Daniel Sayani reports:
The FBI announced last week that its new identification system has reached its initial operating capacity. Known as Next Generation Identification (NGI), the Lockheed Martin-built program serves as an incremental upgrade of the FBI’s Integrated Automated Fingerprint Identification System, or IAFIS — which will revolutionize law enforcement’s ability to process fingerprints.
[…]
To date, the NGI system is the world’s largest biometric database, which the FBI expects to make available to a wide variety of federal, state, and local agencies, all in the name of keeping America safe from terrorists (and illegal immigration). The FBI also intends to retain (upon employer request) the fingerprints of any employee who has undergone a criminal background check, and will inform the employer if the employee is ever arrested or charged with a crime.
Read more on NewAmerican.
Biometric databases are dangerous…
Top security firm RSA revealed that it’s been the victim of an “extremely sophisticated” hack. RSA’s ‘SecurID’ adds an extra layer of protection to a login process by requiring users to enter a secret code number displayed on a keyfob, or in software, in addition to their password. The number is cryptographically generated and changes every 30 seconds.
To make things clear, using databases with the presence of a HACKED TECHNOLOGY in the background is under underestimated it is like showing your ID (passport, fingerprints…) to a fake police officer. In fact, the user is “strongly authenticated” but to the wrong person/target.
Saving Biometric information in databases or turning the human body into the ultimate identification card is extremely dangerous. The possibility of fraud with electronic chips and stored biometric data should not be underestimated. Exposing or losing biometric property is a permanent problem for the life of the individual, since, there is no practical way of changing one’s physiological or behavioral characteristics.
RSA categorized the attack as an Advanced Persistent Threat, or APT. APT attacks are distinctive in the kinds of data the attackers target. Unlike most intrusions that go after financial and identity data, APT attacks tend to go after source code and other intellectual property and often involve extensive work to map a company’s infrastructure.
APT attacks often use zero-day vulnerabilities to breach a company and are therefore rarely detected by antivirus and intrusion programs. The intrusions are known for grabbing a foothold into a company’s network, sometimes for years, even after a company has discovered them and taken corrective measures.