According to The New York Times, German researchers who bought biometric capturing equipment on eBay discovered secret US military data on their memory cards. This includes fingerprints, iris scans, pictures, names, and descriptions of the people, the majority of whom were from Iraq and Afghanistan. According to the article, many worked with the US army and might be targeted if the devices fell into the wrong hands.
The Chaos Computer Club, directed by Matthias Marx, purchased six of the devices on eBay, the majority for less than $200. They were prompted by a story by The Intercept in 2021 that the Taliban had captured identical US military biometric gadgets. As a result, they sought to investigate whether they had any identifying information on anyone who supported the US military that may put them in danger.
According to the article, they were “shocked” by the findings. They discovered the names, nationalities, photos, fingerprints, and iris scans of 2,632 individuals on the memory card of one smartphone. Other information revealed that it was used in the summer of 2012 near Kandahar, Afghanistan. Another gadget, which stored the fingerprints and iris scans of a select number of US military personnel, was deployed in Jordan in 2013.
According to a 2011 handbook to the devices, such gadgets were used to detect rebels, authenticate local and third-country individuals visiting US bases, and connect people to activities. “It was disturbing that [the US military] didn’t even try to protect the data,” Marx told the New York Times. “They apparently didn’t care about the risk or ignored it.
One gadget was bought at a military auction, and the vendor said they had no idea it carried classified data. Because the sensitive data was housed on a memory card, the US military could have avoided the danger by simply removing or destroying the cards before selling them.
“Because we have not reviewed the information contained on the devices,” Defense Department press secretary Brig. Gen. Patrick S. Ryder told the Times. “The department requests that any devices suspicious thought to contain personally identifiable information be returned for further analysis.”
Because the material is so sensitive, the organisation intends to erase any personally identifying information discovered on the devices. Another researcher said that anybody detected on such devices is not safe, even if they alter their names, and that the US government should grant them sanctuary.
