back to article US border cops confirm: Maker of America's license-plate, driver recognition tech hacked, camera images swiped

The US Customs and Border Patrol today said hackers broke into one of its bungling technology subcontractors – and made off with images of people and their vehicle license plates as they passed through America's land border. The CBP issued a statement outlining how it learned on May 31 that the unnamed contractor, against …

  1. This post has been deleted by its author

    1. Donn Bly

      Re: Subcontractor’s network compromised?

      First, What difference does the "class" of computer make? Who cares if their storage network is on a mainframe or not as it was likely a workstation that was compromised -- and thus the criminals would have had access to whatever data the computer's user's credentials would have had.

      Second, as the article clearly states, The Register had previously publicly identified Perceptics as the likely contractor.

      This isn't Yahoo or MSN, the articles posted here do occasionally contain actual information if you actually read to the end.

      1. Yet Another Anonymous coward Silver badge

        Re: Subcontractor’s network compromised?

        >First, What difference does the "class" of computer make? Who cares if their storage network is on a mainframe or not

        Class of computer" when you are working with government data means what level of security did you apply.

        If you were storing it on an appropriately secure system following all the required guidelines for data of that classification but were broken by North Korean cyber ninja lizard people you are ok = not your fault.

        If you put classified data on your Walmart laptop, took it home and had it stolen you will typically be spending several decades wearing orange in a federal hotel.

    2. diodesign (Written by Reg staff) Silver badge

      Re: Subcontractor’s network compromised?

      "What class of a computer did this subcontractor’s network run on?"

      Looks like Windows with some Linux.

      "What was the name of this subcontractor?"

      Are you trolling? The name of the subcontractor is all over the article.

      C.

      1. Lee D Silver badge

        Re: Subcontractor’s network compromised?

        "the unnamed contractor"

        1. Ben Tasker Silver badge

          Re: Subcontractor’s network compromised?

          Well, CBP *didn't* name the contractor, so they were unnamed

          > While a CBP spokesperson declined to name the subcontractor at the heart of the kerfuffle

    3. Anonymous Coward
      Anonymous Coward

      Re: Subcontractor’s network compromised?

      Subby McContractorface

      1. Bongwater

        Re: Subcontractor’s network compromised?

        Subby does good work contrary to semi-popular belief. Easy name to remember as well! Just don't call him by his nickname in front of his girl :/

    4. Anonymous Coward
      Anonymous Coward

      Re: Subcontractor’s network compromised?

      @Walter Bishop

      The name of the subcontractor was "read the whole article before you ask stupid questions".

    5. iron Silver badge

      Re: Subcontractor’s network compromised?

      Mr Read The Fucking Article was the contractor. He's a cousin of Mr Read The Fucking Manual.

    6. Loyal Commenter Silver badge

      Re: Subcontractor’s network compromised?

      What class of a computer did this subcontractor’s network run on?

      I'm going to go with digital.

      1. Pier Reviewer

        Re: Subcontractor’s network compromised?

        “I'm going to go with digital.”

        This is the government we’re talking about. Are you really sure, or just taking a punt?

  2. Aynon Yuser

    By "closely monitor" they mean ensure that they sell it all to mark zuck.

    1. trevorde

      Sorry but Zuck's already got it. Google too. Best bet to sell it might be Bing.

  3. MachDiamond Silver badge

    Feeling safer yet

    The theatre of security goes on as data that's being collected without notice or being required goes missing. I'm surprised this leak wasn't from the time honored tradition of the laptop being stolen from a car while the person popped into their church for 10 minutes on the way home. Said employee planning on doing some work from home with no adequate reason given for them to be removing sensitive data from their workplace.

  4. Anonymous Coward
    Anonymous Coward

    Not just Border Patrol...

    Several years ago I happen to witness this technology running on a laptop in a standard local police cruiser as it streamed live data results from hits from the license plate scanner of the civilians driving ahead of the cruiser.

    The data not only had names and drivers license info but also drivers photo and any past legal issues.

    It was clear by the officers reaction that I was not supposed to have seen this functionality.

    And then there are the traffic cameras put in place after backroom deals with the camera companies and corrupt transportation commisioners:

    https://www.chicagotribune.com/suburbs/lake-county-news-sun/chi-red-light-camera-indictments-20140813-story.html

    1. Anonymous Coward
      Anonymous Coward

      Re: Not just Border Patrol...

      I thought this technology was standard in police cars with an 'anpr' sticker on them. At least in the UK it is regularly shown in action on police documentaries, so I would expect it to also be available in most other countries.

      Maybe you shouldn't have been seeing the actual details of other citizens - also would be frowned upon in the UK, but not the technology itself.

      1. Yet Another Anonymous coward Silver badge

        Re: Not just Border Patrol...

        There is a fundamental difference.

        If the US system mistakenly identifies Mr Buttle the sunday school teacher as Mr Tuttle the international kinder egg smuggler, the police will simply shoot him as he drives past.

        If the UK ANPR system mistakenly identifies somebody with an expired road tax the police will be forced to drive at 70mph through a school playground in pursuit with 'regrettable' bystander related deaths.

  5. veti Silver badge

    Fun with definitions

    The claim that "No CBP systems were compromised" seems a bit - optimistic, all things considered.

    If the wholesale downloading of data to an unsecured facility - which is what they've admitted happened - isn't "compromising", what is?

    1. yoganmahew

      Re: Fun with definitions

      Ah, but that's closely monitored, so that makes it okay.

      Same way I closely monitored my toddlers so they never pulled the wallpaper from the wall or shat themselves, I guess.

      I wonder do Perceptics make that face too?

  6. Anonymous Coward
    Anonymous Coward

    Consequences to the organisation or the management? A light slap on the wrist at most. Corporations and government departments alike have zero incentives to invest in Cybersecurity (dunno why my phone capitalised that) while the regulation is nonexistent or not enforced.

    Not until board members are personally liable will the situation improve.

    1. Arctic fox
      Headmaster

      Re "Not until board members are personally liable will the situation improve."

      I agree. In fact I would make a general point in this context. The law should be changed to ensure that when a company is fined for this or that piece of "misbehavior" the directors are also personally fined (or where the offence is serious enough, jailed) with it being a criminal offence for the company to compensate them in any way shape or form. Only then will we begin to see the big companies behave like coporate citizens. Once the directors own arses are on the line we might see an improvement.

    2. Halfmad Silver badge

      Make it PENSION-ABLY liable - in other words long term impact personally and you'd have an answer straight off the bat. This should be the case for execs the world over. Taking the pay cheque and on paper responsible.. but have little interest.

  7. Blockchain commentard Silver badge
    Facepalm

    CBP should have read Perceptics T's & C's more closely. "We will take whatever information we want to help improve the customer experience" which is a phrase also used by everyone to take data and sell it on.

  8. DrM

    4,000?

    4,000 images? That's like 30 minutes of traffic?

  9. Pascal Monett Silver badge

    "the subcontractor violated mandatory security and privacy protocols outlined in their contract"

    And all the subcontractor gets is close monitoring ?

    That's the problem with all the stern wording and posturing - if you don't follow through, then you're the one who is ridiculous. And, in this case, Perceptics should be thrown out and there should be a complaint filed for gross negligence against the company, with damages.

    But Perceptics cannot be thrown out, because the company has its arm entirely in the US Border and ripping that out would be very, very painful. So I'm guessing the CEO went in to make his apology, probably even groveling as nicely as possible, promising that it would never happen again, and left secure in the knowledge that he will be able to keep milking that particular cow for a long while yet.

    Because actually holding oneself to the terms of the contract would mean getting another contractor, spending time training the peons on the platform and enduring the inevitable mistakes before they get up to speed, and all that's just too much of a nuisance, right ?

  10. Anonymous Coward
    Anonymous Coward

    CBP video

    Might be good if video from the CBP interrogation rooms were streamed live.

  11. sitta_europea

    "... It is understood fewer than 100,000 people have had their pictures or information leak via the subcontractor, though."

    Oh, that's all right then. For a minute there I thought this was serious.

    1. John Brown (no body) Silver badge

      "For a minute there I thought this was serious."

      Leaks of millions of peoples data have become "normallised" so 6 figure leaks are seen as "not a problem" by the PR type. Of course, it it was someone important or famous, a leak of only 1 would be headlines. So long as it's a only masses of plebs then it's ok. </sarc>

  12. Anonymous Coward
    Anonymous Coward

    internal emails and databases, documentation and client details, blueprints, backups, music

    and porn.

    Nothing new to see here, move on, sorry, nothing to see here, move on, yeah, maybe, we employ the cutting edge technology solutions, nothing to see here, move on, move on, yeah, our extreme security measures were, move on, move on, it seems, overcome, and some minor, irrelevant data, nothing to see here, move on, move on, yeah, we've already apologized, move on, move on, nothing to see here...

  13. The Central Scrutinizer

    The US Customs and Border Patrol today said hackers broke into one of its bungling technology subcontractors – and made off with images of people and their vehicle license plates as they passed through America's land border.

    Moi, worried about privacy? Noooo.

  14. Anonymous Coward
    Anonymous Coward

    "No CBP systems were compromised."

    Really?

  15. Robert Carnegie Silver badge

    Reg: "The CBP went on to say it has removed all of the equipment used to gather the images involved in the leak."

    I think you misread the text that you quoted, i.e. "CBP has removed from service all equipment related to the breach." CBP's cameras and computers weren't breached, and their stuff is all fine, as far as we know. "The breach", I think - I may be wrong - refers to their contractor getting hacked or otherwise exposed, and that happened to the contractor's copy of the data. The contractor shouldn't have copied the data, but that isn't counted as "the breach", I think.

  16. Stevie Silver badge

    Bah!

    "As of today, none of the image data has been identified on the Dark Web"

    Er ... isn't that because no-one knows where to look?

    1. tim 13

      Re: Bah!

      The automatic recognition software doesn't work too well in low light levels

  17. Mark 85 Silver badge

    TOR again....

    Hmm.... methinks the government screwed up royally way back when they developed this and let it into the wild. Law of unintended consequences and all that.

  18. DrBed

    But...

    But it has to be something something Huawei!

    Or, perhaps

    https://youtu.be/bOR38552MJA

  19. FXi

    Biometrics images hacked...

    Leaves you real confident in the safety of biometric information used in airports now doesn't it?

  20. JaitcH
    Unhappy

    Ownership / Number Plate Information Is Readily Purchased In Many North American Jurisdictions

    Information in North America, including Canada, on automobiles is much looser than in the UK.

    When I owned a car in the UK, decades ago, a sale was accompanied by a Log Book which contained much of the information available from authorities.

    People don't seem to realise just how accessible information is. The Estate of my Mother is still to be completed by a UK firm of lawyers. From a lawful inquiry process initiated in Canada an investigator was able to obtain full financial disclosure, address, and family information of the lawyers involved in this excessively lengthy process. The information also included some salacious information.

    To hear the lawyers squealing when they learned of this information being in my hands was very satisfying. (It means I can serve them at home or elsewhere they frequent)

    If you don't want your personal information accessible I suggest you don't obtain credit cards, mortgages or loans or any service where your personal details are required such as for travel reservations, etc. The data world is very, very, small.

  21. aheywood

    Perfect Deflection

    The core issue here is that the data managed to get from CBP to the subcontractor. It would seem that their only protection to prevent this is policy!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020