Perceptics

Last updated

Perceptics LLC is a developer and manufacturer of automated license plate recognition (LPR) equipment based in Farragut, Tennessee, founded in approximately 1978. John Dalton is the CEO. A large hack of their data exposed their operations, as well as the locations of installations.

Contents

Their technology is used by the U.S. Customs and Border Protection (CBP) at 43 border crossings, both to Mexico and Canada, as part of a partnership with Unisys Federal Systems. Perceptics is the exclusive license plate recognition provider for CBP. Perceptics operated as a subcontractor to Unisys for the license plate reader contract, worth $229 million over several years. As of 2019, Perceptics has worked on CBP contracts for "nearly 30 years". They also provide "under-vehicle surveillance systems", and have contracts with the Drug Enforcement Administration checkpoints, the Canada Border Services Agency, United Arab Emirates, and Saudi Arabia's Special Forces, and the Jordanian army. [1] [2] [3] [4] [5]

Perceptics was previously a subsidiary of Northrop Grumman. They have been filling CBP contracts since 1982 and license plate readers since 1997. In 2002 the equipment cost was approximately $90,000 per lane. [6] [7] [8] [9]

Perceptics also discussed promoting their license plate reading technology for use on a congestion pricing scheme to MTA in New York City in a presentation titled "Smart Imaging Solutions for New York City Congestion Pricing". They demoed the technology to MTA's Bridges and Tunnels division. The Perceptics system provides much more capabilities than license plate reading, such as "Vehicle Occupancy Imaging System", which can identify drivers and passengers, as well as tracking car locations and driver behavior as a profile. [5] Perceptics and Unisys were also involved in a CBP trial project called the "Vehicle Face System", involving facial recognition of car occupants. [10] [11]

Perceptics used Amazon Rekognition as of August 2018. [5]

Canadian operations

Data from the hack revealed the Canada Border Services Agency had at least two dozen installations, as widespread as the Sumas-Huntingdon Border Crossing in British Columbia, to the Fort Fairfield - Andover Border Crossing in New Brunswick, worth $21 million CND in contracts. Traffic weigh stations in Canada, run by International Road Dynamics, also use Perceptics. Halifax Harbour Bridges trialed the technology. The Buffalo and Fort Erie Public Bridge Authority as purchased Perceptics cameras, they are administered by the US CBP. Canada Revenue Agency had contracts with the company until 2014. [12]

Data breach

On May 13, 2019, Perceptics discovered they were hacked. They notified the FBI within 24 hours, and they notified Unisys on May 17. The hack was revealed by The Register on May 23. The CBP learned of the data breach on May 31, over three weeks after the discovery of the hack. CBP acknowledged a breach on that date but didn't reveal the contractor involved, but the Microsoft Word document title pointed to Perceptics. CBP also stated CBP said "as of today, none of the image data has been identified on the dark web or internet." [2] [1] [13]

Identifiable information such as faces were stolen. Somewhere under 100,000 images were taken, which were part of a 45-day dataset from one port of entry. The data was transferred off of the CBP's systems to Perceptics's systems, a violation of CBP policy. The Register showed that data was available on Tor, and included images, HR records, databases, DHS manuals, signed NDAs, and business plans. Distributed Denial of Secrets mirrored the data to the open web, making it more easily accessible. Later, The Register identified images taken at border crossings at Santa Teresa, New Mexico, and Columbus, New Mexico, and Hidalgo, Texas. [14] [1] [6]

Perceptics demoed the technology for the Pennsylvania Turnpike, and 50 gigabytes of photos over two months in 2017 were identified in the hack and published on Vice News's Motherboard. [15]

CBP suspended the contract, citing "conduct indicating a lack of business honesty or integrity". Suspensions are a rare action. [4] In September 2019, Perceptics and CBP signed an agreement, where CBP stated the collection of data was "completely unacceptable" but not unethical or illegal, and Perceptics agreeing to security reforms and monitoring.

A hacker claimed to have access to Perceptics's systems for four months and demanded a ransom. [4] The data was made publicly available by Distributed Denial of Secrets. [16] [17]

The breach led to scrutiny from Sen. Rick Scott, Sen. Edward J. Markey, Sen. Ron Wyden, Rep. Bennie Thompson, and privacy advocates. [2] [18]

Lobbying

Perceptics engaged lobbyists such as Lucia Alonzo of Ferox Strategies to lobby on their behalf, and the hack of Perceptics showed this influence. Cristina Antelo at Podesta Group also lobbied Democrats on their behalf, joining Ferox Strategies after Podesta Group closed. [19]

In emails to Perceptics, Alonzo confirmed that both top alternatives in a 2018 immigration reform bill included provisions with $125 million for "LPR modernization" and $175 million for a border cargo LPR project in Laredo, Texas, presumably benefitting Perceptics as the exclusive provider of LPR equipment to the CBP. The text of the provisions in both alternatives was nearly identical. [19]

Alonzo also supplied talking points to Tennessee's Republican Chuck Fleischmann to use in a session with the head of CBP. After the exchange, Alonzo emailed Perceptics, confirming Fleischmann "asked about CBP's plan to modernize its LPRs as we asked his office to do". [19]

Later, Texas Sen. John Cornyn, included the same Laredo border cargo LPR project and "LPR modernization" projects and figures in two late-2017 Senate immigration bills. Alonzo suggested that Perceptics CEO John Dalton donate money to Cornyn, and Antelo was previously on Cornyn's staff. [19]

In 2014 and 2015, Podesta Group emails said the Podesta staff would "preemptively meet if necessary to ensure LPRs do not get drawn further into the privacy conversation" and about building a "possible coalition against LPR bans". In 2018, Antelo, at Podesta, described meetings with California Democratic congressman Peter Aguilar, Colorado Democratic Sen. Michael Bennet, New Jersey Democratic Sen. Bob Menendez. [10]

In February 2020, connections to conservative Texas Democratic Rep. Henry Cuellar were published, tracing his involvement with Perceptics back to at last 2009, through Antelo and Podesta Group. He was described as "our Cuellar firepower" and by Perceptics CEO Dalton as a "friendly congressman". Cuellar was involved in the same "talking points" event as Fleischmann, and Cuellar asked other talking points recommended by Perceptics and lobbyists, with Alonzo emailing a report about Cuellar asking "about pilots going on at Laredo that sound a lot like Perceptics’". [20]

Perceptics and Podesta Group lobbied against competitor Axiompass in 2012, as presentations and reports indicated. A 2014 Podesta Group report identified dozens of PACs connected to politicians to make donations to. [21] [22] [23] [24] [20]

See also

Related Research Articles

<span class="mw-page-title-main">Unisys</span> American global information technology company

Unisys Corporation is an American multinational information technology (IT) services and consulting company founded in 1986 and headquartered in Blue Bell, Pennsylvania. The company provides digital workplace, cloud applications & infrastructure, enterprise computing, business process, AI technology and data analytics services.

Computer and network surveillance is the monitoring of computer activity and data stored locally on a computer or data being transferred over computer networks such as the Internet. This monitoring is often carried out covertly and may be completed by governments, corporations, criminal organizations, or individuals. It may or may not be legal and may or may not require authorization from a court or other independent government agencies. Computer and network surveillance programs are widespread today and almost all Internet traffic can be monitored.

<span class="mw-page-title-main">Mass surveillance</span> Intricate surveillance of an entire or a substantial fraction of a population

Mass surveillance is the intricate surveillance of an entire or a substantial fraction of a population in order to monitor that group of citizens. The surveillance is often carried out by local and federal governments or governmental organizations, such as organizations like the NSA, but it may also be carried out by corporations. Depending on each nation's laws and judicial systems, the legality of and the permission required to engage in mass surveillance varies. It is the single most indicative distinguishing trait of totalitarian regimes. It is also often distinguished from targeted surveillance.

<span class="mw-page-title-main">U.S. Customs and Border Protection</span> American federal law enforcement agency

United States Customs and Border Protection (CBP) is the largest federal law enforcement agency of the United States Department of Homeland Security. It is the country's primary border control organization, charged with regulating and facilitating international trade, collecting import duties, as well as enforcing U.S. regulations, including trade, customs and immigration. CBP is one of the largest law enforcement agencies in the United States. It has a workforce of more than 45,600 federal agents and officers. It is headquartered in Washington, D.C.

<span class="mw-page-title-main">Henry Cuellar</span> American politician & attorney (born 1955)

Enrique Roberto "Henry" Cuellar is an American attorney and politician serving as the U.S. representative for Texas's 28th congressional district since 2005. He is a member of the Democratic Party. His district extends from the Rio Grande to San Antonio's suburbs.

<span class="mw-page-title-main">Automatic number-plate recognition</span> Optical character recognition technology

Automatic number-plate recognition is a technology that uses optical character recognition on images to read vehicle registration plates to create vehicle location data. It can use existing closed-circuit television, road-rule enforcement cameras, or cameras specifically designed for the task. ANPR is used by police forces around the world for law enforcement purposes, including checking if a vehicle is registered or licensed. It is also used for electronic toll collection on pay-per-use roads and as a method of cataloguing the movements of traffic, for example by highways agencies.

<span class="mw-page-title-main">SENTRI</span>

The Secure Electronic Network for Travelers Rapid Inspection (SENTRI) provides expedited U.S. Customs and Border Protection (CBP) processing, at the U.S.-Mexico border, of pre-approved travelers considered low-risk. Voluntarily applicants must undergo a thorough background check against criminal, customs, immigration, law enforcement, and terrorist databases; a 10-fingerprint law enforcement check; and a personal interview with a CBP Officer. The total enrollment fee is $122.50, and SENTRI status is valid for 5 years.

A data breach is a security violation, in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen, altered or used by an individual unauthorized to do so. Other terms are unintentional information disclosure, data leak, information leakage and data spill. Incidents range from concerted attacks by individuals who hack for personal gain or malice, organized crime, political activists or national governments, to poorly configured system security or careless disposal of used computer equipment or data storage media. Leaked information can range from matters compromising national security, to information on actions which a government or official considers embarrassing and wants to conceal. A deliberate data breach by a person privy to the information, typically for political purposes, is more often described as a "leak".

The Office of Immigration Statistics (OIS) is an agency of the United States Department of Homeland Security under the Office of Strategy, Policy, and Plans.

<span class="mw-page-title-main">Stingray phone tracker</span> Cellular phone surveillance device

The StingRay is an IMSI-catcher, a cellular phone surveillance device, manufactured by Harris Corporation. Initially developed for the military and intelligence community, the StingRay and similar Harris devices are in widespread use by local and state law enforcement agencies across Canada, the United States, and in the United Kingdom. Stingray has also become a generic name to describe these kinds of devices.

<span class="mw-page-title-main">Domain Awareness System</span>

The Domain Awareness System is the largest digital surveillance system in the world as part of the Lower Manhattan Security Initiative in partnership between the New York Police Department and Microsoft to monitor New York City. It allows the NYPD to track surveillance targets and gain detailed information about them, and is overseen by the counterterrorism bureau.

<span class="mw-page-title-main">2010s global surveillance disclosures</span> Disclosures of NSA and related global espionage

Ongoing news reports in the international media have revealed operational details about the Anglophone cryptographic agencies' global surveillance of both foreign and domestic nationals. The reports mostly emanate from a cache of top secret documents leaked by ex-NSA contractor Edward Snowden, which he obtained whilst working for Booz Allen Hamilton, one of the largest contractors for defense and intelligence in the United States. In addition to a trove of U.S. federal documents, Snowden's cache reportedly contains thousands of Australian, British, Canadian and New Zealand intelligence files that he had accessed via the exclusive "Five Eyes" network. In June 2013, the first of Snowden's documents were published simultaneously by The Washington Post and The Guardian, attracting considerable public attention. The disclosure continued throughout 2013, and a small portion of the estimated full cache of documents was later published by other media outlets worldwide, most notably The New York Times, the Canadian Broadcasting Corporation, the Australian Broadcasting Corporation, Der Spiegel (Germany), O Globo (Brazil), Le Monde (France), L'espresso (Italy), NRC Handelsblad, Dagbladet (Norway), El País (Spain), and Sveriges Television (Sweden).

HackingTeam was a Milan-based information technology company that sold offensive intrusion and surveillance capabilities to governments, law enforcement agencies and corporations. Its "Remote Control Systems" enable governments and corporations to monitor the communications of internet users, decipher their encrypted files and emails, record Skype and other Voice over IP communications, and remotely activate microphones and camera on target computers. The company has been criticized for providing these capabilities to governments with poor human rights records, though HackingTeam states that they have the ability to disable their software if it is used unethically. The Italian government has restricted their licence to do business with countries outside Europe.

Unmanned aerial vehicles (UAVs) have been used for domestic police work in various countries around the world since the mid-2000s. Their appeal comes from their small size, lack of crew, and lower cost compared to police helicopters. UAVs may be used for search and rescue operations, aerial patrols, and other roles that are usually served by crewed police aircraft. UAVs can be powerful surveillance tools by carrying camera systems capable of license plate scanning and thermal imaging, as well as radio equipment and other sensors. While a vast majority of law enforcement UAVs are unarmed, documents obtained by digital rights group Electronic Frontier Foundation indicated the U.S. Customs and Border Protection would consider arming their UAVs with "non-lethal weapons designed to immobilize" targets.

Operation Anarchist was a joint operation between the American National Security Agency and British Government Communications Headquarters to monitor advanced weapons systems in the Middle East, with a particular focus on Israel. Begun in 1998, it was publicly exposed in January 2016 as a result of documents released by Edward Snowden. It has been called the worst intelligence breach in Israel's history.

The Internet service company Yahoo! was subjected to the largest data breach on record. Two major data breaches of user account data to hackers were revealed during the second half of 2016. The first announced breach, reported in September 2016, had occurred sometime in late 2014, and affected over 500 million Yahoo! user accounts. A separate data breach, occurring earlier around August 2013, was reported in December 2016. Initially believed to have affected over 1 billion user accounts, Yahoo! later affirmed in October 2017 that all 3 billion of its user accounts were impacted. Both breaches are considered the largest discovered in the history of the Internet. Specific details of material taken include names, email addresses, telephone numbers, encrypted or unencrypted security questions and answers, dates of birth, and hashed passwords. Further, Yahoo! reported that the late 2014 breach likely used manufactured web cookies to falsify login credentials, allowing hackers to gain access to any account without a password.

In March 2016, the personal Gmail account of John Podesta, a former White House chief of staff and chair of Hillary Clinton's 2016 U.S. presidential campaign, was compromised in a data breach accomplished via a spear-phishing attack, and some of his emails, many of which were work-related, were hacked. Cybersecurity researchers as well as the United States government attributed responsibility for the breach to the Russian cyber spying group Fancy Bear, allegedly two units of a Russian military intelligence agency.

<span class="mw-page-title-main">BlueLeaks</span> Data leak of US law enforcement

BlueLeaks, sometimes referred to by the Twitter hashtag #BlueLeaks, refers to 269.21 gibibytes of internal U.S. law enforcement data obtained by the hacker collective Anonymous and released on June 19, 2020, by the activist group Distributed Denial of Secrets, which called it the "largest published hack of American law enforcement agencies".

Berserk Bear is a Russian cyber espionage group, sometimes known as an advanced persistent threat. According to the United States, the group is composed of "FSB hackers," either those directly employed by the FSB or Russian civilian, criminal hackers coerced into contracting as FSB hackers while still freelancing or moonlighting as criminal hackers. Four accused Berserk Bear participants, three FSB staff and one civilian, have been indicted in the United States and are regarded by the United States Department of Justice as fugitives.

<span class="mw-page-title-main">Anduril Industries</span> American defense technology company

Anduril Industries, Inc. is an American defense company that specializes in autonomous systems. It was founded in 2017 by inventor Palmer Luckey with investors and founders associated with Palantir and SpaceX. Anduril aims to sell the U.S. Department of Defense technology that Silicon Valley firms have eschewed due to their controversial military applications, including artificial intelligence and robotics. Anduril's major products include unmanned aerial systems (UAS), counter-UAS (CUAS), semi-portable autonomous surveillance systems, and networked command and control software.

References

  1. 1 2 3 "Border officials not told of massive surveillance breach until three weeks after subcontractor was first alerted". Washington Post. Retrieved 1 March 2020.
  2. 1 2 3 "Hacked documents reveal sensitive details of expanding border surveillance". Washington Post. Retrieved 1 March 2020.
  3. "CBP Awards Unisys $230 Million To Continue Border Security Efforts - Defense Daily". Defense Daily. 19 October 2016. Retrieved 1 March 2020.
  4. 1 2 3 "Border-surveillance subcontractor suspended after cyberattack revealed sensitive monitoring details". Washington Post. Retrieved 1 March 2020.
  5. 1 2 3 "Hacked Border Surveillance Firm Wants To Profile Drivers, Passengers, and Their "Likely Trip Purpose" In New York City". The Intercept. Retrieved 1 March 2020.
  6. 1 2 "US border cops confirm: Maker of America's license-plate, driver recognition tech hacked, camera images swiped". theregister.co.uk. Retrieved 1 March 2020.
  7. "Hackers Breach Company That Makes License Plate Readers for U.S. Government - VICE". vice. Retrieved 1 March 2020.
  8. "Vehicle Identification via License Plate Readers" (PDF). ibtta.org. Retrieved 1 March 2020.
  9. Burriesci, Jack J.; Fellow, Legislative. "LICENSE PLATE READERS". cga.ct.gov. Retrieved 1 March 2020.
  10. 1 2 "Before Being Hacked, Border Surveillance Firm Lobbied to Downplay Security and Privacy Concerns About Its Technology". The Intercept. Retrieved 1 March 2020. Sen. Bob Menendez
  11. "New Homeland Security system will bring facial recognition to land borders this summer". The Verge. 5 June 2018. Retrieved 1 March 2020.
  12. "Border agency still using licence plate reader linked to U.S. hack | CBC News". CBC. Retrieved 1 March 2020.
  13. "'It's not a surveillance program'... US govt isn't going all Beijing on us with border face-recog, official tells Congress". theregister.co.uk. Retrieved 1 March 2020. The border force has since terminated its contract with Perceptics. The Washington Post also reported today that officials only found out about the hack three weeks after Perceptics was ransacked.
  14. "Maker of US border's license-plate scanning tech ransacked by hacker, blueprints and files dumped online". theregister.co.uk. Retrieved 1 March 2020.
  15. "Here Are Images of Drivers Hacked From a U.S. Border Protection Contractor - VICE". vice. Retrieved 1 March 2020.
  16. "Hack Of U.S. Border Surveillance Contractor Is Way Bigger Than The Government Lets On". Gizmodo Australia. 24 June 2019. Retrieved 19 February 2021.
  17. Horne, Lorax B. "Release: Ransomware data". ddosecrets.substack.com. Retrieved 19 February 2021.
  18. "U.S. Customs and Border Protection says photos of travelers were taken in a data breach". Washington Post. Retrieved 1 March 2020.
  19. 1 2 3 4 "Hacked Emails Show GOP Demands on Border Security Were Crafted by Industry Lobbyists". The Intercept. Retrieved 1 March 2020. Antelo
  20. 1 2 "Emails Show Rep. Henry Cuellar Provided Extensive Favors to Border Security Lobbyists". The Intercept. Retrieved 1 March 2020. about pilots going on at Laredo that sound a lot like Perceptics'
  21. Intercept), Lee Fang (The. "Perceptics 114th Congress Work Plan Final". documentcloud.org. Retrieved 1 March 2020.
  22. Intercept), Lee Fang (The. "Perceptics Strategy Nov2012 Final". documentcloud.org. Retrieved 1 March 2020.
  23. Intercept), Lee Fang (The. "OIG Letter". documentcloud.org. Retrieved 1 March 2020.
  24. Intercept), Lee Fang (The. "Minutes Perceptics Consultants Mtg 7 10 2013". documentcloud.org. Retrieved 1 March 2020.