When a United States military device for sale on eBay was discovered by a German security researcher, he placed a low bid of $68.
He probably didn't think he'd win since he offered less than the seller's asking price. He had an even bigger surprise after he won. Marx was shocked when he found out he had bought the names, nationalities, photographs, fingerprints, and iris scans of 2,632 people from the US military.
US military members, people in Afghanistan who worked with the government, and ordinary people were all stored on the device. The majority of the data came from Afghanistan.
It was supposed to be destroyed on site. The failure to wipe device is consistent with the US military's occasional failures which have put people who helped the US military and US military members at risk of being identified and targeted by the Taliban.
AdvertisementNo one knows how many times the device has changed hands since it was last used.
Marx declined to give the database to The Times electronically. The Times sent a reporter to Germany to look at the data, then got in touch with an American who said the data was likely his.
The Department of Defense's press secretary told The Times that they needed to review the data before they could confirm its authenticity.
The department can't confirm the authenticity of the data because they haven't reviewed it. The department wants to know if any devices have personally identifiable information.
The data could have fatal consequences if it's authentic, according to experts. The US government should review the data, inform everyone affected, and give asylum to anyone still based in Afghanistan, according to them.
Marx told Ars that he contacted the DOD after he discovered the data, but that they failed to protect those affected by the leak.
The data would be useful to investigate how the devices ended up online and to find out who else is at risk.
Marx accused the military of failing to protect the data because they didn't care about the risk or ignored it.
All Rights Reserved © 2024
