Misconfigured Server Leaks US Terror Watchlist
Bob Diachenko, head of security research for Comparitech, stated that he discovered a configuration error that leaked a secret watchlist of suspected terrorists maintained by the FBI. Diachenko stated that he discovered the Terrorist Screening Center (TSC) list on July 19. The server was not fixed for several weeks despite being reported, according to Comparitech. The exposed Elasticsearch server was indexed by search engines ZoomEye and Censys. The database contained 1.9 million records that included information such as full name, date of birth, TSC watchlist ID, citizenship, gender, and passport number.
The TSC is a classified list of suspected terrorists kept by the FBI to track potential national security threats. It also includes a smaller no-fly list of individuals who are not allowed to fly in or out of the US. This information is shared between the FBI, the TSA, the Departments of State and Defense customs officers, and international partners. Diachenko refrained from checking the entire database, however, he suspected it contained the whole TSC list.