FBI leaks personal data of millions of criminals and terrorists

In an unprecedented fact, it has been confirmed that a list of suspected terrorists compiled by the Federal Bureau of Investigation (FBI) remained exposed online between July and August 2021. The leaked database was compiled by the FBI’s Terrorist Screening Center (TSC), an agency created after the 9/11 attacks and contains names and other personal details of suspected terrorist activities.

This database is controlled by the FBI but many other agencies have access to this information, including the Department of State, the Department of Defense, and Customs and Border Protection. In addition to containing information on suspected terrorist activities, this database is used by aviation authorities in the United States to allow or deny entry, exit and transit in the national territory.

In this regard, the renowned security researcher Bob Diachenko claimed to be the one who discovered a copy of the database linked to an IP address in Bahrain: “This database was exposed in an Elasticsearch cluster and contained almost 2 million unique records; at the moment I do not know if this is only a part of the TSC database or if it contains all the information of this agency.”

Among the data contained in the file are details such as:

  • Fully qualified names and assigned TSC identifier
  • Country of origin
  • Date of birth
  • Gender              
  • Passport number
  • No-fly status

The researcher reported his finding to the appropriate authorities on July 19, although by then the database had already been indexed to search engines such as Censys or ZoomEye.

It is not yet clear whether the compromised Elasticsearch server was managed by a government agency, an outsourced company, or whether the information was obtained illegally. The existence of this information was a well-kept secret until the authorities began to notify citizens of its inclusion on this list.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.