The hackers purchased a mobile device called the Secure Electronic Enrollment Kit or Seek II for investigative purposes. The US military made extensive use of such devices in Afghanistan and Iraq. This particular device was last used in Kandahar in 2012, according to metadata. The purchase, according to Matthias Marx, a member of the Chaos Computer Club, cost just $68.
On the device’s memory card, the hackers found the names, photographs, fingerprints and iris images of 2,632 Iraqis and Afghans stored in clear text. Some of them were known terrorists and wanted criminals. But in addition to this, the device’s memory also contained data from people who collaborated with the US military, such as translators or agents.
This is not the first Seek II bought by hackers from the Chaos Computer Club on Ebay. In total, they have already bought six devices, paying less than 200 euros each, and two of them contained biometric information. The second, according to The New York Times, was data from the US military. The publication contacted one of the Americans whose biometrics were found in the device’s memory, and he confirmed that he had previously served in the Marine Corps and that the data appears to really belong to him.
The New York Times points out that it’s not always possible to find out how US military equipment ends up on Ebay. Some of them, according to the sellers, were previously written off and sold at auctions for the sale of state property. However, the origin of other devices remains unclear.
