US border cops confirm: Maker of America's license-plate, driver recognition tech hacked, camera images swiped The US Customs and Border Patrol today said hackers broke into one of its bungling technology subcontractors – and made off with images of people and their vehicle license plates as they passed through America's land border. The CBP issued a statement outlining how it learned on May 31 that the unnamed contractor, against …
This post has been deleted by its author
First, What difference does the "class" of computer make? Who cares if their storage network is on a mainframe or not as it was likely a workstation that was compromised -- and thus the criminals would have had access to whatever data the computer's user's credentials would have had.
Second, as the article clearly states, The Register had previously publicly identified Perceptics as the likely contractor.
This isn't Yahoo or MSN, the articles posted here do occasionally contain actual information if you actually read to the end.
>First, What difference does the "class" of computer make? Who cares if their storage network is on a mainframe or not
Class of computer" when you are working with government data means what level of security did you apply.
If you were storing it on an appropriately secure system following all the required guidelines for data of that classification but were broken by North Korean cyber ninja lizard people you are ok = not your fault.
If you put classified data on your Walmart laptop, took it home and had it stolen you will typically be spending several decades wearing orange in a federal hotel.
The theatre of security goes on as data that's being collected without notice or being required goes missing. I'm surprised this leak wasn't from the time honored tradition of the laptop being stolen from a car while the person popped into their church for 10 minutes on the way home. Said employee planning on doing some work from home with no adequate reason given for them to be removing sensitive data from their workplace.
Several years ago I happen to witness this technology running on a laptop in a standard local police cruiser as it streamed live data results from hits from the license plate scanner of the civilians driving ahead of the cruiser.
The data not only had names and drivers license info but also drivers photo and any past legal issues.
It was clear by the officers reaction that I was not supposed to have seen this functionality.
And then there are the traffic cameras put in place after backroom deals with the camera companies and corrupt transportation commisioners:
https://www.chicagotribune.com/suburbs/lake-county-news-sun/chi-red-light-camera-indictments-20140813-story.html
I thought this technology was standard in police cars with an 'anpr' sticker on them. At least in the UK it is regularly shown in action on police documentaries, so I would expect it to also be available in most other countries.
Maybe you shouldn't have been seeing the actual details of other citizens - also would be frowned upon in the UK, but not the technology itself.
There is a fundamental difference.
If the US system mistakenly identifies Mr Buttle the sunday school teacher as Mr Tuttle the international kinder egg smuggler, the police will simply shoot him as he drives past.
If the UK ANPR system mistakenly identifies somebody with an expired road tax the police will be forced to drive at 70mph through a school playground in pursuit with 'regrettable' bystander related deaths.
Consequences to the organisation or the management? A light slap on the wrist at most. Corporations and government departments alike have zero incentives to invest in Cybersecurity (dunno why my phone capitalised that) while the regulation is nonexistent or not enforced.
Not until board members are personally liable will the situation improve.
I agree. In fact I would make a general point in this context. The law should be changed to ensure that when a company is fined for this or that piece of "misbehavior" the directors are also personally fined (or where the offence is serious enough, jailed) with it being a criminal offence for the company to compensate them in any way shape or form. Only then will we begin to see the big companies behave like coporate citizens. Once the directors own arses are on the line we might see an improvement.
And all the subcontractor gets is close monitoring ?
That's the problem with all the stern wording and posturing - if you don't follow through, then you're the one who is ridiculous. And, in this case, Perceptics should be thrown out and there should be a complaint filed for gross negligence against the company, with damages.
But Perceptics cannot be thrown out, because the company has its arm entirely in the US Border and ripping that out would be very, very painful. So I'm guessing the CEO went in to make his apology, probably even groveling as nicely as possible, promising that it would never happen again, and left secure in the knowledge that he will be able to keep milking that particular cow for a long while yet.
Because actually holding oneself to the terms of the contract would mean getting another contractor, spending time training the peons on the platform and enduring the inevitable mistakes before they get up to speed, and all that's just too much of a nuisance, right ?
"For a minute there I thought this was serious."
Leaks of millions of peoples data have become "normallised" so 6 figure leaks are seen as "not a problem" by the PR type. Of course, it it was someone important or famous, a leak of only 1 would be headlines. So long as it's a only masses of plebs then it's ok. </sarc>
and porn.
Nothing new to see here, move on, sorry, nothing to see here, move on, yeah, maybe, we employ the cutting edge technology solutions, nothing to see here, move on, move on, yeah, our extreme security measures were, move on, move on, it seems, overcome, and some minor, irrelevant data, nothing to see here, move on, move on, yeah, we've already apologized, move on, move on, nothing to see here...
Reg: "The CBP went on to say it has removed all of the equipment used to gather the images involved in the leak."
I think you misread the text that you quoted, i.e. "CBP has removed from service all equipment related to the breach." CBP's cameras and computers weren't breached, and their stuff is all fine, as far as we know. "The breach", I think - I may be wrong - refers to their contractor getting hacked or otherwise exposed, and that happened to the contractor's copy of the data. The contractor shouldn't have copied the data, but that isn't counted as "the breach", I think.
Information in North America, including Canada, on automobiles is much looser than in the UK.
When I owned a car in the UK, decades ago, a sale was accompanied by a Log Book which contained much of the information available from authorities.
People don't seem to realise just how accessible information is. The Estate of my Mother is still to be completed by a UK firm of lawyers. From a lawful inquiry process initiated in Canada an investigator was able to obtain full financial disclosure, address, and family information of the lawyers involved in this excessively lengthy process. The information also included some salacious information.
To hear the lawyers squealing when they learned of this information being in my hands was very satisfying. (It means I can serve them at home or elsewhere they frequent)
If you don't want your personal information accessible I suggest you don't obtain credit cards, mortgages or loans or any service where your personal details are required such as for travel reservations, etc. The data world is very, very, small.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
