Crossmatch. The biggest breach in privacy sensitive data EVER.

in #deepdives6 years ago (edited)


Source: Duckduckgo image search

Crossmatch. The biggest breach in privacy sensitive data EVER.

The company Crossmatch started as a CIA funded corporation. And it now has 'partners', in almost every country of the planet. Crossmatch does not only provide tools to match Biometric data such as fingerprints, face scans, hand palm scans and dual Iris scans, but they also crossmatch about other data that can be matched.
Medical data, financial data, you name it they will find a way to match it. This article mainly looks at the Biometrics aspect, yet you can do your own research on how this also can apply to your medical and financial data.

Crossmatch has partners all over the planet. In Germany for instance, there is MTRIX.de
There is also Speed-biometrics.de, it's not sure if they are actual Crossmatch partners, yet they will be a target as well, one way or another.

Unique Identification Authority of India (UIDAI), is another Crossmatch partner. More on this one will be covered in a separate section below.

Crossmatch has partners all over the world, Airports, governments, everyone who processes passports, or just has to deal with large groups of people, like sports events or concerts, could be a potential partner.

Now lets have a look at the marketing pitches. The marketing for Crossmatch in general.

The marketing for their DigitalPersona software.

Now you have a bit of an idea how they work. Their targets, their market and the scale of it.

Now there can be a lot of good done also, but the problem lies on the dark side of the coin. And if the big money and the big data focus on the dark side of things, that creates all kinds of creepy situations.

The Deep Dive into Wikileaks.

First hits on Crossmatch offer interesting documents about a software package that goes by the name of Expresslane 3.1.1

One of the early documents that show the outlines of the software.
https://wikileaks.org/vault7/document/ExpressLane-3_1_1-Requirement-Statement/

The final version that goes into deep detail.
https://wikileaks.org/vault7/document/ExpressLane-3_1_1-TPP-FINAL/

What is ExpressLane 3.1.1?
https://wikileaks.org/vault7/#ExpressLane

Summarised ExpressLane 3.1.1 is a USB stick with a large hidden partition and a trojan that looks and feels like an update for something Crossmatch related that runs on Panasonic Toughbook that has Windows XP SP2 installed. (all of this was 2009)
Then when the USB stick is inserted the the update installer named MOBS_Upgrade.exe, can be launched from an official looking splashscreen and within a minute the 'updater' starts to collect *.eft, *.ldf and *.mdf files from the location C:\Program Files\Cross Match
Technologies\Configurations\Validation Files that will be copied to the covert partition on the USB stick. And all of this can be preconfigured, for instance how long the 'update install process' should take. https://wikileaks.org/vault7/document/ExpressLane-3_1_1-TPP-FINAL/page-4/#pagination

If at this point the supervisor takes the USB stick back to whoever supplied it, nobody knows that the data was even copied.

And all of this was done while avoiding detection by McAfee, Norton Internet Security and Kaspersky.
And it becomes clear why those companies are such great fans of governments that break the very security they are providing. The government keeps them in business while using taxpayers money. So in fact you pay twice, both for the brake and for the fixes, over and over again.

As a sidenote: If you now still trust ANY installer or ANY updater of WHATEVER closed source software you run on Windows then you are very brave!


Now that we know how this works, lets dive deeper.

Who is buying Biometric Systems?

Biometric system request from U.S Yemen embassy: Response_to_Biometrics_OMC-123-14

Now that is 2014, so that should have required a lot of updates. Yet there seems not much more information available than this.

Some more infomation on the people in this document can be found here
Ahmed Ali Al-Ashwal
Randolph E. Rosin
Bryan_ Sparkman

These people also turn up in the Yemen files section of wikileaks, that also links to crossmatch.
Yemen Files

Biometric data from Aadhaar.

As mentioned before, Aadhaar the world’s largest Biometric ID program of [Unique Identification Authority of India (UIDAI)] (https://uidai.gov.in/) is also a Crossmatch Partner
Wikileaks 24 Aug 2017

Also on 24 Aug 2017, a nine-judge bench of the Supreme Court ruled that the right to privacy was indeed a fundamental right.

And 26 Aug 2017 Wikileaks hints at Aadhaar data access by the CIA.


Source: Reuters


Source: firstpost

Another interesting fact, is that Crossmatch is "the company that hit the headlines in 2011 when it was reported that the US military used a Cross Match product to identify Osama bin Laden during the assassination operation in Pakistan".

Our fundamental human rights are abused by the very people who should be protecting them. And they are doing this, while using the tax money provided by the people who’s privacy is being abused.
That's a double whammy of the evil kind.

And they know it!


Source: twitter (from the crossmatch account itself)

Note that this is a real Crossmatch marketing image, not a MEME.
These snakes are well aware of their evil nature.


sources:

http://www.duckduckgo.com
https://www.youtube.com
https://www.twitter.com


https://www.crossmatch.com
https://twitter.com/crossmatchtech
https://www.mtrix.de/portfolio/crossmatch/
https://www.speed-biometrics.de



Wikileaks specific sources:

https://wikileaks.org/vault7/document/ExpressLane-3_1_1-Requirement-Statement/
https://wikileaks.org/vault7/document/ExpressLane-3_1_1-TPP-FINAL


https://our.wikileaks.org/Ahmed_Ali_Al-Ashwal
https://our.wikileaks.org/Randolph_E._Rosin
https://our.wikileaks.org/Bryan_Sparkman


https://wikileaks.org/yemen-files/document/2014-OMC


Sort:  

Superb post bro, glad to see you evolve so much, massive big up to you.

Thanks @deliberator! It's a hell of a task to create. This gave me a new level of appreciation for Wikileaks. As mainstream journalism in general fails to deliver the real value. The world needs wikileaks.

If you do "tor" you can meet the crew.

every so often i enter the clearweb trough the tunnel that gives me back some privacy. That tunnel should be standard issue

Great investigative work here @bifilarcoil. Congrats, good luck and welcome to the Deep Dives rabbit hole!

Excellent work @bifilarcoli! A great find no doubt and a fascinating post on the history of CrossMatch. We really appreciate your contribution and for taking the time to put this together!

Thanks! There is much more to worry about with CrossMatch.
It is dirty how this works, They sell 'secure' software (this comes with a HUGE price tag) and then the "Security Agencies" use tax payers money to BREAK the expensive 'security' with even more expensive hack tools. And BOTH get payed from taxpayers money, to undermine the privacy of the taxpayers. So we all pay for our own feardom. (thats not a typo)

Curated for #informationwar (by @wakeupnd)

  • Our purpose is to encourage posts discussing Information War, Propaganda, Disinformation and other false narratives. We currently have over 7,500 Steem Power and 20+ people following the curation trail to support our mission.

  • Join our discord and chat with 200+ fellow Informationwar Activists.

  • Connect with fellow Informationwar writers in our Roll Call! InformationWar - Contributing Writers/Supporters: Roll Call Pt 8

Ways you can help the @informationwar

  • Upvote this comment.
  • Delegate Steem Power. 25 SP 50 SP 100 SP
  • Join the curation trail here.
  • Tutorials on all ways to support us and useful resources here

Coin Marketplace

STEEM 0.35
TRX 0.12
JST 0.040
BTC 71288.26
ETH 3580.30
USDT 1.00
SBD 4.77