reported in the US media last year. According to last year’s report, DHS claimed that sensitive data was leaked into the darknet. The Customs and Border Protection probably refused to pay the sum for the extortion of 20 Bitcoins.