Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Crime Security

Hackers Who Hit CIA Director Break Into Law Enforcement Tools (wired.com) 35

An anonymous reader writes: The same group of hackers who hacked into the personal email account of CIA director John Brennan have now exploited a vulnerability to gain access to a private law enforcement portal. They demonstrated access to a system called JABS — the Joint Automated Booking System — which is a database of arrest records. "It was through the vulnerable law enforcement portal that the hackers say they also obtained a list of about 3,000 names, titles, email addresses and phone numbers for government employees that they posted to Pastebin on Thursday. The posting, which they indicated was just "Part 1" of a presumably multi-part leak, consisted of a snippet of an alphabetical list of government employees working for the FBI and other federal agencies as well as various local police and sheriff departments around the country. It included job titles, email addresses and phone numbers."
This discussion has been archived. No new comments can be posted.

Hackers Who Hit CIA Director Break Into Law Enforcement Tools

Comments Filter:
  • Well, the methods suck but at least SOMEONE is trying to keep the US government accountable.

    The knob-slobberers at The New York Times and The Washington Post sure as hell aren't.

  • Fine Example. (Score:5, Insightful)

    by Anonymous Coward on Saturday November 07, 2015 @07:07PM (#50885555)

    This is really one of the bigger reasons to NOT want the government collecting every little tidbit it can on you under the disguise of "national security". Even if THEY actually have no ill intentions with the data, things like this prove that they don't have their own shit together enough to protect that data from hackers/criminals/etc.

    I'd find it rather hilarious if the exploit used was one of those the NSA knew about and decided to keep secret so they could exploit it themselves rather than get it reported and patched.

    • Re:Fine Example. (Score:5, Insightful)

      by 93 Escort Wagon ( 326346 ) on Saturday November 07, 2015 @07:17PM (#50885599)

      This is really one of the bigger reasons to NOT want the government collecting every little tidbit it can on you under the disguise of "national security". Even if THEY actually have no ill intentions with the data, things like this prove that they don't have their own shit together enough to protect that data from hackers/criminals/etc.

      That may very well be the point - but, if so, they should be saying that explicitly (and keep doing so!). I have no confidence that the general public is going to figure it out on their own.

      • Re:Fine Example. (Score:5, Insightful)

        by CaptainDork ( 3678879 ) on Saturday November 07, 2015 @08:55PM (#50885905)

        Actually, my working theory is that the general public HAS figured it out.

        You and I have the same tools as the big guys. One thing we have that they don't is a sense of paranoia. This guy had a non-government email and either jumped a phishing link or had predictable two-level secret questions guarding the gate.

        Having hacked into the "freemail," the hacker examined the contents for clues and hit pay dirt on an exploit or took advantage of reused passwords.

        I am not a hacker and neither are you, but we could be. It's not hard work to move from where we are, technically, to that skill level.

        There are many more people outside any governments than there are on the inside.

        The theory of probability and statistics implies that there are smarter people among the masses than there are smart people working for the government.

        We're all using the same machinery, the same skills, the same software ... it's a level playing field and everyone has a gun.

        Some of us just don't load up.

      • by DarkOx ( 621550 )

        This is what the national security people don't understand or can't admit.

        Information like most things flows for a high concentration to a low concentration. The more you collect centralize and organize the more effort required to keep it where you want it, the greater the potential consequences when you fail. (See OPM hack).

        Mass surveillance and information sharing makes us less safe.

      • Are the "general public" their audience?
    • NSA likely writes WAF rules to explicitly block every exploit they find. That's the real treasure, their rule list.
    • Hacking like this is just going to get worse and worse until people make security a priority. Right now it's not a high for people, as Linux recently pointed out.
  • by Anonymous Coward

    Nothing to hide.

  • Here's the deleted Twitter messages referred to in the article:

    http://tweettunnel.com/phphax

    In that link, the Cryptobin link and password are on the bottom. It appears as though the Pastebin has been deleted.

  • by Anonymous Coward

    "Law Enforcement Tools" is a euphemism for "cops"

  • If only (Score:5, Funny)

    by penguinoid ( 724646 ) on Saturday November 07, 2015 @09:23PM (#50885997) Homepage Journal

    If only we had some agency that specialized in security.

  • If only (Score:4, Funny)

    by AndyKron ( 937105 ) on Saturday November 07, 2015 @10:30PM (#50886129)
    If only the government had a backdoor...
  • Name, job title and phone number of govt employees are a matter of public record (or should be) and as such exposable under FOIA in any case.

    The fact that this is regarded as secret says far more about a government than it does about the people publishing it.

  • Governments and their organizations are routinely completely incompetent with regards to technology. They are used to being able to solve everything the cave-man way: With being able to dish out more violence. As soon as that fails, they come unarmed to a battle of wits.

    This is also why any kind of backdoors and intentional weaknesses introduced into IT systems is such a bad idea: No government will be able to keep these safe and very soon they are will be available to the criminal world.

  • by godel_56 ( 1287256 ) on Sunday November 08, 2015 @06:51PM (#50889909)

    From TFA,"One U.S. official said the hackers managed to cover their tracks well, but the official expressed confidence they would be found."

    If they are found it will probably be through someone shooting their mouth off on a web site rather than by tracing them through some technical means. If you're going do to this kind of naughty then you really need to STFU. It will be interesting to see if the hackers can maintain their discipline.

Perfection is acheived only on the point of collapse. - C. N. Parkinson

Working...