Many people rely on biometric data such as a digital fingerprint. However, these data are easy to steal. For Criminals and terrorists to significant opportunities for abuse.
By the end of 2017, in a spectacular Coup of the Turkish security forces. In kırşehir to the East of the country, the officials arrested ten members of the terrorist militia “Islamic state” (IS). In the rooms of the terrorists they found not only relevant propaganda material, but also tools to fake biometric identities. This includes forms for a fingerprint module. On the stuck a from the Internet stolen, and subsequently processed and, finally, on a foil glued fingerprint. Such a manipulated fingerprints to detect the Software of several of large institutions used devices as a real. This is done once, open the security locks for all kinds of abuse. The arrested jihadists took advantage of the proven to be for money transfers.
“Passports for Criminal Biometric data, trade in the Dark Web” is the name of a at the beginning of the week in the ARD television broadcast documentation, engaged in the theft and misuse of biometric data. It was clear that terrorists can use the stolen data to other purposes.
Biometric capture: digital Raster on a face
“Criminals and terrorists, of course, have a very large interest in it, to abuse it and use it,” says the IT security expert Gunnar Porada of the University of Liechtenstein. The data are for a variety of purposes: “for example, to the opening of the account data, and perhaps also at airports for passports for all of the controls, where we prints of our fingers with submit”.
“To safety, one can only hope”
The case shows that The electronic data are secure. This applies to both the consumer as well as the citizens. In other words: Not only commercial companies but also state authorities can not guarantee that the data collected are adequately secured against possible theft. Classic Criminals use stolen data of individual persons, for example, under the identity of shopping on the Internet.
The source of the stolen data can also be in the regular trading acquired digital devices that store this data. Their safety is only ensured if the safety systems are technically on the latest Stand. This, however, is not necessarily the case, says Udo Helmbrecht, head of the European Agency for network and information security: “If I buy as a buyer of this product, I do not know, whether there are security features in it. You are in there, I don’t know what they are. If you take a typical fingerprint reader or facial recognition software in a Smartphone, then there is no specified certificates.” A risk for consumers, he stressed: “If I buy this, then I have to hope that the manufacturer has done this properly.”
Fake passports in the Schengen area
Stolen data are not suitable amounted only to the Economy. They are also in other respects dangerous, such as in the case of the global Migration. States are not consistently able to determine the identity of the migrants. This is also true for the member States of the EU. In them, the persons with fake identity to register. “As some cases of fake passports with a malicious Chip in the EU and in the Schengen area”, – quotes the journalist Sabina Wolf, author of the ARD program, the information provided by the border protection Agency Frontex in June of this year.
Data are everywhere. Scene from the University of Konstanz
Apparently not, it is made the Criminal too hard to bring in the possession of foreign data. So even the systems with which the German residents of offices reporting to capture the data of their citizens, should be against a digital attack is not sufficiently immune. These Offices appear to be using fingerprint-reading devices of the company “Dermalog”, heard about the bundesdruckerei the Federal government. The ARD-Reportage, the device returns the read data in unencrypted form on the Computer for hackers, this is an ideal gateway.
Germany: Doubtful Data Security
“If an attacker has fingerprint access to the image data such as a finger, he can decide whether he wants to copy to the abuse,” says IT security expert Gunnar Porada: “Manipulated fingerprints, for example, can be stored in ID documents and to serve later criminal actions.” The same applies to the residents ‘ registration offices: “It is possible that in reporting a Trojan could infect a Computer.”
For data security in Germany, this means nothing Good. “The collection and/or processing of citizens’ data or in information systems … … as appropriate to safely apply,” reads a reply from the Federal Ministry of the interior of the end of June on a request from the journalist Sabina Wolf. “Reasonably safe”, this is bad news. Because translated that is probably different than: in case of doubt, not at all sure.
Video 02:45 Now live 02:45 Min. 
Share
The use of digital financial flows?
Send Facebook Twitter google+ Tumblr VZ Mr. Wong Xing Newsvine Digg
Permalink https://p.dw.com/p/1JjIw