Secret FBI Terrorist Watchlist containing 1.9 mn records Leaks Online

A secret FBI watchlist that contains 1.9 million records has leaked online. Bob Diachenko, a cybersecurity researcher discovered a leaked FBI watchlist in July. The list contained the personal information of around 2 million potential terrorists. Diachenko promptly filed a report with the Department of Homeland Security, asking for a patch to prevent the data from falling into the wrong hands. Following the reporting, roughly after three weeks, the list leaked online.

Bleeping Computer first reported this incident. “It’s not clear why it took so long, and I don’t know for sure whether any unauthorized parties accessed it,” Diachenko wrote on Linkedin on Monday. He went on to say that the open server where he discovered the watchlist was already freely available. The list was available on hacker-friendly search engines like Censys and Zoomeye without any password to requirement.

This looks to be the list—or at least a piece of the list—that Diachenko came upon during his preliminary study. While he couldn’t say for sure whether the entire list was leaked, he was able to uncover around 1.9 million entries containing no-fly statuses, full names, citizenship, genders, passport numbers, and other information.

Apparently, this is the TSC (Terrorist Screening Centre) dataset publicly exposed (tsc_id is the only clue), with 1.9M+ records. In any case, any thoughts as of where to responsibly report? pic.twitter.com/e31pSrHnoM

— Bob Diachenko (@MayhemDayOne) July 19, 2021

The No-Fly List

The no-fly list is a list of people who the federal government has designated as potential terrorist risks. As a result, such persons can’t board any flights flying into, out of, or within the United States. According to Diachenko, the dataset came from the Terrorist Screening Center (TSC). TSC is an FBI-led federal group in charge of keeping the thousands of entries on the government’s no-fly list—a subset of the FBI’s far wider terrorist watchlist. According to Diachenko, the IP address linked to the leaked database was based in Bahrain.

Undoubtedly, a number of the names in that list will belong to persons who are innocent. The no-fly list is renowned for falsely labelling innocent people as potential national security risks and then making it very impossible for them to remove their names. Last April, a Michigan man teamed up with the American Civil Liberties Union to sue FBI Director Christopher Wray. This came after the FBI unjustly accused him of being a Hezbollah operative and slapped him with the “no-fly” label.

---

Do subscribe to our Telegram channel for more resources and discussions on tech-law. To receive weekly updates, don’t forget to subscribe to our Newsletter.