- My Forums
- Tiger Rant
- LSU Recruiting
- SEC Rant
- Saints Talk
- Pelicans Talk
- More Sports Board
- Fantasy Sports
- Golf Board
- Soccer Board
- O-T Lounge
- Tech Board
- Home/Garden Board
- Outdoor Board
- Health/Fitness Board
- Movie/TV Board
- Book Board
- Music Board
- Political Talk
- Money Talk
- Fark Board
- Gaming Board
- Travel Board
- Food/Drink Board
- Ticket Exchange
- TD Help Board
Customize My Forums- View All Forums
- Show Left Links
- Topic Sort Options
- Trending Topics
- Recent Topics
- Active Topics
Started By
Message
The FBI's terrorist watchlist found in an exposed web database without a password
Posted on 8/27/21 at 6:51 am
Posted on 8/27/21 at 6:51 am
But by damn, at least the FBI is woke!
quote:
FBI watchlist exposed by misconfigured Elasticsearch cluster
A terrorist watchlist was found in an exposed database, and security researcher Bob Diachenko says there is no way of knowing just how long it was open to the public.
By Shaun Nichols
16 Aug 2021
An apparent U.S. government terrorism watchlist was found exposed to the open internet.
Security researcher Bob Diachenko discovered the data in an exposed Elasticsearch cluster and reported the list to the FBI.
...Diachenko says that server was discovered and reported on July 19, with the takedown completed on Aug. 9.
Comprising around 1.9 million records, the database was stored inside an Elasticsearch server that had not been configured to have any sort of password protection. The records included basic info such as names, dates of birth and countries of citizenship, as well as more sensitive information including passport numbers and whether that individual was also on the Transportation Security Administration's no-fly list.
The database was originally created by the FBI-led Terrorist Screening Center, an operation that also involves the Department of Homeland Security (DHS). The DHS referred request for comment to the FBI, whose spokespersons could not be reached to comment on the matter.
LINK
quote:You can't spell UnEffingBelievable without FBI
On July 19, 2021, The exposed server was indexed by search engines Censys and ZoomEye. I discovered the exposed data on the same day and reported it to the DHS.
The exposed server was taken down about three weeks later, on August 9, 2021. It's not clear why it took so long, and I don't know for sure whether any unauthorized parties accessed it.
LINK
Posted on 8/27/21 at 6:54 am to NC_Tigah
Posted on 8/27/21 at 6:55 am to NC_Tigah
quote:
FBI watchlist exposed by misconfigured Elasticsearch cluster
You can’t make this shite up
Posted on 8/27/21 at 7:23 am to cajunangelle
quote:Real.
so was it a fake honeypot? LINK
or real names?
Diachenko ran his "honeypot" test in May to see how quickly unauthorized searches would occur in the event an internet database was exposed without a password.
quote:The terrorist database exposure was ID'd in July. Based on Diachenko's test work, and the fact the FBI left the database exposed 3wks after being notified of the problem, we can rest assured our terrorist watchlist database is no longer secret.
The database was set up on 11 May and was removed on 22 May. In that time, Diachenko reported, 175 unauthorised requests were made, averaging 18 a day. The first came on 12 May, just eight hours and 35 minutes after deployment.
Posted on 8/27/21 at 7:51 am to NC_Tigah
Too bad it's down. I'd be curious to know how many of us are on it.
Posted on 8/27/21 at 7:52 am to Tantal
I hope they spelled my name right.
Posted on 8/27/21 at 7:52 am to NC_Tigah
quote:
our terrorist watchlist database is no longer secret.
I want a copy.
Back to top
Follow TigerDroppings for LSU Football News