Updated The names and home addresses of 111,000 British firearm owners have been dumped online as a Google Earth-compatible CSV file that pinpoints domestic homes as likely firearm storage locations – a worst-case scenario for victims of the breach.
As an exercise in amplifying a data theft to levels that endanger public safety, the latest evolution of the Guntrader database break-in is likely to become an infosec case study in how security breaches can become worse over time as stolen information is put to ever more intrusive uses.
Leaked online last week via an animal rights activist's blog, the stolen reformatted Guntrader database was explicitly advertised as being importable into Google Earth so randomers could "contact as many [owners] as you can in your area and ask them if they are involved in shooting animals."
Names, home addresses, postcodes, phone numbers, email addresses and IP addresses are included in the Google Drive-hosted CSV file – along with precise geographic coordinates for a large number of the 111,295 people listed in the breach.
The file was linked to from the activist's blog, a clearnet site hosted in Iceland, and presents a severe risk not only to British firearm and shotgun certificate holders but also anyone who moved house to one of the addresses mentioned in the leak of the stolen database, which contains data up to five years old.
The 111,000 location entries from the Guntrader DB break-in plotted on Google Earth. Click to enlarge
Firearms are attractive to criminals. Targeted robberies and burglaries to steal them, while unusual, are certainly not unknown. Police have previously issued warnings to the licensed firearms community emphasising personal safety after a spate of robberies targeting licensed firearms owners outside their homes and at rifle ranges; the Guntrader breach could lead to a spate of such crimes.
British policy on firearms ownership is that domestic homes that may contain a handful of firearms or shotguns are less likely to be targeted than the alternative of central armouries presenting a high-value target. Security measures are proportionately ramped up depending on the number and type of guns – but all firearms security begins with obscurity. This breach takes away that obscurity for about 20 per cent of the registered owners across the country.
Down to physical security now
One worried shooter who spoke to The Register said that while his details were in the stolen data, the geolocation information pointed to his parents' home and not his own. A registered firearms dealer who initially scoffed at being included "because I don't have signs outside" could be traced down to his warehouse's industrial estate; Googling his name revealed the precise unit number.
- Misconfigured Azure Blob at Raven Hengelsport exposed records of 246,000 anglers – and took months to tackle, claim infosec researchers
- Tech biz must tell us about more security breaches, says UK.gov as it ponders lowering report thresholds
- Hole blasted in Guntrader: UK firearms sales website's CRM database breached, 111,000 users' info spilled online
- IT management biz Kaseya's VSA abused to infect businesses with ransomware
- Hard cheese: Stilton snap shared via EncroChat leads to drug dealer's downfall
While some in the licensed firearms community who spoke to The Register expressed the hope that this latest development might go unnoticed, the horse bolted from that stable in July. Criminals plotting the Guntrader location data on a map was only a matter of time.
Guntrader has not explained why it was collecting location coordinates down to six decimal places. We have asked the company for comment. A number of law firms appear to be touting for business off the back of the data leak, though it seems unlikely any of those cases will progress into a representative action in the High Court. There is also the possibility that it goes the way of the latest attempt to sue Dixons Carphone over its 2018 data leak once it gets there.
It appears likely that the latest version of the Guntrader database break-in may be covered by section 58 of the Terrorism Act 2000, which makes it a crime to collate "information of a kind likely to be useful to a person committing or preparing an act of terrorism." Breaching section 58 is punishable with 15 years in prison. The South West Regional Cyber Crime Unit as well as the National Crime Agency are both said to be investigating.
The Countryside Alliance had not responded to a request for comment at the time of publication.
The Information Commissioner's Office told us: "We are aware of a potential change in the Guntrader Ltd incident and we will be making enquiries." ®
Updated to add
The British Association for Shooting and Conservation has been in touch to say: "BASC is concerned about this latest development. We have flagged those concerns to the National Crime Agency. In the meantime, we advise the shooting community to maintain vigilance around security and report any concerns to the police."
Google also told us it has removed the CSV file from Google Drive that was linked to from the activist's blog.
A National Crime Agency spokesman said: "The NCA is aware that information has been published online as a result of a recent data breach which impacted Guntrader. We are working closely with the South West Regional Cyber Crime Unit, who are leading the criminal investigation, to support the organisation and manage any risk."