A secret terrorist watchlist with 1.9 million records, including classified

Secret terrorist watchlist with 2 million records exposed online

submited by
Style Pass
2021-08-16 18:00:04

A secret terrorist watchlist with 1.9 million records, including classified "no-fly" records was exposed on the internet.

July this year, Security Discovery researcher Bob Diachenko came across a plethora of JSON records in an exposed Elasticsearch cluster that piqued his interest.

The 1.9 million-strong recordset contained sensitive information on people, including their names, country citizenship, gender, date of birth, passport details, and no-fly status.

The exposed server was indexed by search engines Censys and ZoomEye, indicating Diachenko may not have been the only person to come across the list:

The researcher told BleepingComputer that given the nature of the exposed fields (e.g. passport details and "no_fly_indicator") it appeared to be a no-fly or a similar terrorist watchlist.

Additionally, the researcher also noticed some oblique fields such as "tag," "nomination type," and "selectee indicator," that weren't imminently understood by him.

Leave a Comment