Customs and Border Protection (CBP) confirms hack of a subcontractor

Customs and Border Protection (CBP) revealed that photos of travelers and license plates collected at a single U.S. border point have been stolen by hackers.

Customs and Border Protection (CBP) revealed that photos of travelers and license plates collected at a single U.S. border point have been stolen as a result of a cyber attack.

The Customs and Border Protection agency did not reveal the name of the company that was involved in the incident. According to media outlets, hackers broke into the computer network of an unnamed subcontractor, many experts believe the incident could be linked to the hack of Perceptics.

At the end of May the company Perceptics, a leader in license plate readers (LPRs), license plate recognition systems and vehicle identification products, announced to have suffered a security breach. The attackers stole data and offered business plans, financial documents, and personal information for free on the dark web.

LPRs manufactured by Perceptics are installed at all land border crossing lanes for privately owned vehicle traffic (POV) in the United States, Canada, and for the most critical lanes in Mexico.

A hacker that goes online with the moniker ‘Boris Bullet-Dodger’ reported the hack to The Register and shared with the journalists a list of files as proof of the attack.

A Customs spokesman revealed that fewer than 100,000 people have been impacted, hackers accessed to photos of travelers in vehicles entering and exiting the United States at a single land-border port of entry over one and a half months.

CBP said that stolen data are not available online or in the Dark Web.

“Initial information indicates that the subcontractor violated mandatory security and privacy protocols outlined in their contract,” reads a statement published by the CBP.

Anyway the subcontractor was not authorized to transfer copies of the images to its infrastructure without CBP’s authorization.

The Customs and Border Protection learned of the security breach on May 31, 2019, it pointed out that hackers did not compromise its network.

“The chairman of the House Homeland Security Committee, Rep. Bennie Thompson of Mississippi, noted with alarm that this is the “second major privacy breach at DHS this year.”” reported the AP.

“We must ensure we are not expanding the use of biometrics at the expense of the privacy of the American public,” he said in a statement.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – CBP, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.