A DHS Data Hub Exposed Sensitive Intel to Thousands of Unauthorized Users

The department of Homeland Security’s mandate to carry out internal surveillance is a concern for defenders of privacy since the organization’s creation for the first time following the September 11 attacks. Now, a data leak affecting the DHS intelligence branch has highlighted not only how the department brings together and stores this sensitive information – including its surveillance of Americans, but on how it has left this data exposed to thousands of government and private sector workers and even foreign nationals who have never been authorized to see it.

An Internal Dhs Memo Obtained by A Freedom of Information Act (Foia) Request and shared with with dreams that from March to May of 2023, a dhs online platform used by the Dhs Office of Intelligence and Analysis (I & A) to Share Sensitive But Unclassified Intelligence and Investigative Leads Among DHS, The FBI, The National Counterterroism Center, Local Law Enforcement, and Intelligence Fusion Centers Across the US WAS Mercustionne, accidentally exposing intelligence information to all users of the platform.

Access to data, according to a DHS survey described in the memo, was to be limited to users of the Intelligence section of the Information Network on Internal Security, called HSIN-Intel. Instead, it has been set to grant access to “Everyone”, exposing information to tens of thousands of Hsin users. Unauthorized users who had access included US government workers focused on the fields unrelated to information or the application of laws such as response to disasters, as well as private sector entrepreneurs and foreign government staff access to HSIN.

“The DHS announces Hsin as secure and says that the information it has is sensitive, critical national security information,” explains Spencer Reynolds, lawyer for the Brennan Center for Justice who obtained the memo via Foia and shared it with Wired. “But this incident raises questions about the serious information security. Thousands and thousands of users have had access to information they have never been supposed to have. ”

Hsin-intel data include everything, avenues for applying the law and advice to reports on hacking and disinformation campaigns to the analysis of interior protest movements. The memo note on the violation of Hsin -Intel specifically mentions, for example, a report discussing “protests relating to a police training center in Atlanta” – the events of Stop Cop City later opposing the creation of Atlanta’s public security actions – without focusing on the “police media”.

In total, according to the memo on the internal survey of the DHS, 439 “products” I & A on the Hsin-Intel part of the platform were poorly accessible 1,525 times. Among these cases of unauthorized access, the report revealed that 518 were users of the private sector and 46 others were non -American citizens. Access cases to foreign users were “almost entirely” focused on cybersecurity information, report notes, and 39% of all poorly accessible intelligence products involved cybersecurity, such as groups of pirates sponsored by the foreign state and foreign targeting of government computer systems. The memo also noted that some of the unauthorized American users who consulted the information would have been eligible for accessing the limited information if they had asked to be considered for the authorization.

“When this coding error was discovered, I immediately solved the problem and I investigated any potential damage,” said a DHS spokesperson in a statement. “Following an in -depth examination, multiple surveillance organizations determined that there was no relevant or serious security violation. The DHS takes seriously all security and confidentiality measures and is committed to guarantee that its information is shared with partners in the federal, state, local, tribal, territorial and private sector to protect our homeland from numerous opponent threats. ”