DHS Secret Terror Watchlist With Nearly 2 MILLION People On It Exposed Online With NO PASSWORD

Chris Menahan
InformationLiberation
Aug. 18, 2021

The Department of Homeland Security under Alejandro Mayorkas earlier this year revealed plans to declare their political opposition "suspected domestic extremists" and strip them of their rights by placing them on the No Fly List.

Every indicator suggests Mayorkas has followed through on those plans and has been rapidly expanding the regime's No Fly List and terror watchlist by adding dissidents such as America First talk show host Nick Fuentes to them.

According to a newly released report from security researcher Volodymyr Diachenko, DHS last month had their highly-secretive terror/no fly watchlist with nearly 2 million so-called "suspected terrorists" on it exposed on the open internet "without a password or any other authentication required to access it."

Despite DHS being immediately alerted to the astonishing act of incompetence by Diachenko, they took three weeks to take the exposed database down. That means the entire list could potentially be in the hands of our foreign adversaries' while American dissidents are being blocked from knowing whether they are on these lists and being forced to go through legal hell to fight to get off the lists in order to get their rights back.

Apparently, this is the TSC (Terrorist Screening Centre) dataset publicly exposed (tsc_id is the only clue), with 1.9M+ records. In any case, any thoughts as of where to responsibly report? pic.twitter.com/e31pSrHnoM
— Bob Diachenko (@MayhemDayOne) July 19, 2021

From Volodymyr Diachenko, "America's secret terrorist watchlist exposed on the web without a password: report":

On July 19, 2021 I discovered a terrorist watchlist containing 1.9 million records online without a password or any other authentication required to access it.

The watchlist came from the Terrorist Screening Center, a multi-agency group administered by the FBI. The TSC maintains the country's no-fly list, which is a subset of the larger watchlist. A typical record in the list contains a full name, citizenship, gender, date of birth, passport number, no-fly indicator, and more.

I immediately reported it to Department of Homeland Security officials, who acknowledged the incident and thanked me for my work. The DHS did not provide any further official comment, though.

Timeline of the exposure

On July 19, 2021, The exposed server was indexed by search engines Censys and ZoomEye. I discovered the exposed data on the same day and reported it to the DHS.

The exposed server was taken down about three weeks later, on August 9, 2021. It's not clear why it took so long, and I don't know for sure whether any unauthorized parties accessed it.

What data was exposed?

The exposed Elasticsearch cluster contained 1.9 million records. I do not know how much of the full TSC Watchlist it stored, but it seems plausible that the entire list was exposed.

Each record in the watchlist contained some or all of the following info:

- Full name
- TSC watchlist ID
- Citizenship
- Gender
- Date of birth
- Passport number
- Country of issuance
- No-fly indicator

The data also included a couple of categorical fields that I was unable to identify, including "tag," "nomination type," and "selectee indicator".

Notably, the database was found on a Bahrain IP address, not a US one.

Dangers of exposed data

The terrorist watchlist is made up of people who are suspected of terrorism but who have not necessarily been charged with any crime. In the wrong hands, this list could be used to oppress, harrass, or persecute people on the list and their families. It could cause any number of personal and professional problems for innocent people whose names are included in the list.

With all due respect Mr. Diachenko, DHS Secretary Mayorkas himself is already using the list to oppress, harass and persecute people.

While there may be some foreign terrorists on the list who deserve to be on there, Mayorkas has made it clear through his actions he is using the list as a tool for punishing the regime's political enemies.

There have been several reports of US authorities recruiting informants in exchange for keeping their names off of the no-fly list. Some past or present informants' identities could have been leaked.

About the TSC watchlist

The Terrorist Screening Center was set up by the US Federal Bureau of Investigation (FBI) in 2003. It shares information on suspected terrorists with the following US federal agencies:

- Department of State
- Department of Defense
- Transportation Security Authority (TSA)
- Customs and Border Protection (CBP)

... as well as some international partners.

The TSC maintains a watchlist of suspected terrorists. The notorious no-fly list is a subset of the TSC watchlist. The watchlist is supposed to be classified, with access only granted to "agencies and officials who are authorized to conduct terrorist screening in the course of their duties..."

Americans are being put on the No Fly List and being stripped of their right to fly with no due process.

Americans are also being put on the Terror Watchlist with no due process and being subject to various expanded surveillance measures and invasive screenings at airports.

Odds are it's no coincidence this list happened to be exposed right as Mayorkas appears to be expanding it for use as a "social credit score" system to punish the regime's political opposition. Just last week, the Atlantic published an article from a former Obama DHS official calling for all unvaccinated people to be added to the No Fly List.

DHS also just issued a bulletin claiming Americans opposed to corona lockdown measures are potential terrorists.

Mayorkas has big plans for these blacklists and he's clearly working behind the scenes to implement them!

Follow InformationLiberation on Twitter, Facebook, Gab, Minds, Parler and Telegram.