Hacker Claims to Have Sold Leaked Terrorism Watchlist 'World-Check' For $20,000

The confidential Thomson Reuters “terrorism database” is spreading in the internet’s underground.
July 20, 2016, 5:45pm
Image: m01229/Flickr

A confidential database of suspected or convicted criminals and terrorists has surfaced on a dark web marketplace just a few weeks after a security researcher revealed that the database was left exposed online.

The database is being sold by two different vendors for 10 bitcoin (around $6,600) and 3.5 bitcoin (around $2,300). Motherboard was able to verify that at least one of the two listings appear to be legitimate.

The database, known as "World-Check," lists "heightened risk individuals and organizations" and it's sold by Thomson Reuters to governments, intelligence agencies, banks, law firms. The goal is to give customers a tool to screen people who might be involved in crimes such as money laundering, corruption, and even terrorism. Customers are granted access to the database only after vetting and agreeing to not publicize or disclose its content, and its data is culled from public sources.

"There's a lot of people looking for this stuff and it's a lot bigger than people realize."

World-Check has faced criticism, however. Journalists have discovered some entries labeled major charities, activists and mainstream religious institutions under "terrorism," despite facing no related charges. VICE News previously found some of that information came from right-wing blogs, rather than reputable news sources.

Last month, security researcher Chris Vickery found a copy of the database dated 2014, containing more than 2.2 million records. At the time, Thomson Reuters said the "outdated" database "had been exposed by a third party," whom later allegedly secured it with the help of the company.

Apparently, Vickery wasn't the only one to find it.

A vendor known as "Bestbuy" shared a few sample entries of the database, which corresponded to the ones in a copy Motherboard previously obtained. Apparently, he simply stumbled upon it.

"I have a dedicated server. It scans and sucks everything it can," Bestbuy said in an online chat. "That other guy made a post on reddit so I went to check. Found I already have it :D"

Bestbuy said he has already sold it to three buyers for 10 bitcoin each, which he defined as a "nice" return for "something that was lying around." He also added that he considered making a dedicated website allowing people to search through the database but has decided against it for now.

Vickery, who has developed a knack for finding databases left exposed online, said he wasn't surprised that Bestbuy, and potentially others, got their hands on the data, given that he has seen evidence that others are scanning the internet for open databases.

"There's a lot of people looking for this stuff and it's a lot bigger than people realize," Vickery told Motherboard.

We have reached out to the other seller advertising the data, but haven't heard back yet. In response to this new leak, a Thomson Reuters spokesperson said that the company "is engaging with the appropriate authorities and is continuing to make inquiries about these reports."

"Thomson Reuters takes the security of its global systems extremely seriously however does not discuss the actions it takes against any threats, actual or perceived, publicly," the spokesperson said in an emailed statement.

This new leak seems to confirm, once more, that data that's left insecure online will eventually be found—both by the good and the bad guys.

As Bestbuy put it, this "makes you think what other gems are there lol."

Joseph Cox contributed reporting and writing.

This story has been updated to include the statement from Thomson Reuters.