German security researchers recently purchased a biometric capture device from eBay for $68, only to discover that it contained sensitive military data, according to a New York Times report.
German security researcher Matthias Marx, who purchased the device, decided not to share the data online or in electronic form, but did allow a New York Times reporter to view it in person.
Marx noted the importance of properly securing and disposing of sensitive data to prevent it from falling into the wrong hands. “The irresponsible handling of this high-risk technology is unbelievable,” he said. “It is incomprehensible to us that the manufacturer and former military users do not care that used devices with sensitive data are being hawked online.”
The device, called a Secure Electronic Enrollment Kit (SEEK II), is designed to capture fingerprints and perform iris scans.
It was listed on eBay for $149.95, and when it arrived at the researchers’ home in Hamburg, they found that its memory card contained the names, nationalities, photographs, fingerprints, and iris scans of 2,632 people, most of whom were from Afghanistan and Iraq.
Some of the individuals in the database were known terrorists or wanted individuals, while others appeared to be people who had worked with the U.S. government or were simply stopped at checkpoints.
The metadata on the device indicated that it was last used in the summer of 2012 near Kandahar, Afghanistan.
The sale of such sensitive data on a public platform like eBay raises serious privacy and security concerns, as it could potentially be accessed by unauthorized individuals and used for malicious purposes.
Brigadier General Patrick S. Ryder, the Defense Department’s press secretary, stated that the department is “not able to confirm the authenticity of the alleged data or otherwise comment on it.”
However, he did request that any devices believed to contain personally identifiable information be returned to the military’s biometrics program manager at Fort Belvoir in Virginia for further analysis.
The biometric data on the SEEK II was reportedly collected at detention facilities, during patrols, during screenings of local hires, and after the explosion of an improvised bomb.
At the time when the device was last used in Afghanistan, the American war effort was winding down and military leaders were concerned about Afghan soldiers and police turning their guns on American troops.
They hoped that the biometric enrollment program would help identify any possible Taliban agents inside their own bases.