License Plate Recognition Tech Provider Gets Breached, Attackers Release Sensitive Files

guest · May 24, 2019

License Plate Recognition Tech Provider Gets Breached, Attackers Release Sensitive Files
Perceptics confirms intrusion and theft, stays quiet on details
May 23, 2019
https://www.theregister.co.uk/2019/05/23/perceptics_hacked_license_plate_recognition/

The maker of vehicle license plate readers used extensively by the US government and cities to identify and track citizens and immigrants has been hacked. Its internal files were pilfered, and are presently being offered for free on the dark web to download.

On Thursday this week, however, an individual using the pseudonym "Boris Bullet-Dodger" contacted The Register, alerting us to the hack, and provided a list of files exfiltrated from Perceptics' corporate network as proof.
The stolen files amount to hundreds of gigabytes and include Microsoft Exchange and Access databases, ERP databases, HR records, Microsoft SQL Server data stores, and so on.

The nature of the company's business [...] means that it's likely to have a significant amount of sensitive information.
A spokesperson for Perceptics, reached by phone, confirmed that the company was aware that its network had been compromised. She said the biz is working with authorities to investigate, but declined to go into further detail.
Click to expand...

ronjor · Jun 17, 2019

At least 50,000 license plates leaked in hack of border contractor not authorized to retain them

By Kevin Collier and Sergio Hernandez, CNN
Updated 9:23 PM ET, Mon June 17, 2019
In a statement when the breach was announced last week, CBP said it learned on May 31 that a subcontractor "had transferred copies of license plate images and traveler images collected by CBP to the subcontractor's company network. The subcontractor's network was subsequently compromised by a malicious cyber-attack."
Click to expand...

guest · Jun 21, 2019

Cyberattack on Border Patrol subcontractor worse than previously reported
Hackers made off with more than just photos, says The Washington Post
June 21, 2019
https://www.cnet.com/news/cyberattack-on-border-patrol-subcontractor-worse-than-previously-reported/

A subcontractor working with US Customs and Border Protection was a victim of a cyberattack in May, with CBP saying the stolen data was photographs. But a new report says hackers pilfered more than just pictures from the database. Hackers stole sensitive data from the CBP subcontractor, including government agency contracts, budget spreadsheets and even Powerpoint presentations, The Washington Post said Friday.
The stolen data was found on the dark web sometime after the cyberattack occurred.

Tennessee-based Perceptics, the subcontractor on the receiving end of the cyberattack, is responsible for the license plate scanners used at the US border.
The CBP says it continues to investigate the incident and will monitor for any unauthorized disclosure of data. Perceptics didn't immediately respond to a request for comment.
Click to expand...

guest · Jul 3, 2019

US Customs and Border Protection reportedly suspends subcontractor over cyberattack
July 2, 2019
https://www.cnet.com/news/us-custom...edly-suspends-subcontractor-over-cyberattack/

The US Customs and Border Protection has reportedly suspended a subcontractor following a "malicious cyberattack" in May that caused it to lose photos of travelers into and out of the country. Perceptics, which makes license plate scanners and other surveillance equipment for CBP, has been suspended from contracting with the federal government, the Washington Post reported Tuesday.

On June 12, CBP had confirmed that in violation of its policies, a subcontractor had "transferred copies of license plate images and traveler images collected by CBP to the subcontractor's company network."
The subcontractor's network was then compromised by a cyberattack that affected under 100,000 people who entered and exited the US in a vehicle through several specific lanes at one land border during a 1.5-month period.
Click to expand...

guest · Jul 12, 2019

Homeland Security Exhibits Ignorance, Incompetence in Handling of Surveillance Contractor Breach
July 12, 2019
https://gizmodo.com/homeland-security-exhibits-ignorance-incompetence-in-h-1836293065

[...] a senior Customs and Border Protection (CBP) official proved unable to answer the most rudimentary questions about a recent data breach that has exposed tens of thousands of images of U.S. travelers and their license plates.
When asked, for example, whether the surveillance company at the center of the breach, Perceptics, first reported the incident to CBP, or whether it was the other way around, Wagner wasn’t certain: “I believe we asked them about it,” he told the committee, adding: “I need to verify this.”

Perceptics, which has not responded to multiple requests for comment, told the Washington Post on Wednesday it learned of the breach on May 13 and notified the Federal Bureau of Investigation within 24 hours. [...] even though several news outlets had already reported finding it, CBP said it first learned of the breach on “May 31, 2019.”
Emma Best, a journalist [...] described the breach as one of the largest known involving a government contractor.

Yet on Wednesday, Wagner could not tell the House Homeland Security Committee whether the data security procedures of the subcontractor responsible had ever been audited by the government. “I’m not aware of that,” he said. “I don’t know.”
Click to expand...

When asked how long the breach went unreported, he told lawmakers, “I have that answer.” But then he added, “Let me look for that, and I’ll come back to you.”
Of course, he never did.
Click to expand...

guest · Jul 18, 2019

Before Being Hacked, Border Surveillance Firm Lobbied to Downplay Security and Privacy Concerns About Its Technology
July 15, 2019
https://theintercept.com/2019/07/15/hacked-surveillance-perceptics-congress-lobby-privacy/

Yet while photos of faces and license plates of some 100,000 U.S. drivers are now freely available online, the CEO of Perceptics, John Dalton, claimed in an email a few years ago that “CBP has none of the privacy concerns at the border that all agencies have inland.”

A CBP official told the paper that Perceptics was trying to “refine its algorithms to match license plates with the faces of a car’s occupants, which the official said was outside of CBP’s sanctioned use.”
[...] the company’s position on privacy has always been about the distinction between the technology, which Perceptics provides, and its use, which is determined by the customer.

The company engaged in years of lobbying to preempt criticism of its products from privacy advocates, insisting that what happened to the data that its license plate readers captured was none of its business
“We’ve never had full insight into what CBP is collecting and what they are storing, and what piece of the puzzle each subcontractor has,” said Neema Singh Guliani, a senior legislative counsel with the ACLU.
Click to expand...

guest · Jul 23, 2019

Leaked Emails Show Frantic Response to Border Patrol Data Breach
The emails show that CBP didn't know what was in the Perceptics breach until weeks after the media initially reported it
July 22, 2019
https://www.vice.com/en_us/article/...frantic-response-to-border-patrol-data-breach

When a hacker publicly dumped information stolen from one of its license plate scanning contractors called Perceptics, U.S. Customs and Border Protection (CBP) needed to analyze the data. Fast.

A set of Nuix emails obtained by Motherboard gives a behind-the-scenes look at what happened after the Perceptics breach, and indications of CBP's panicked response. It also shows how CBP seemingly only analyzed a copy of the data weeks after the media first revealed the breach.
Motherboard obtained the emails and more information about the data breach response from a source familiar with the incident.
Click to expand...

guest · Aug 28, 2019

Privacy commissioner launches investigation into licence plate breach
August 28, 2019
https://www.cbc.ca/news/politics/cbsa-perceptics-privacy-1.5261001

The privacy commissioner has launched an investigation into the Canada Border Services Agency after the licence plate reader system it uses was targeted in a malicious cyberattack in the U.S.
The CBSA and U.S. Customs and Border Protection use the same plate reader technology.

"Our office has continued to engage with CBSA and has initiated an investigation into the breach with respect to CBSA records," said Vito Pilieci, spokesperson for the Office of the Privacy Commissioner, in an email to CBC News this week.
"Due to confidentiality provisions in the Privacy Act, I cannot provide any further details at this time."
The CBSA is conducting its own review to learn if Canadians' information was swept up in the breach.
Click to expand...

guest · Sep 16, 2019

Warner presses CBP on security best practices for third-party contractors
September 16, 2019
https://www.scmagazine.com/home/gov...y-best-practices-for-third-party-contractors/

In June, the agency said in a statement it had “learned that a subcontractor, in violation of CBP policies and without CBP’s authorization or knowledge, had transferred copies of license plate images and traveler images collected by CBP to the subcontractor’s company network.”

Pierluigi Stella, CTO of Network Box USA, said at the time. “I have problems with the government keeping that information; I definitely have big issues with a private corporation doing so. Someone here needs to explain to us why that data was moved to the network of a private government subcontractor…”
Warner wrote that he’d “frequently pointed out the derisory state of third-party contractor and subcontractor information security practices and management in industry and across government.”

Warner, who is a former tech executive, also pressed for more information on account segregation and credential requirements, how the agency evaluates data retention policies for third parties, and data loss prevention and vulnerability management mandates.
Click to expand...

guest · Oct 11, 2019

Breached license plate recognition provider back to work for CBP
October 11, 2019
https://www.biometricupdate.com/201...ate-recognition-provider-back-to-work-for-cbp

Perceptics, the automated license plate reader company that suffered a massive breach of data it had collected under contract to U.S. Customs and Border Protection (CBP), has agreed to new security controls and will be allowed to continue working with the agency, The Washington Post reports.

At the time of the data breach, an anonymous official said the data was being used to train a facial recognition algorithm, in violation of the contract’s terms. The system was hacked, and the hackers posted its contents online after attempting to extort ransom out of Perceptics.
Click to expand...

guest · Sep 24, 2020

IG finds data security practices lacking at Customs and Border Protection before big hack
September 23, 2020
https://www.cyberscoop.com/perceptics-hack-cbp-ig-report/

The U.S. Customs and Border Protection agency failed to enforce basic security practices at a contractor that was hacked last year, exposing some 100,000 individual photos of travelers, a new inspector general report has found.

Some of the hacked images ended up on the dark web, but the entire episode “may damage the public’s trust in the government’s ability to safeguard biometric data,” the Department of Homeland Security’s inspector general concluded in a report released Wednesday.
It’s an example of how, as federal immigration and security agencies increasingly draw on biometric data for their work, the stakes for protecting that data from hackers have grown.

“Additional IT security controls in place during the pilot could have prevented Perceptics from violating contract clauses and using an unencrypted hard drive to access and download biometric images at the pilot site,” the report states.
Click to expand...

“It is vital that CBP protect against unauthorized access to data from cameras and related equipment used for biometric confirmation, especially when entrusting third parties to manage its [sensitive personally identifiable information],” the IG report concludes.
Click to expand...

Log in or Sign up

License Plate Recognition Tech Provider Gets Breached, Attackers Release Sensitive Files

guest Guest

ronjor Global Moderator

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

Log in or Sign up

License Plate Recognition Tech Provider Gets Breached, Attackers Release Sensitive Files

guest Guest

ronjor Global Moderator

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

Useful Searches