In “US border cops confirm: Maker of America's license-plate, driver recognition tech hacked, camera images swiped”, Shaun Nichols reports in The Register that the US Customs and Border Patrol (CBP) confirmed that hackers broke into one of its subcontractors and stole images of people and vehicle license plates crossing the border.
Today’s announcement did not reveal the subcontractor, but an earlier Thomas Claburn Register story, which was covered by a Daily Kos diary, reported that it was Perceptics, and Drew Harwell and Geoffrey A Fowler reported in the Washingon Post yesterday that although CBP did not say which contractor was involved, the Microsoft Word document that CBP sent to reporters was a file named “CBP Perceptics Public Statement” — indicating that CBP’s press office is as insecure as its contractors.
Although CBP said it hadn’t found any of the stolen images on the dark web, this appears to be another case of government incompetence or misdirection, as The Register found thousands of such images. And in “This Is Exactly What Privacy Experts Said Would Happen”, Sidney Fussell writes today in the Atlantic that he interviewed computer-security expert Chad Loder and the news is not good:
The full scope of the breach may be much larger than what CBP revealed in its original statement, he said. In recent years, CBP has asked travelers for fingerprints, facial data, and, recently, even social-media accounts. “If CBP’s contractor was targeted specifically, it’s unlikely that the attacker would have stopped with just photo data,” Loder told me.
Fussell writes that by 2023, DHS aims to have recognized the faces of 97% of all travelers leaving airports in the US. Presumably this face-recognition data will also be available to hackers, along with the images and other data that they already have.