Biometric devices sold on eBay allegedly contained sensitive US military data
"The irresponsible management of this high-risk technology is unbelievable."
German researchers who purchased biometric capture devices on eBay found sensitive US military data stored on their memory cards, The New York Times reported. This included fingerprints, iris scans, photographs, names and descriptions of individuals, mostly from Iraq and Afghanistan. Many worked with the US military and could be targeted if the devices fell into the wrong hands, according to the report.
A group of researchers called the Chaos Computer Club, led by Matthias Marx, purchased six of the devices on eBay, most for less than $200. They were spurred on by a 2021 report from The Intercept that the Taliban had seized similar US military biometric devices. As such, they wanted to see if they contained any identifying data about people who helped the US military that might put them at risk.
They were "shocked" by the results, according to the report. On a device's memory card, they found the names, nationalities, photographs, fingerprints and iris scans of 2,632 people. Other metadata showed it was used near Kandahar, Afghanistan in the summer of 2012. Another device was used in Jordan in 2013 and contained the fingerprints and iris scans of a small group of American servicemen.
These devices have been used to identify insurgents, verify local and third-country nationals accessing US bases and connect people to events, according to a 2011 guide to the devices. "It was disturbing that [the US military] didn't even try to protect the data," Marx told the NY Times. "They didn't care about the risk, or they ignored it.
A device was purchased at a military auction, and the seller said they were unaware it contained sensitive data. Sensitive information was stored on a memory card, so the US military could have eliminated the risk by simply removing or destroying the cards before selling them.
"Because we have not reviewed the information contained on the devices, the department is unable to confirm the authenticity of the alleged data or otherwise comment on it," the department's press secretary said. of Defense, Brig. General Patrick S. Ryder told the Times. "The department requests that any device that may contain personally identifiable information be returned for further analysis."
Given the sensitivity of the information, the group plans to remove any personally identifiable information found on the devices. Another researcher noted that anyone found on such devices is not safe even if they have changed their identity and should be granted asylum by the US government.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you purchase something through one of these links, we may earn an affiliate commission. All prices correct at time of publication.
"The irresponsible management of this high-risk technology is unbelievable."
German researchers who purchased biometric capture devices on eBay found sensitive US military data stored on their memory cards, The New York Times reported. This included fingerprints, iris scans, photographs, names and descriptions of individuals, mostly from Iraq and Afghanistan. Many worked with the US military and could be targeted if the devices fell into the wrong hands, according to the report.
A group of researchers called the Chaos Computer Club, led by Matthias Marx, purchased six of the devices on eBay, most for less than $200. They were spurred on by a 2021 report from The Intercept that the Taliban had seized similar US military biometric devices. As such, they wanted to see if they contained any identifying data about people who helped the US military that might put them at risk.
They were "shocked" by the results, according to the report. On a device's memory card, they found the names, nationalities, photographs, fingerprints and iris scans of 2,632 people. Other metadata showed it was used near Kandahar, Afghanistan in the summer of 2012. Another device was used in Jordan in 2013 and contained the fingerprints and iris scans of a small group of American servicemen.
These devices have been used to identify insurgents, verify local and third-country nationals accessing US bases and connect people to events, according to a 2011 guide to the devices. "It was disturbing that [the US military] didn't even try to protect the data," Marx told the NY Times. "They didn't care about the risk, or they ignored it.
A device was purchased at a military auction, and the seller said they were unaware it contained sensitive data. Sensitive information was stored on a memory card, so the US military could have eliminated the risk by simply removing or destroying the cards before selling them.
"Because we have not reviewed the information contained on the devices, the department is unable to confirm the authenticity of the alleged data or otherwise comment on it," the department's press secretary said. of Defense, Brig. General Patrick S. Ryder told the Times. "The department requests that any device that may contain personally identifiable information be returned for further analysis."
Given the sensitivity of the information, the group plans to remove any personally identifiable information found on the devices. Another researcher noted that anyone found on such devices is not safe even if they have changed their identity and should be granted asylum by the US government.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you purchase something through one of these links, we may earn an affiliate commission. All prices correct at time of publication.
What's Your Reaction?
![Three of ID's top PR executives quit ad firm Powerhouse [EXCLUSIVE]](https://variety.com/wp-content/uploads/2023/02/ID-PR-Logo.jpg?#){kind=logo}
