The names and home addresses of 111,000 British firearm owners have been dumped online as a Google Earth-compatible .csv file that pinpoints domestic homes as likely firearm storage locations – a worst-case scenario for victims of the breach.
As an exercise in amplifying a data theft to levels that endanger public safety, the latest evolution of the Guntrader database break-in is likely to become an infosec case study in how breaches can become worse over time as stolen information is put to ever more intrusive uses.
Dumped online last week onto an animal rights activist’s blog, the reformatted Guntrader breach data was explicitly advertised as being importable into Google Earth so randomers could “contact as many [owners] as you can in your area and ask them if they are involved in shooting animals.”
Names, home addresses, postcodes, phone numbers, email addresses and IP addresses are included in the file – along with precise geographic coordinates for a large number of the 111,295 people listed in the breach.
The file emerged on a clearnet site hosted in Iceland and presents a severe risk not only to British firearm and shotgun certificate holders but also anyone who moved house to one of the addresses mentioned in the leak of the stolen database, which contains data up to five years old.
The 111,000 location entries from the Guntrader DB break-in plotted on Google Earth. Click to enlarge
Firearms are attractive to criminals. Targeted robberies and burglaries to steal them, while unusual, are certainly not unknown. Police have previously issued warnings to the licensed firearms community emphasising personal safety after a spate of robberies targeting licensed firearms owners outside their homes and at rifle ranges; the Guntrader breach could lead to a spate of such crimes.
British policy on firearms ownership is that domestic homes that may contain a handful of firearms or shotguns are less likely to be targeted than the alternative of central armouries presenting a high-value target. Security measures are proportionately ramped up depending on the number and type of guns – but all firearms security begins with obscurity. This breach takes away that obscurity for about 20 per cent of the registered owners across the country.
Down to physical security now
One worried shooter who spoke to The Register said that while his details were in the stolen data, the geolocation information pointed to his parents’ home and not his own. A registered firearms dealer who initially scoffed at being included “because I don’t have signs outside” could be traced down to his warehouse’s industrial estate; Googling his name revealed the precise unit number.
While some in the licensed firearms community who spoke to The Register expressed the hope that this latest development might go unnoticed, the horse bolted from that stable in July. Criminals plotting the Guntrader location data on a map was only a matter of time.
Guntrader has not explained why it was collecting location coordinates down to six decimal places. We have asked the company for comment. A number of law firms appear to be touting for business off the back of the data leak, though it seems unlikely any of those cases will progress into a representative action in the High Court. There is also the possibility that it goes the way of the latest attempt to sue Dixons Carphone over its 2018 data leak once it gets there.
It appears likely that the latest version of the Guntrader database break-in may be covered by section 58 of the Terrorism Act 2000, which makes it a crime to collate “information of a kind likely to be useful to a person committing or preparing an act of terrorism.” Breaching section 58 is punishable with 15 years in prison. The South West Regional Cyber Crime Unit as well as the National Crime Agency are both said to be investigating.
Neither the British Association for Shooting and Conservation (BASC) nor the Countryside Alliance responded to requests for comment.
The Information Commissioner’s Office told us: “We are aware of a potential change in the Guntrader Ltd incident and we will be making enquiries.” ®