Exclusive
Status: 27.12.2022 06:00 a.m
They are a greater danger than previously known: biometric data collected by the US military and German armed forces in Afghanistan. The discovery made by a German IT expert shows how easily the Taliban can gain access to them.
Shortly after Western troops withdrew from Afghanistan, international media and organizations reported that the Taliban could use biometric devices that had been left behind. The fear: They could use it to identify people they see as their enemies. So far, there has been no evidence that this is really possible. research of Bavarian Radio now confirm that the devices pose a real threat. This is shown by a technical analysis by IT experts from the Chaos Computer Club (CCC). The New York Times also reports on the case.
There is no real password protection
The security researchers around the Hamburg computer scientist Matthias Marx examined several of the biometric devices technically and found out: data stored on the devices is not protected against access by encryption and the password protection can easily be circumvented. How exactly is described in the enclosed instructions. “The Taliban could use these devices immediately,” said CCC spokesman Marx BR-Interview. “There is practically no hurdle”.
Marx also found a database with biometric data of more than 2,600 people on one of the devices. These include biometric facial images, fingerprints and scans of the eyes, which can be used to uniquely identify people. Some of the data appears to be wanted terrorists on a US Department of Defense watch list, including a member of the “Sauerland Group” and a person wanted in connection with the September 11, 2001 attacks.
Other data was probably recorded in use with the device itself, for example at US military checkpoints in Iraq and Afghanistan. According to GPS coordinates on the device, it was deployed in the southern Afghan province of Zabul in 2012.
Data betray people as helpers of the West
In addition to biometric data and names, the devices also contain information about height, weight, dates of birth and much more. Particularly explosive: Some of the people in the data are clearly identified as former members of the police and military. Others had access to western military bases. “With such data, the Taliban could very easily understand whether certain people worked for the military,” says IT expert Marx.
Marx bought the tested devices on the eBay auction platform. They were offered by dealers specializing in the sale of old US military stock. The find suggests that data is also on many of the devices left behind in Afghanistan.
Human Rights Watch: US government must help those at risk
The human rights organization Human Rights Watch (HRW) reported earlier this year that the Taliban could use the biometric devices. “Now it is clear that these devices were absolutely unsafe and unsuitable for use in Afghanistan,” says Belkis Wille, crisis and conflict researcher at HRW, about the new findings. In view of the security situation in the country, it was “extremely reckless” to use such devices there. She calls on the US government to act immediately. People at risk should be given the opportunity to leave the country and apply for asylum.
It is unclear how many of the devices were in use in Afghanistan and how many of them fell into the hands of the Taliban. A 2012 report by the US Court of Auditors speaks of 7,000 biometric devices in use in Afghanistan. At the request of BR the US Department of Defense states that 1,200 devices have been handed over to the Afghan military. Originally, the devices were also able to connect to biometric databases in the United States. This connection is now no longer possible.
Possibly also German data on devices
Bundeswehr soldiers in Afghanistan also used such devices to collect biometric data. To this end, the US and German defense ministries signed a cooperation agreement in 2011 that was originally secret and was published by Wikileaks. The agreement states that the data collected by German soldiers should be clearly marked as “German”, stored in a “secure technical environment” and deleted after the end of the Afghanistan mission.
The database that Marx found contains an entry that could have come from the Bundeswehr. The entry has the abbreviation “GER”. The Federal Ministry of Defense informed that BR with, there would be no information on the facts. Devices used by the Bundeswehr were returned to the NATO mission command at the end of the mission.
Opposition politician Bünger: “Huge scandal”
Clara Bünger, member of the Bundestag for the Left Party and member of the Afghanistan investigative committee, speaks at the BR-Interview of a “huge scandal”. “If devices with personal data of people in Afghanistan actually get into the hands of the Taliban, then that is a great danger for the people.” The federal government and the armed forces have a duty of care: “Anyone who collects and stores such data must also ensure that it does not fall into the wrong hands.” The federal government must provide answers about what happened to the data.
The development policy spokesman for the FDP parliamentary group, Till Mansmann, speaks of a “serious process”. This should be worked on as soon as possible. For missions in which states exchange data, Germany must make very high demands on cooperation and must not enter into careless cooperation. Data protection standards that apply in Germany should also apply to assignments by German authorities abroad. “Perhaps even more so, because it’s also about the safety of the people who work with us and who are much more threatened there in these countries than is the case in Germany.”
The Federal Ministry of Defense refers to BR-Request that there is no evidence that data collected by Germans was not deleted by the USA. It is not known how many people in Afghanistan were biometrically recorded by the Bundeswehr.
This also reports on the subject ARD radio feature in the ARD audio librarythe ARD radio waves and the Tagesschau at 12 noon