Hacker claims $20K in dark web sales of leaked 'World-Check' terrorism watchlist

Reuters

Ever wonder if it's really a good idea for there to be “terrorism watch lists” created by for-profit businesses, with no accountability to the privacy rights of ordinary citizens like you and me?

The best-known of these, Thomson Reuters' “World-Check,” recently leaked to the so-called dark web. The database is compiled from public sources, and is sold by Thomson Reuters to vetted clients in government, intelligence agencies, banks, law firms, and the like.

The database tracks “heightened risk individuals and organizations," and hackers are now selling copies of the leaked edition online. One of these dark web sellers says he's sold copies to multiple buyers for a total Bitcoin sum that adds up to about $20,000 US dollars.

slide_2

The World-Check database made news a few weeks ago when a security researcher reported it was left exposed online.

“The database is being sold by two different vendors for 10 bitcoin (around $6,600) and 3.5 bitcoin (around $2,300),” reports Motherboard today. “At least one of the two listings appear to be legitimate,” they add.

A screengrab of the pilfered World-Check database offered by a dark web vendor known as “Bestbuy”

A screengrab of the pilfered World-Check database offered by a dark web vendor known as “Bestbuy”

From Motherboard:

World-Check has faced criticism, however. Journalists have discovered some entries labeled major charities, activists and mainstream religious institutions under “terrorism,” despite facing no related charges. VICE News previously found some of that information came from right-wing blogs, rather than reputable news sources.

Last month, security researcher Chris Vickery found a copy of the database dated 2014, containing more than 2.2 million records. At the time, Thomson Reuters said the “outdated” database “had been exposed by a third party,” whom later allegedly secured it with the help of the company.

Apparently, Vickery wasn’t the only one to find it.

A vendor known as “Bestbuy” shared a few sample entries of the database, which corresponded to the ones in a copy Motherboard previously obtained. Apparently, he simply stumbled upon it.

“I have a dedicated server. It scans and sucks everything it can,” Bestbuy said in an online chat. “That other guy made a post on reddit so I went to check. Found I already have it :D”