February 6, 2023

“This shouldn’t have happened,” Mr Baker said. “For those whose data was compromised, this is a disaster. In the worst case, the consequences could be fatal.”

Things we consider before using anonymous sources. Does the source know this information? What motives do they tell us? Have they proven reliable in the past? Can we corroborate this information? Even after addressing these concerns, The Times used anonymous sources as a last resort. Reporters and at least one editor knew the identities of the sources.

Of the six devices the researchers purchased on eBay — four SEEKs and two HIIDEs for handheld interagency identity detection devices — two of the SEEK II devices had sensitive data on them. The location metadata for the second SEEK II shows it was last used in Jordan in 2013 and appears to contain fingerprints and iris scans of a small group of US service members.

The New York Times contacted an American who found a biometric scan on the device, confirming that the data was likely his. He has served as a naval intelligence specialist and said his data, and that of any other Americans found on the devices, were likely gathered during military training sessions. The man, who asked not to be named, asked for his biometric documents to be deleted because he still works in the intelligence field and was not authorized to speak publicly.

Military officials say the only reason the devices have data on Americans is to use them during training, a common practice in preparation for their use in the field.

According to the Defense Logistics Agency, which disposes of millions of dollars in Pentagon surplus each year, devices like the SEEK II and HIIDE should never reach the open market — let alone online auction sites like eBay. Instead, all biometric collection devices should be destroyed on-site when military personnel no longer need them, as should other electronic devices that once held sensitive operational information.

How eBay sellers obtained the devices is unclear. The device with 2,632 profiles is sold by Rhino Trade, a Texas-based surplus device company. David Mendez, the company’s treasurer, said it bought the SEEK II at an auction for government equipment and was unaware that there would be sensitive data on decommissioned military equipment.

“I hope we haven’t done anything wrong,” he said.

The SEEK II with US military information is from eBay seller Tech-Mart in Ohio. Tech-Mart’s owner, Ayman Arafa, declined to say how he got it, or two other devices he sold to researchers.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *