Members of a hacking group have claimed that they were able to order U.S. military equipment used in Afghanistan that contained sensitive data and the biometric information of over 2,000 people.
(For insights on emerging themes at the intersection of technology, business and policy, subscribe to our tech newsletter Today’s Cache.)
Members of the “Chaos Computer Club,” who described CCC as Europe’s largest association of hackers, said they were concerned by reports of the Taliban finding U.S. military devices that had biometric records in them. After a search, CCC found such devices being auctioned online and acquired six of them for analysis.
“The extracted data was all the more impressive: The various devices shopped online contained names and biometric data of two U.S. military personnel, GPS coordinates of past deployment locations, and a massive biometrics database with names, fingerprints, iris scans and photos of 2,632 people,” CCC said in a statement on Tuesday.
Tech outlet The Verge cited The New York Times to report that at least one device was sold on eBay for less than $100. When contacted, the U.S. Department of Defense reportedly asked for the devices to be mailed back to them.
According to CCC, one biometrics database was from around 2012. CCC has also slammed the way authorities handled the case and the alleged lack of action from the manufacturer.
“Two and a half months after our report, we were able to order another biometric device online,” CCC said in its press release.
The group has warned that the biometric information contained within such military devices could help the Taliban identify people who worked against them in the past.