You can definitely find everything on eBay, even the biometric data of former US soldiers. This astonishing anecdote comes to us from a recent survey published by the New York Timeswhich details how an old North American device, containing the data of thousands of people, ended up on eBay for a fistful of dollars.
From Afghanistan to an Ebay listing
After September 11, 2001, the United States began to use biometric reading devices extensively during certain military missions. One of them, a SEEK II to be exact, was offered for sale on eBay with all its data collected in Afghanistan in 2012. Matthias Marx, a member of the famous Chaos Computer Clubbought the machine for $68 at the military surplus store that posted the ad.
“The irresponsible management of this high-risk technology is truly incredibleexplains Matthias Marx to the New York daily. It is incomprehensible that the manufacturer and former military users did not care that devices containing sensitive data were sold online.” How the device got from military deployment ground to an eBay box remains a mystery. The seller only claims to have acquired the SEEK II at an auction of military equipment, not suspecting that data was on the memory card. “I hope I didn’t do anything wrong”blandly commented the retailer.
Matthias Marx and other members of the Chaos Computer Club began collecting old military devices after learning that some had been seized by Taliban forces during the hasty departure of the US military in 2021. The primary purpose was to try to find vulnerabilities that could endanger the personal data contained on the machines. The discovery of a dormant biometric treasure in the memory card of the SEEK II, then another database on another device, was therefore greeted with concern. These data, in addition to containing the biometric identifiers of soldiers, also make it possible to identify the people who collaborated with Uncle Sam in Afghanistan.
A potential risk “fatal”
“This shouldn’t have happened. This is a disaster for the people whose data is exposed. In the worst case, the consequences could be fatal”, indicates a former official of the US armed forces to the New York Times. As a comment, the Department of Defense simply explained that “having no access to the data, the service is unable to confirm its authenticity or comment on it in any way”.
This case is a chilling reminder of the extent to which biometric statements are particularly sensitive data. Unlike a nickname or a password, it is not possible to change your fingerprint to cover the tracks around your identity. Even 10 years later, some of the people who agreed to work with the United States can still be identified, with all the risks that entails.