Biometric devices containing fingerprints, iris scans, photographs, names, and other information has been sold on eBay. The information was said to belong to individuals that worked for the US army in Iraq and Afghanistan.
Private Data Up for Auction
Six devices were bought on eBay for just below 200 euros by Chaos Computer Club, a group of German researchers headed by Matthias Marx. The group wanted to ascertain whether there were private data contained within the devices.
The idea came from a report wherein the Taliban managed to get their hands on US military biometric devices, as mentioned in Engadget. Unfortunately, The devices did contain the unencrypted data of 2,632 people on their memory cards.
Marx expressed how disturbing it was that the US military did not ensure that the data was protected. The information held within the device was mostly of terrorists and wanted people, but some were of the US military and people who worked with the US government.
The metadata within the cards was names, nationalities, fingerprints, and iris scans which had been used in Afghanistan back in the summer of 2012. One of the six devices also held data that was used in Jordan back in 2013.
It is still undetermined how the devices ended up on an auction site like eBay. Regardless, the biometric gadgets had detailed descriptions and photos that went with biometric data. It could prove to be dangerous should the information be acquired by people with malicious intentions.
Read Also: Brief History of Biometric Identification in Smartphones
The Biometric Devices
The devices bought on eBay were called HIIDE (Handheld Interagency Identity Detection Equipment) and SEEK II (Secure Electronic Enrollment Kit). The SEEK II was built by the Pentagon after the 9/11 incident.
The biometric data on SEEK II had information from detainment facilities, patrols, and screenings of local hires after the explosion of an improvised bomb, according to The New York Times. It was also used last in Afghanistan, a year after Osama bin Laden was killed.
SEEK II was used to identify potential double agents from within their bases, which had been prompted by shootings against American soldiers. The attacks were initiated by Afghan soldiers and the police.
The device had a small screen, a physical keyboard, and a fingerprint scanner. It unfolds in order to scan irises and take photos. It will then ask the user to connect to a US Special Operation Command server to upload the biometrics that have been collected.
Four of the biometric devices were SEEK IIs, while the two were HIIDEs. After being contacted, one individual stated that the data on the device was likely his. The contact was a Marine intelligence specialist and mentioned that the data might've been collected during training.
The Defense Logistics Agency expressed that the devices were never meant to hit the open market, especially in an auction site. He added that biometric equipment should've been destroyed as soon as it was no longer of use.
Related: Security Concerns of Biometric Data and How to Stay Protected
