Dow Jones’ watchlist of 2.4 million high-risk individuals has leaked – TechSwitch

A watchlist of dangerous people and company entities owned by Dow Jones has been uncovered, after an organization with entry to the database left it on a server with no password.
Bob Diachenko, an unbiased safety researcher, discovered the Amazon Web Services-hosted Elasticsearch database exposing greater than 2.4 million data of people or enterprise entities.
The information, since secured, is the monetary big’s Watchlist database, which firms use as a part of their threat and compliance efforts. Other monetary firms, like Thomson Reuters, have their very own databases of high-risk purchasers, politically uncovered individuals and terrorists — however have additionally been uncovered through the years by way of separate safety lapses.
A 2010-dated brochure billed the Dow Jones Watchlist as permitting clients to “easily and accurately identify high-risk clients with detailed, up-to-date profiles” on any particular person or firm within the database. At the time, the database had 650,000 entries, the brochure mentioned.
That consists of present and former politicians, people or firms beneath sanctions or convicted of high-profile monetary crimes reminiscent of fraud, or anybody with hyperlinks to terrorism. Many of these on the record embody “special interest persons,” in keeping with the data within the uncovered database seen by TechSwitch.
Diachenko, who wrote up his findings, mentioned the database was “indexed, tagged and searchable.”
From a 2010-dated brochure of Dow Jones’ Watchlist, which on the time had 650,000 names of people and entities. The uncovered database had 2.4 million data. (Screenshot: TechSwitch)
The information is all collected from public sources, reminiscent of information articles and authorities filings. Many of the person data have been sourced from Dow Jones’ Factiva information archive, which ingests information from many information sources — together with the Dow Jones-owned The Wall Street Journal. But the very inclusion of an individual or firm’s title, or the explanation why a reputation exists within the database, is proprietary and intently guarded.
Many monetary establishments and authorities businesses use the database to approve or deny financing, and even within the shuttering of financial institution accounts, the BBC beforehand reported. Others have reported that it could possibly take little or weak proof to land somebody on the watchlists.
The data we noticed differ wildly, however can embody names, addresses, cities and their location, whether or not they’re deceased or not and, in some circumstances, pictures. Diachenko additionally discovered dates of delivery and genders. Each profile had intensive notes collected from Factiva and different sources.
One title discovered at random was Badruddin Haqqani, a commander within the Haqqani guerilla rebel community in Afghanistan affiliated with the Taliban. In 2012, the U.S. Treasury imposed sanctions on Haqqani and others for his or her involvement in financing terrorism. He was killed in a U.S. drone strike in Pakistan months later.
The database file on Haqqani, who was categorized beneath “sanctions list” and terror,” included (and condensed for readability):
DOW JONES NOTES:Killed in Pakistan’s North Waziristan tribal space on 21-Aug-2012.
OFFICE OF FOREIGN ASSETS CONTROL (OFAC) NOTES:
Eye Color Brown; Hair Color Brown; Individual’s Primary Language Pashto; Operational Commander of the Haqqani Network
EU NOTES:
Additional info from the narrative abstract of causes for itemizing supplied by the Sanctions Committee:
Badruddin Haqqani is the operational commander for the Haqqani Network, a Taliban-affiliated group of militants that operates from North Waziristan Agency within the Federally Administered Tribal Areas of Pakistan. The Haqqani Network has been on the forefront of rebel exercise in Afghanistan, answerable for many high-profile assaults. The Haqqani Network’s management consists of the three eldest sons of its founder Jalaluddin Haqqani, who joined Mullah Mohammed Omar’s Taliban regime within the mid-1990s. Badruddin is the son of Jalaluddin and brother to Nasiruddin Haqqani and Sirajuddin Haqqani, in addition to nephew of Khalil Ahmed Haqqani.
Badruddin helps lead Taliban related insurgents and overseas fighters in assaults in opposition to targets in south- jap Afghanistan. Badruddin sits on the Miram Shah shura of the Taliban, which has authority over Haqqani Network actions.
Badruddin can be believed to be answerable for kidnappings for the Haqqani Network. He has been answerable for the kidnapping of quite a few Afghans and overseas nationals within the Afghanistan-Pakistan border area.
UN NOTES:
Other info: Operational commander of the Haqqani Network and member of the Taliban shura in Miram Shah. Has helped lead assaults in opposition to targets in southeastern Afghanistan. Son of Jalaluddin Haqqani (TI.H.40.01.). Brother of Sirajuddin Jallaloudine Haqqani (TI.H.144.07.) and Nasiruddin Haqqani (TI.H.146.10.). Nephew of Khalil Ahmed Haqqani (TI.H.150.11.). Reportedly deceased in late August 2012.
FEDERAL FINANCIAL MONITORING SERVICES NOTES:
Entities and people in opposition to whom there’s proof of involvement in terrorism.
Dow Jones spokesperson Sophie Bent mentioned: “This dataset is part of our risk and compliance feed product, which is entirely derived from publicly available sources.” The spokepserson mentioned an “authorized third party” was responsible for the publicity, however didn’t title the alleged firm or present proof for the declare.
We requested Dow Jones particular questions, reminiscent of who the supply of the info leak was and if the publicity could be reported to U.S. regulators and European information safety authorities, however the firm wouldn’t touch upon the file.
Two years in the past, Dow Jones admitted the same cloud storage misconfiguration uncovered the names and speak to info of two.2 million clients, together with subscribers of The Wall Street Journal. The firm described the occasion as an “error.”
Got a tip? You can ship ideas securely over Signal and WhatsApp to +1 646-755–8849. You may ship PGP electronic mail with the fingerprint: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.