Thomson Reuters ‘working furiously’ to secure 2.2 million sensitive records. The terrorist database used by global banks and intelligence agencies World-Check has reportedly leaked online.
The mid-2014 version of the database contains some 2.2 million records and is used by 49 of the world’s 50 largest banks, along with 300 government and intelligence agencies.
The Thomson Reuters database is accused of falsely designating citizens and organisations as terrorists. Banks have used this data in whole or in part to shutter accounts, effectively locking people out of vast swathes of the global banking system.
Established security researcher Chris Vickery found the database and told The Register it is still exposed online after he disclosed its location to Thomson Reuters.
“As far as I know, the original location of the leak is still exposed to the public internet,” Vickery says. “Thomson Reuters is working feverishly to get it secured.”
Thomson Reuters says it will provide citizens and organisations information about their designation on individual request. Alerts are not issued to known contacts of those affected when terrorist designations are assigned, however.
A high profile public disclosure of the database beyond the original leak could be reckless: World-Check contains sensitive information on citizens regarding their alleged criminal histories and terrorist links.
Thomson Reuters requests that banks and other customers use multiple sources alongside World-Check and requests that the secretive database not be cited in any public decision-making materials.
The organisation rejects accusations that World-Check is a controversial service.
Inaccurate terror designations were first revealed by the BBC’s Radio 4 which gained 30 minutes of access to the database in August 2015 from a disgruntled customer.
That program revealed multiple British citizens who had their HSBC bank accounts closed in 2014 without the possibility of appeal, because what they claimed were incorrect records in World-Check identifying them as having terrorist links.
One of those was the account for the UK Finsbury Park Mosque which was described in a HSBC letter as having “fallen outside of HSBC’s risk appetite”. The mosque was in years past visited by Al Qaeda operatives, Beslan Siege members, and had convicted terrorist Abu Hamza al-Masrim as its imam in 1997.
Since that time the Mosque has been run by a group supported by the Metropolitan Police. Sources say HSBC closed on the mosque because it donated money to Palestine during the 2015 Israel-Gaza war.
At the same time HSBC shuttered the account of the Cordoba Foundation, a UK think tank which was designated by the United Arab Emirates as a terrorist organisation for its alleged links to the Muslim Brotherhood.
The dynamic Muslim Brotherhood movement is a political opponent in the region.
HSBC shuttered the accounts of foundation chief executive Anas Altikriti, including his three-decade old personal account, and that of his wife and two teenage children.
The BBC reported finding information in World-Check based on Wikipedia entries, bias blogs, and state-backed news agencies. Vice also gained access to the World-Check database in Feburary.
It found terrorist profiles including the Council on American-Islamic Relations executive director Nihad Awad, joined former US President George W. Bush in a post 9/11 press conference, and the organisation itself.
Former World Bank and Bank of England advisor Mohamed Iqbal Asaria awarded a Commander of the Order of the British Empire award in 2005 was also listed as a terrorist.
Vickery has reported recent large-scale breaches including information on 93 million Mexican voters in April. The records were exposed thanks to a configuration error in a MongoDB database.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.