Thomas Claburn reports in The Register that Perceptics, a tech company specializing in widely-used license-plate scanners, was successfully attacked and its software blueprints and data were published on dark-web sites by the attackers. The data include images that presumably contain scans of license plates used for testing. Claburn reports that the technology is used by US Customs and Border Protection, both at border crossings and at US Border Patrol interior checkpoints, and that:
Tennessee-based Perceptics prides itself as "the sole provider of stationary LPRs [license plate readers] installed at all land border crossing lanes for POV [privately owned vehicle] traffic in the United States, Canada, and for the most critical lanes in Mexico."
In a followup story by Joseph Cox, Caroline Haskins, and Lorenzo Franceschi-Bicchierai in Motherboard, the Perceptics director of marketing is quoted as saying “We are aware of the breach and have notified our customers. We can’t comment any further because it is an ongoing legal investigation.” There is no word yet from the affected government agencies, which include not only US Customs and Border Protection but also several states including New Jersey, and foreign governments ranging from Singapore to Saudi Arabia. The Motherboard story also reports that “Hackers sometimes approach the media in an attempt to generate coverage, which in turn may exert pressure on their extortion victims.”
US Customs and Border Protection (CBP) has legal authority to scan, board, and search any vehicle with 100 miles of any US land or coastal border, an area that includes about two-thirds of the US population. CBP uses fixed cameras at border entry points, as well as mobile devices at ad-hoc surveillance points, and it shares real-time surveillance data with other government agencies such as the Drug Enforcement Agency.
Presumably Perceptics had faulty security, the bad guys broke in and stole Perceptics’ data for ransom, and Perceptics refused to pay up. For a government contractor like Perceptics, this is just the price of doing business. And for the rest of us: Privacy? You think you have privacy from the Border Patrol or from its contractors? Think again.