Dow Jones watchlist of 2.4m high-risk individuals has leaked

Moderators: Elvis, DrVolin, Jeff

Dow Jones watchlist of 2.4m high-risk individuals has leaked

Postby seemslikeadream » Wed Feb 27, 2019 9:32 pm

Dow Jones’ watchlist of 2.4 million high-risk individuals has leaked
Zack Whittaker@zackwhittaker / 7 hours ago
Comment
watchlist
A watchlist of risky individuals and corporate entities owned by Dow Jones has been exposed, after a company with access to the database left it on a server without a password.

Bob Diachenko, an independent security researcher, found the Amazon Web Services-hosted Elasticsearch database exposing more than 2.4 million records of individuals or business entities.

The data, since secured, is the financial giant’s Watchlist database, which companies use as part of their risk and compliance efforts. Other financial companies, like Thomson Reuters, have their own databases of high-risk clients, politically exposed persons and terrorists — but have also been exposed over the years through separate security lapses.

A 2010-dated brochure billed the Dow Jones Watchlist as allowing customers to “easily and accurately identify high-risk clients with detailed, up-to-date profiles” on any individual or company in the database. At the time, the database had 650,000 entries, the brochure said.

That includes current and former politicians, individuals or companies under sanctions or convicted of high-profile financial crimes such as fraud, or anyone with links to terrorism. Many of those on the list include “special interest persons,” according to the records in the exposed database seen by TechCrunch.

Diachenko, who wrote up his findings, said the database was “indexed, tagged and searchable.”


From a 2010-dated brochure of Dow Jones’ Watchlist, which at the time had 650,000 names of individuals and entities. The exposed database had 2.4 million records. (Screenshot: TechCrunch)


The data is all collected from public sources, such as news articles and government filings. Many of the individual records were sourced from Dow Jones’ Factiva news archive, which ingests data from many news sources — including the Dow Jones-owned The Wall Street Journal. But the very inclusion of a person or company’s name, or the reason why a name exists in the database, is proprietary and closely guarded.

Many financial institutions and government agencies use the database to approve or deny financing, or even in the shuttering of bank accounts, the BBC previously reported. Others have reported that it can take little or weak evidence to land someone on the watchlists.

The records we saw vary wildly, but can include names, addresses, cities and their location, whether they are deceased or not and, in some cases, photographs. Diachenko also found dates of birth and genders. Each profile had extensive notes collected from Factiva and other sources.

One name found at random was Badruddin Haqqani, a commander in the Haqqani guerilla insurgent network in Afghanistan affiliated with the Taliban. In 2012, the U.S. Treasury imposed sanctions on Haqqani and others for their involvement in financing terrorism. He was killed in a U.S. drone strike in Pakistan months later.

The database record on Haqqani, who was categorized under “sanctions list” and terror,” included (and condensed for clarity):
https://techcrunch.com/2019/02/27/dow-j ... list-leak/
Mazars and Deutsche Bank could have ended this nightmare before it started.
They could still get him out of office.
But instead, they want mass death.
Don’t forget that.
User avatar
seemslikeadream
 
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Dow Jones watchlist of 2.4m high-risk individuals has le

Postby Grizzly » Wed Feb 27, 2019 11:05 pm

Synchronicity that I just came across this...

Beacon Search Engine: A Google For the Dark Web
hxxps://www.technotification.com/2019/0 ... ngine.html

The Dark Web is still a mystery for many people. Most of the Internet users only know that this is a lawless online world where one can only find illegal materials, but this is not true in every aspect.

There are news organizations like the Pro Publica and NYTimes who maintains Onion sites on the dark web to distribute news that might otherwise be censored. It helps their readers to stay informed without compromising their privacy. But still, most of the dark web is full of illegal content, gambling, spreading wrong information, identity thefts, etc.

So, in order to shed some light on the dark web and use it for some meaningful work, the Echosec Systems Ltd. recently released a security tool called Beacon.


What is it?

According to the CEO of Echosec, Beacon is a search engine for the dark web. It’s simple and comes with some advanced search tools. The goal of Beacon is to make searching unindexed data in the dark web as easy as using a normal search engine. In simple words, Beacon is like Google for the dark web.

The company has already crawled and indexed tonnes of useful content. Then, they build a natural language query interface for non-hackers so that they can that information easily. As per the CTO of Echosec, users won’t need a proxy server or TOR browser to access these data anonymously.


The idea behind Beacon is that it can be used by a company to potentially head off — or at the very least mitigate — a potential disaster

said Echosec CTO Mike Raypold.


How Beacon is Useful?

Dark Web is full of unstructured illegal data like stolen corporate emails, passwords, company documents, private information, etc. The Beacon search engine will allow the companies to search and analyze the data available about their beloved company on Dark Web.

If they find any data that could damage the material and societal status of the company, the authorities can take immediate action to safeguard or at least warn the employees and clients about the discrepancy. After all, it’s always better to notify your customers before the news come from external sources.


Of course, Beacon can be misused. Even the Raypold knows that as Beacon search engine makes it easier for users to find secret and important data, it’s also possible to find ways to misuse this tool.https://www.technotification.com/2019/0 ... ngine.html

There’s no doubt in the fact that Beacon can help white-hat hackers and security enthusiasts to uncover sensitive information that they can’t find anywhere else, but the company has taken some steps to moderate the risk.


The CTO has explained that – every Echosec customer must go through a use-case approval process. This process will help in monitoring how he/she is using the Beacon and also assure that they are in compliance with the vendors from whom the data Is sourced. “No one can get access to the system without passing this use-case approval process” – said Raypold.

Secondly, the search engine is designed in a way that it will automatically notify the company if a user tries to perform searches violating his/her use case. In these cases, neither they can run the search nor they will receive the required data.

The company is also allowing vendors to describe their terms and conditions in detail. The Raypold said –

“some of the data vendors have asked us to prevent certain queries from being run, regardless of a customer’s use case.”

Basically, the ultimate plan is to sell Beacon to companies who are interested in knowing competitors’ secret, getting sensitive information, etc. Also, their safety policy might be looking good right now, but the Echosec team will have to follow it strictly.
“The more we do to you, the less you seem to believe we are doing it.”

― Joseph mengele
User avatar
Grizzly
 
Posts: 4722
Joined: Wed Oct 26, 2011 4:15 pm
Blog: View Blog (0)


Return to SLAD Newswire

Who is online

Users browsing this forum: No registered users and 2 guests