Daily Archives: January 10, 2020

Checkpeople, why is a 22GB database containing 56 million US folks’ aggregated personal details sitting on the open internet using a Chinese IP address?

Posted on by

A database containing the personal details of 56.25m US residents – from names and home addresses to phone numbers and ages – has been found on the public internet, served from a computer with a Chinese IP address, bizarrely enough.

The information silo appears to belong to Florida-based CheckPeople.com, which is a typical people-finder website: for a fee, you can enter someone’s name, and it will look up their current and past addresses, phone numbers, email addresses, names of relatives, and even criminal records in some cases, all presumably gathered from public records.

However, all of this information is not only sitting in one place for spammers, miscreants, and other netizens to download in bulk, but it’s being served from an IP address associated with Alibaba’s web hosting wing in Hangzhou, east China, for reasons unknown. It’s a perfect illustration that not only is this sort of personal information in circulation, but it’s also in the hands of foreign adversaries.

It just goes to show how haphazardly people’s privacy is treated these days.

A white-hat hacker operating under the handle Lynx discovered the trove online, and tipped off The Register. He told us he found the 22GB database exposed on the internet, including metadata that links the collection to CheckPeople.com. We have withheld further details of the security blunder for privacy protection reasons.

The repository’s contents are likely scraped from public records, though together provide rather detailed profiles on tens of millions of folks in America. Basically, CheckPeople.com has done the hard work of aggregating public personal records, and this exposed NoSQL database makes that info even easier to crawl and process.

Source: Why is a 22GB database containing 56 million US folks’ personal details sitting on the open internet using a Chinese IP address? Seriously, why? • The Register

FBI Surveillance Vendor Threatens to Sue Tech Reporters for Heinous Crime of Reporting on tombstones, tree stumps and vacuum cleaners they sell with spy cams in them

Posted on by

Motherboard on Thursday revealed that a “secretive” U.S. government vendor whose surveillance products are not publicly advertised has been marketing hidden cameras disguised as seemingly ordinary objects—vacuum cleaners, tree stumps, and tombstones—to the Federal Bureau of Investigation, among other law enforcement agencies, and the military, in addition to, ahem, “select clients.”

Yes, that’s tombstone cams, because absolutely nothing in this world is sacred.

Illustration for article titled FBI Surveillance Vendor Threatens to Sue Tech Reporters for Heinous Crime of Doing Journalism
Screenshot: Motherboard

 

The vendor, Special Services Group (SSG), was apparently none too pleased when Motherboard revealed that it planned to publish photographs and descriptions of the company’s surveillance toys. When reached for comment, SSG reportedly threatened to sue the tech publication, launched by VICE in 2009.

According to Motherboard, a brochure listing SSG’s products (starting at link from page 93) was obtained through public records requests filed with the Irvine Police Department in California.

Freddy Martinez, a policy analyst at government accountability group Open The Government, and Beryl Lipton, a reporter/researcher at the government transparency nonprofit MuckRock, both filed requests and obtained the SSG brochure, Motherboard said.

In warning the site not to disclose the brochure, SSG’s attorney reportedly claimed the document is protected under the International Traffic in Arms Regulations (ITAR), though the notice did not point to any specific section of the law, which was enacted to regulate arms exports at the height of the Cold War.

ITAR does prohibit the public disclosure of certain technical data related to military munitions. It’s unlikely, however, that a camera designed to look like a baby car seat—an actual SSG product called a “Rapid Vehicle Deployment Kit”—is covered under the law, which encompasses a wide range of actual military equipment that can’t be replicated in a home garage, such as space launch vehicles, nuclear reactors, and anti-helicopter mines.

ITAR explicitly does not cover “basic marketing information” or information “generally accessible or available to the public.”

Source: FBI Surveillance Vendor Threatens to Sue Tech Reporters for Heinous Crime of Doing Journalism

Lawsuit against cinema for refusing cash – and thus slurping private data

Posted on by

Michiel Jonker from Arnhem has sued a cinema that has moved location and since then refuses to accept cash at the cash register. All payments have to be made by pin. Jonker feels that this forces visitors to allow the cinema to process personal data.

He tried something of the sort in 2018 which was turned down as the personal data authority in NL decided that no-one was required to accept cash as legal tender.

Jonker is now saying that it should be if the data can be used to profile his movie preferences afterwards.

Good luck to him, I agree that cash is legal tender and the move to a cash free society is a privacy nightmare and potentially disastrous – see Hong Kong, for example.

Source: Rechtszaak tegen weigering van contant geld door bioscoop – Emerce