Malicious actors have seized images of people travelling through US border checkpoints, prompting fresh fears around mass surveillance systems.
The US Customs and Border Protection (CBP) agency acknowledged the attack in a statement provided to Information Age.
“On May 31, 2019, CBP learned that a subcontractor, in violation of CBP policies and without CBP’s authorisation or knowledge, had transferred copies of license plate images and traveller images collected by CBP to the subcontractor’s company network,” a CBP spokesperson said.
“The subcontractor’s network was subsequently compromised by a malicious cyber-attack.
“Initial information indicates that the subcontractor violated mandatory security and privacy protocols outlined in their contract.”
CBP uses contractors like Perceptics – a provider of license-plate reading systems – to develop and maintain the surveillance technology on the US border.
In May, The Register reported that Perceptics had been hacked.
A hacker by the name of ‘Boris Bullet-Dodger’ alerted the news site of the breach and provided a link to the extracted files from Perceptics’s network. Hundreds of gigabytes of data, including date-stamped license plate images and personal information, had been made freely available on the dark web.
The hacker behind the Perceptics breach told Vice, “I think that idiots manage the company Perceptics”.
In the CBP statement about the most recent breach, the agency said “none of the image data has been identified on the Dark Web or internet” and “federal authorities will continue to monitor for any unauthorized disclosure of the information involved in this incident.”
Australians made more than one million short-term return trips to the United States in 2018.
The Department of Foreign Affairs and Trade (DFAT), which publishes travel advice website Smartraveller, did not express concern about the recent spate of data breaches.
A DFAT spokesperson told Information Age that the department’s travel advisories were “not intended to be a comprehensive account of all possible risks”.
“We encourage all Australians, including those who might have concerns about privacy and personal data, to research their destination before they travel,” the spokesperson said.
As outlined in the US Transportation Security Administration (TSA) Biometrics Roadmap, the TSA and CBP have partnered to roll-out biometric and facial recognition systems for domestic and international travellers.
“In recent years, CBP has invested significant financial and technical resources to develop a Biometric Air Exit capability to fulfill Congressional and Executive branch mandates to biometrically verify the departure of foreign nationals from the United States,” the report states.