DEA Investigating Breach of Law Enforcement Data Portal (krebsonsecurity.com) 31
An anonymous reader quotes a report from KrebsOnSecurity: The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets. On May 8, KrebsOnSecurity received a tip that hackers obtained a username and password for an authorized user of esp.usdoj.gov, which is the Law Enforcement Inquiry and Alerts (LEIA) system managed by the DEA. According to this page at the Justice Department website, LEIA "provides federated search capabilities for both EPIC and external database repositories," including data classified as "law enforcement sensitive" and "mission sensitive" to the DEA.
A document published by the Obama administration in May 2016 (PDF) says the DEA's El Paso Intelligence Center (EPIC) systems in Texas are available for use by federal, state, local and tribal law enforcement, as well as the Department of Defense and intelligence community. EPIC and LEIA also have access to the DEA's National Seizure System (NSS), which the DEA uses to identify property thought to have been purchased with the proceeds of criminal activity (think fancy cars, boats and homes seized from drug kingpins). The screenshots shared with this author indicate the hackers could use EPIC to look up a variety of records, including those for motor vehicles, boats, firearms, aircraft, and even drones.
From the standpoint of individuals involved in filing these phony EDRs, access to databases and user accounts within the Department of Justice would be a major coup. But the data in EPIC would probably be far more valuable to organized crime rings or drug cartels, said Nicholas Weaver, a researcher for the International Computer Science Institute at University of California, Berkeley. Weaver said it's clear from the screenshots shared by the hackers that they could use their access not only to view sensitive information, but also submit false records to law enforcement and intelligence agency databases. "I don't think these [people] realize what they got, how much money the cartels would pay for access to this," Weaver said. "Especially because as a cartel you don't search for yourself you search for your enemies, so that even if it's discovered there is no loss to you of putting things ONTO the DEA's radar."
A document published by the Obama administration in May 2016 (PDF) says the DEA's El Paso Intelligence Center (EPIC) systems in Texas are available for use by federal, state, local and tribal law enforcement, as well as the Department of Defense and intelligence community. EPIC and LEIA also have access to the DEA's National Seizure System (NSS), which the DEA uses to identify property thought to have been purchased with the proceeds of criminal activity (think fancy cars, boats and homes seized from drug kingpins). The screenshots shared with this author indicate the hackers could use EPIC to look up a variety of records, including those for motor vehicles, boats, firearms, aircraft, and even drones.
From the standpoint of individuals involved in filing these phony EDRs, access to databases and user accounts within the Department of Justice would be a major coup. But the data in EPIC would probably be far more valuable to organized crime rings or drug cartels, said Nicholas Weaver, a researcher for the International Computer Science Institute at University of California, Berkeley. Weaver said it's clear from the screenshots shared by the hackers that they could use their access not only to view sensitive information, but also submit false records to law enforcement and intelligence agency databases. "I don't think these [people] realize what they got, how much money the cartels would pay for access to this," Weaver said. "Especially because as a cartel you don't search for yourself you search for your enemies, so that even if it's discovered there is no loss to you of putting things ONTO the DEA's radar."
Just user and password? (Score:2)
Re: (Score:2)
But stolen credentials are to be reported and disabled immediately.
I'm excited to invest in your new company that sells an exciting new product that somehow knows the moment anyone's credentials have been stolen so users can report them for disablement immediately. I excitedly await version 2.0 that can automatically disable credentials the moment it detects they are stolen. Kindly send me your routing number so I can deposit funds immediately.
Re: (Score:2)
Re: (Score:1)
I hope you donâ(TM)t have a security clearance. Those that do have a responsibility to keep track of their stuff and report if it is lost or stolen. At that point it is a simple matter to revoke the credential. Also my AirTag reports if it is left behind at an insecure location of removed.
I don't have a security clearance, but I work with people who do and I can do my job just fine with them sanitizing the classified information into an "example use case". I refuse to partake in any job where someone can claim I leaked information (right or wrong, see Hillary Clinton) and I suddenly have to defend myself against years, decades, or life in prison because of bullshit political posturing...or defend myself against the "court of public opinion".
Let's hope you don't have a security clearance w
Re: (Score:2)
The task of reporting on and preventing a credential from being used from an IP address it has no business being used from is not particularly new thing.
How did they get the SECOND factor? (Score:2)
Re: (Score:1)
Re: (Score:1)
Re: (Score:3)
Re: (Score:2)
The DEA’s El Paso Intelligence Center (EPIC) systems in Texas are available for use by federal, state, local and tribal law enforcement. All federal users are required to use PIV cards to access gov't information systems, but what do you do about state, local, and tribal law enforcement users?
- Send each user to the GSA to get approved PIV cards? ($30+ each) -- very secure but very expensive for each office.
- Allow approved RSA tokens? Requires each office to purchase RSA tokens and the gov'
Re: (Score:1)
Re: (Score:2)
Agreed.
All drugs should be legal and freely available.
Nope. It's just that the DEA's responsibilities should be distributed between the FDA (for legal and controlled drugs) and the FBI (illegal stuff). The FBI is in a far better position to prioritize enforcement and determine when drug problems are linked to other sorts of illegal activities.
Re: DEA should not exist (Score:2)
Nobody lives in isolation. If you sneeze your disgusting Covid-laced plgem on me, you deserve to die. On the other hand, I have no business telling you what you should not put into your body only if you accept the premise that society has no duty to administer Narcan into your poor, convulsing body lying in the gutter.
Re: (Score:2)
Re: (Score:1)
Re: (Score:3)
All drugs should be legal and freely available. The DEA produces a prison culture that affects disproportionately people of color.
All drugs should be legal and freely available because it's not the government's job to police what someone does with their own body when they aren't harming anyone or damaging property. If someone is harming someone else, it's the government's job to come clean up the mess after someone else defends themself.
MFA May (Score:3)
Hey US Government, you might want to have your right hand meet your left hand. It is CISA's MFA May after all. Time to do yourself what you force all contractors to do.
https://www.cisa.gov/blog/2022... [cisa.gov]
And tomorrow is FIDO Friday. Get with the times.
HaHa (Score:2)
Do unto them, as they do unto us.
Im laughing all the way to weaponizing this leak to use against any other attempts to create such databases. After all if they can't keep this system secure then they don't have any business building any more.
Fyck the DEA.
Re: (Score:2)
Witness protection program (Score:2)
Backdoors (Score:5, Insightful)
Re: (Score:2)
Can they hack the Supreme Court? (Score:2)