back to article Global 'terror database' World-Check leaked

The "terrorist database" World-Check used by global banks and intelligence agencies has, we're told, leaked online. The mid-2014 version of the database contains some 2.2 million records and is used by 49 of the world's 50 largest banks, along with 300 government and intelligence agencies. Access to its contents is granted via …

  1. Anonymous Coward
    Anonymous Coward

    Reuters has deep pockets

    so a big payday for the Libel Lawyers for all those false positives.

  2. Anonymous Coward
    Anonymous Coward

    In a former life I had to do "anti-terrorist" checks against a similar UN database. This was just after 9/11 and the list was much smaller. It was so wide ranging that many accounts and people matched (even staff members). Some of the DB records contained only a surname/family name. Using just a single source such as this list to disable accounts would be negligence.

    1. Matt Bryant Silver badge

      Re: AC

      "..... Using just a single source such as this list to disable accounts would be negligence." I suspect the HSBC staff that made the decisions were caught between two conflicting directives. The first was probably to cut costs, hence the possible reliance on a single source. The second was to avoid any potential problem with the US authorities. Even just being named as providing banking to a suspected terrorist is not only bad for business in the US, but can bring you into the cross-hairs of the any number of Congressional committees looking to score votes as "tough on terror" by hammering a foreign bank. That is the "risk" mentioned in the article. Having said that, IIRC, it is part of the standard boilerplate with UK accounts that a bank can withdraw services from any customer at their own discretion, and there is pretty-much sweet FA a customer can do about it.

  3. Anonymous Coward
    Anonymous Coward

    I'm too SQuooL for school

    MongoDB: It's like a relational database but dumps security and atomicity for speed. Then you realise you actually needed those things, but emulating them at the application level is left as an exercise for the hipsterDev.

    1. Destroy All Monsters Silver badge
      Paris Hilton

      Re: I'm too SQuooL for school

      Isn't this a comment for another article?

      1. TwoElephantsBig

        Re: I'm too SQuooL for school

        No, when I played with MongoDB it by default did not have user/password authentication. I'm guessing the comment is directed at this behaviour. I think I remember that they changed this in the last year or two, my experience is from 2014.

        There was another significant breach that relied on this. The attacker was able to get into the network and from there access the MongoDB without authentication. Relying on your database being in a DMZ as your sole line of defence really isn't enough.

    2. joepie91

      Re: I'm too SQuooL for school

      Except then you discover that it isn't faster either. And at that point you should start asking yourself why you're using it again, but most of its users don't ever seem to do that.

  4. Destroy All Monsters Silver badge
    Paris Hilton

    Well, well, well...

    A high profile public disclosure of the database beyond the original leak could be wreckless

    Or rather, it could be "wreckfull"?

    Inaccurate terror designations were first revealed by the BBC's Radio 4 which gained 30 minutes of access to the database in August 2015 from a disgruntled customer.

    That "customer" would be a bank employee in a bank subscribing to said service?

    One of those was the account for the UK Finsbury Park Mosque which was described in a HSBC letter as having "fallen outside of HSBC's risk appetite". ... Sources say HSBC closed on the mosque because it donated money to Palestine during the 2015 Israel-Gaza war.

    Well, it's pretty clear where the loss of appetite comes from. It's not fun being on the lawfare end of the "Forever Victim" industry. But who are those "sources"?

  5. Anonymous Coward
    Anonymous Coward

    I like the "Global Terror Database" headline

    Today's forecast: Dogger - Terror 15, NNW, increasing. Later turning south...

    1. phuzz Silver badge

      Re: I like the "Global Terror Database" headline

      What you do, right, is you put all the terror in a database, right. Then you just drop the tables, simples!

  6. AndrueC Silver badge

    A high profile public disclosure of the database beyond the original leak could be wreckless

    Oh I don't know. It could wreck a few careers I think :)

    1. Anonymous Coward
      Anonymous Coward

      Ah, a member of the antebrexit school of spelling. I salute you, sir/madam!

    2. David Roberts

      Just to be clear...

      Wreck not: don't break it, baby.

      Reck not: JFDI

      Journalists and spell checkers.........

  7. Anonymous Coward
    Anonymous Coward

    Where is all this going???

    Never mind privacy, at the current rate of leaking and slurping (and subsequent re-leaking), we're totally screwed as a species! How long more can this go on???

    1. Anonymous Coward
      Anonymous Coward

      Re: Where is all this going???

      You're Spartacus and so's your wife.

  8. PleebSmasher


    "It found terrorist profiles including the Council on American-Islamic Relations executive director Nihad Awad, joined former US President George W. Bush in a post 9/11 press conference, and the organisation itself."

    I don't get it. Do you mean "who joined"? And "the news organisation", referring to Vice News?

    1. Velv

      Re: uhh

      I thought Who was on First

    2. Matt Bryant Silver badge

      Re: Pleeb Smasher Re: uhh

      "....Nihad Awad...." IIRC, Awad was one of the founders of CAIR (Council on American-Islamic Relations), a lobbying group determined to "out-Jew the Jews" in Washington DC. They had some success, notably pulling the wool over the eyes of GW's researchers post-9/11, when GW's crew were desperate to find some "moderate" Muslims to help fight "Islamophobia". Unfortunately for Awad, it was discovered he had made some public statements about supporting HAMAS, and had previously worked for the Islamic Association for Palestine (identified as probably a propaganda outlet for HAMAS by the US authorities and linked to the Muslim Brotherhood), which pretty much killed his "moderate" status. I also recall that a number of charities that he was associated with had their assets frozen - that is the type of "risk" HSBC are referring to. TBH, I'm not surprised any Western bank would hesitate to give him an account.

  9. Anonymous Coward
    Anonymous Coward

    Why is it secret?

    It should be published and challengable as per the right to judicial process.

    The target knows they're on some sort of list because they can't get a bank account, so its not like its done for reason.

    No fly list is similar, Congress critters even appeared on that one, it is a Nixon style enemies list and outside the basic rights.

    Look, Bush was shit, lazy, do nothing, with business links to the Bin ladens, and he put all these secret lists into play, and they should all be removed because they're as shit as he was. There will always be leaders who try to use the state against their opponents, its always been the case, and we always get attempts to keep their tricks secret and it should always be exposed and examined, and cleaned up by the courts.

    This list is revealed, if you're on it, sue, take it through the court process. A bit more sunlight, a bit less Stasi darkness.

    1. Matt Bryant Silver badge

      Re: AC Re: Why is it secret?

      "It should be published and challengable (sic) as per the right to judicial process...." Nope, because it is not a service provided by a government but a private commercial service, hence the offer to allow you to request data on your own entry if it exists. Your legal recourse would be to take them to court for libel if they were making recommendations based on incorrect information, but you would have to prove (a) the information was incorrect, and (b) that they knew it was incorrect but still sold it anyway, and (c) that you had shown the company the information was incorrect but they did not remove it. Good luck with that!

      It is not illegal to hold information on you as an individual without your knowledge. Literally thousands of commercial companies do, from Google downwards. It is only illegal (in most Western countries) to not provide an individual with the information relating to them upon request. It is also not illegal for a government to outsource their background checks to commercial companies. Nothing new here, nothing to see, move along!

  10. Geoff Johnson

    Don't worry

    With the incoming snoopers charter, all of your internet connection records will be stored on a database that only the government and a select few hacking groups have access to.

    1. Prst. V.Jeltz Silver badge
      Big Brother

      Re: Don't worry

      "All of your Base are belong to us"

      takes on a new meaning

  11. Rich 11 Silver badge

    Name check

    It's nice of Auntie to name-check El Reg. Amusingly, Auntie's coverage starts with the lines:

    A financial crime database used by banks has been "leaked" on to the net.

    World-Check Risk Screening contains details about people and organisations suspected of being involved in terrorism, organised crime and money laundering, among other offences.

    One can't help but wonder how many banks respond with embarrassment when they see their own organisation listed for money laundering.

    1. Anonymous Coward
      Thumb Up

      Re: Name check

      It's nice of Auntie to name-check El Reg.

      El Reg sounds a bit foreign to me. Possibly Middle Eastern. Best not take any chances, add his name to the Global terror database.

  12. John Smith 19 Gold badge

    "The Economic League" goes global.

    Unchecked assertions ?

    Used by people with murky affliations?

    People put on list due to personal malice?

    Maintained by some sort of quasi private company with links to government departments?

    Yea. Let's here for the return of uncheckable, unanswerable black lists.

    But it's more difficult if you don't run paper only than it used to be.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

  • Halfords suffers a puncture in the customer details department
    I like driving in my car, hope my data's not gone far

    UK automobile service and parts seller Halfords has shared the details of its customers a little too freely, according to the findings of a security researcher.

    Like many, cyber security consultant Chris Hatton used Halfords to keep his car in tip-top condition, from tires through to the annual safety checks required for many UK cars.

    In January, Hatton replaced a tire on his car using a service from Halfords. It's a simple enough process – pick a tire online, select a date, then wait. A helpful confirmation email arrived with a link for order tracking. A curious soul, Hatton looked at what was happening behind the scenes when clicking the link and "noticed some API calls that seemed ripe for an IDOR" [Insecure Direct Object Reference].

    Continue reading
  • OpenSea phishing threat after rogue insider leaks customer email addresses
    Worse, imagine someone finding out you bought one of its NFTs

    The choppy waters continue at OpenSea, whose security boss this week disclosed the NFT marketplace suffered an insider attack that could lead to hundreds of thousands of people fending off phishing attempts.

    An employee of OpenSea's email delivery vendor "misused" their access to download and share OpenSea users' and newsletter subscribers' email addresses "with an unauthorized external party," Head of Security Cory Hardman warned on Wednesday. 

    "If you have shared your email with OpenSea in the past, you should assume you were impacted," Hardman continued. 

    Continue reading
  • California state's gun control websites expose personal data
    And some of it may have been leaked on social media

    A California state website exposed the personal details of anyone who applied for concealed-carry weapons (CCW) permits between 2011 and 2021.

    According to the California Department of Justice, the blunder happened earlier this week when the US state's Firearms Dashboard Portal was overhauled.

    In addition to that portal, data was exposed on several other online dashboards provided the state, including: Assault Weapon Registry, Handguns Certified for Sale, Dealer Record of Sale, Firearm Safety Certificate, and Gun Violence Restraining Order dashboards. 

    Continue reading
  • AMD targeted by RansomHouse, attackers claim to have '450Gb' in stolen data
    Relative cybercrime newbies not clear on whether they're alleging to have gigabits or gigabytes of chip biz files

    If claims hold true, AMD has been targeted by the extortion group RansomHouse, which says it is sitting on a trove of data stolen from the processor designer following an alleged security breach earlier this year.

    RansomHouse says it obtained the files from an intrusion into AMD's network on January 5, 2022, and that this isn't material from a previous leak of its intellectual property.

    This relatively new crew also says it doesn't breach the security of systems itself, nor develop or use ransomware. Instead, it acts as a "mediator" between attackers and victims to ensure payment is made for purloined data.

    Continue reading
  • Carnival Cruises torpedoed by US states, agrees to pay $6m after wave of cyberattacks
    Now those are some phishing boats

    Carnival Cruise Lines will cough up more than $6 million to end two separate lawsuits filed by 46 states in the US after sensitive, personal information on customers and employees was accessed in a string of cyberattacks.

    A couple of years ago, as the coronavirus pandemic was taking hold, the Miami-based biz revealed intruders had not only encrypted some of its data but also downloaded a collection of names and addresses; Social Security info, driver's license, and passport numbers; and health and payment information of thousands of people in almost every American state.

    It all started to go wrong more than a year prior, as the cruise line became aware of suspicious activity in May 2019. This apparently wasn't disclosed until 10 months later, in March 2020.

    Continue reading
  • Info on 1.5m people stolen from US bank in cyberattack
    Time to rethink that cybersecurity strategy?

    A US bank has said at least the names and social security numbers of more than 1.5 million of its customers were stolen from its computers in December.

    In a statement to the office of Maine's Attorney General this month, Flagstar Bank said it was compromised between December and April 2021. The organization's sysadmins, however, said they hadn't fully figured out whose data had been stolen, and what had been taken, until now. On June 2, they concluded criminals "accessed and/or acquired" files containing personal information on 1,547,169 people.

    "Flagstar experienced a cyber incident that involved unauthorized access to our network," the bank said in a statement emailed to The Register.

    Continue reading
  • There are 24.6 billion pairs of credentials for sale on dark web
    Plus: Citrix ASM has some really bad bugs, and more

    In brief More than half of the 24.6 billion stolen credential pairs available for sale on the dark web were exposed in the past year, the Digital Shadows Research Team has found.

    Data recorded from last year reflected a 64 percent increase over 2020's total (Digital Shadows publishes the data every two years), which is a significant slowdown compared to the two years preceding 2020. Between 2018 and the year the pandemic broke out, the number of credentials for sale shot up by 300 percent, the report said. 

    Of the 24.6 billion credentials for sale, 6.7 billion of the pairs are unique, an increase of 1.7 billion over two years. This represents a 34 percent increase from 2020.

    Continue reading
  • Elasticsearch server with no password or encryption leaks a million records
    POS and online ordering vendor StoreHub offered free Asian info takeaways

    Researchers at security product recommendation service Safety Detectives claim they’ve found almost a million customer records wide open on an Elasticsearch server run by Malaysian point-of-sale software vendor StoreHub.

    Safety Detectives’ report states it found a StoreHub sever that stored unencrypted data and was not password protected. The security company’s researchers were therefore able to waltz in and access 1.7 billion records describing the affairs of nearly a million people, in a trove totalling over a terabyte.

    StoreHub’s wares offer point of sale and online ordering, and the vendor therefore stores data about businesses that run its product and individual buyers’ activities.

    Continue reading
  • Verizon: Ransomware sees biggest jump in five years
    We're only here for DBIRs

    The cybersecurity landscape continues to expand and evolve rapidly, fueled in large part by the cat-and-mouse game between miscreants trying to get into corporate IT environments and those hired by enterprises and security vendors to keep them out.

    Despite all that, Verizon's annual security breach report is again showing that there are constants in the field, including that ransomware continues to be a fast-growing threat and that the "human element" still plays a central role in most security breaches, whether it's through social engineering, bad decisions, or similar.

    According to the US carrier's 2022 Data Breach Investigations Report (DBIR) released this week [PDF], ransomware accounted for 25 percent of the observed security incidents that occurred between November 1, 2020, and October 31, 2021, and was present in 70 percent of all malware infections. Ransomware outbreaks increased 13 percent year-over-year, a larger increase than the previous five years combined.

    Continue reading
  • Millions of people's info stolen from MGM Resorts dumped on Telegram for free
    Meanwhile, Twitter coughs up $150m after using account security contact details for advertising

    Miscreants have dumped on Telegram more than 142 million customer records stolen from MGM Resorts, exposing names, postal and email addresses, phone numbers, and dates of birth for any would-be identity thief.

    The vpnMentor research team stumbled upon the files, which totaled 8.7 GB of data, on the messaging platform earlier this week, and noted that they "assume at least 30 million people had some of their data leaked." MGM Resorts, a hotel and casino chain, did not respond to The Register's request for comment.

    The researchers reckon this information is linked to the theft of millions of guest records, which included the details of Twitter's Jack Dorsey and pop star Justin Bieber, from MGM Resorts in 2019 that was subsequently distributed via underground forums.

    Continue reading

Biting the hand that feeds IT © 1998–2022