Yesterday, I linked to a report about yet another misconfigured database. This was one leaking more sensitive information, as the due diligence data were from Thomson Reuters’ World-Check service, although the 2014 database that was exposed on the internet belonged to neither of those entities. The due diligence aspect is that banks and other institutions are required to screen or check to ensure that customers do not have terrorist ties.
Of course, if their data are anything like TSA’s list, a lot of it will be incorrect, which is another reason that I was, and remain concerned that this database is being shared. While there may be value in letting people know they are on some list so that they may challenge it and try to get their records corrected, just having it dumped or leaked could be problematic.
Today, RiskBased Security analyzed the database provided to it by Chris Vickery, who had found it. Their analyses can be found . This is the first of what they tell me is a two-parter.
Here are some snippets from what they found:
The category field contains over 13 different selection types, and it appears that some categories have associated subcategories as well. One of the other interesting discoveries is that World-Check is not only tracking humans, but apparently tracking vessels as well.
Here is a breakdown of the Full Categories field options and the number of detections for each:
CRIME – FINANCIAL – 181,060
CRIME – NARCOTICS – 130,115
CRIME – OTHER – 67,606
CRIME – ORGANIZED 46,003
CORPORATE – 176,009
DIPLOMAT – 66,385
INDIVIDUAL – 928,804
LEGAL – 82,937
MILITARY – 16,963
POLITICAL INDIVIDUAL – 450,591
POLITICAL PARTY – 5,175
TERRORISM – 76,890
VESSEL – 918[…]
The following provides a few examples of the type of data (we have redacted portions) included in the Further Information field:
“May 2011 – arrested on suspicion of committing motor insurance fraud of approximately JPY7.5m.”
“Member of 12th [REDACTED] Provincial People’s Congress representing [REDACTED] ([REDACTED]). Mayor of [REDACTED] District ([REDACTED]). Member of Communist Party of China. “
“[REPORTS] Aug 2014 – no further information reported.”
“[BIOGRAPHY] Lawyer. [IDENTIFICATION] [REDACTED]. [REDACTED](PEP) (father). [REDACTED](mother).[REDACTED] (brother). [REDACTED] (brother). [REDACTED](brother). [REPORTS] Aug 2014 – no further information reported.”
“[BIOGRAPHY] Suspected links to organised crime elements of a crime group affiliated with the Yamaguchi-gumi crime syndicate.
Read more on RBS and either bookmark that site or come back here to see when the next part is available. They gave me a small piece of information about it that definitely didn’t thrill me, but more on that once you all know what it is.