Inspector General's Report Confirms CBP Contractor Was Hacked, Resulting In Sensitive Info Making Its Way To The Dark Web

from the collect-it-all,-protect-it-barely dept

Last year, a CBP vendor suffered a data breach affecting more than 100,000 people who had crossed the border at checkpoints. The CBP refused to name the contractor involved in the breach, but internal documents indicated it was Perceptics. Perceptics provided and maintained the system that photographed cars and their occupants as they crossed the border.

The vendor’s involvement in the breach has now been publicly confirmed, thanks to an Inspector General’s investigation of the incident. Sensitive information that was never supposed to be located on Perceptics’ servers was obtained by hackers and (partially) distributed on the dark web. [h/t Motherboard]

The report [PDF] lists the extent of the damage, which was fairly minimal given what was involved.

The subcontractor’s network was later the subject of a malicious cyber attack that compromised approximately 184,000 traveler images from CBP’s facial recognition pilot. After removing duplicate images, CBP reduced its estimate to 100,000 individual images, of which they discovered 19 were posted to the Dark Web.

From which the IG draws this inevitable conclusion:

This incident may ultimately result in damage to the public’s trust in Government biometric programs.

Yes, whatever trust there is that hasn’t been damaged yet, I guess.

Perceptics was authorized to be on-site to perform maintenance work. It was never authorized to transfer any photos to its own servers. But it did. And it did this in the worst way possible.

According to documentation from Unisys and CBP, Perceptics subsequently admitted to Unisys that it had downloaded approximately 184,000 traveler images from the equipment in conjunction with the work order tickets. Perceptics personnel accomplished this using an unencrypted USB hard drive that was eventually transported back to their corporate office in Knoxville, Tennessee. From there, subcontractor personnel uploaded CBP’s images to a Perceptics server.

This unauthorized data exfiltration led directly to another unauthorized data exfiltration.

Perceptics’ corporate network was subjected to a ransomware attack at some point prior to May 13, 2019. The attack compromised thousands of driver and passenger images that CBP captured during the VFS pilot. CBP determined that more than 184,000 traveler facial image files, as well as 105,000 license plate images from prior pilot work, were stored on the subcontractor’s network at the time of the ransomware attack. In addition, the hacker stole an array of contractual documents, program management documents, emails, system configurations, schematics, and implementation documentation related to CBP license plate reader programs.

Perceptics refused to pay the ransom and the hacker (d/b/a “Boris Bullet Dodger”) released “9,000 unique files” on the dark web.

The Inspector General says Perceptics should never have taken files offsite. But it’s not the only party to blame. CBP should have made this far more difficult to achieve.

Perceptics was able to make unauthorized use of CBP’s biometric data, in part because CBP did not implement all available IT security controls, including an acknowledged best practice. Additional IT security controls in place during the pilot could have prevented Perceptics from violating contract clauses and using an unencrypted hard drive to access and download biometric images at the pilot site.

The rest of the report is the CBP promising to secure barn doors as per the IG’s recommendations. Certainly this will have some effect going forward. But the fact remains the CBP collects a lot of personal information that can be tied to border crossers’ vehicles. All of this in one place continues to make the CBP — and most government agencies — tempting targets for malicious hackers.

Filed Under: , , , , , , ,
Companies: perceptics, unisys

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Inspector General's Report Confirms CBP Contractor Was Hacked, Resulting In Sensitive Info Making Its Way To The Dark Web”

Subscribe: RSS Leave a comment
8 Comments
This comment has been deemed insightful by the community.
That Anonymous Coward (profile) says:

Gee its almost like they think you can just hand out credit monitoring and that makes everything better.

Meanwhile all the O2 is being sucked out of the room by ZOMG 230 screaming while after to many hacks to count, to many contractors violating the law, they still haven’t demanded tighter security with actual punishments & protections. But if we pay a few billion more for shitty planes we won’t ever actually use we’ll be safe again.

Something something Trump of all people should know how easy it is to leverage people when they have nothing & someone has dirt on them.

Anonymous Coward says:

Low-Hanging Fruit

CPB Fails

  • Sir, you’re not allowed to take recordable media onsite.
  • Download access denied (network layer).
  • Sir, I need to check the content of that thumb drive.

Perceptics Fails

  • As contractors, we must be ethical.
  • As custodians of client data, we must be competent.

All a hacker needs is the understanding that in many circumstances these are usual levels of laziness, incompetence, and dishonesty. Pick a third-rate government agency with no specialization in IT security and hack their brand-X, private sector consultants…harvest time!

Rishkvv (user link) says:

shy asian brides

Who reports the official united states unemployment rate

Illustrative photography (original: VNA) Hanoi (VNA) Despite adverse is affecting of COVID 19 pandemic, Social welfare has still been ensured, The macro economy stabilised and inflation effectively reigned in, in order to Director General of the General Statistics Office (GSO) Nguyen Thi Huong. Addressing a press briefing on the socio economy in the first nine months of 2021 on September 29, The GSO official attributed the results to the active engagement of the whole political system as well as the timely and drastic directions from the government and the Prime Minister, And <a href=https://www.love-sites.com/10-simple-rules-of-dating-shy-asian-brides/>Asian brides</a> joint efforts of all areas, locations, Businesses and people in america. Social welfare ensured Huong said that as of september 21, basically 13.8 trillion VND (605.99 million usd) Worth of support had been ship to nearly 17.6 million pandemic hit of us, that 11.4 trillion VND was spent on 23 provinces and cities heavily plagued by the pandemic. scenario, 136,349 <find>out more.] About Macro economic stability, Social contentment ensured despite COVID 19: GSO leaderVit Nam refutes ‘false’ claim on militia implementation in East SeaLk Lake, A peaceful spot in the Central Highlands16,715 new COVID 19 cases reported on ThursdayMasan Group Top ASEAN consumer pick according to Bank of America16,715 new cases publicised on January 20Vit Nam, Hungary foster parliamentary cooperationApple discontinues full size HomePod, to pay attention to HomePod miniiPhone demand weakness just ‘noise,’ outlook is still strong, Analyst saysAd duplicated HBO Max option coming in JuneApple Watch SE returns to $259, Cellular $309 in today’s Amazon dealsDaVinci Resolve and Fusion now basically support M1 Macs.
[—-]

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...