Foreign threat actors can easily obtain sensitive information on US military members from data brokers, a Duke University study shows.
Data brokers can readily provide sensitive information about US military personnel to foreign threat actors, according to a recent Duke University study, the findings of which were released on Monday.
Information is gathered and aggregated by data brokers, who then either directly or through businesses that use the data, sell, licence, or distribute the information. Credit reporting organisations like Equifax and Experian, marketing corporations like Acxiom, and data analytics and risk assessment companies like Verisk are examples of data brokers. Mobile applications that gather and sell user data to third parties, frequently without the users’ knowledge or agreement, are another significant participant in this market.
Names, demographic information, political preferences, lifestyle details, home and email addresses, GPS location, financial status, and health information are just a few of the many types of information that data brokers gather and sell.
Threat actors may find this kind of information very helpful for a variety of purposes, such as blackmail, scams, reputational harm, profiling, and stalking. The disclosure of this information about military personnel may jeopardise national security.
The study carried out by Duke University researchers discovered that, in many cases, it is simple and affordable to obtain the information of military service members and veterans, with some brokers specifically advertising such data. However, some data brokers take precautions to ensure that this type of data does not fall into the wrong hands.
To acquire data on veterans and active military personnel, the Duke researchers got in touch with twelve US brokers. They discovered that brokers employ a variety of techniques to confirm the identities of their clients, and they pointed out that the US government has little control over these activities.
While some brokers declined to sell the data to an untrusted organisation, others appeared more concerned with maintaining the privacy of the transaction than the data itself.
When purchasing thousands of records, the researchers were able to obtain critical data for as little as $0.12 per record; for larger purchases, the cost can drop to $0.01 per individual.
The researchers attempted to buy data using a US domain and a .asia domain name that had been linked to a Singaporean IP address.
Even when the .asia domain was used, several brokers agreed to provide thousands of records, including data geofenced to strategic locations such as Washington DC, Fort Bragg in North Carolina, and Fort AP Hill and Quantico in Virginia.
In the past, information about American individuals and organisations has been sought after by foreign governments for espionage, election meddling, and other uses. They have a keen interest in the U.S. military in particular, and they may acquire this information through the data brokerage ecosystem by either legally obtaining it or by breaking into the databases of brokers or their clients, according to the researchers’ assessment.
The researchers proposed Congress to increase financing for regulatory bodies that have the authority to impose new regulations, and they suggested that lawmakers enact a comprehensive privacy law with strict limits on the data brokerage ecosystem.
Furthermore, an internal contractual data flow evaluation by the Defence Department would be beneficial in limiting the amount of sensitive military data that is made available to data brokers.
Leave a Reply