Posted on June 11, 2019 at 2:13 PM
Online threats continue to endanger the privacy and security of people around the world, with the most recent example being a hack of a subcontractor working for the US Customs and Border Protection. Customs revealed on Monday that the hack had exposed photos of travelers, as well as their license plates.
The affected subcontractor unofficially identified as Perceptics
So far, it is unknown which subcontractor had their network attacked. However, the federal agency did announce this just before the news of a Tennessee-headquartered company which provides stationary license plate readers to US borders being compromised.
The company in question was identified as Perceptics by the UK computer security website, The Register. The site stated that the hacker who compromised the firm alerted them, reporting the breach himself back in late May. The company was contacted and asked to respond to this, but their spokesperson has failed to reply as of yet.
According to the statement from a congressional staffer who asked to remain anonymous, the breach affected fewer than 100,000 people. Further, the Customs and Border Protection stated that there were no reports of the stolen data emerging anywhere on the internet, including the dark web.
The breach was reported by the hacker himself
Meanwhile, The Register revealed that the hacker contacted the website, as mentioned previously, providing a list of all the files that they managed to extract from the hacked network. Further, The Register also stated that the Perceptics’ spokesperson confirmed that they were compromised.
It is believed, based on the initial information, that the hack was possible as a result of the contractor violating mandatory privacy and security protocols. These protocols were specifically outlined in their contract and had to be respected at all times.
Customs and Border Protection then added that it discovered the hack on May 31st. The hack was allegedly also possible due to the fact that the subcontractor decided to transfer the copies of images to the network owned by its own company. The subcontractor, allegedly Perceptics, did this without the agency’s permission, and the act violated established government policies.
Perceptics itself takes pride in the fact that it is the sole provider of license plate readers for all land border ports in the US, Canada, as well as some of the lanes in Mexico. The company’s license plate readers are then used for passenger vehicle primary inspection lanes.
The company also claims to have secured thousands of checkpoints on different borders, and that its products perform over 200 million vehicle checks every year. Not only that, but the company’s technology is also used for electronic toll collecting, and even in monitoring the roadways.
License plate reading technology needs to be regulated
Meanwhile, from a regulatory standpoint, there appears to be a major lack of regulations when it comes to databases and cameras used for license plate reading. The civil liberties groups, including the EFF (Electronic Frontier Foundation), as well as ACLU, claim so, alarmed by the fact. The groups also claim that this technology, while extremely practical and useful, also holds potential to be misused. Some example of misuse might include things such as location tracking, as well as surveillance.
The new development adds even more concern to the privacy and security issue around the world, and particularly in the US. Both online and offline, the lack of security is growing, and major hacking attacks tend to result in data thefts of hundreds of thousands, and even millions of people. 2018 saw major growth in these incidents, with data being stolen from major hotel chains, social media networks, and more.
Additionally, threats such as DDoS attacks continue to hit various targets, causing major disruptions, as well as thousands of dollars worth of damage. More often than not, these incidents are possible due to flawed and outdated security systems, or even failure to implement already existing patches and upgrades.
In the end, the fact remains that security, which is of dire importance for the safety of information and sensitive data, remains flawed. It does not receive nearly as much attention as it deserves, which tends to lead to major security breaches and data theft, which is something that needs to be addressed as soon as possible.