FBI's secret terrorist watchlist was exposed on the internet. The said watchlist consists of 1.9 million records, including the agency's classified no-fly records.
The watchlist was left exposed on an Elasticsearch cluster because it had no password to protect.
FBI's Watchlist Involves Millions of People
Bob Diachenko, a Security Discovery researcher, discovered numerous JSON records in an exposed Elasticsearch cluster back in July, according to SecurityWatchWeek.
Diachenko discovered that the 1.9 million-strong record set contained people's personal information, including their complete names, country citizenship, gender, date of birth, passport details, and no-fly status.
The server was indexed by two search engines: Censys and ZoomEye. This means that Diachenko was not the only one who saw the list.
According to BleepingComputer, given the nature of the exposed fields, the list appears to be a no-fly list or one that is similar to a terrorist watchlist.
Additionally, the researcher noticed some elusive fields like "nomination type," "tag," and "selectee indicator," that he said he didn't understand.
Diachenko stated that the only valid guess that he got given the nature of the data was that it was a terrorist watchlist because there was a specific field tagged "TSC_ID." Sources told BleepingComputer that TSC stands for Terrorist Screening Center.
FBI Terrorist Screening Center
FBI's TSC is used by numerous federal agencies to manage and share consolidated information for counterterrorism purposes. The FBI maintains the classified watchlist called Terrorist Screening Database, also known as the no-fly list.
These types of databases are regarded as highly sensitive, considering the important role that they play in helping the national security and law enforcement tasks.
Terrorists or anyone suspected of being a terrorist and posing a national security threat is automatically nominated for placement on the watchlist at the agency's discretion.
The list is referenced by all airlines in the country and multiple government agencies such as the Department of Defense, Department of State, Customs and Border Protection, and Transportation Security Authority to check if a passenger is allowed by fly, inadmissible to the United States, or assess their risk for different other activities.
The FBI has also included those who sent bomb threats to airlines on the list.
The FBI has also used the list to arrest a large ring of criminals back in June.
Server Taken Offline
Diachenko discovered the database on July 19. He said that it had a Bahrain IP address, according to Gizmodo.
On the same day, Diachenko reported the data leak to the US Department of Homeland Security or DHS.
The exposed server was taken down on Aug.9, which was three weeks after he discovered it.
Diachenko wrote in his report that he does not know why it took the DHS so long to shut the server down, and he does not know whether any unauthorized parties were able to access it.
The researcher considers the data leak to be very serious, considering watchlists can expose those who are suspected of illegal activity but not charged with any crime.
Diachenko said that in the wrong hands, the list could be used to harass, target, oppress or persecute those on the list, including their families. It could also cause a lot of personal and professional issues for people who have not done anything wrong but has their name included in the list.
Related Article: Parler Capitol Riot Threat Reports Sent to FBI Ahead of Jan. 6, Claims Amazon Ban as 'Unlawful'
This article is owned by Tech Times
Written by Sophie Webster