Skip to main content
https://www.highperformancecpmgate.com/rgeesizw1?key=a9d7b2ab045c91688419e8e18a006621

Dow Jones’ watchlist of 2.4 million high-risk individuals has leaked

A watchlist of risky individuals and corporate entities owned by Dow Jones has been exposed, after a company with access to the database left it on a server without a password.

Bob Diachenko, an independent security researcher, found the Amazon Web Services-hosted Elasticsearch database exposing more than 2.4 million records of individuals or business entities.

The data, since secured, is the financial giant’s Watchlist database, which companies use as part of their risk and compliance efforts. Other financial companies, like Thomson Reuters, have their own databases of high-risk clients, politically exposed persons and terrorists — but have also been exposed over the years through separate security lapses.

A 2010-dated brochure billed the Dow Jones Watchlist as allowing customers to “easily and accurately identify high-risk clients with detailed, up-to-date profiles” on any individual or company in the database. At the time, the database had 650,000 entries, the brochure said.

That includes current and former politicians, individuals or companies under sanctions or convicted of high-profile financial crimes such as fraud, or anyone with links to terrorism. Many of those on the list include “special interest persons,” according to the records in the exposed database seen by TechCrunch.

Diachenko, who wrote up his findings, said the database was “indexed, tagged and searchable.”

From a 2010-dated brochure of Dow Jones’ Watchlist, which at the time had 650,000 names of individuals and entities. The exposed database had 2.4 million records. (Screenshot: TechCrunch)

Many financial institutions and government agencies use the database to approve or deny financing, or even in the shuttering of bank accounts, the BBC previously reported. Others have reported that it can take little or weak evidence to land someone on the watchlists.

The data is all collected from public sources, such as news articles and government filings. Many of the individual records were sourced from Dow Jones’ Factiva news archive, which ingests data from many news sources — including the Dow Jones-owned The Wall Street Journal.

But the very existence of a name, or the reason why a name exists in the database, is proprietary and closely guarded.

The records we saw vary wildly, but can include names, addresses, cities and their location, whether they are deceased or not and, in some cases, photographs. Diachenko also found dates of birth and genders. Each profile had extensive notes collected from Factiva and other sources.

One name found at random was Badruddin Haqqani, a commander in the Haqqani guerilla insurgent network in Afghanistan affiliated with the Taliban. In 2012, the U.S. Treasury imposed sanctions on Haqqani and others for their involvement in financing terrorism. He was killed in a U.S. drone strike in Pakistan months later.

The database record on Haqqani, who was categorized under “sanctions list” and terror,” included (and condensed for clarity):

DOW JONES NOTES:
Killed in Pakistan's North Waziristan tribal area on 21-Aug-2012.

OFFICE OF FOREIGN ASSETS CONTROL (OFAC) NOTES:

Eye Color Brown; Hair Color Brown; Individual's Primary Language Pashto; Operational Commander of the Haqqani Network

EU NOTES:

Additional information from the narrative summary of reasons for listing provided by the Sanctions Committee:

Badruddin Haqqani is the operational commander for the Haqqani Network, a Taliban-affiliated group of militants that operates from North Waziristan Agency in the Federally Administered Tribal Areas of Pakistan. The Haqqani Network has been at the forefront of insurgent activity in Afghanistan, responsible for many high-profile attacks. The Haqqani Network's leadership consists of the three eldest sons of its founder Jalaluddin Haqqani, who joined Mullah Mohammed Omar's Taliban regime in the mid-1990s. Badruddin is the son of Jalaluddin and brother to Nasiruddin Haqqani and Sirajuddin Haqqani, as well as nephew of Khalil Ahmed Haqqani.

Badruddin helps lead Taliban associated insurgents and foreign fighters in attacks against targets in south- eastern Afghanistan. Badruddin sits on the Miram Shah shura of the Taliban, which has authority over Haqqani Network activities.

Badruddin is also believed to be in charge of kidnappings for the Haqqani Network. He has been responsible for the kidnapping of numerous Afghans and foreign nationals in the Afghanistan-Pakistan border region.

UN NOTES:

Other information: Operational commander of the Haqqani Network and member of the Taliban shura in Miram Shah. Has helped lead attacks against targets in southeastern Afghanistan. Son of Jalaluddin Haqqani (TI.H.40.01.). Brother of Sirajuddin Jallaloudine Haqqani (TI.H.144.07.) and Nasiruddin Haqqani (TI.H.146.10.). Nephew of Khalil Ahmed Haqqani (TI.H.150.11.). Reportedly deceased in late August 2012.

FEDERAL FINANCIAL MONITORING SERVICES NOTES:

Entities and individuals against whom there is evidence of involvement in terrorism.

Dow Jones spokesperson Sophie Bent said: “This dataset is part of our risk and compliance feed product, which is entirely derived from publicly available sources. At this time our review suggests this resulted from an authorized third party’s misconfiguration of an AWS server, and the data is no longer available.”

We asked Dow Jones specific questions, such as who the source of the data leak was and if the exposure would be reported to U.S. regulators and European data protection authorities, but the company would not comment on the record.

Two years ago, Dow Jones admitted a similar cloud storage misconfiguration exposed the names and contact information of 2.2 million customers, including subscribers of The Wall Street Journal. The company described the event as an “error.”

Comments

Popular posts from this blog

Uber co-founder Garrett Camp steps back from board director role

Uber co-founder Garrett Camp is relinquishing his role as a board director and switching to board observer — where he says he’ll focus on product strategy for the ride hailing giant. Camp made the announcement in a short Medium post in which he writes of his decade at Uber: “I’ve learned a lot, and realized that I’m most helpful when focused on product strategy & design, and this is where I’d like to focus going forward.” “I will continue to work with Dara [Khosrowshahi, Uber CEO] and the product and technology leadership teams to brainstorm new ideas, iterate on plans and designs, and continue to innovate at scale,” he adds. “We have a strong and diverse team in place, and I’m confident everyone will navigate well during these turbulent times.” The Canadian billionaire entrepreneur signs off by saying he’s looking forward to helping Uber “brainstorm the next big idea”. Camp hasn’t been short of ideas over his career in tech. He’s the co-founder of the web 2.0 recommendatio...

Drone crash near kids leads Swiss Post and Matternet to suspend autonomous deliveries

A serious crash by a delivery drone in Switzerland have grounded the fleet and put a partnership on ice. Within a stone’s throw of a school, the incident raised grim possibilities for the possibilities of catastrophic failure of payload-bearing autonomous aerial vehicles. The drones were operated by Matternet as part of a partnership with the Swiss Post (i.e. the postal service), which was using the craft to dispatch lab samples from one medical center for priority cases. As far as potential applications of drone delivery, it’s a home run — but twice now the craft have crashed, first with a soft landing and the second time a very hard one. The first incident, in January, was the result of a GPS hardware error; the drone entered a planned failback state and deployed its emergency parachute, falling slowly to the ground. Measures were taken to improve the GPS systems. The second failure in May, however, led to the drone attempting to deploy its parachute again, only to sever the line...

How the world’s largest cannabis dispensary avoids social media restrictions

Planet 13 is the world’s largest cannabis dispensary. Located in Las Vegas, blocks off the Strip, the facility is the size of a small Walmart. By design, it’s hard to miss. Planet 13 is upending the dispensary model. It’s big, loud and visitors are encouraged to photograph everything. As part of the cannabis industry, Planet 13 is heavily restricted on the type of content it can publish on Instagram, Facebook and other social media platforms. It’s not allowed to post pictures of buds or vapes on some sites. It can’t talk about pricing or product selection on others.   View this post on Instagram   A post shared by Morgan Celeste SF Blogger (@bayareabeautyblogger) on Jan 25, 2020 at 7:54pm PST Instead, Planet 13 encourages its thousands of visitors to take photos and videos. Starting with the entrance, the facility is full of surprises tailored for the ‘gram. As a business, Planet 13’s social media content is heavily restricted a...