According to a report from The New York Times, old US military equipment being sold on eBay contained information from troops, known terrorists, and people who may have worked with American forces in Afghanistan and other countries. The devices were purchased by a group of hackers, who found fingerprints, iris scans, peoples' pictures, and descriptions, all of which were protected by a "well- documented" default password. Getting at the sensitive data was called boring by the hackers in a post.
The fact that they were able to get their hands on the data doesn't make it boring, according to Marx, who leads the group's research. The data will be deleted after the club finishes its research, but what they have found raises concerns about how closely the military guarded this information.
Reports from last year said that the Taliban had access to the devices as the US withdrew from Afghanistan. The data on the devices could be used to identify people who helped American forces. The US built a database of Iraqis. The database is a hit list if it gets in the wrong hands according to a US official. The devices wouldn't allow someone to use the master database of Afghanistan's population unless they had access to additional equipment.
According to the Times, members of the Chaos Computer Club purchased six devices, which the military used around a decade ago to gather information about people at checkpoint and other operations. There were two devices that had information on their memory cards. According to the hackers, one of the devices contained over two thousand peoples' names and sensitive data that appeared to have been collected around 2012
They only paid $68 for the device. One of the employees it spoke to said that the company that sold it on eBay didn't know it had sensitive data. The company that sold the device to the club wouldn't say how it got it. The devices should have been destroyed after they stopped using them.
It isn't a surprise that they're available for sale online The data was left on at least some of them and nobody caught it before the devices were sold on eBay, which is a violation of the platform's policies against selling computers with personally identifiable information. The response from the US and device vendors is not reassuring and the Department of Defense just requested the device be mailed back. The Chaos Computer Club contacted the Department of Defense and was told to contact the manufacturer of the SEEK. They didn't get a response.