- Political engineering 101: The biz-savvy IT leader’s survival guide
- Huawei set to ship 910C AI chips at scale, signaling shift in global AI supply chain
- The Cyber War on Democracy: Lessons from the 2024 RNC Email Hack
- Los CIO destacan las oportunidades de negociación ahora que AWS y Google reducen los costes de la nube
- 개념? 아키텍처? 기술?··· 데이터 메시 vs. 데이터 패브릭 vs. 데이터 가상화 이해하기
Cloud Misconfiguration Leaks US Terror Watchlist

A secret watchlist of suspected terrorists maintained by the FBI was exposed online after a configuration error and then not fixed for several weeks after being reported, according to Comparitech.
Head of security research at the firm, Bob Diachenko, said he discovered the Terrorist Screening Center (TSC) list on July 19, when the exposed Elasticsearch server was indexed by search engines Censys and ZoomEye.
The list was left online without a password or any other authentication to secure it. It contained 1.9 million records, including full name, TSC watchlist ID, citizenship, gender, date of birth, passport number and more.
The TSC is a classified list of suspected terrorists, including a smaller “no-fly” list. The information is shared with the Departments of State and Defense and customs officers, TSA staff and international partners.
Although he didn’t check the entire database, Diachenko suggested that it may have contained the whole TSC list.
“The terrorist watchlist is made up of people who are suspected of terrorism but who have not necessarily been charged with any crime. In the wrong hands, this list could be used to oppress, harass, or persecute people on the list and their families,” he argued.
“It could cause any number of personal and professional problems for innocent people whose names are included in the list. There have been several reports of US authorities recruiting informants in exchange for keeping their names off of the no-fly list. Some past or present informants’ identities could have been leaked.”
The exposed server, which was found on a Bahrain rather than a US IP address, was apparently left online without any security for three weeks after Diachenko informed the Department of Homeland Security (DHS).