Secret Terrorist Watchlist With 2 Million Records Exposed Online (bleepingcomputer.com) 87
A secret terrorist watchlist with 1.9 million records, including classified "no-fly" records was exposed on the internet. The list was left accessible on an Elasticsearch cluster that had no password on it. BleepingComputer reports: July this year, Security Discovery researcher Bob Diachenko came across a plethora of JSON records in an exposed Elasticsearch cluster that piqued his interest. The 1.9 million-strong recordset contained sensitive information on people, including their names, country citizenship, gender, date of birth, passport details, and no-fly status. The exposed server was indexed by search engines Censys and ZoomEye, indicating Diachenko may not have been the only person to come across the list.
The researcher discovered the exposed database on July 19th, interestingly, on a server with a Bahrain IP address, not a US one. However, the same day, he rushed to report the data leak to the U.S. Department of Homeland Security (DHS). "I discovered the exposed data on the same day and reported it to the DHS." "The exposed server was taken down about three weeks later, on August 9, 2021." "It's not clear why it took so long, and I don't know for sure whether any unauthorized parties accessed it," writes Diachenko in his report. The researcher considers this data leak to be serious, considering watchlists can list people who are suspected of an illicit activity but not necessarily charged with any crime. "In the wrong hands, this list could be used to oppress, harass, or persecute people on the list and their families." "It could cause any number of personal and professional problems for innocent people whose names are included in the list," says the researcher.
The researcher discovered the exposed database on July 19th, interestingly, on a server with a Bahrain IP address, not a US one. However, the same day, he rushed to report the data leak to the U.S. Department of Homeland Security (DHS). "I discovered the exposed data on the same day and reported it to the DHS." "The exposed server was taken down about three weeks later, on August 9, 2021." "It's not clear why it took so long, and I don't know for sure whether any unauthorized parties accessed it," writes Diachenko in his report. The researcher considers this data leak to be serious, considering watchlists can list people who are suspected of an illicit activity but not necessarily charged with any crime. "In the wrong hands, this list could be used to oppress, harass, or persecute people on the list and their families." "It could cause any number of personal and professional problems for innocent people whose names are included in the list," says the researcher.
Re:bye bye civil liberties (Score:5, Insightful)
>"Does anyone really think there are nearly 2 million terrorists in the US right now?"
No. The list is obviously not just those *IN* the USA, but world-wide, citizen or not. It is also not "terrorists", but those suspected of possible terrorist-like activity, but more likely ANY disruptive behavior (like they created a scene on a plane). So it is neither just the USA nor just "terrorists".
That aside, it is an insane program that ANY American citizen could end up on such a list without 1) Being notified when placed on it and 2) Having some way to challenge it in court. Having secret lists like this that end up as part of a "no-fly" list denies citizens their rights, and certainly it is without any due process nor the assumption of innocence (which our system is based on). Worse, politicians continuously want to use lists like this for OTHER purposes to deny rights. Welcome to the China social credit dystopia.
https://en.wikipedia.org/wiki/... [wikipedia.org]
Most of us would argue the FBI certainly does have the right and even mandate to create and keep such lists, even secretly. But the moment they are used to deny services or rights to citizens, that crosses the line, like the no-fly list did/does.
https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: bye bye civil liberties (Score:1)
The US system isn't based on the assumption of innocence, that only applies in criminal cases. The burden of proof is far lower in civil cases and reversed to an assumption of guilt in tax matters.
Re: bye bye civil liberties (Score:5, Informative)
>"The US system isn't based on the assumption of innocence, that only applies in criminal cases."
Criminal cases are the only ones that take away your rights. Perhaps your freedom (jail, prison), your ability to vote, ability to legally own a firearm, being required to report to probation (including search without probable case), being required to take some type of class, being placed on some type of restriction list (sec offender), etc. Civil cases are just money damages. In the case of the no-fly list, that is removing rights (your ability to travel by air, or perhaps access to some other service or ability), so it more closely follows a criminal than civil concern. In my mind, that means you should be notified, and there should be some type of reasonable due process. Many people and organizations agree. How this has not been judged unconstitutional at some point in the last 20 years is just amazing.
>"The burden of proof is far lower in civil cases "
Although the burden of proof in civil cases is much lower than criminal cases, you are STILL presumed innocent until proven guilty.
Re: (Score:3)
Although the burden of proof in civil cases is much lower than criminal cases, you are STILL presumed innocent until proven guilty.
Ehh...kinda. Neither innocence nor guilt are decided in civil cases. And depending on the type of case, the burden of proof can actually fall on the defendant if the plaintiff presents sufficient evidence.
Re: (Score:2)
Um, yeah, so
DHS Traveler Redress Inquiry Program is how you fight being told you can't board a plane. I have no idea what the process is or how easy it is to be removed.
What I do know, is that in 2017 there were 1.2 Million people on the list and only 4,600 were US citizens or permanent residents. That's an absurdly small percentage of our population.
I don't have much of a problem with this because air travel isn't a basic human right. Not being crashed into a skyscraper is. I can't feel bad because someone
Re: bye bye civil liberties (Score:2)
Re: bye bye civil liberties (Score:3)
So which ones take away your ability to board a flight? Criminal or civil?
you don't have a right to fly internationally (Score:2)
Re:you don't have a right to fly internationally (Score:4, Informative)
>"indeed the government can lawfully regulate that transportation usage"
That isn't regulation when it targets individuals. So at what point is the Fed using powers (not granted to it in the first place) to say what a targeted *individual citizen* can't do, when not being found guilty of a crime? Could you have a list that bans one from buying a house? How about ban someone from driving a car? Public speaking? Buying alcohol? Enrolling in college?
Re: (Score:2)
I sort of think this has to be an internal list, if it not just a partial list. Because their are far far far more then 2 million people America does not want flying into its country. Their are entire countries governed by "terrorists", if this was a international list of the people directly associated with Americas enemies, it would be at least 100 million, and I do not even think we would need to start classifying Russia or China as an enemy to get their.
Re: (Score:2)
Hmm... What's the population of D.C. again?
Re: (Score:1, Insightful)
More like when a righty is in power, they order it filled up with "suspicious" lefties, and when lefties are in power, they do the opposite. Thus anybody who ever posted something like "I wish I could slap Politician X", they are entered.
Ooops, I bet I'm on the list.
Re: (Score:3)
More like when a righty is in power, they order it filled up with "suspicious" lefties, and when lefties are in power, they do the opposite.
Also anyone for whom an anonymous informant made a claim they were a terrorist. Informants like your spouse in a bad divorce case, your a-hole neighbor with the loud party you once called the cops on, your political opponents, someone who thought you'd gone to the inauguration protests so you must be a rebel, who doesn't like your political postings, figured out who yo
Re: (Score:2)
Really? Both sides are just the same?
So where's the liberal version of the Mcarthy hearings?
Re: (Score:2)
The current House inquiry into the January 6 "protest", obviously.
/sarcasm
Re: (Score:2)
We keep being told that we can't hold the democrats responsible for their parties actions in the 50's and 60's but here you are doing that to the Republican's.
Let's go back another 10 - 20 years. Which party arrested and jailed Japanese citizens simply because they were of Japanese decent? (Answer - democratics under FDR)
Re: bye bye civil liberties (Score:1)
Re: (Score:1)
Us independents weren't dumb enough to think Obummer was a lefty just because he doesn't identify as republican. IOW, actions speak louder than words, no matter how beautiful those words were.
Re: (Score:2)
Us independents weren't dumb enough to think Obummer was a lefty just because he doesn't identify as republican. IOW, actions speak louder than words, no matter how beautiful those words were.
But you are dumb enough to assume that left and right have to mean the same globally.
He was a lefty for US politics and considering he was the US president, that's pretty relevant.
Re: (Score:1)
Link?
Re: (Score:1)
Fighting for the country?
Ask any vet of Afghanistan to tell you which U.S. citizen RIGHTS he upheld. Go ahead bitch.
As for fight, here's an interesting idea. NExt time you stuff something up your ass, make it dynamite and light the fuse.
Re: (Score:1)
Re: bye bye civil liberties (Score:2)
Re: (Score:1)
Re: (Score:2)
"Does anyone really think there are nearly 2 million terrorists in the US right now?"
Not yet, but soon, now that everybody knows who to recruit amongst people who are mad to be on the no-fly list.
Re: bye bye civil liberties (Score:2)
Re: (Score:2)
Cat Stephens found himself on there in 2005.
Is this true? I liked his old music, but am sorry that he embraced islam. Even that shameful act should not put him on a Federal list.
Just to be clear and to avoid a load of clarity messages, I consider Islam to be a really destructive cult, and similar emotions to the US PATRIOT ACT and its airport restrictions. It used to be, my boss would give me an airline ticket to go (with my mule's burden of equipment) to the customer's airport. I just had to answer to the call for my boss's name.
The airlines hated t
Re: (Score:2)
Re: (Score:2)
Bigot much?
Not at all.
And you wonder why extremists want to kill Americans?
No, not at all. Next question?
Re: (Score:2)
Just to be clear and to avoid a load of clarity messages, I consider Islam to be a really destructive cult,
And it is, but so is Catholicism and 2/3 of the supremes are Catholic. And so it goes.
Re: (Score:2)
Just to be clear and to avoid a load of clarity messages, I consider Islam to be a really destructive cult,
And it is, but so is Catholicism and 2/3 of the supremes are Catholic. And so it goes.
I have to type out tags just to agree with you. But I agree with you. My post against Islam is by no means agreement with some other $$$ collecting religion.
Re: (Score:1)
... Even the obama administration put veterans on lists who got diagnosed with PTSD (which is a shit ton). ...
Since the claim is a lie, fuck off.
Re: Cat Stevens (Score:1)
How did he search the list to confirm? Link?
Re: Cat Stevens (Score:2)
Re: Cat Stevens (Score:2)
Re: (Score:1)
I think I _might_ have remembered it, but not the link to search the data
Re: (Score:2)
I could be wrong but it seems this might be the same story....from 2016...
https://developers.slashdot.or... [slashdot.org]
Re: (Score:2)
wtf.
my name was not on the list.
tdamn.
now i am staring to fidget
So, it's officially a (Score:1)
Imagine a ... no, don't.
Re: (Score:2)
A question occurred to me. https://www.beowulf.org/piperm... [beowulf.org]
Best I can tell, simply because the poem involved organizing 14 warriors to a task.
Re: (Score:2)
Wait, maybe not even that.
But Sterling now admits this tale was invented in hindsight. In fact, he chose the name when a Goddard program administrator called and asked for a name on the spot. "I was helplessly looking around for any inspiration," he says. His mother had majored in Old English, and so he happened to have a copy of the early Anglo epic sitting in his office.
"I said, 'Oh hell, just call it Beowulf. Nobody will ever hear of it anyway.'"
https://spinoff.nasa.gov/Spino... [nasa.gov]
Does it get any easier? (Score:1, Troll)
Is that your intent? (Score:1)
select * from parler left join gop.fundraiser, left join donaldtrump.com;
It sounds like you want us to hate you. Was that your intent?
Also, lots of your side are complaining *right now* that we won't do what you want - climate change, Covid, UBS, immigration, or whatever.
Does making us hate you get you closer or further from those goals?
Re: (Score:3)
Only a malignant narcissist would destroy the planet to get back at someone they disagree with ideologically.
Re: (Score:2)
There is one group among <insert opposing party here> that cannot fathom having a debate about their demands, goals and ideas, because they firmly believe that everything their think is best is actually the best, everything they think is true is true, everything is as important as they think it is and no alternatives exists that they haven't thought about.
FTFY. And the term you're looking for is "fanatic".
One of the most remarkable things about the American political system is that the most extreme members of each party stand touching back-to-back and reason that others must be far away because they can't see them.
Some of the most pig-headed, intolerant, bloviating, positional, divisive, identity-politicking, hate-spewing, and (politically-motivated) violent individuals I've ever met or seen are self-identified American Democrats.
The others were self-identif
Re: (Score:1)
It's amazing the amount of conflation that the rabid left will go to.
Re: (Score:2)
The resemblance is uncanny. https://i.redd.it/oqm8doqorph7... [i.redd.it]
Re: (Score:2)
"It's amazing the amount of conflation that the rabid left will go to."
You're just on the rabid right because you're an old fuck according to your uid.
Re: (Score:1)
Hmmm, are commas allowed in Join clauses?
Re: Does it get any easier? (Score:2)
They can often be used as an implicit cross join ("from table1, table2"), but I've never seen it used in conjunction with the join keyword.
Was the exposed list writeable? (Score:3)
If so, take a moment to add the IT security folks name to the list before reporting the leak. It'll never happen again.
Re: (Score:3)
Think big. Add the names of every congress person, representative, and senator.
Re: (Score:2)
Think big. Add the names of every congress person, representative, and senator.
Why not? Senator Kennedy was on it for a while.
More please (Score:2)
Re: (Score:2)
According to Marcinko, there are three levels of FU'd-ness.
SNAFU is the first, and lowest level. It is the Normal situation: "Situation Normal, All F'ed Up."
TARFU is the intermediate level: "Things Are REALLY F'ed Up."
The highest level is FUBAR: "F'ed Up Beyond All Recognition". (Some authorities, Marcinko included, expand the acronym as "F'ed Up Beyond All Repair".) This event clearly rises to that highest level.
Re: (Score:1)
Rumsfeldian translation: There are known fuckups and unknown fuckups that only become known if they are so fucked up that nobody can hide them anymore, but at that stage the results remove all observers such that it becomes the second category again.
When 1 in 3000 of the entire world is your enemy.. (Score:4, Insightful)
When you regard 1 in 3000 people as your violent enemy, perhaps you're doing something wrong.
Re: (Score:1)
Very true. Unfortunately, those who think this way are often completely incapable of self-reflection, for fear of what they have become.
Re: (Score:1)
The converse is also true then. If you regard 2,999 or 3,000 people as not violent enemies, perhaps you are doing something right!
No shit. (Score:2)
It still makes me wonder what kind of people do make that list. How many government critical but not violent people are going to be among them? 1.9 million is not a small number even if you consider the scales here.
One point nine mil (Score:3)
Confirmed as real? (Score:2)
Or could this be the result of a query of a honeypot. With fake data inserted linking to the logon ID, IP address and other identifying information of whoever grabbed the original copy?
The secret terrorists... (Score:2)
Sure. That's one take. Another take is that it could enable innocent people whose names are included on the list to KNOW it and clear up whatever misunderstanding has them wrongly listed.
I totally get keeping things quiet while you've got an active investigation of some sort. You suspect someone of wrongdoing, so you're gathering evidence and proof. You don'
Re: The secret terrorists... (Score:2)
Rich terrorists fly private (Score:2)
The no-fly list is just valid for commercial flights.
Wrong headline (Score:3)
Quit giving the interns (Score:2)
the 'keys' to the database.
Double-standard (Score:2)
Like not being able to travel to another city or country: But it's okay when government does it.
I wanna know (Score:2)
‘Homeland Security’ is a joke (Score:2)
The great thing about watchlists... (Score:2)
Re: (Score:2)
> The great thing about watchlists is that anyone can create their own.
Even the Nazis had their own list:
https://www.youtube.com/watch?... [youtube.com]
The main value (Score:2)
The main value of such a list is so you know whom NOT to send to try to bring down a plane, or do other nasty deeds.