Since withdrawing chaotically from Afghanistan in August of 2021, not only has the Biden administration not been able to account for a billion dollars worth of aid that was given to the country after the US ceded control to the Taliban but now abandoned US military equipment is cropping up on eBay along with the biometric data it once collected.
Over the past year, a German security researcher Matthias Marx and a European hacker association, Chaos Computer Lab, have purchased six SEEK II (Secure Electronic Enrollment Kit) on eBay. The devices being found on eBay were used as part of the Pentagon's biometric collection effort post 9/11 and contain a thumbprint reader, an iris scanner, and a camera.
The SEEK II was primarily used to gather biometric data at detainment facilities, during the screening of local hires, on patrol, and after the detonation of an IED. There were concerns at the time that Taliban agents had infiltrated bases due to a series of shootings in which American forces were fired upon by Afghan soldiers and police.
When the German security researcher Matthias Marx stumbled upon a SEEK II on eBay listed for $149.95, he successfully bid $68 and was stunned to discover when it arrived at his home that in addition to the equipment, the device's memory card had the biometric data, names, nationalities, and photographs of 2,632 people.
While most of the people on the memory card were Afghans or Iraqis who were either known terrorists or on wanted lists, more concerning were people who had worked with the US or had been stopped at checkpoints. The device had last been used near Kandahar, Afghanistan, in 2012.
Upon learning that a SEEK II with biometric data had been successfully purchased on eBay, Department of Defense spokesman Brig. Gen. Patrick S. Ryer said, "Because we have not reviewed the information contained on the devices, the department is not able to confirm the authenticity of the alleged data or otherwise comment on it." Ryer added, "The department requests that any devices thought to contain personally identifiable information be returned for further analysis."
Marx, the researcher who purchased the device was troubled by the US government's response saying, "It was disturbing that they didn't even try to protect the data. They didn't care about the risk, or they ignored the risk."
Stewart Baker, who is a lawyer in DC and a former national security official, noted that the data collected on the devices needed to be maintained securely and added that the data breach would "make a lot of people who helped the U.S. and are still in Afghanistan really uncomfortable." Stressing the severity of the risk the left behind data could cause, Stewart added, "This should not have happened. It is a disaster for the people whose data is exposed. In the worst cases, the consequences could be fatal."