U.S. border agency says photos of travelers stolen in cyberattack

A “malicious cyberattack” on a U.S. Customs and Border Protection subcontractor compromised photographs of travelers going into and out of the country, along with license plates, the agency said Monday.

Customers and Border Protection has known about the attack since May 31. According to agency, a subcontractor transferred the images to its network “in violation of CBP policies and without CBP’s authorization or knowledge.”

The images include fewer than 100,000 people in vehicles entering and exiting the United States “through a few specific lanes at a single land border Port of Entry over a 1.5 month period,” according to a CBP spokesperson.

Officials claim that the stolen information hasn’t shown up on the internet or dark web. The Register found files from CBP contractor Perceptics, which makes license plate readers, on the dark web last month.

CBP hasn’t confirmed which of its contractors was attacked, so it’s not clear if the two incidents are connected.

The breach drew condemnation from privacy advocates, including the Electronic Frontier Foundation (EEF).

“EFF is disappointed by reports of the theft from CBP of photos of travelers’ faces and license plates,” said the organization’s senior staff attorney Adam Schwartz. “The inherent risk of such theft is among the reasons why the government should not be amassing this sensitive information in the first place.”

Initial reports reports were unclear about whether photos of travelers entering through airports were involved in the breach, but the CBP says passport and other travel document photos were not compromised, nor were images of airline passengers. When you arrive in the U.S. after an international flight, your stop at customs may include an agent snapping a photo of you. Using facial recognition technology, the agent can then match it with a “biometric template.” That template is a string of numbers representing, say, your passport photo.

“These templates are irreversible and cannot be reverse-engineered by anyone outside of CBP to reconstruct the photo,” according to the CBP.

Customers and Border Protection says it discards” photos of U.S. citizens and exempt aliens within 12 hours of verifying their identity. It can take 14 days to delete other travelers’ photographs. According to agency rules, airports and other partners aren’t allowed to keep any traveler photos they take for identification purposes.

The breach comes at a time when some airlines are planning on using facial recognition not just at customs but for flight check-in and baggage drop, The Washington Post reports.

There are some protections if your license plate information is stolen. While the Driver’s Privacy Protection Act makes it difficult to track down someone’s personal information just from a license plate, some privacy advocates have raised concerns about the amount of data automated plate readers suck up. 

The image quality will depend on whether vehicles at the border crossing had to stop and wait for long stretches due to lots of traffic, Dr. Jennifer King, director of privacy at Stanford’s Center for Internet and Society, told Digital Trends. As for how the images could be used, “It all depends on who stole it,” she said. Criminal hackers and foreign governments would have different motives and uses for the data.

“Having more data to feed into a facial recognition system is always useful, sadly, especially high-quality images taken for that purpose, to really try to focus on identifying people,” said King.

“We’re at the point where training data is hard to find, and getting good training data is invaluable in and of itself, even if it doesn’t ultimately lead to identification of individuals, for example, in the short term,” she added.

The CBP and federal authorities are investigating the breach and monitoring for the stolen information.

Update 6/11/2019: This story was updated to include new details about the amount and type of photographs stolen and to include remarks by Dr. Jennifer King. 


How iOS 13 will eventually make your iPhone the only ID you need

In Apple’s iOS 13, the stage is being set for it to become the main form of personal identification you carry, due to the company opening up its NFC feature beyond simply Apple Pay.

Forget Facebook: These are the 5 weirdest cryptocurrencies you can buy today

Though cryptocurrency may sound like a big and serious topic, a few of its implementations are actually fun. From Shiba Inus to feline coins and everything in between, we've rounded up the most eccentric digital coins.

Your smartphone knows all your secrets. Put it on lockdown with these tips

Having your smartphone hacked can feel like someone robbed your house. It's a massive invasion of privacy and a violation of your personal space. We've put together a checklist of precautions that will help you avoid this terrible fate.
Movies & TV

The best shows on Netflix right now (June 2019)

Looking for a new show to binge? Lucky for you, we've curated a list of the best shows on Netflix, whether you're a fan of outlandish anime, dramatic period pieces, or shows that leave you questioning what lies beyond.

YouTube could make big changes to children’s content amid federal investigation

YouTube is considering major changes to its recommendation algorithm amid an investigation by the Federal Trade Commission into how it handles videos aimed at children. The investigation is in its late stages, and is in response to…
Emerging Tech

This humanlike synthesized speech could be the future of audiobooks

You probably wouldn't want Siri or Alexa reading you an entire audiobook. A new startup called DeepZen has developed a text-to-speech A.I. that sounds impressively human. Check it out.

YouTube’s new HD music videos let you relive your youth in vivid detail

Relive your youth in vivid detail with YouTube's new HD music videos. The video sharing website will be converting your favorite, decades-old music videos from SD to HD and the first hundred of them are available to watch right now.

The ESPYs will include a Best Esports Moment category for the first time

For the first time, esports will be recognized alongside global sports at the 2019 ESPYs with as a new category. The Best Esports Moment category features SonicFox, Cloud9, Team Liquid, Astralis, Invictus, and Spitfire as nominees.

Facebook’s content moderators break their silence on terrifying work conditions

Content moderators for Facebook are overworked and overstressed to the point of unhealthy results. Last year, a moderator collapsed at his desk while on the clock and died of a heart attack. 

Ice Lake benchmarks show Intel isn’t done firing back at AMD

A leaked benchmark shows Intel's upcoming 10th-generation Ice Lake mobile chip outperforms AMD's Ryzen 5 3500U. These test metrics follow less than a month after Intel and AMD traded dueling keynotes touting their next lines of CPUs.

Loot boxes? EA vice president prefers you call them surprise mechanics

An Electronic Arts executive said that loot boxes are “surprise mechanics” like Kinder Eggs and that they are “quite ethical and quite fun.” Speaking before a U.K. parliament committee, the executive wouldn't even use the term "loot…

Hulu and Xbox Live are back online after going down for some users

Hulu and Xbox Live both went offline for some users on Wednesday. Users began to complain that the platforms were down beginning at 1:45 p.m. PST. Both services were actively working to fix the problem stopping users from connecting.

Here’s what’s happening if you see someone steering a Tesla while it’s in park

The just-launched Tesla Arcade brings all of its games into a single hub, and includes a new kart racer — Beach Buggy Racing 2 — that lets you play using the vehicle’s steering wheel.

Microsoft teams up with Kano to create a DIY Windows 10 PC for kids

Microsoft and Kano have unveiled a build-it-yourself Windows 10 PC aimed at making computing fun for kids. The Kano PC features an 11.6-inch touchscreen and attachable keyboard, and comes bundled with a range of software.