This article is more than 1 year old

US authorities release asylum seekers after leaking their data online

Also: US terrorist no-fly list found left on unsecured server, Russian dark web drug markets go to war

In brief Nearly 3,000 immigrants seeking asylum in the United States have been released from custody after Immigration and Customs Enforcement (ICE) officials inadvertently published their personal information online.

Records including names, birth dates, nationalities and detention locations of 6,252 immigrants were posted to an area of ICE's website normally used to report detention statistics last November. Further complicating the issues is the nature of the list - the people on it all said they came to the US fleeing torture and persecution and therefore sought asylum.

The records, which remained on ICE's website for approximately five hours, could expose refugees and their families to danger of retaliation if discovered by their persecutors.

ICE said it took action to remedy the situation as soon as it was informed, and that the posting was unintentional.

Now, the Los Angeles Times reports that ICE has promised not to deport anyone affected by the breach until they have an opportunity to raise the issue in immigration court. Immigration officials said they would also allow some immigrants affected by the incident to seek asylum even if they wouldn't have been eligible otherwise, and won't block efforts to reopen cases of immigrants whose data was disclosed, either. 

So far around 2,900 immigrants included in the leak have been released from custody, and an additional 2,200 are having their cases reviewed to see if they're also eligible to leave detention.

Unfortunately, ICE said more than 100 immigrants whose data was exposed had already been deported by the time the incident was discovered, and a second small group of fewer than 10 people were deported after the leak was discovered but before the immigrants were notified.

ICE said it's working to reach affected deportees to offer a return trip to the US and a chance to reapply for asylum.

Heidi Altman, director of policy at the National Immigrant Justice Center, told the LA Times that ICE's breach may have been an accident, but it still put lives at risk. 

"The commitments ICE has made to those impacted will go a significant way toward mitigating the harm done, but only if ICE is diligent and transparent in making good on its promises," Altman said.

California immigration lawyer Curtis Morrision said Friday on Twitter that his law firm has filed a lawsuit to stop future deportation of affected immigrants for a full re-adjudication of their asylum cases.

Morrison says that ICE's actions haven't been sufficient to mitigate the harms of the breach. 

US terrorist no-fly list found unsecured on airline server

US regional airline CommuteAir left an unsecured server facing the public internet, a security researcher discovered, and the machine didn't just expose PII belonging to 900 employees – it also hosted a 2019 copy of the US government's no-fly list with more than 1.5 million entries.

Anyone who knew where to look on the 'net could have found and downloaded the info from the airline's vulnerable box.

Swiss security researcher maia arson crimew made the find, and told Daily Dot that while there are a lot of duplicate entries, alias and variant spellings on the list, it's still quite large. 

The FBI maintains the no-fly database, which is a select subset of its larger terrorist watch list that singles out people who aren't allowed to board an airplane within or bound for the US. Reportedly included in the database crimew found were individuals from countries around the world, including eight year-old. 

Employee records found on the server included passport numbers, addresses and phone numbers, and credentials for more than 40 Amazon S3 buckets and other CommuteAir servers were also discovered on the exposed system. 

CommuteAir admitted to the goof, verified that the no-fly list crimew discovered was legitimate, and that no customer information was exposed. The server was taken offline prior to the news being reported.

Russian dark web drug market hacks, takes over, competitor

Another Russian dark web drug market has gone offline, and this time it's not a government seizure - it's another Russian dark web drug market making the grab.

Solaris - no relation to the OS or cryptocurrency - was taken offline on Friday, January 13th by the hackers behind Kraken - no relation to the crypto-trading market -  blockchain analysts at Elliptic have determined

Believed to have commanded as much as $150 million (£121m) and between 20 percent and a quarter of the illicit online drug trade, Solaris now redirects those who visit its TOR site to Kraken, which has taken credit for the attack it said was possible due to "poor operational security by Solaris admins."  

Kraken said it had also disabled Solaris' Bitcoin wallets, which Elliptic said it has confirmed with its own blockchain analysis. "No activity has been tracked in Solaris-affiliated Bitcoin addresses since January 13th," Elliptic said.

Much of the online warfare between drug sellers has been a result of the seizure of the Hydra market in early 2022, Elliptic said. "numerous rival Russian-speaking markets have been competing for its customers and vendors," Elliptic said, noting that Solaris was one of the largest.

Both exchanges are affiliated with pro-Kremlin hacking groups, Solaris being associated with Killnet, which has been largely silent regarding the takeover. Frankly, Killnet has more important things to do - like bragging of its November hack of the IRS. ®

More about


Send us news

Other stories you might like