Americans and allies weren’t the only ones stranded in Afghanistan when the United States hastily withdrew from the country in 2021. Military weapons and equipment worth an estimated $7.12 billion were left behind, according to the Department of Defense. While some equipment was demilitarized prior to the withdrawal, not everything was decommissioned. Among the most concerning was the Taliban’s seizure of biometric devices that could put Afghans who helped coalition forces in danger.
Now, similar devices used in the U.S.’s 20-year war in the nation are turning up on eBay.
The shoebox-shaped device, designed to capture fingerprints and perform iris scans, was listed on eBay for $149.95. A German security researcher, Matthias Marx, successfully offered $68, and when it arrived at his home in Hamburg in August, the rugged, hand-held machine contained more than what was promised in the listing.
The device’s memory card held the names, nationalities, photographs, fingerprints and iris scans of 2,632 people.
Most people in the database, which was reviewed by The New York Times, were from Afghanistan and Iraq. Many were known terrorists and wanted individuals, but others appeared to be people who had worked with the U.S. government or simply been stopped at checkpoints. Metadata on the device, called a Secure Electronic Enrollment Kit, or SEEK II, revealed that it had last been used in the summer of 2012 near Kandahar, Afghanistan. […]
Exactly how the device ended up going from the battlefields in Asia to an online auction site is unclear. But the data, which offers detailed descriptions of individuals in addition to their photograph and biometric data, could be enough to target people who were previously unknown to have worked with U.S. military forces should the information fall into the wrong hands. […]
Of the six devices the researchers bought on eBay — four SEEKs and two HIIDEs, for Handheld Interagency Identity Detection Equipment — two of the SEEK II devices had sensitive data on them. The second SEEK II, with location metadata showing it was last used in Jordan in 2013, appeared to contain the fingerprints and iris scans of a small group of U.S. service members. (NYT)
Marx and researchers at Chaos Computer Club, Europe’s “largest association of hackers,” purchased six biometric devices over the past year on eBay in an effort to analyze them for vulnerabilities. According to the Times, they were driven by concern over the Taliban seizing equipment after the chaotic U.S. withdrawal.
“The irresponsible handling of this high-risk technology is unbelievable,” Marx told the Times. “It is incomprehensible to us that the manufacturer and former military users do not care that used devices with sensitive data are being hawked online.”
Welton Chang, a former Army intelligence officer and chief technology officer for Human Rights First, told The Intercept last August that data privacy likely did not factor into the military's decision to use the tools.
“Moving forward, the U.S. military and diplomatic apparatus should think carefully about whether to deploy these systems again in situations as tenuous as Afghanistan.”
