Reuters has deep pockets
so a big payday for the Libel Lawyers for all those false positives.
The "terrorist database" World-Check used by global banks and intelligence agencies has, we're told, leaked online. The mid-2014 version of the database contains some 2.2 million records and is used by 49 of the world's 50 largest banks, along with 300 government and intelligence agencies. Access to its contents is granted via …
In a former life I had to do "anti-terrorist" checks against a similar UN database. This was just after 9/11 and the list was much smaller. It was so wide ranging that many accounts and people matched (even staff members). Some of the DB records contained only a surname/family name. Using just a single source such as this list to disable accounts would be negligence.
"..... Using just a single source such as this list to disable accounts would be negligence." I suspect the HSBC staff that made the decisions were caught between two conflicting directives. The first was probably to cut costs, hence the possible reliance on a single source. The second was to avoid any potential problem with the US authorities. Even just being named as providing banking to a suspected terrorist is not only bad for business in the US, but can bring you into the cross-hairs of the any number of Congressional committees looking to score votes as "tough on terror" by hammering a foreign bank. That is the "risk" mentioned in the article. Having said that, IIRC, it is part of the standard boilerplate with UK accounts that a bank can withdraw services from any customer at their own discretion, and there is pretty-much sweet FA a customer can do about it.
No, when I played with MongoDB it by default did not have user/password authentication. I'm guessing the comment is directed at this behaviour. I think I remember that they changed this in the last year or two, my experience is from 2014.
There was another significant breach that relied on this. The attacker was able to get into the network and from there access the MongoDB without authentication. Relying on your database being in a DMZ as your sole line of defence really isn't enough.
A high profile public disclosure of the database beyond the original leak could be wreckless
Or rather, it could be "wreckfull"?
Inaccurate terror designations were first revealed by the BBC's Radio 4 which gained 30 minutes of access to the database in August 2015 from a disgruntled customer.
That "customer" would be a bank employee in a bank subscribing to said service?
One of those was the account for the UK Finsbury Park Mosque which was described in a HSBC letter as having "fallen outside of HSBC's risk appetite". ... Sources say HSBC closed on the mosque because it donated money to Palestine during the 2015 Israel-Gaza war.
Well, it's pretty clear where the loss of appetite comes from. It's not fun being on the lawfare end of the "Forever Victim" industry. But who are those "sources"?
"It found terrorist profiles including the Council on American-Islamic Relations executive director Nihad Awad, joined former US President George W. Bush in a post 9/11 press conference, and the organisation itself."
I don't get it. Do you mean "who joined"? And "the news organisation", referring to Vice News?
It should be published and challengable as per the right to judicial process.
The target knows they're on some sort of list because they can't get a bank account, so its not like its done for reason.
No fly list is similar, Congress critters even appeared on that one, it is a Nixon style enemies list and outside the basic rights.
Look, Bush was shit, lazy, do nothing, with business links to the Bin ladens, and he put all these secret lists into play, and they should all be removed because they're as shit as he was. There will always be leaders who try to use the state against their opponents, its always been the case, and we always get attempts to keep their tricks secret and it should always be exposed and examined, and cleaned up by the courts.
This list is revealed, if you're on it, sue, take it through the court process. A bit more sunlight, a bit less Stasi darkness.
"....Nihad Awad...." IIRC, Awad was one of the founders of CAIR (Council on American-Islamic Relations), a lobbying group determined to "out-Jew the Jews" in Washington DC. They had some success, notably pulling the wool over the eyes of GW's researchers post-9/11, when GW's crew were desperate to find some "moderate" Muslims to help fight "Islamophobia". Unfortunately for Awad, it was discovered he had made some public statements about supporting HAMAS, and had previously worked for the Islamic Association for Palestine (identified as probably a propaganda outlet for HAMAS by the US authorities and linked to the Muslim Brotherhood), which pretty much killed his "moderate" status. I also recall that a number of charities that he was associated with had their assets frozen - that is the type of "risk" HSBC are referring to. TBH, I'm not surprised any Western bank would hesitate to give him an account.
"It should be published and challengable (sic) as per the right to judicial process...." Nope, because it is not a service provided by a government but a private commercial service, hence the offer to allow you to request data on your own entry if it exists. Your legal recourse would be to take them to court for libel if they were making recommendations based on incorrect information, but you would have to prove (a) the information was incorrect, and (b) that they knew it was incorrect but still sold it anyway, and (c) that you had shown the company the information was incorrect but they did not remove it. Good luck with that!
It is not illegal to hold information on you as an individual without your knowledge. Literally thousands of commercial companies do, from Google downwards. It is only illegal (in most Western countries) to not provide an individual with the information relating to them upon request. It is also not illegal for a government to outsource their background checks to commercial companies. Nothing new here, nothing to see, move along!
It's nice of Auntie to name-check El Reg. Amusingly, Auntie's coverage starts with the lines:
A financial crime database used by banks has been "leaked" on to the net.
World-Check Risk Screening contains details about people and organisations suspected of being involved in terrorism, organised crime and money laundering, among other offences.
One can't help but wonder how many banks respond with embarrassment when they see their own organisation listed for money laundering.
Unchecked assertions ?
Used by people with murky affliations?
People put on list due to personal malice?
Maintained by some sort of quasi private company with links to government departments?
Yea. Let's here for the return of uncheckable, unanswerable black lists.
But it's more difficult if you don't run paper only than it used to be.
Biting the hand that feeds IT © 1998–2019