Man Buys Shoebox-Shaped Container on eBay, Discovers It's Full of US Army HIIDE and SEEK Devices
It’s a good thing World War II ended a while back because a German man just accidentally stumbled onto a treasure trove of highly confidential American information.
As The New York Times reported, German security researcher Matthias Marx was shopping for deals on eBay when he spotted the “shoebox-shaped device, designed to capture fingerprints and perform iris scans.”
But while Marx simply thought he was purchasing a slice of older American tech to analyze and study, what he got was much more terrifying.
Marx and the “Chaos Computer Club” — described as a “European hacker association” by the Times — have actually spent the last year buying biometric capture devices on eBay, hoping to analyze them and find vulnerabilities and design flaws.
The merry band of hackers claimed to be motivated by concerns raised last year that the Taliban had procured a number of those capture devices after President Joe Biden’s utterly botched Afghanistan withdrawal.
Whether or not the “Chaos Computer Club” is as altruistic as it claims to be, the group at least brought attention to this embarrassing gaffe.
Marx and his gang purchased six total devices — four SEEK IIs (Secure Electronic Enrollment Kit) and two HIIDEs (Handheld Interagency Identity Detection Equipment).
Two of the SEEKs had “sensitive data” on them. One of the SEEKs with sensitive information on it held the names, nationalities, photographs, fingerprints and iris scans of 2,632 people.
It should go without saying that that is not ideal.
The Times reviewed that database of sensitive information and found many were known terrorists and wanted individuals, though other people in it had worked with U.S. officials or, scarier yet, random people who had merely been stopped at a checkpoint.
The SEEK II, referred to by the Times as “a relic,” still possessed enough data to very specifically target certain individuals — including high-risk individuals like those who had previously worked with the U.S.
“Because we have not reviewed the information contained on the devices, the department is not able to confirm the authenticity of the alleged data or otherwise comment on it,” Brig. Gen. Patrick S. Ryder, the Defense Department’s press secretary, told the Times in a statement.
“The department requests that any devices thought to contain personally identifiable information be returned for further analysis.”
That’s a nice departmental request, but it’s a pretty bad look that a random group of German hackers stumbled on this device by happenstance on a public forum like eBay … without the U.S. government being privy to this type of a potential data leak at all.
Despite being a “relic,” when Marx tried to use the SEEK II on himself, the system eventually prompted him to connect to a U.S. Special Operations Command server to upload the new “collected biometrics” on himself.
Ultimately, this is sadly emblematic of the American government under Biden — slow, bumbling, easily distracted and incompetent (not unlike the president himself).
“It was disturbing that they didn’t even try to protect the data,” Marx said about the U.S. military. “They didn’t care about the risk, or they ignored the risk.”
Marx even went one step further, eventually blasting the “unbelievable” and “incomprehensible” lackadaisical handling of such sensitive information.
“The irresponsible handling of this high-risk technology is unbelievable,” Marx said. “It is incomprehensible to us that the manufacturer and former military users do not care that used devices with sensitive data are being hawked online.”
Former national security official Stewart Baker also lambasted the data leak, highlighting the supreme human cost it could have.
“This should not have happened,” Baker told the Times. “It is a disaster for the people whose data is exposed. In the worst cases, the consequences could be fatal.”
Unfortunately, things that “should not have happened,” appear to be happening quite frequently under Biden.
And yes, the consequences can be (and have been) fatal.
Truth and Accuracy
We are committed to truth and accuracy in all of our journalism. Read our editorial standards.
