Cloud Misconfiguration Leaks US Terror Watchlist

A secret watchlist of suspected terrorists maintained by the FBI was exposed online after a configuration error and then not fixed for several weeks after being reported, according to Comparitech.

Head of security research at the firm, Bob Diachenko, said he discovered the Terrorist Screening Center (TSC) list on July 19, when the exposed Elasticsearch server was indexed by search engines Censys and ZoomEye.

The list was left online without a password or any other authentication to secure it. It contained 1.9 million records, including full name, TSC watchlist ID, citizenship, gender, date of birth, passport number and more.

The TSC is a classified list of suspected terrorists, including a smaller “no-fly” list. The information is shared with the Departments of State and Defense and customs officers, TSA staff and international partners.

Although he didn’t check the entire database, Diachenko suggested that it may have contained the whole TSC list.

“The terrorist watchlist is made up of people who are suspected of terrorism but who have not necessarily been charged with any crime. In the wrong hands, this list could be used to oppress, harass, or persecute people on the list and their families,” he argued.

“It could cause any number of personal and professional problems for innocent people whose names are included in the list. There have been several reports of US authorities recruiting informants in exchange for keeping their names off of the no-fly list. Some past or present informants’ identities could have been leaked.”

The exposed server, which was found on a Bahrain rather than a US IP address, was apparently left online without any security for three weeks after Diachenko informed the Department of Homeland Security (DHS).