Global 'terror database' World-Check leaked

Thomson Reuters 'working furiously' to secure 2.2 million sensitive records

The "terrorist database" World-Check used by global banks and intelligence agencies has, we're told, leaked online.

The mid-2014 version of the database contains some 2.2 million records and is used by 49 of the world's 50 largest banks, along with 300 government and intelligence agencies. Access to its contents is granted via a strict vetting process and the signing of NDAs.

The Thomson Reuters database is accused of falsely designating citizens and organisations as terrorists. Banks have used this data in whole or in part to shutter accounts, effectively locking people out of vast swathes of the global banking system.

Top security researcher Chris Vickery found a copy of the database sitting on an unsecured Couchbase-powered system online, and told The Register it is still exposed to the internet even after he disclosed its location to Thomson Reuters.

"As far as I know, the original location of the leak is still exposed to the public internet," Vickery says. "Thomson Reuters is working feverishly to get it secured."

Thomson Reuters says it will provide citizens and organisations information about their designation on individual request. Alerts are not issued to known contacts of those affected when terrorist designations are assigned, however.

Publicly revealing the database beyond the aforementioned leak could be reckless: World-Check contains sensitive information on citizens regarding their alleged criminal histories and possible terrorist links.

Thomson Reuters urges banks and other customers use multiple sources alongside World-Check and requests that the secretive database not be cited in any public decision-making materials.

The organisation rejects accusations that World-Check is controversial or simply flat out wrong. However, inaccurate terror designations were revealed by the BBC's Radio 4 which gained 30 minutes of access to the database in August 2015 from a disgruntled customer.

That program revealed various British citizens who had their HSBC bank accounts closed in 2014 without the possibility of appeal, because what they claimed were incorrect records in World-Check identifying them as having terrorist links.

One of those was the account for the UK Finsbury Park Mosque which was described in a HSBC letter as having "fallen outside of HSBC's risk appetite". The mosque was in years past visited by Al Qaeda operatives, Beslan Siege members, and had convicted terrorist Abu Hamza al-Masrim as its imam in 1997.

Since that time the Mosque has been run by a group supported by the Metropolitan Police. Sources say HSBC closed on the mosque because it donated money to Palestine during the 2015 Israel-Gaza war.

At the same time HSBC shuttered the account of the Cordoba Foundation, a UK think tank which was designated by the United Arab Emirates as a terrorist organisation for its alleged links to the Muslim Brotherhood – a political opponent in the region.

HSBC shuttered the accounts of Foundation chief executive Anas Altikriti, including his three-decade old personal account, and that of his wife and two teenage children.

The BBC reported finding information in World-Check based on Wikipedia entries, biased blogs, and state-backed news agencies. Vice also gained access to the World-Check database in February. It found terrorist profiles including the Council on American-Islamic Relations executive director Nihad Awad, joined former US President George W. Bush in a post 9/11 press conference, and the organisation itself.

Former World Bank and Bank of England advisor Mohamed Iqbal Asaria awarded a Commander of the Order of the British Empire award in 2005 was also listed as a terrorist.

Vickery has reported recent large-scale breaches including information on 93 million Mexican voters in April. The records were exposed thanks to a configuration error in a MongoDB database.

He also earlier revealed the exposure of 13 million records of MacKeeper, Zeobit, and Kromtech, and some 1700 records of children from website uKnowKids. ®

Similar topics

Broader topics

Other stories you might like

  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading
  • Big Tech loves talking up privacy – while trying to kill privacy legislation
    Study claims Amazon, Apple, Google, Meta, Microsoft work to derail data rules

    Amazon, Apple, Google, Meta, and Microsoft often support privacy in public statements, but behind the scenes they've been working through some common organizations to weaken or kill privacy legislation in US states.

    That's according to a report this week from news non-profit The Markup, which said the corporations hire lobbyists from the same few groups and law firms to defang or drown state privacy bills.

    The report examined 31 states when state legislatures were considering privacy legislation and identified 445 lobbyists and lobbying firms working on behalf of Amazon, Apple, Google, Meta, and Microsoft, along with industry groups like TechNet and the State Privacy and Security Coalition.

    Continue reading
  • SEC probes Musk for not properly disclosing Twitter stake
    Meanwhile, social network's board rejects resignation of one its directors

    America's financial watchdog is investigating whether Elon Musk adequately disclosed his purchase of Twitter shares last month, just as his bid to take over the social media company hangs in the balance. 

    A letter [PDF] from the SEC addressed to the tech billionaire said he "[did] not appear" to have filed the proper form detailing his 9.2 percent stake in Twitter "required 10 days from the date of acquisition," and asked him to provide more information. Musk's shares made him one of Twitter's largest shareholders. The letter is dated April 4, and was shared this week by the regulator.

    Musk quickly moved to try and buy the whole company outright in a deal initially worth over $44 billion. Musk sold a chunk of his shares in Tesla worth $8.4 billion and bagged another $7.14 billion from investors to help finance the $21 billion he promised to put forward for the deal. The remaining $25.5 billion bill was secured via debt financing by Morgan Stanley, Bank of America, Barclays, and others. But the takeover is not going smoothly.

    Continue reading

Biting the hand that feeds IT © 1998–2022